last executing test programs: 7.277620619s ago: executing program 2 (id=119): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) dup(r1) r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x8008af26, &(0x7f0000000680)={0x22f}) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r6, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20004080) syz_emit_ethernet(0x0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd1, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000000)=r9, 0x4) sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="c52b3c1400000801bc0102000000000000000007000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0xc044) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x1051, 0x0, 0x318, 0x1, 0x24}, 0x9c) socket$nl_route(0x10, 0x3, 0x0) 5.73633934s ago: executing program 2 (id=125): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) dup(r1) r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x8008af26, &(0x7f0000000680)={0x22f}) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r6, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20004080) syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@link_local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @multicast1}, @address_request}}}}, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd1, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000000)=r9, 0x4) sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="c52b3c1400000801bc0102000000000000000007000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0xc044) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x1051, 0x0, 0x318, 0x1, 0x24}, 0x9c) socket$nl_route(0x10, 0x3, 0x0) 4.306842499s ago: executing program 2 (id=134): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 4.18905153s ago: executing program 2 (id=135): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8}}}, 0x24}}, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty, 0x2}, 0x1c) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0x3}}, 0x2e) r2 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}}, 0x0) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000080)={0x1, @pix={0x200, 0x807c2, 0x31324d4e, 0x8, 0x6, 0x10004, 0x6, 0x2, 0xfeedcafe, 0x8, 0x2, 0x1}}) ioctl$PPPIOCGCHAN(0xffffffffffffffff, 0x80047437, &(0x7f0000000080)) syz_usb_connect(0x1, 0xaf4, &(0x7f0000000380)=ANY=[@ANYRESHEX], &(0x7f0000000540)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x250, 0x9, 0x6, 0x5, 0x8}, 0x7f, &(0x7f0000000340)=ANY=[@ANYRES8=r0], 0x2, [{0xfa, &(0x7f00000005c0)=ANY=[@ANYRES16]}, {0x9, &(0x7f0000000500)=ANY=[@ANYBLOB="09036d2223788b74"]}]}) syz_emit_ethernet(0x4c, &(0x7f0000000140)=ANY=[@ANYBLOB="99177fa54f29ece65fbcee5586dd3ebbaa28001611fffe8000000000000000000000000000bbfe8000000000000000000000000000aa00000e2200169078020300000000000030b00afe4e70"], 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000030428bd70020000000000000000", @ANYRES32=0x0, @ANYBLOB="b010040000000100200200ff7f0000000000000014000280080002000a01010106000e0006000000"], 0x40}, 0x1, 0xba01, 0x0, 0x4004}, 0x810) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r7 = socket(0x10, 0x803, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x800, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xffff, 0x10}, {0x6}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0xfffffffffffffe29, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x118, 0x2c, 0xd27, 0xffffffff, 0x25dfdbfe, {0x0, 0x0, 0x0, r9, {0xc, 0x4}, {}, {0x10, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe4, 0x2, [@TCA_MATCHALL_ACT={0xe0, 0x2, [@m_gact={0xdc, 0xe, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x74b, 0x0, 0x4, 0x2, 0x7}}, @TCA_GACT_PARMS={0x18, 0x2, {0x1, 0x7, 0x5, 0x6, 0x100}}]}, {0x80, 0x6, "bd27eb2fcf967f300a53f5e172e60688bafdbc7b8ed5524afaa39e319455907cc615bf05d5f899086930b8968dd58eb2d2d4f62d83b1aa7a0a21ad30103ed241886b30ea8c6ce99ea2d43b50cd3860d1e89e53006af70e5bc460eb8ba25b46d83834d2fe0d712ee035872c63d2ab9a548066025d04b9c784baea3cbf"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}]}, 0x118}, 0x1, 0x0, 0x0, 0x40}, 0x200400c0) read(r5, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x2000) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_netfilter(0x10, 0x3, 0xc) 3.500111424s ago: executing program 1 (id=138): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0xbdf) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) 3.360366621s ago: executing program 1 (id=139): mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x120) openat$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000640)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='pids.current\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x3, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 3.360096827s ago: executing program 3 (id=140): io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d5, 0x80, 0x5, 0x2b0}) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2, 0x0, &(0x7f00000004c0)=[{}, {0x2, 0x1}], 0x10, 0x80000000, @void, @value}, 0x94) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500e2ff00000000bb7ccc2db638ecdcb975607aaad7c13b0bb7fbbb6c999f0c1bb32e5d8dcac681616269f821aa5dc0d11472093bb4b01d06e10b6518a98774a0d09061f06e4d74207f837997c36ab39ecd0c36b7a61721a36eae01eb224c045a38e701a4d196a4c9e14977c4d8d6396d84198d0a7fc83e02c9cc8882112e8ed59e1c0e1f3a00b0c8478dadbd2cc98fbc7153efbacc41497c78726b161ce3c2610bb71a2b0774abd84b26932d1bfac295d893f94ae878f90d909dccd4fe770435a0"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r4) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff0802110000"], 0x6f4}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r8, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x4000) keyctl$setperm(0x5, r2, 0x52b242d) keyctl$join(0x1, &(0x7f0000000140)={'syz', 0x3}) r12 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'netdevsim0\x00'}) keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) 3.315235206s ago: executing program 1 (id=142): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x5c76}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040), 0x0, 0x0}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000180)=0x17) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000200)=0xdc) 3.262111566s ago: executing program 3 (id=143): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 3.190037631s ago: executing program 1 (id=144): write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) r0 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380)=0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) syz_io_uring_setup(0x5e2, &(0x7f00000003c0)={0x0, 0x0, 0x2000, 0x0, 0x3c}, &(0x7f0000000040)=0x0, &(0x7f0000000200)) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x2) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x1e) keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r0, 0xa3d, 0x0, 0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7600, 0xfeff) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1200000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="01000000000000004bc98d85000000bfd628", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800b00010067656e657665000008000280040006001400030067656e65766531000000000000000000"], 0x4c}}, 0x2000000) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_TX_RING(r5, 0x11b, 0x3, &(0x7f0000000280)=0x40, 0x4) bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10) getsockopt$XDP_STATISTICS(r5, 0x11b, 0x7, &(0x7f0000000180), &(0x7f00000002c0)=0x30) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) get_thread_area(&(0x7f0000000000)={0xc}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x2000002, 0xb5, 0x0, &(0x7f0000000100)="f7b9a60000000000000000839404f49b03d2df2dbd2c1dccd76a44856d550b41309d8e3e2152ce2ea49c51b456e16917ef2dd3bf970ac1509ff0dc152186e1d5a55d72e6852bd3c0bf01796f21583f5d439e5f433efa861f0aaf790cb3397556d3bcb62077aa304d5f1b6a67105e42b40871f4801e540e9eb68048bebde78ff0257916fbcfd332d282935c0934f37985678ee656456c7e71a46dd9c1a9b3b40d18cd0019126b93a3da73fbad1f1e70cc8356313242", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) 3.189795178s ago: executing program 3 (id=145): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x8, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0xffffffffffffff48, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x93, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xdf}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x10000800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1004}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket(0x10, 0x80003, 0x0) write(r2, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r2) 2.226692123s ago: executing program 3 (id=146): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0xc5e, 0x422c80) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSBRKP(r1, 0x5425, 0xffffffff) r2 = io_uring_setup(0x22d1, 0x0) close(r2) ioctl$TCSETSW2(r1, 0x5425, 0x0) unshare(0x68040200) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8912, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0x5, 0x0}, 0x7a}) r4 = socket(0x2b, 0x80801, 0x1) setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f0000000240)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x6, 0x101, 0x8, 0x7, 0x1ff], 0x1, 0x0, 0x0, [{}]}, 0x60) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) close(0xffffffffffffffff) ioperm(0x3, 0x2c3, 0xbc) listen(0xffffffffffffffff, 0xffffff7e) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f00000003c0)={0x1, 0x4, 0x2, 0x0, 0xe}) connect$llc(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) 2.025063807s ago: executing program 1 (id=147): r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0x1, 0x12) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) r4 = fcntl$dupfd(r2, 0x0, r2) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000001c0)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000000)) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$igmp(0x2, 0x3, 0x2) r7 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="4c000000140097fa7059ae08060c040002ff0f0200000000000001870182fa73a69d35b5cca84708f7abca1b4e7d06a6bd7c493872f750375ed08a560400000003c48f93b82a03000000469e", 0x4c}], 0x1}, 0x0) socket$packet(0x11, 0x2, 0x300) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYRESDEC=r6], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a4f00000000000000000002000000300003802c00038014000100776732000000000000000000000000001400010076657468315f746f5f627269646765000900020073797a30000000000900010073"], 0x84}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 1.850331048s ago: executing program 1 (id=149): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}}], 0x1, 0x11) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setfsuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) openat$vimc0(0xffffff9c, &(0x7f0000000340), 0x2, 0x0) connect$phonet_pipe(r3, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x20040010) ptrace$ARCH_MAP_VDSO_X32(0x1e, 0x0, 0x2, 0x2001) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) read$char_usb(0xffffffffffffffff, &(0x7f0000000000)=""/188, 0xbc) 1.255837818s ago: executing program 3 (id=150): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="7f454c4700040000ff7f08000000000003003e00ecffffff9a030000000000004000000000000000560000000000000000000000000038000100000002000000030000000500000004000000000000000d20000000400000c801000000000000e2000000000000000400000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000027501a940000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005ff5ff96905f8e778ab46c510000000000000000000000000000000000000000000000000000e7ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d24266da1b0c131bae537507b00fd1134ceb4cea898975c9365b5348dea804107af2e745a9d793267fca36048ad84592d69d429bb1b016da5562ba1b3a9482d85e4b883ba17de306c8f5b814cc90001dfc084ba3e9216f00ea4d405766027fc1eeab66b8b7c8d0baaecf1156444f92d6cb4e21237d46b842ef0a70779d9e0de9f3e5c2a44ee38aaafa20ecb0c9fe7ec8e53093f47b74e37c179625f417cfdc51cc621db069fa86bfe19be006c04d76cde2c24c619bb7a7377b6a472bddde638040c9b882556708ff7a431e79cafce3d77817492a34117f38dbf6b02aeff808b26867cf8b26e487230fb3628eda6c7993ece7da63036a7b31a6165140520bf863e35a52377cd9fa89b53c63b32e5d1de9990e891ed58224c220e3ec9e6fe05d1fc9bd5d46b22b8cb3dad92b4a6086cfe65dfb08cf59b6173046cf0b193421906a51156e38afd16f03e3bcb70b2ffa11a6ab2bb0150fbaf3aa15d8c4ec852f1"], 0x178) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000003c000b0000000000fcffffff04000000040000800c0001"], 0x24}}, 0x0) close(r0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x3, 0xfff, 0x0, 0xb49, 0xc, 0x8, 0x0, 0x3}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x8910, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f000003e000/0x3000)=nil, 0x3000, 0x14) r4 = openat$vnet(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$FIONCLEX(r4, 0x5450) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r5, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_ivalue=0x8}) ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000)) 1.185990623s ago: executing program 2 (id=151): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="7f454c4700040000ff7f08000000000003003e00ecffffff9a030000000000004000000000000000560000000000000000000000000038000100000002000000030000000500000004000000000000000d20000000400000c801000000000000e2000000000000000400000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000027501a940000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005ff5ff96905f8e778ab46c510000000000000000000000000000000000000000000000000000e7ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d24266da1b0c131bae537507b00fd1134ceb4cea898975c9365b5348dea804107af2e745a9d793267fca36048ad84592d69d429bb1b016da5562ba1b3a9482d85e4b883ba17de306c8f5b814cc90001dfc084ba3e9216f00ea4d405766027fc1eeab66b8b7c8d0baaecf1156444f92d6cb4e21237d46b842ef0a70779d9e0de9f3e5c2a44ee38aaafa20ecb0c9fe7ec8e53093f47b74e37c179625f417cfdc51cc621db069fa86bfe19be006c04d76cde2c24c619bb7a7377b6a472bddde638040c9b882556708ff7a431e79cafce3d77817492a34117f38dbf6b02aeff808b26867cf8b26e487230fb3628eda6c7993ece7da63036a7b31a6165140520bf863e35a52377cd9fa89b53c63b32e5d1de9990e891ed58224c220e3ec9e6fe05d1fc9bd5d46b22b8cb3dad92b4a6086cfe65dfb08cf59b6173046cf0b193421906a51156e38afd16f03e3bcb70b2ffa11a6ab2bb0150fbaf3aa15d8c4ec852f1"], 0x178) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000003c000b0000000000fcffffff04000000040000800c0001"], 0x24}}, 0x0) close(r0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x3, 0xfff, 0x0, 0xb49, 0xc, 0x8, 0x0, 0x3}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x8910, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f000003e000/0x3000)=nil, 0x3000, 0x14) r4 = openat$vnet(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$FIONCLEX(r4, 0x5450) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r5, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_ivalue=0x8}) ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000)) 864.368009ms ago: executing program 0 (id=153): io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d5, 0x80, 0x5, 0x2b0}) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2, 0x0, &(0x7f00000004c0)=[{}, {0x2, 0x1}], 0x10, 0x80000000, @void, @value}, 0x94) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500e2ff00000000bb7ccc2db638ecdcb975607aaad7c13b0bb7fbbb6c999f0c1bb32e5d8dcac681616269f821aa5dc0d11472093bb4b01d06e10b6518a98774a0d09061f06e4d74207f837997c36ab39ecd0c36b7a61721a36eae01eb224c045a38e701a4d196a4c9e14977c4d8d6396d84198d0a7fc83e02c9cc8882112e8ed59e1c0e1f3a00b0c8478dadbd2cc98fbc7153efbacc41497c78726b161ce3c2610bb71a2b0774abd84b26932d1bfac295d893f94ae878f90d909dccd4fe770435a0"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r4) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r5, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r7, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff0802110000"], 0x6f4}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r8, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x4000) keyctl$setperm(0x5, r2, 0x52b242d) keyctl$join(0x1, &(0x7f0000000140)={'syz', 0x3}) r12 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'netdevsim0\x00'}) keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x3}) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) 846.527444ms ago: executing program 0 (id=154): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x120) openat$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000640)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='pids.current\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x3, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r3}, 0x80, &(0x7f00000004c0)=[{0x0}], 0x1}}], 0x1, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 600.254376ms ago: executing program 0 (id=155): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) add_key$keyring(0x0, &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYBLOB="010028057000fcdb", @ANYRES32, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r3, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x4000) keyctl$join(0x1, &(0x7f0000000140)={'syz', 0x3}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xf, 0x4}, {0x2, 0x8}, {0x3, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x44000800}, 0x4000010) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) 528.265308ms ago: executing program 0 (id=156): mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00') (fail_nth: 3) 237.419399ms ago: executing program 0 (id=157): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$inet(0x2, 0x80001, 0x84) r3 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r3, &(0x7f0000000180)={0x2, 0xce20, @local}, 0x10) listen(r3, 0x3) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r2, &(0x7f0000000180)={0x2, 0xce20, @loopback}, 0x10) listen(r2, 0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x4, &(0x7f00000001c0)=0x0) r7 = eventfd2(0xc4, 0x800) r8 = dup2(r7, r5) io_submit(r6, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r9, 0x560a, &(0x7f0000000100)={0x4, 0x0, 0x4, 0x0, 0x4002, 0x8000}) write(r4, 0x0, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000d00)=@filter={'filter\x00', 0x4, 0x4, 0x644, 0xffffffff, 0x100, 0x3f8, 0x0, 0xfeffffff, 0xffffffff, 0x57c, 0x57c, 0x57c, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xdc, 0x100, 0x0, {}, [@common=@unspec=@time={{0x38}}]}, @REJECT={0x24}}, {{@ipv6={@private2, @empty, [], [], 'pimreg\x00', 'batadv_slave_1\x00'}, 0x0, 0x2d4, 0x2f8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x1000}}]}, @common=@inet=@SYNPROXY={0x24}}, {{@uncond, 0x0, 0x160, 0x184, 0x0, {}, [@common=@frag={{0x30}}, @common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @remote, @dev, @private1}}]}, @REJECT={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6a0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0xbdf) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) syz_clone(0x1000, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x0) r11 = socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), r8) setsockopt$sock_int(r11, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r11, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) 110.027412ms ago: executing program 2 (id=158): r0 = socket$kcm(0x10, 0x2, 0x0) socket$inet6(0xa, 0x3, 0x2f) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$uinput_user_dev(r1, &(0x7f0000000240)={'syz0\x00', {0x508, 0x7, 0x7, 0x1}, 0x4a, [0x5f11bec3, 0x3, 0x5, 0x40, 0x0, 0x3, 0x0, 0x7d, 0x80013, 0x5, 0x0, 0x6, 0x0, 0x0, 0x4000000, 0x2, 0x1a4, 0xfffff605, 0x3, 0x0, 0x80, 0x7ff, 0xe2b, 0x7, 0x681c1eb5, 0x11e, 0x0, 0x2, 0x0, 0xe9, 0x0, 0xffff, 0x9, 0x4, 0x0, 0x3, 0x0, 0x0, 0x5de82a4e, 0x0, 0x0, 0x20000, 0x4, 0xfffffffe, 0x1, 0x0, 0x8000, 0x7, 0x0, 0xe0, 0x3fd, 0x5, 0xfffffff7, 0x0, 0xf685, 0x0, 0x1ab9, 0x0, 0x2, 0x0, 0xfffffffb, 0x1c15d73a, 0x2], [0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x61c5fb46, 0x10000, 0x80, 0x4, 0x10001, 0x75, 0x0, 0x4, 0x0, 0xd, 0x80000000, 0x0, 0x61c2, 0x9, 0x0, 0x9, 0x2, 0xff, 0x2, 0x10001, 0x3, 0x0, 0x7, 0xfffffffb, 0xffffff00, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1, 0xffff, 0x9, 0x441238ca, 0x0, 0x0, 0x0, 0xfffffff9, 0x2, 0x7fffffff, 0x6, 0x9], [0x0, 0xc50, 0x3, 0x9f5, 0x0, 0xa02, 0x1c75, 0xf51, 0x6, 0x40, 0x0, 0x21, 0x20000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x205, 0x5, 0xfffffffd, 0xc, 0x0, 0x200, 0xcc0, 0x401, 0x6, 0x6, 0x0, 0x0, 0xffffff7f, 0xe, 0x921, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x15960318, 0x0, 0x0, 0x0, 0xfffffffc, 0x9, 0x5, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffe, 0x4, 0x0, 0x6574, 0x7, 0x0, 0xcd55, 0xfb], [0x0, 0x6, 0x0, 0x2, 0x1, 0xffffffff, 0x5, 0x200, 0xffffffff, 0xd63, 0x6, 0x0, 0x0, 0x0, 0xfffffffa, 0xfa3, 0x3ff, 0x8, 0x4, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x194e, 0x0, 0xe793, 0x4ad, 0x0, 0x0, 0x80000001, 0x3, 0x0, 0x0, 0x101, 0x0, 0x1, 0x0, 0x40, 0x8000010, 0x0, 0x5, 0x0, 0x0, 0x7ff7, 0x6, 0x800, 0x5, 0xd, 0x0, 0x40000000, 0x0, 0x4, 0x45d, 0x4, 0x0, 0xfff, 0xb2, 0xa, 0xb]}, 0x45c) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r2, &(0x7f0000000580)=[{&(0x7f0000000240)="01000000", 0x4}, {&(0x7f0000000280)}, {&(0x7f00000002c0)="c27d037369597e", 0x7}], 0x3, 0xfffffffe, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, 0x0, &(0x7f0000000180)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r6, 0xc0205710, &(0x7f00000004c0)={0x0, 0x83e56, 0x10, 0x0, 0x3}) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x0) r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r8 = dup(r7) munlockall() write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x4e1, 0x0, 0x0, &(0x7f0000000140)) r9 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x42) ioctl$SCSI_IOCTL_SEND_COMMAND(r9, 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000000008000000bf00400068bdb443caa2abd13d511971a6cd02a70a5a2fcacad24b49cf6a5d2739a4025a533920fb39dfa3e4be21e36207b15e5c9928d197ec3ea7835de2f8dcb81f92d6d538cd9396a97bc2e02c179e9e2fe83a4e20426b777e46e1701ba17956229f7b717b7370b87fd2051c8be4854af7a6c1e0f4285da6e6bbd3e84500086ee4c650febe88de332640d9b03c5ebcd5a5299c3f67"]) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003100000002200000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x20040040) 454.435µs ago: executing program 3 (id=159): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0xc5e, 0x3a880) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSBRKP(r1, 0x5425, 0xffffffff) r2 = io_uring_setup(0x22d1, 0x0) close(r2) ioctl$TCSETSW2(r1, 0x5425, 0x0) unshare(0x68040200) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8912, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0x5, 0x0}, 0x7a}) r4 = socket(0x2b, 0x80801, 0x1) setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f0000000240)={'nat\x00', 0x0, 0x0, 0x0, [0x3, 0x6, 0x101, 0x8, 0x7, 0x1ff], 0x1, 0x0, 0x0, [{}]}, 0x60) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) close(0xffffffffffffffff) ioperm(0x3, 0x2c3, 0xbc) listen(0xffffffffffffffff, 0xffffff7e) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f00000003c0)={0x1, 0x4, 0x2, 0x0, 0xe}) connect$llc(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) 0s ago: executing program 0 (id=160): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0xbdf) ioctl$NBD_DO_IT(r0, 0xab03) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:56191' (ED25519) to the list of known hosts. [ 46.933363][ T5919] cgroup: Unknown subsys name 'net' [ 47.079865][ T5919] cgroup: Unknown subsys name 'cpuset' [ 47.084163][ T5919] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 47.939379][ T5919] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 51.837611][ T5939] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 51.841435][ T5939] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 51.844009][ T5938] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 51.844753][ T5939] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 51.847949][ T5948] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 51.850511][ T5939] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 51.852304][ T5948] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 51.855046][ T5939] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 51.857223][ T5948] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 51.858687][ T5949] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 51.860782][ T5939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 51.867622][ T5938] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 51.867933][ T5299] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 51.868420][ T5939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 51.869212][ T5939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 51.869893][ T5939] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 51.870337][ T5938] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 51.871048][ T5938] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 51.871369][ T5938] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 51.874811][ T5299] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.145727][ T5934] chnl_net:caif_netlink_parms(): no params data found [ 52.202983][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 52.241039][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 52.360751][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.364103][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.367286][ T5934] bridge_slave_0: entered allmulticast mode [ 52.371220][ T5934] bridge_slave_0: entered promiscuous mode [ 52.386565][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 52.392032][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.394991][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.398061][ T5934] bridge_slave_1: entered allmulticast mode [ 52.401801][ T5934] bridge_slave_1: entered promiscuous mode [ 52.586605][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.590691][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.593771][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.596820][ T5935] bridge_slave_0: entered allmulticast mode [ 52.600824][ T5935] bridge_slave_0: entered promiscuous mode [ 52.610308][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.612991][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.615271][ T5944] bridge_slave_0: entered allmulticast mode [ 52.618690][ T5944] bridge_slave_0: entered promiscuous mode [ 52.623993][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.653779][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.656757][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.659826][ T5935] bridge_slave_1: entered allmulticast mode [ 52.663737][ T5935] bridge_slave_1: entered promiscuous mode [ 52.672826][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.675555][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.678535][ T5944] bridge_slave_1: entered allmulticast mode [ 52.681198][ T5944] bridge_slave_1: entered promiscuous mode [ 52.728739][ T5934] team0: Port device team_slave_0 added [ 52.775211][ T5934] team0: Port device team_slave_1 added [ 52.828081][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.848234][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.868216][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.871692][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 52.874284][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 52.882124][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 52.887968][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.890913][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.893341][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.895593][ T5943] bridge_slave_0: entered allmulticast mode [ 52.898477][ T5943] bridge_slave_0: entered promiscuous mode [ 52.915779][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 52.918739][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 52.928843][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 52.956369][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.959346][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.961582][ T5943] bridge_slave_1: entered allmulticast mode [ 52.964218][ T5943] bridge_slave_1: entered promiscuous mode [ 52.997148][ T5944] team0: Port device team_slave_0 added [ 53.002994][ T5944] team0: Port device team_slave_1 added [ 53.085410][ T5935] team0: Port device team_slave_0 added [ 53.137063][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.139309][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.147192][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.153007][ T5935] team0: Port device team_slave_1 added [ 53.158140][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.188863][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.191539][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.199546][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.218821][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.227227][ T5934] hsr_slave_0: entered promiscuous mode [ 53.230743][ T5934] hsr_slave_1: entered promiscuous mode [ 53.266122][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.269114][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.279568][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.327723][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.330573][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.340918][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.352529][ T5943] team0: Port device team_slave_0 added [ 53.357913][ T5943] team0: Port device team_slave_1 added [ 53.469172][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.472119][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.482405][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.527020][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.529278][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.537589][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.543476][ T5944] hsr_slave_0: entered promiscuous mode [ 53.545649][ T5944] hsr_slave_1: entered promiscuous mode [ 53.547937][ T5944] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.550398][ T5944] Cannot create hsr debugfs directory [ 53.582531][ T5935] hsr_slave_0: entered promiscuous mode [ 53.584720][ T5935] hsr_slave_1: entered promiscuous mode [ 53.587696][ T5935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.590462][ T5935] Cannot create hsr debugfs directory [ 53.731904][ T5943] hsr_slave_0: entered promiscuous mode [ 53.734438][ T5943] hsr_slave_1: entered promiscuous mode [ 53.736550][ T5943] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.739014][ T5943] Cannot create hsr debugfs directory [ 53.867643][ T5942] Bluetooth: hci1: command tx timeout [ 53.914113][ T5934] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 53.947763][ T5942] Bluetooth: hci0: command tx timeout [ 53.948114][ T5934] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 53.953889][ T5934] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 53.957437][ T5942] Bluetooth: hci2: command tx timeout [ 53.957446][ T5299] Bluetooth: hci3: command tx timeout [ 53.961013][ T5934] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.017753][ T5944] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.022865][ T5944] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.027865][ T5944] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.033566][ T5944] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.068702][ T5943] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.074550][ T5943] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.081108][ T5943] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.085922][ T5943] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.158967][ T5935] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.173156][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.176496][ T5935] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.185303][ T5935] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.200534][ T5935] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.232112][ T5934] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.252834][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.255189][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.259707][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.261988][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.275149][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.291766][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.302989][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.315383][ T1248] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.317621][ T1248] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.332517][ T1248] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.334736][ T1248] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.348866][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.362054][ T1248] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.365031][ T1248] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.380798][ T5934] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.391295][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.394407][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.409450][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.430172][ T5943] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.442151][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.464986][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.468043][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.492083][ T217] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.495166][ T217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.552992][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.574692][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.617255][ T5934] veth0_vlan: entered promiscuous mode [ 54.633131][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.642445][ T5934] veth1_vlan: entered promiscuous mode [ 54.651694][ T5943] veth0_vlan: entered promiscuous mode [ 54.659501][ T5943] veth1_vlan: entered promiscuous mode [ 54.681339][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.691544][ T5934] veth0_macvtap: entered promiscuous mode [ 54.700010][ T5934] veth1_macvtap: entered promiscuous mode [ 54.710822][ T5944] veth0_vlan: entered promiscuous mode [ 54.721161][ T5943] veth0_macvtap: entered promiscuous mode [ 54.729265][ T5943] veth1_macvtap: entered promiscuous mode [ 54.740409][ T5944] veth1_vlan: entered promiscuous mode [ 54.744651][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.758533][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.770543][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.773402][ T5934] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.776541][ T5934] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.780804][ T5934] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.783996][ T5934] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.793743][ T5935] veth0_vlan: entered promiscuous mode [ 54.798803][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.810682][ T5943] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.813452][ T5943] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.816366][ T5943] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.819520][ T5943] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.825144][ T5935] veth1_vlan: entered promiscuous mode [ 54.853972][ T5944] veth0_macvtap: entered promiscuous mode [ 54.863026][ T5944] veth1_macvtap: entered promiscuous mode [ 54.892909][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.893158][ T1248] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.898022][ T1248] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.902425][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.908446][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.910855][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.915196][ T5935] veth0_macvtap: entered promiscuous mode [ 54.924474][ T5944] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.928248][ T5944] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.930940][ T5944] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.933678][ T5944] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.938726][ T5935] veth1_macvtap: entered promiscuous mode [ 54.957276][ T217] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.959708][ T217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.961587][ T1172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.964616][ T1172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.967537][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.982205][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.993479][ T5935] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.996305][ T5935] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.999679][ T5935] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.002349][ T5935] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.020685][ T5943] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.043333][ T1172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.050127][ T1172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.101049][ T5999] Bluetooth: MGMT ver 1.23 [ 55.105577][ T1248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.108816][ T1248] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.113410][ T1248] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.115974][ T1248] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.169620][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.175849][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.186998][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.189737][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.192251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.257280][ T0] NOHZ tick-stop error: local softirq work is pending, handler #308!!! [ 55.307456][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.462030][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.598712][ T6013] program syz.0.1 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 55.603723][ T6013] netlink: 'syz.0.1': attribute type 10 has an invalid length. [ 55.617333][ T6013] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 55.621785][ T6013] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 55.625803][ T6013] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 55.667125][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 55.727157][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 55.769178][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.797349][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.949600][ T5942] Bluetooth: hci1: command tx timeout [ 56.037300][ T5942] Bluetooth: hci3: command tx timeout [ 56.039067][ T5942] Bluetooth: hci0: command tx timeout [ 56.041118][ T5942] Bluetooth: hci2: command tx timeout [ 56.415762][ T6023] program syz.1.7 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 56.435249][ T6023] netlink: 'syz.1.7': attribute type 10 has an invalid length. [ 56.455831][ T6023] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 56.460506][ T6023] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 56.465690][ T6023] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 57.000198][ T59] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 57.218316][ T59] usb 8-1: Using ep0 maxpacket: 32 [ 57.303340][ T59] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 57.391744][ T59] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 57.442710][ T59] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 57.494101][ T59] usb 8-1: Product: syz [ 57.528256][ T59] usb 8-1: Manufacturer: syz [ 57.558098][ T59] usb 8-1: SerialNumber: syz [ 57.695665][ T59] usb 8-1: config 0 descriptor?? [ 57.705065][ T6031] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 57.738685][ T6042] program syz.1.12 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 57.739413][ T59] hub 8-1:0.0: bad descriptor, ignoring hub [ 57.746118][ T6042] netlink: 'syz.1.12': attribute type 10 has an invalid length. [ 57.749427][ T6042] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 57.754151][ T6042] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 57.758071][ T6042] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 57.775336][ T59] hub 8-1:0.0: probe with driver hub failed with error -5 [ 58.027059][ T5939] Bluetooth: hci1: command tx timeout [ 58.107092][ T5939] Bluetooth: hci2: command tx timeout [ 58.108951][ T5939] Bluetooth: hci0: command tx timeout [ 58.110769][ T5939] Bluetooth: hci3: command tx timeout [ 59.247299][ T916] usb 8-1: USB disconnect, device number 2 [ 60.107058][ T5942] Bluetooth: hci1: command tx timeout [ 60.187991][ T5942] Bluetooth: hci3: command tx timeout [ 60.188223][ T5939] Bluetooth: hci0: command tx timeout [ 60.188254][ T5299] Bluetooth: hci2: command tx timeout [ 60.427158][ T5997] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 60.597031][ T5997] usb 8-1: Using ep0 maxpacket: 32 [ 60.603213][ T5997] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 60.616681][ T5997] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 60.620016][ T5997] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 60.623000][ T5997] usb 8-1: Product: syz [ 60.624677][ T5997] usb 8-1: Manufacturer: syz [ 60.626325][ T5997] usb 8-1: SerialNumber: syz [ 60.640134][ T5997] usb 8-1: config 0 descriptor?? [ 60.644910][ T6067] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 60.659306][ T5997] hub 8-1:0.0: bad descriptor, ignoring hub [ 60.661276][ T5997] hub 8-1:0.0: probe with driver hub failed with error -5 [ 61.084528][ T4231] usb 8-1: USB disconnect, device number 3 [ 61.547793][ T6089] program syz.0.23 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 61.555169][ T6089] netlink: 'syz.0.23': attribute type 10 has an invalid length. [ 61.558594][ T6089] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 61.563380][ T6089] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 61.568703][ T6089] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 62.793875][ T6110] program syz.2.29 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 62.800238][ T6110] netlink: 'syz.2.29': attribute type 10 has an invalid length. [ 62.820248][ T6110] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 62.825277][ T6110] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 62.831423][ T6110] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 63.757664][ T6122] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 64.030689][ T6120] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 64.032685][ T6120] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 64.100288][ T6120] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 64.105918][ T6120] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 64.108618][ T6120] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 64.112296][ T6120] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 64.116602][ T6120] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 64.119313][ T6120] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 64.124674][ T6120] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 64.140760][ T6120] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 64.142777][ T6120] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 64.146839][ T6120] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 64.206396][ T6126] program syz.2.33 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 64.211679][ T6126] netlink: 'syz.2.33': attribute type 10 has an invalid length. [ 64.214133][ T6126] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 64.218123][ T6126] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 64.222145][ T6126] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 66.107394][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout [ 66.116118][ T5939] Bluetooth: hci1: command 0x0c1a tx timeout [ 66.197158][ T5939] Bluetooth: hci3: command 0x0c1a tx timeout [ 66.199915][ T5939] Bluetooth: hci2: command 0x0c1a tx timeout [ 66.489503][ T6155] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41'. [ 67.654639][ T6166] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 67.657577][ T6166] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 67.665467][ T6166] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 67.668867][ T6166] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 68.117839][ T6180] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 68.123305][ T6180] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 68.126021][ T6180] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 68.129376][ T6180] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 69.747450][ T5967] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 69.917518][ T5967] usb 7-1: Using ep0 maxpacket: 32 [ 69.927257][ T5967] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 69.953528][ T5967] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 69.970152][ T5967] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 69.995197][ T5967] usb 7-1: Product: syz [ 70.005916][ T5967] usb 7-1: Manufacturer: syz [ 70.015388][ T5967] usb 7-1: SerialNumber: syz [ 70.066576][ T5967] usb 7-1: config 0 descriptor?? [ 70.077408][ T6207] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 70.104830][ T5967] hub 7-1:0.0: bad descriptor, ignoring hub [ 70.107249][ T5939] Bluetooth: hci0: command 0x0c1a tx timeout [ 70.127448][ T5967] hub 7-1:0.0: probe with driver hub failed with error -5 [ 70.189211][ T5939] Bluetooth: hci3: command 0x0c1a tx timeout [ 70.191842][ T5299] Bluetooth: hci1: command 0x0c1a tx timeout [ 70.191874][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout [ 71.077379][ T6212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.57'. [ 71.887259][ T24] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 72.037092][ T24] usb 8-1: Using ep0 maxpacket: 32 [ 72.187025][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout [ 72.267172][ T5939] Bluetooth: hci3: command 0x0c1a tx timeout [ 72.269849][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout [ 72.277129][ T5942] Bluetooth: hci1: command 0x0c1a tx timeout [ 72.400073][ T24] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 72.420940][ T6227] 9pnet_fd: Insufficient options for proto=fd [ 72.448841][ T10] usb 7-1: USB disconnect, device number 2 [ 72.517899][ T24] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 72.573084][ T24] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 72.608309][ T24] usb 8-1: Product: syz [ 72.620965][ T24] usb 8-1: Manufacturer: syz [ 72.656046][ T24] usb 8-1: SerialNumber: syz [ 72.783945][ T24] usb 8-1: config 0 descriptor?? [ 72.802753][ T6221] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 72.859091][ T24] hub 8-1:0.0: bad descriptor, ignoring hub [ 72.882078][ T24] hub 8-1:0.0: probe with driver hub failed with error -5 [ 73.477137][ T24] usb 8-1: USB disconnect, device number 4 [ 74.247857][ T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 74.253491][ T6260] netlink: 4 bytes leftover after parsing attributes in process `syz.1.71'. [ 74.421888][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 74.426489][ T24] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 74.430394][ T24] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 74.455771][ T24] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 74.458997][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.461538][ T24] usb 7-1: Product: syz [ 74.464408][ T24] usb 7-1: Manufacturer: syz [ 74.466002][ T24] usb 7-1: SerialNumber: syz [ 74.467813][ T5996] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 74.479630][ T6263] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 74.482055][ T6263] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 74.484420][ T6263] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 74.486923][ T6263] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 74.529729][ T6256] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 74.647120][ T5996] usb 8-1: Using ep0 maxpacket: 32 [ 74.665083][ T5996] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 74.690829][ T5996] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 74.737823][ T5996] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 74.753791][ T5996] usb 8-1: Product: syz [ 74.756222][ T5996] usb 8-1: Manufacturer: syz [ 74.761754][ T5996] usb 8-1: SerialNumber: syz [ 74.828918][ T24] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 74.881449][ T5996] usb 8-1: config 0 descriptor?? [ 74.909061][ T6257] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 74.948259][ T5996] hub 8-1:0.0: bad descriptor, ignoring hub [ 74.982197][ T24] usb 7-1: USB disconnect, device number 3 [ 74.984241][ T5996] hub 8-1:0.0: probe with driver hub failed with error -5 [ 75.167394][ T24] usblp0: removed [ 75.172429][ T6275] syz.1.75 uses obsolete (PF_INET,SOCK_PACKET) [ 75.833221][ T6282] 9pnet_fd: Insufficient options for proto=fd [ 75.947262][ T34] usb 8-1: USB disconnect, device number 5 [ 76.118200][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.151997][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.180384][ T6291] program syz.2.79 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 76.186517][ T6291] netlink: 'syz.2.79': attribute type 10 has an invalid length. [ 76.190299][ T6291] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 76.194109][ T6291] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 76.198779][ T6291] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 76.219440][ T5977] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 76.244423][ T6293] team0: entered promiscuous mode [ 76.246300][ T6293] team_slave_0: entered promiscuous mode [ 76.249498][ T6293] team_slave_1: entered promiscuous mode [ 76.390040][ T5977] usb 5-1: Using ep0 maxpacket: 32 [ 76.416456][ T5977] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 76.427630][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout [ 76.452178][ T5977] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 76.480999][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 76.502792][ T5977] usb 5-1: Product: syz [ 76.509003][ T5942] Bluetooth: hci3: command 0x0c1a tx timeout [ 76.510931][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout [ 76.512887][ T5939] Bluetooth: hci1: command 0x0c1a tx timeout [ 76.515410][ T5977] usb 5-1: Manufacturer: syz [ 76.528249][ T5977] usb 5-1: SerialNumber: syz [ 76.604700][ T5977] usb 5-1: config 0 descriptor?? [ 76.621488][ T6280] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 76.643089][ T5977] hub 5-1:0.0: bad descriptor, ignoring hub [ 76.649457][ T5977] hub 5-1:0.0: probe with driver hub failed with error -5 [ 76.987105][ T34] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 77.159769][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.163257][ T34] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 77.166052][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.183565][ T34] usb 6-1: config 0 descriptor?? [ 77.399122][ T34] usbhid 6-1:0.0: can't add hid device: -71 [ 77.401232][ T34] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 77.409560][ T34] usb 6-1: USB disconnect, device number 2 [ 77.549431][ T6313] process 'syz.2.86' launched './file1' with NULL argv: empty string added [ 77.562880][ T6313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.86'. [ 77.567081][ T6313] netlink: 4 bytes leftover after parsing attributes in process `syz.2.86'. [ 77.591051][ T5977] usb 5-1: USB disconnect, device number 2 [ 77.602900][ T6309] e1000e 0000:00:02.0 eth1: NIC Link is Down [ 77.857146][ T34] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 78.019192][ T34] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 78.022252][ T34] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 78.026324][ T34] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 78.032496][ T34] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 78.045304][ T34] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 78.052913][ T34] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 78.057947][ T34] usb 6-1: Product: syz [ 78.059691][ T34] usb 6-1: Manufacturer: syz [ 78.066302][ T34] cdc_wdm 6-1:1.0: skipping garbage [ 78.068624][ T34] cdc_wdm 6-1:1.0: skipping garbage [ 78.072495][ T34] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 78.074998][ T34] cdc_wdm 6-1:1.0: Unknown control protocol [ 78.294493][ T5977] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 78.406585][ T6300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.410154][ T6300] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.507387][ T5967] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 78.571099][ T5977] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 78.574909][ T5977] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 78.580753][ T5977] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 78.613957][ T5977] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 78.618226][ T5977] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.620785][ T5977] usb 7-1: Product: syz [ 78.622115][ T5977] usb 7-1: Manufacturer: syz [ 78.623602][ T5977] usb 7-1: SerialNumber: syz [ 78.684145][ T6336] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 78.703421][ T5967] usb 5-1: Using ep0 maxpacket: 32 [ 78.720376][ T5967] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 78.741118][ T5967] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 78.744000][ T5967] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 78.746728][ T5967] usb 5-1: Product: syz [ 78.749244][ T5967] usb 5-1: Manufacturer: syz [ 78.764091][ T5967] usb 5-1: SerialNumber: syz [ 78.835348][ T5967] usb 5-1: config 0 descriptor?? [ 78.856654][ T6345] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 78.877928][ T5967] hub 5-1:0.0: bad descriptor, ignoring hub [ 78.880739][ T6359] program syz.3.93 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 78.890778][ T6359] netlink: 'syz.3.93': attribute type 10 has an invalid length. [ 78.900486][ T6359] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 78.905180][ T6359] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 78.910308][ T6359] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 78.939876][ T5967] hub 5-1:0.0: probe with driver hub failed with error -5 [ 78.990911][ T5977] usblp 7-1:1.0: usblp1: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 79.655507][ C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 79.657420][ T34] usb 6-1: USB disconnect, device number 3 [ 79.657733][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 79.661414][ C1] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 79.671695][ T10] usb 7-1: USB disconnect, device number 4 [ 79.684817][ T10] usblp1: removed [ 79.846035][ T6060] usb 5-1: USB disconnect, device number 3 [ 80.179010][ T34] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 80.387093][ T34] usb 6-1: Using ep0 maxpacket: 32 [ 80.421613][ T34] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 80.485407][ T34] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 80.764570][ T6377] block nbd3: shutting down sockets [ 81.067198][ T34] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 81.069893][ T34] usb 6-1: Product: syz [ 81.071283][ T34] usb 6-1: Manufacturer: syz [ 81.072793][ T34] usb 6-1: SerialNumber: syz [ 81.256235][ T60] cfg80211: failed to load regulatory.db [ 81.461171][ T34] usb 6-1: config 0 descriptor?? [ 81.463633][ T6367] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 81.491476][ T34] hub 6-1:0.0: bad descriptor, ignoring hub [ 81.500330][ T34] hub 6-1:0.0: probe with driver hub failed with error -5 [ 82.147651][ T24] usb 6-1: USB disconnect, device number 4 [ 82.613712][ T6397] 9pnet_virtio: no channels available for device ./file0/file0 [ 82.616726][ T6397] PKCS7: Unknown OID: [4] 2.19.13055.940354.15722 [ 82.620037][ T6397] PKCS7: Only support pkcs7_signedData type [ 82.677048][ T10] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 82.917028][ T10] usb 8-1: Using ep0 maxpacket: 32 [ 82.922022][ T10] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 82.929638][ T10] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 82.933064][ T10] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 82.935592][ T10] usb 8-1: Product: syz [ 82.937463][ T10] usb 8-1: Manufacturer: syz [ 82.940093][ T10] usb 8-1: SerialNumber: syz [ 82.940280][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.1.104'. [ 82.948150][ T10] usb 8-1: config 0 descriptor?? [ 82.954543][ T6386] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 82.959316][ T10] hub 8-1:0.0: bad descriptor, ignoring hub [ 82.971643][ T10] hub 8-1:0.0: probe with driver hub failed with error -5 [ 83.427422][ T10] usb 8-1: USB disconnect, device number 6 [ 84.106222][ T6419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.108'. [ 84.112172][ T6419] netlink: 4 bytes leftover after parsing attributes in process `syz.1.108'. [ 85.251045][ T6441] random: crng reseeded on system resumption [ 85.381714][ T6443] block nbd2: shutting down sockets [ 85.703354][ T6452] sp0: Synchronizing with TNC [ 85.717921][ T6452] FAULT_INJECTION: forcing a failure. [ 85.717921][ T6452] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 85.723457][ T6452] CPU: 1 UID: 0 PID: 6452 Comm: syz.1.117 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 85.723473][ T6452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.723479][ T6452] Call Trace: [ 85.723483][ T6452] [ 85.723488][ T6452] dump_stack_lvl+0x16c/0x1f0 [ 85.723506][ T6452] should_fail_ex+0x512/0x640 [ 85.723526][ T6452] _copy_to_user+0x32/0xd0 [ 85.723538][ T6452] __copy_siginfo_to_user32+0x96/0xf0 [ 85.723549][ T6452] ? __pfx___copy_siginfo_to_user32+0x10/0x10 [ 85.723565][ T6452] ? _raw_spin_unlock_irq+0x29/0x50 [ 85.723577][ T6452] ? siginfo_layout+0x177/0x290 [ 85.723593][ T6452] ia32_setup_rt_frame+0x6cd/0xb30 [ 85.723609][ T6452] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 85.723625][ T6452] arch_do_signal_or_restart+0x480/0x790 [ 85.723641][ T6452] ? __fget_files+0x20e/0x3c0 [ 85.723653][ T6452] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 85.723672][ T6452] ? ksys_write+0x1ac/0x250 [ 85.723685][ T6452] ? __pfx_ksys_write+0x10/0x10 [ 85.723697][ T6452] ? __do_compat_sys_rt_sigreturn+0x14d/0x1f0 [ 85.723711][ T6452] exit_to_user_mode_loop+0x84/0x110 [ 85.723726][ T6452] __do_fast_syscall_32+0x2ac/0x3a0 [ 85.723743][ T6452] do_fast_syscall_32+0x32/0x80 [ 85.723758][ T6452] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 85.723772][ T6452] RIP: 0023:0xf7f26579 [ 85.723781][ T6452] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 85.723791][ T6452] RSP: 002b:00000000f5025590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 85.723801][ T6452] RAX: 0000000000000001 RBX: 000000000000000b RCX: 00000000f5025610 [ 85.723807][ T6452] RDX: 0000000000000001 RSI: 00000000f73b2ff4 RDI: 0000000000000000 [ 85.723813][ T6452] RBP: 00000000f73e5010 R08: 0000000000000000 R09: 0000000000000000 [ 85.723819][ T6452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.723825][ T6452] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 85.723837][ T6452] [ 85.901603][ T6452] [U] è [ 86.635259][ T6464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.122'. [ 87.177139][ T24] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 87.349781][ T24] usb 6-1: not running at top speed; connect to a high speed hub [ 87.354676][ T24] usb 6-1: config 74 has an invalid interface number: 216 but max is 3 [ 87.360130][ T24] usb 6-1: config 74 has an invalid interface number: 229 but max is 3 [ 87.364042][ T24] usb 6-1: config 74 contains an unexpected descriptor of type 0x1, skipping [ 87.367833][ T24] usb 6-1: config 74 has an invalid descriptor of length 0, skipping remainder of the config [ 87.376662][ T24] usb 6-1: config 74 has 2 interfaces, different from the descriptor's value: 4 [ 87.384997][ T24] usb 6-1: config 74 has no interface number 0 [ 87.387945][ T24] usb 6-1: config 74 has no interface number 1 [ 87.393073][ T24] usb 6-1: config 74 interface 216 altsetting 7 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 87.459399][ T24] usb 6-1: config 74 interface 229 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 87.463117][ T24] usb 6-1: config 74 interface 229 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 87.466688][ T24] usb 6-1: config 74 interface 229 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 87.471044][ T24] usb 6-1: config 74 interface 229 altsetting 9 has an endpoint descriptor with address 0x19, changing to 0x9 [ 87.474634][ T24] usb 6-1: config 74 interface 229 altsetting 9 endpoint 0x9 has invalid maxpacket 33314, setting to 64 [ 87.478165][ T24] usb 6-1: config 74 interface 229 altsetting 9 has 6 endpoint descriptors, different from the interface descriptor's value: 9 [ 87.483317][ T24] usb 6-1: config 74 interface 216 has no altsetting 0 [ 87.486244][ T24] usb 6-1: config 74 interface 229 has no altsetting 0 [ 87.492493][ T24] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0003, bcdDevice=3c.b8 [ 87.496346][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.498996][ T24] usb 6-1: Product: syz [ 87.500315][ T24] usb 6-1: Manufacturer: ≭砣璋 [ 87.501924][ T24] usb 6-1: SerialNumber: syz [ 87.579705][ T6480] input: syz0 as /devices/virtual/input/input5 [ 87.840424][ T6483] netlink: 12 bytes leftover after parsing attributes in process `syz.0.128'. [ 87.855540][ T24] kvaser_usb 6-1:74.216: error -ENODEV: Cannot get usb endpoint(s) [ 87.861998][ T24] kvaser_usb 6-1:74.229: error -ENODEV: Cannot get usb endpoint(s) [ 87.867283][ T24] usb 6-1: USB disconnect, device number 5 [ 88.087091][ T6489] input: syz0 as /devices/virtual/input/input6 [ 88.368490][ T6492] netlink: 4 bytes leftover after parsing attributes in process `syz.3.131'. [ 88.477141][ T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 88.489428][ T6497] program syz.3.133 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 88.493916][ T6497] netlink: 'syz.3.133': attribute type 10 has an invalid length. [ 88.496510][ T6497] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 88.500132][ T6497] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 88.503819][ T6497] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 88.641118][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 88.645052][ T24] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 88.654985][ T24] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 88.658883][ T24] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 88.663366][ T24] usb 5-1: Product: syz [ 88.665094][ T24] usb 5-1: Manufacturer: syz [ 88.667450][ T24] usb 5-1: SerialNumber: syz [ 88.674048][ T24] usb 5-1: config 0 descriptor?? [ 88.681881][ T6486] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 88.689226][ T24] hub 5-1:0.0: bad descriptor, ignoring hub [ 88.692450][ T24] hub 5-1:0.0: probe with driver hub failed with error -5 [ 88.896428][ T6507] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 88.899125][ T6507] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 88.903647][ T6507] vhci_hcd vhci_hcd.0: Device attached [ 88.955186][ T6508] vhci_hcd: connection closed [ 88.958037][ T1139] vhci_hcd: stop threads [ 88.967516][ T1139] vhci_hcd: release socket [ 88.969109][ T1139] vhci_hcd: disconnect device [ 89.007030][ T5977] usb 7-1: new low-speed USB device number 5 using dummy_hcd [ 89.087858][ T10] usb 5-1: USB disconnect, device number 4 [ 89.147072][ T5977] usb 7-1: device descriptor read/64, error -71 [ 89.417044][ T5977] usb 7-1: new low-speed USB device number 6 using dummy_hcd [ 89.432450][ T6514] block nbd1: shutting down sockets [ 89.534860][ T6519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.140'. [ 89.557406][ T5977] usb 7-1: device descriptor read/64, error -71 [ 89.617469][ T6527] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 89.620238][ T6527] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 89.623578][ T6527] vhci_hcd vhci_hcd.0: Device attached [ 89.749558][ T5977] usb usb7-port1: attempt power cycle [ 89.751770][ T6528] vhci_hcd: connection closed [ 89.766404][ T84] vhci_hcd: stop threads [ 89.770620][ T84] vhci_hcd: release socket [ 89.778624][ T84] vhci_hcd: disconnect device [ 89.837581][ T24] vhci_hcd: vhci_device speed not set [ 90.087074][ T5977] usb 7-1: new low-speed USB device number 7 using dummy_hcd [ 90.108230][ T5977] usb 7-1: device descriptor read/8, error -71 [ 90.347059][ T5977] usb 7-1: new low-speed USB device number 8 using dummy_hcd [ 90.367680][ T5977] usb 7-1: device descriptor read/8, error -71 [ 90.489398][ T5977] usb usb7-port1: unable to enumerate USB device [ 90.507611][ T6531] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 90.509747][ T6531] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 90.513976][ T6531] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 90.520254][ T6531] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 91.347623][ T60] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 91.517293][ T60] usb 6-1: Using ep0 maxpacket: 32 [ 91.549254][ T60] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 91.574234][ T60] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 91.592566][ T60] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 91.604456][ T60] usb 6-1: Product: syz [ 91.607614][ T60] usb 6-1: Manufacturer: syz [ 91.610940][ T60] usb 6-1: SerialNumber: syz [ 91.662344][ T60] usb 6-1: config 0 descriptor?? [ 91.666459][ T6551] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 91.711212][ T60] hub 6-1:0.0: bad descriptor, ignoring hub [ 91.714062][ T60] hub 6-1:0.0: probe with driver hub failed with error -5 [ 91.767985][ T5942] block nbd0: Receive control failed (result -32) [ 91.783720][ T6545] block nbd0: shutting down sockets [ 91.800363][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout [ 91.956436][ T6562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.153'. [ 92.482864][ T6572] FAULT_INJECTION: forcing a failure. [ 92.482864][ T6572] name failslab, interval 1, probability 0, space 0, times 0 [ 92.486671][ T6572] CPU: 1 UID: 0 PID: 6572 Comm: syz.0.156 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 92.486686][ T6572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 92.486693][ T6572] Call Trace: [ 92.486697][ T6572] [ 92.486701][ T6572] dump_stack_lvl+0x16c/0x1f0 [ 92.486720][ T6572] should_fail_ex+0x512/0x640 [ 92.486737][ T6572] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 92.486753][ T6572] should_failslab+0xc2/0x120 [ 92.486769][ T6572] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 92.486783][ T6572] ? getname_flags.part.0+0x4c/0x550 [ 92.486802][ T6572] getname_flags.part.0+0x4c/0x550 [ 92.486821][ T6572] getname_flags+0x93/0xf0 [ 92.486833][ T6572] __ia32_sys_rename+0x64/0xa0 [ 92.486849][ T6572] __do_fast_syscall_32+0x7c/0x3a0 [ 92.486865][ T6572] do_fast_syscall_32+0x32/0x80 [ 92.486880][ T6572] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 92.486893][ T6572] RIP: 0023:0xf704e579 [ 92.486902][ T6572] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 92.486912][ T6572] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000026 [ 92.486933][ T6572] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 00000000800001c0 [ 92.486940][ T6572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 92.486946][ T6572] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 92.486952][ T6572] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 92.486958][ T6572] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 92.486970][ T6572] [ 92.587268][ T5942] Bluetooth: hci1: command 0x0c1a tx timeout [ 92.587300][ T5939] Bluetooth: hci3: command 0x0c1a tx timeout [ 92.589336][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout [ 92.731001][ T6575] block nbd0: shutting down sockets [ 92.811129][ T6580] program syz.2.158 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 92.814965][ T6580] netlink: 'syz.2.158': attribute type 10 has an invalid length. [ 92.827383][ T6580] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 92.830681][ T6580] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 92.844735][ T6580] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 92.998021][ T6583] [ 92.998866][ T6583] ====================================================== [ 93.001029][ T6583] WARNING: possible circular locking dependency detected [ 93.003232][ T6583] 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 Not tainted [ 93.006873][ T6583] ------------------------------------------------------ [ 93.009026][ T6583] syz.0.160/6583 is trying to acquire lock: [ 93.010179][ T24] usb 6-1: USB disconnect, device number 6 [ 93.010853][ T6583] ffffffff8e52d8c8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4a/0x1470 [ 93.016313][ T6583] [ 93.016313][ T6583] but task is already holding lock: [ 93.018590][ T6583] ffff888042324ee8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: blk_mq_update_nr_hw_queues+0x275/0xcb0 [ 93.021958][ T6583] [ 93.021958][ T6583] which lock already depends on the new lock. [ 93.021958][ T6583] [ 93.025149][ T6583] [ 93.025149][ T6583] the existing dependency chain (in reverse order) is: [ 93.027897][ T6583] [ 93.027897][ T6583] -> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}: [ 93.030554][ T6583] blk_alloc_queue+0x619/0x760 [ 93.032242][ T6583] blk_mq_alloc_queue+0x175/0x290 [ 93.033971][ T6583] __blk_mq_alloc_disk+0x29/0x120 [ 93.035688][ T6583] nbd_dev_add+0x4a0/0xbc0 [ 93.037249][ T6583] nbd_init+0x181/0x320 [ 93.038717][ T6583] do_one_initcall+0x120/0x6e0 [ 93.040320][ T6583] kernel_init_freeable+0x5c2/0x900 [ 93.042135][ T6583] kernel_init+0x1c/0x2b0 [ 93.043632][ T6583] ret_from_fork+0x5d4/0x6f0 [ 93.045243][ T6583] ret_from_fork_asm+0x1a/0x30 [ 93.046889][ T6583] [ 93.046889][ T6583] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 93.049130][ T6583] fs_reclaim_acquire+0x102/0x150 [ 93.050853][ T6583] prepare_alloc_pages+0x162/0x610 [ 93.052643][ T6583] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 93.054625][ T6583] __alloc_pages_noprof+0xb/0x1b0 [ 93.056336][ T6583] pcpu_populate_chunk+0x110/0xb00 [ 93.058083][ T6583] pcpu_alloc_noprof+0x86a/0x1470 [ 93.059804][ T6583] iommu_dma_init_fq+0x202/0x8a0 [ 93.061507][ T6583] iommu_setup_dma_ops+0x1336/0x1700 [ 93.063326][ T6583] bus_iommu_probe+0x23e/0x530 [ 93.064992][ T6583] iommu_device_register+0x1af/0x280 [ 93.066793][ T6583] intel_iommu_init+0x25e7/0x3780 [ 93.068491][ T6583] pci_iommu_init+0x2e/0x90 [ 93.070048][ T6583] do_one_initcall+0x120/0x6e0 [ 93.071681][ T6583] kernel_init_freeable+0x5c2/0x900 [ 93.073483][ T6583] kernel_init+0x1c/0x2b0 [ 93.075004][ T6583] ret_from_fork+0x5d4/0x6f0 [ 93.076599][ T6583] ret_from_fork_asm+0x1a/0x30 [ 93.078260][ T6583] [ 93.078260][ T6583] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 93.080668][ T6583] __lock_acquire+0x126f/0x1c90 [ 93.082358][ T6583] lock_acquire+0x179/0x350 [ 93.083927][ T6583] __mutex_lock+0x199/0xb90 [ 93.085537][ T6583] pcpu_alloc_noprof+0xb4a/0x1470 [ 93.087252][ T6583] sbitmap_init_node+0x2fd/0x770 [ 93.088993][ T6583] sbitmap_queue_init_node+0x41/0x560 [ 93.090864][ T6583] blk_mq_init_tags+0x12d/0x2b0 [ 93.092554][ T6583] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 93.094445][ T6583] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 93.096376][ T6583] blk_mq_update_nr_hw_queues+0x4ab/0xcb0 [ 93.098500][ T6583] nbd_start_device+0x172/0xcd0 [ 93.100173][ T6583] nbd_ioctl+0x219/0xda0 [ 93.101794][ T6583] compat_blkdev_ioctl+0x2ee/0x7a0 [ 93.104147][ T6583] __ia32_compat_sys_ioctl+0x242/0x370 [ 93.106577][ T6583] __do_fast_syscall_32+0x7c/0x3a0 [ 93.108552][ T6583] do_fast_syscall_32+0x32/0x80 [ 93.110379][ T6583] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 93.112624][ T6583] [ 93.112624][ T6583] other info that might help us debug this: [ 93.112624][ T6583] [ 93.116058][ T6583] Chain exists of: [ 93.116058][ T6583] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#49 [ 93.116058][ T6583] [ 93.120219][ T6583] Possible unsafe locking scenario: [ 93.120219][ T6583] [ 93.122567][ T6583] CPU0 CPU1 [ 93.124183][ T6583] ---- ---- [ 93.125839][ T6583] lock(&q->q_usage_counter(io)#49); [ 93.127489][ T6583] lock(fs_reclaim); [ 93.129442][ T6583] lock(&q->q_usage_counter(io)#49); [ 93.131877][ T6583] lock(pcpu_alloc_mutex); [ 93.133336][ T6583] [ 93.133336][ T6583] *** DEADLOCK *** [ 93.133336][ T6583] [ 93.135799][ T6583] 5 locks held by syz.0.160/6583: [ 93.137385][ T6583] #0: ffff888025d23a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x150/0xda0 [ 93.140266][ T6583] #1: ffff888025d23988 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x32/0xcb0 [ 93.143762][ T6583] #2: ffff888025d238d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x45/0xcb0 [ 93.147110][ T6583] #3: ffff888042324ee8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: blk_mq_update_nr_hw_queues+0x275/0xcb0 [ 93.150693][ T6583] #4: ffff888042324f20 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: blk_mq_update_nr_hw_queues+0x275/0xcb0 [ 93.154288][ T6583] [ 93.154288][ T6583] stack backtrace: [ 93.156127][ T6583] CPU: 1 UID: 0 PID: 6583 Comm: syz.0.160 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 93.156142][ T6583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.156149][ T6583] Call Trace: [ 93.156154][ T6583] [ 93.156158][ T6583] dump_stack_lvl+0x116/0x1f0 [ 93.156176][ T6583] print_circular_bug+0x275/0x350 [ 93.156189][ T6583] check_noncircular+0x14c/0x170 [ 93.156202][ T6583] __lock_acquire+0x126f/0x1c90 [ 93.156216][ T6583] lock_acquire+0x179/0x350 [ 93.156227][ T6583] ? pcpu_alloc_noprof+0xb4a/0x1470 [ 93.156241][ T6583] ? __pfx___might_resched+0x10/0x10 [ 93.156257][ T6583] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 93.156273][ T6583] __mutex_lock+0x199/0xb90 [ 93.156287][ T6583] ? pcpu_alloc_noprof+0xb4a/0x1470 [ 93.156300][ T6583] ? pcpu_alloc_noprof+0xb4a/0x1470 [ 93.156312][ T6583] ? __pfx___mutex_lock+0x10/0x10 [ 93.156326][ T6583] ? kasan_save_track+0x14/0x30 [ 93.156338][ T6583] ? __kasan_kmalloc+0xaa/0xb0 [ 93.156350][ T6583] ? blk_mq_init_tags+0x87/0x2b0 [ 93.156360][ T6583] ? blk_mq_update_nr_hw_queues+0x4ab/0xcb0 [ 93.156376][ T6583] ? nbd_start_device+0x172/0xcd0 [ 93.156394][ T6583] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 93.156409][ T6583] ? pcpu_alloc_noprof+0xb4a/0x1470 [ 93.156421][ T6583] pcpu_alloc_noprof+0xb4a/0x1470 [ 93.156435][ T6583] sbitmap_init_node+0x2fd/0x770 [ 93.156449][ T6583] sbitmap_queue_init_node+0x41/0x560 [ 93.156463][ T6583] blk_mq_init_tags+0x12d/0x2b0 [ 93.156473][ T6583] blk_mq_alloc_map_and_rqs+0x237/0xf60 [ 93.156490][ T6583] ? lockdep_hardirqs_on+0x7c/0x110 [ 93.156505][ T6583] __blk_mq_alloc_map_and_rqs+0x128/0x1f0 [ 93.156522][ T6583] blk_mq_update_nr_hw_queues+0x4ab/0xcb0 [ 93.156538][ T6583] ? __pfx___mutex_lock+0x10/0x10 [ 93.156553][ T6583] ? trace_cap_capable+0x18d/0x200 [ 93.156565][ T6583] nbd_start_device+0x172/0xcd0 [ 93.156610][ T6583] ? bpf_lsm_capable+0x9/0x10 [ 93.156624][ T6583] nbd_ioctl+0x219/0xda0 [ 93.156633][ T6583] ? __pfx_nbd_ioctl+0x10/0x10 [ 93.156644][ T6583] ? find_held_lock+0x2b/0x80 [ 93.156660][ T6583] ? __pfx_nbd_ioctl+0x10/0x10 [ 93.156669][ T6583] compat_blkdev_ioctl+0x2ee/0x7a0 [ 93.156683][ T6583] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 93.156698][ T6583] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 93.156712][ T6583] __ia32_compat_sys_ioctl+0x242/0x370 [ 93.156724][ T6583] __do_fast_syscall_32+0x7c/0x3a0 [ 93.156740][ T6583] do_fast_syscall_32+0x32/0x80 [ 93.156756][ T6583] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 93.156771][ T6583] RIP: 0023:0xf704e579 [ 93.156780][ T6583] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 93.156791][ T6583] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 93.156801][ T6583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000ab03 [ 93.156808][ T6583] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 93.156814][ T6583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 93.156820][ T6583] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 93.156826][ T6583] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 93.156834][ T6583] VM DIAGNOSIS: 07:13:38 Registers: info registers vcpu 0 CPU#0 RAX=000000000007f814 RBX=0000000000000000 RCX=ffffffff8b799c79 RDX=ffffed100564663e RSI=ffffffff8bf52e60 RDI=ffffffff819172f1 RBP=fffffbfff1c12ef0 RSP=ffffffff8e007e08 R8 =0000000000000000 R9 =ffffed100564663d R10=ffff88802b2331eb R11=ffffffff9ad958a8 R12=0000000000000000 R13=ffffffff8e097780 R14=ffffffff9087ad50 R15=0000000000000000 RIP=ffffffff8b7987df RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097775000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080212000 CR3=000000005de33000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff85562620 RDI=ffffffff9ae599c0 RBP=ffffffff9ae59980 RSP=ffffc900264df110 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=732d302e35312e36 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff35cb38a R15=dffffc0000000000 RIP=ffffffff85562647 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097875000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008020d000 CR3=000000005de23000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001f000000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=0000000000000400 RCX=0000000000000003 RDX=0000000000000400 RSI=0000000000000000 RDI=ffff88805f0cc300 RBP=ffffc90025b7fbb0 RSP=ffffc90025b7fb08 R8 =0000000000000001 R9 =0000000000000000 R10=ffff88805f0cc000 R11=00000000ffffffff R12=0000000000000280 R13=0000000000000dc0 R14=0000000000000dc0 R15=ffff88801b442dc0 RIP=ffffffff810014f0 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097975000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000002ef12ffc CR3=000000004de00000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e03000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 480800018d8803fe 0070bd2c00010e08 0c03010400080300 0000240808000300 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 04808080a2080001 8eb003000800018e a803000800018ea0 03020800018e9803 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03a0030010000390 0302d41000038003 2080800800018e80 0201080006015ad2 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 10030ffdc0800400 030380021881c5a8 fe08000100000008 0606012780001000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100021882 85a8880800010000 0008060601278600 0006070410003003 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00100020030c8080 8010001003718080 0400030208000880 8080080000020601 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40fe0fffffffff02 00024608000c0800 0108000a010d9800 0800780300100060 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 030fffffffff0450 0300080048030008 0040030fffffffff 04300301c0800800 ZMM25=f0943203f0943203 f0943203f0943203 f0943203f0943203 f0943203f0943203 f0943203f0943203 f0943203f0943203 f0943203f0943203 f0943203f0943203 ZMM26=529aed6c529aed6c 529aed6c529aed6c 529aed6c529aed6c 529aed6c529aed6c 529aed6c529aed6c 529aed6c529aed6c 529aed6c529aed6c 529aed6c529aed6c ZMM27=2304067e2304067e 2304067e2304067e 2304067e2304067e 2304067e2304067e 2304067e2304067e 2304067e2304067e 2304067e2304067e 2304067e2304067e ZMM28=000000b0000000af 000000ae000000ad 000000ac000000ab 000000aa000000a9 000000a8000000a7 000000a6000000a5 000000a4000000a3 000000a2000000a1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=e5050000e5050000 e5050000e5050000 e5050000e5050000 e5050000e5050000 e5050000e5050000 e5050000e5050000 e5050000e5050000 e5050000e5050000 info registers vcpu 3 CPU#3 RAX=00000004000008fd RBX=ffff888028302440 RCX=0000000000000830 RDX=0000000000000004 RSI=00000000000000fd RDI=0000000000000004 RBP=0000000000000008 RSP=ffffc900266ef7b0 R8 =0000000000000000 R9 =fffffbfff210f5aa R10=ffffffff9087ad57 R11=ffff88802b53c080 R12=0000000000000003 R13=1ffff92004cddef7 R14=0000000000000002 R15=ffffc900266ef7d8 RIP=ffffffff81692018 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097a75000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080002000 CR3=000000004de00000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000