last executing test programs: 4.997032491s ago: executing program 2 (id=24): socket$inet6_sctp(0xa, 0x1, 0x84) munmap(&(0x7f0000901000/0x3000)=nil, 0x3000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x40, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = gettid() sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x9d0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r4, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r4, 0x8949, &(0x7f0000000000)) 3.500225066s ago: executing program 2 (id=29): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x1c) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000400)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, &(0x7f0000000440)=[0x0, 0x0], &(0x7f0000000480)=[0x0], 0x0, 0xce, &(0x7f00000004c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0x79, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x9, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x3, 0x2}}]}, {0x0, [0x61, 0x30, 0x0, 0x2e, 0x61, 0x61, 0x30]}}, &(0x7f0000000780)=""/89, 0x39, 0x59, 0x0, 0x6, 0x0, @void, @value}, 0x28) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffff08}, 0xc) pipe2(&(0x7f0000001640)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$FS_IOC_RESVSP(r5, 0x402c5828, &(0x7f0000001700)={0x0, 0x1, 0x4, 0xffffffff}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x5, &(0x7f0000000240)=@raw=[@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @call={0x85, 0x0, 0x0, 0x47}], &(0x7f0000000280)='GPL\x00', 0x7ff, 0xf, &(0x7f00000002c0)=""/15, 0x41000, 0x10, '\x00', r1, 0x25, r2, 0x8, &(0x7f0000000840)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000880)={0x4, 0x4, 0xe, 0x1}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000900)=[r3, r5], &(0x7f0000000940)=[{0x3, 0x3, 0x1}, {0x3, 0x2, 0xe, 0xa}], 0x10, 0x81, @void, @value}, 0x94) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) recvmmsg(r6, &(0x7f0000004cc0)=[{{0x0, 0x0, 0x0}, 0xfffffffd}], 0x1, 0x2000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r8, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x8010, 0xffffffffffffffff, 0x0) r9 = epoll_create(0xffffffff) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, 0xffffffffffffffff, 0x0) syz_open_dev$usbfs(0x0, 0x75, 0x40082) ioctl$USBDEVFS_CONNECTINFO(0xffffffffffffffff, 0x80045520, &(0x7f0000002a40)) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000006, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x9, 0x0) r10 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r10, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4004550c, &(0x7f00000000c0)) syz_genetlink_get_family_id$devlink(&(0x7f0000000a40), r4) bind$inet(r10, &(0x7f0000000200)={0x2, 0x4e23, @broadcast}, 0x10) sendmmsg$inet(r10, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d809e748adaab87cd498e21bc38398a8ffdf4bf408898531b2999f4d94d2f80dd40554f9c7d561ce752e879075c2759d7579495da8d616d24be6ed689e0ce031e2372f52a8bae0ce8806dad43f27950fb036f4b0fcbb44de84bfb19765dcb535d723e3a398210bb2c69d642f983b1969ae4f51a701739edfc58888bae0c686a255c4a2bc5904fe4e112ebee20fc22881a24554e0ab23eb00406f7ea08fe990ec983c3102f", 0xb9}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r10, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) 3.455922589s ago: executing program 0 (id=31): socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) write$binfmt_elf64(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000000000000400000000000000000000000000000000000000000003800010000000000000003000000000000000000000000000000040000000000000000000000000000000208"], 0x105) close(r2) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x14, 0x28b, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000280)) r3 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="08000000a45ea6f26d90fc23d1103e7751147f0500000000000000e247f2d24e29e59fa59083118a6ea6612c8d95ccbe0d789f9fc2ee5d6e26b7d3137599b4975bc164fdc74f1af6d13fe4c1848ea7e8b33d4b0ea86c69db3ab65405fc0d5e4e585cb892a9fae71576ca3c6d30c5393a2f05494c6e259b1b97e9d79e94f1526ed646f32c417ea9a3956ec8fd166d1e9b0e0d1b37995ae3b9b2b9726b9cac03", @ANYRES16=r4, @ANYBLOB="010e2bbd7000000000002b00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4008054}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000010000104000000000000000000480000", @ANYRES32=r5, @ANYBLOB="ae1e0200b8070000"], 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000020601020000000000000000000000000c00078008000640000000030500010006000000050005002800000013000300686173683a6e65742c696661636500000900020073797a31000000000500040003000000"], 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r9) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x66, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaa0000000000000000000000000000ff0200000000000000000000000000010400907800000000604aa1d300000000fc01000000000000000000000000000000000000000000000000ffff7f000001000000000000000000000000000000f1d0a887149649f70090d967b17b6e6d3f7458806334b6d8523a63400c967da1d7"], 0x0) ioctl$SIOCSIFHWADDR(r9, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES8=r8, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x8004) socket$kcm(0x10, 0x2, 0x0) 3.3729029s ago: executing program 0 (id=35): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0xb, &(0x7f0000000100)=0x0) io_submit(r1, 0x4000000000000016, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r6, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c) r7 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x4, 0x2, 0x3bc}) r8 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r8, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r8, 0x4) close_range(r7, r8, 0x0) 2.939249525s ago: executing program 2 (id=37): openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) add_key(&(0x7f0000000ac0)='asymmetric\x00', &(0x7f0000000b00)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = userfaultfd(0x80001) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x81802, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000300)) mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x11, r7, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r8 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f0000000680)=""/174, 0xae}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, &(0x7f0000000a40)=""/250, 0xfa}, 0x40000141) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r11, 0x0, r9, 0x0, 0x408cd, 0x0) setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000380)=""/62, 0x0, 0x1000, 0x3}, 0xfffffffffffffd90) ioctl$UFFDIO_COPY(r6, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) 2.508769153s ago: executing program 1 (id=38): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)) (fail_nth: 2) 2.497417536s ago: executing program 1 (id=39): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)) 2.471838629s ago: executing program 1 (id=40): pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x3, 0x0) sendto$packet(r4, &(0x7f0000000280)="0f30d9eec1", 0x5, 0x0, 0x0, 0x0) getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xe}, {0xfff1, 0xffff}, {0xd, 0xfff1}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000800}, 0x88) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x6}, {0x0, 0xffff}}}, 0x24}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r7, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c000500080005"], 0x3}}, 0x0) splice(r0, 0x0, r6, 0x0, 0x10d00, 0xf) 2.414965814s ago: executing program 2 (id=41): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0xb, &(0x7f0000000100)=0x0) io_submit(r1, 0x4000000000000016, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000040000000000000000000000950002000000040023487da0d613c9f0cb8f7e1245ab2695f8dafd1c46d7a99837af3fe06a570a30b33396cb97efad0b64b6fbb861fb09a96c798d20486f44f88081ee75e823747de7b462efd89fd9caa6ca2422a35f8895c9535c1207f068c3b6b33ef2b7a09fa1381fdde24f5d39ca1802587b9d2cc458aca8698520f3d4e6c3ced863f648d34f5b5bfd9a19b452ac3515cf7d7d812f6eaf95e0b24ec726b4c347432a67684491e7e8ecb5ae6ff2b8fcec7abdf63718a0bb87be1fd808ded500202b73c15bb6e6ad85e3bc55f85eb56a68a85a"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x7) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000080)=0xe9) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x400002) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r7, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c) io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x4, 0x2, 0x3bc}) r8 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r8, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) 2.340015046s ago: executing program 1 (id=42): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095", @ANYRESOCT], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) recvmmsg(r2, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x2000}], 0x2, 0x2, 0x0) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r2) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) shutdown(r2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) mmap$usbfs(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000c, 0x2050, 0xffffffffffffffff, 0x7) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)) 2.142278633s ago: executing program 0 (id=43): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000c40)={'vxcan0\x00'}) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f0000000100)={0xa00000, 0x1, 0x49, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x9e69, '\x00', @ptr=0x6}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000e40)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff030060010000009e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r8 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) tkill(r8, 0xb) r9 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$setsig(r9, 0xa, 0x21) utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0) 2.063200644s ago: executing program 3 (id=45): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) sendmsg$inet(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000002a80)=[{&(0x7f0000002880)='{', 0x1}], 0x1}, 0x4040) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0x2ee0}], 0x20, 0x0, 0x0, 0x10000000}, 0x12cd) (fail_nth: 2) 1.929201161s ago: executing program 3 (id=46): socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=@newtclass={0x47c, 0x28, 0x100, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0x8}, {0x9, 0x10}, {0x10, 0xfff9}}, [@TCA_RATE={0x6, 0x5, {0x95, 0xed}}, @tclass_kind_options=@c_htb={{0x8}, {0x408, 0x2, [@TCA_HTB_RTAB={0x404, 0x4, [0x1, 0x0, 0xfff, 0x2, 0xbd, 0x1, 0x3, 0x7, 0x8000, 0x5, 0xfffffff7, 0x8489, 0x8, 0x3, 0x9, 0x8, 0xc, 0x3aad00, 0x8, 0x42, 0x4, 0xfa2e97d, 0x101, 0x8, 0x758d12eb, 0xab2, 0x0, 0x8800, 0xd, 0x4, 0x9, 0x0, 0x3, 0xa, 0x7, 0x4, 0x1, 0x0, 0x3, 0x2f5e762f, 0x4, 0x4, 0x8, 0x9, 0x6, 0x81, 0x800, 0x3, 0x1000, 0x4, 0x4, 0x6, 0x5, 0x0, 0x401, 0x322, 0x0, 0x0, 0xe58, 0x3, 0x5, 0x7ff, 0x54, 0x1fd, 0x7, 0x9, 0x2, 0x4, 0x401, 0x2, 0x8d, 0x1, 0x28c2, 0x1, 0x3, 0x200, 0x1, 0x9, 0x10001, 0x6, 0x6, 0x800, 0x8, 0x2, 0x8, 0x1, 0x330, 0x3, 0x0, 0xb3, 0x0, 0x4, 0x3, 0x1ff, 0x0, 0x6, 0x40000000, 0x5, 0xd, 0x60b, 0x8, 0xfc25, 0x9, 0x3, 0xffffffff, 0x9, 0x1740, 0xfd65, 0x7b, 0x7, 0x1, 0x1, 0xcf, 0x604, 0x0, 0x1, 0xfffefffb, 0x1ee0, 0x8, 0x1, 0x50, 0x9, 0x2, 0xa4, 0x0, 0x800, 0x0, 0xfffff800, 0x400, 0x9, 0xc, 0x67, 0xd3, 0x1800, 0xffffffff, 0x6, 0x9, 0x3, 0x9, 0xfffffff8, 0x7, 0x3, 0x10, 0x957, 0x95, 0x1, 0x5, 0x1a, 0xcc, 0x6a, 0x4916, 0x7, 0x9, 0x5, 0x91e4, 0x8000, 0x3, 0x80000001, 0x5, 0x7ff, 0x4, 0xffffc2b0, 0x2400000, 0xdd7b, 0x2, 0xf71, 0x400, 0xfffffbff, 0x34, 0x5, 0x8, 0xe819, 0xa, 0x5, 0x200, 0x7, 0xf, 0x28, 0x4, 0x7fff, 0x1, 0xfffff7cf, 0x6, 0x2, 0x4e9f, 0x2, 0x8, 0x10, 0x0, 0x1ff, 0x0, 0x90000000, 0x539bb133, 0xffffb075, 0xef1, 0xb1, 0x9, 0xe, 0xe713, 0x7, 0x7, 0xfffff800, 0x5, 0x80000000, 0x3, 0x8, 0x453dc579, 0x2, 0x6, 0xdb36, 0x400, 0x9, 0x2, 0x80000000, 0xa, 0x8001, 0x1ff, 0x2, 0xafa7, 0x4, 0x7, 0x6, 0x8, 0x1, 0xfffffffd, 0x6, 0xe11, 0x8001, 0x5, 0x8, 0x9, 0x9, 0x1, 0x8, 0x401, 0x5, 0x6, 0x4, 0x772, 0x6, 0x7f, 0x7b, 0xd, 0x9, 0xffffffff, 0x9, 0x2, 0x8, 0x8, 0x6, 0x0, 0x8000, 0x1, 0xfffffff0, 0x3, 0xc9]}]}}, @tclass_kind_options=@c_ingress={0xc}, @TCA_RATE={0x6, 0x5, {0xef, 0x13}}, @tclass_kind_options=@c_fq_codel={0xd}, @tclass_kind_options=@c_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x7, 0x3}}, @TCA_RATE={0x6, 0x5, {0x6, 0x5}}]}, 0x47c}, 0x1, 0x0, 0x0, 0x800}, 0x8040) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000380)=@filter={'filter\x00', 0xe, 0x4, 0x380, 0xffffffff, 0x250, 0x160, 0x160, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@local, @local, [0x0, 0xffffff00, 0xff000000, 0xffffff00], [0xffffff00, 0x0, 0xffffff00, 0xffffffff], 'syzkaller0\x00', 'dvmrp0\x00', {}, {0xff}, 0x5e, 0xd, 0x4, 0x78}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 'pim6reg0\x00', {0x1}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7, 'syz0\x00', {0x338}}}}, {{@ipv6={@private2, @mcast1, [0xff000000, 0x0, 0xff000000, 0xff], [0xff, 0xffffff00, 0x0, 0xff], 'xfrm0\x00', 'caif0\x00', {0xff}, {}, 0x11, 0xff, 0x3, 0x4}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e0) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="4801000041000701fcfffffffddbdf25017c0000040036802e0101"], 0x148}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f0000000640)={'filter\x00', 0x7, 0x4, 0x3c8, 0x10c, 0x10c, 0x0, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @loopback, 0x2}}}, {{@uncond, 0xbc, 0xfc}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "53a145c767671fcf0c243d543b9d83f0863f3aac810f97fea80e1b838805"}}, {{@uncond, 0xbc, 0xe0}, @unspec=@NFQUEUE1={0x24, 'NFQUEUE\x00', 0x1, {0x9, 0x7}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x414) socket$can_j1939(0x1d, 0x2, 0x7) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000001b"]) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000fdffff1e04000000400001802c0004001400010002000a00ac14140f00000000000002001400020002000000ffffffff00000000000000000d0001007564703a73797a32000000008e836e31801dd8fbd47c240d697e9377d47629f95b33cab4ace9b29d2022320414ccfc14c647108fee780f217cb442796fa6d40843af1b2b1f544a6d07debc2b61b6ed955206648370ab954e113d3aa87998391ad926838f5e53acb5ddf32a8a433ad4ebd8a9f02aeb068f6e05e42006cfa4b5bca1557f9eae3f07a0cf4d994a704b2a9064af9c072c13f8a578f22c50a4ce748eba83e67754e74e3d83"], 0x54}}, 0x0) add_key$keyring(&(0x7f00000001c0), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) io_uring_setup(0x391c, &(0x7f0000000b80)={0x0, 0x75c, 0x10000, 0x2, 0x240}) 1.759113052s ago: executing program 1 (id=47): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0xb, &(0x7f0000000100)=0x0) io_submit(r1, 0x4000000000000016, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r6, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x4, 0x2, 0x3bc}) r7 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r7, 0x4) 1.228756786s ago: executing program 2 (id=48): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0xb, &(0x7f0000000100)=0x0) io_submit(r1, 0x4000000000000016, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00') ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r6, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x4, 0x2, 0x3bc}) r7 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) (fail_nth: 2) listen(r7, 0x4) 1.179515977s ago: executing program 0 (id=49): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x301800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000680)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x7, 0x13, r2, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff0000}]}) cachestat(r3, &(0x7f0000000040)={0x5, 0xefc4}, &(0x7f0000000080), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x9, 0xffffffffffdffffc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x5, 0x1, 0x7f], 0xeeee0000, 0x1f5142}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.179226113s ago: executing program 0 (id=50): openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) io_setup(0x6, &(0x7f0000001380)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) add_key(&(0x7f0000000ac0)='asymmetric\x00', &(0x7f0000000b00)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = userfaultfd(0x80001) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x81802, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000300)) mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x11, r7, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r8 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f0000000680)=""/174, 0xae}, {&(0x7f0000000740)=""/159, 0x9f}, {&(0x7f0000000800)=""/168, 0xa8}, {&(0x7f00000008c0)=""/145, 0x91}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, &(0x7f0000000a40)=""/250, 0xfa}, 0x40000141) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r11, 0x0, r9, 0x0, 0x408cd, 0x0) setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000380)=""/62, 0x0, 0x1000, 0x3}, 0xfffffffffffffd90) ioctl$UFFDIO_COPY(r6, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) 850.076096ms ago: executing program 3 (id=51): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@mpls_delroute={0x30, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_VIA={0x14, 0x12, {0x3a, "f1b9a81697008d68a0328c49d2ee"}}]}, 0x30}}, 0x0) unshare(0x44040000) 793.626381ms ago: executing program 3 (id=52): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e00000004000000040000000900"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, &(0x7f0000000180)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 615.865155ms ago: executing program 1 (id=53): r0 = openat$vcs(0xffffff9c, &(0x7f0000001100), 0x6a201, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() write$FUSE_LK(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0x8, 0x8, 0x0, r1}}}, 0x28) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000440)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000340)}) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r4, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x28}, 0xfffffff8}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000180)={0xfffc, 0x6}, 0x4) setsockopt$sock_int(r5, 0x1, 0x2c, &(0x7f00000000c0)=0x29e747e3, 0x4) setsockopt$packet_fanout_data(r5, 0x107, 0x16, 0x0, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f00000003c0)={'nat\x00', 0x0, 0x0, 0x0, [0xffffffff, 0x9, 0x0, 0x1980, 0x1, 0x101]}, &(0x7f0000000280)=0x50) socket$inet(0x2, 0x1, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) 615.700241ms ago: executing program 3 (id=54): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) sendmsg$inet(r0, &(0x7f0000002b00)={0x0, 0xffffffffffffff64, &(0x7f0000002a80)=[{&(0x7f0000002880)='{', 0x1}], 0x1}, 0x1e3e9cd20e64f583) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) bind$tipc(r2, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0x2ee0}], 0x20, 0x0, 0x0, 0x10000000}, 0x12cd) 614.117535ms ago: executing program 3 (id=55): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) munmap(&(0x7f0000901000/0x3000)=nil, 0x3000) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x10}, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x40, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = gettid() sched_setaffinity(r1, 0x8, &(0x7f0000000180)=0x9d0) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r5, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r5, 0x8949, &(0x7f0000000000)) (fail_nth: 2) 439.285089ms ago: executing program 0 (id=56): read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020}, 0x2020) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xa0, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00080000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r4}, 0x10) lremovexattr(0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0) r5 = syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0xf946, 0x80, 0x5, 0x1001}, &(0x7f0000000040), &(0x7f0000000300)) r6 = eventfd2(0x58, 0x80000) r7 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r7, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000005e000101"], 0x1c}], 0x1}, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r5, 0x4, &(0x7f0000000000)=r6, 0x1) r8 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r9, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x0, 0x2, 0x9, 0x9}}}}]}, 0x48}}, 0x44080) sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r9, {0x0, 0xb}, {0x0, 0xa}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xc}}]}, 0x38}}, 0x4000) 0s ago: executing program 2 (id=57): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x16f) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = dup2(r1, r0) close_range(r2, 0xffffffffffffffff, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x0, 0x0) r4 = fanotify_init(0x200, 0x0) fanotify_mark(r4, 0x1, 0x4800003e, r3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r6, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) openat$vimc2(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r8 = open(&(0x7f0000000140)='./file1\x00', 0x10d042, 0x80) ftruncate(r8, 0x200004) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:10703' (ED25519) to the list of known hosts. [ 41.047204][ T5916] cgroup: Unknown subsys name 'net' [ 41.200950][ T5916] cgroup: Unknown subsys name 'cpuset' [ 41.206194][ T5916] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 42.009418][ T5916] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.082969][ T5956] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.083524][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.087640][ T5958] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.088131][ T5953] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.091431][ T5958] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.093543][ T5957] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.093597][ T5953] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.093822][ T5953] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.094258][ T5953] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.094531][ T5953] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.095596][ T5956] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.101631][ T5953] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.102490][ T5956] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.104264][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.106760][ T5956] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.109771][ T5953] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.121103][ T5953] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.121647][ T5958] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.127568][ T5958] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.131128][ T5958] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.315804][ T5959] chnl_net:caif_netlink_parms(): no params data found [ 45.362627][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 45.474864][ T5959] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.477766][ T5959] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.480235][ T5959] bridge_slave_0: entered allmulticast mode [ 45.482894][ T5959] bridge_slave_0: entered promiscuous mode [ 45.532454][ T5959] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.534740][ T5959] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.537719][ T5959] bridge_slave_1: entered allmulticast mode [ 45.540380][ T5959] bridge_slave_1: entered promiscuous mode [ 45.566607][ T5945] chnl_net:caif_netlink_parms(): no params data found [ 45.574509][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.577852][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.580175][ T5946] bridge_slave_0: entered allmulticast mode [ 45.582767][ T5946] bridge_slave_0: entered promiscuous mode [ 45.612245][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.614567][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.617116][ T5946] bridge_slave_1: entered allmulticast mode [ 45.619754][ T5946] bridge_slave_1: entered promiscuous mode [ 45.639178][ T5959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.677081][ T5959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.701894][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.704798][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 45.726282][ T5959] team0: Port device team_slave_0 added [ 45.733264][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.756704][ T5959] team0: Port device team_slave_1 added [ 45.794742][ T5946] team0: Port device team_slave_0 added [ 45.866163][ T5946] team0: Port device team_slave_1 added [ 45.889270][ T5945] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.891556][ T5945] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.893889][ T5945] bridge_slave_0: entered allmulticast mode [ 45.896979][ T5945] bridge_slave_0: entered promiscuous mode [ 45.900024][ T5945] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.902293][ T5945] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.904664][ T5945] bridge_slave_1: entered allmulticast mode [ 45.908307][ T5945] bridge_slave_1: entered promiscuous mode [ 45.929728][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.932671][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.941763][ T5959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.982207][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.984498][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.993800][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.998896][ T5959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.001076][ T5959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.009207][ T5959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.028182][ T5945] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.044620][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.047145][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.056066][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.068209][ T5945] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.087520][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.089840][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.092132][ T5947] bridge_slave_0: entered allmulticast mode [ 46.095106][ T5947] bridge_slave_0: entered promiscuous mode [ 46.099953][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.102212][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.104476][ T5947] bridge_slave_1: entered allmulticast mode [ 46.107804][ T5947] bridge_slave_1: entered promiscuous mode [ 46.158693][ T5945] team0: Port device team_slave_0 added [ 46.162086][ T5945] team0: Port device team_slave_1 added [ 46.179017][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.243822][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.250475][ T5959] hsr_slave_0: entered promiscuous mode [ 46.252798][ T5959] hsr_slave_1: entered promiscuous mode [ 46.317745][ T5947] team0: Port device team_slave_0 added [ 46.322015][ T5946] hsr_slave_0: entered promiscuous mode [ 46.324706][ T5946] hsr_slave_1: entered promiscuous mode [ 46.326898][ T5946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.329978][ T5946] Cannot create hsr debugfs directory [ 46.332196][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.334418][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.343562][ T5945] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.362066][ T5947] team0: Port device team_slave_1 added [ 46.379112][ T5945] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.381319][ T5945] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.389782][ T5945] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.443567][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.445856][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.453837][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.501172][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.503417][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.511519][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.597148][ T5945] hsr_slave_0: entered promiscuous mode [ 46.599444][ T5945] hsr_slave_1: entered promiscuous mode [ 46.601333][ T5945] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.603737][ T5945] Cannot create hsr debugfs directory [ 46.612297][ T5947] hsr_slave_0: entered promiscuous mode [ 46.614798][ T5947] hsr_slave_1: entered promiscuous mode [ 46.618505][ T5947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 46.621026][ T5947] Cannot create hsr debugfs directory [ 46.861232][ T5946] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 46.867326][ T5946] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 46.876239][ T5946] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 46.886785][ T5946] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 46.904840][ T5947] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 46.911160][ T5947] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 46.920856][ T5947] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 46.931708][ T5947] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 46.949338][ T5959] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 46.959949][ T5959] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 46.964250][ T5959] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 46.979007][ T5959] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.023686][ T5945] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.028890][ T5945] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.033422][ T5945] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.040236][ T5945] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.099134][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.114804][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.138478][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.148522][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.157242][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.159664][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.163374][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.165661][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.173417][ T5959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.177025][ T5958] Bluetooth: hci2: command tx timeout [ 47.177153][ T5953] Bluetooth: hci3: command tx timeout [ 47.177440][ T66] Bluetooth: hci0: command tx timeout [ 47.179528][ T5958] Bluetooth: hci1: command tx timeout [ 47.186074][ T1218] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.188400][ T1218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.191913][ T1218] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.194214][ T1218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.216488][ T5945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.224672][ T5959] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.249621][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.251835][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.259681][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.261883][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.266241][ T5945] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.288145][ T1218] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.290437][ T1218] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.294769][ T1218] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.297069][ T1218] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.359863][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.388100][ T5947] veth0_vlan: entered promiscuous mode [ 47.393964][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.404777][ T5947] veth1_vlan: entered promiscuous mode [ 47.429704][ T5947] veth0_macvtap: entered promiscuous mode [ 47.434154][ T5947] veth1_macvtap: entered promiscuous mode [ 47.450417][ T5945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.458076][ T5959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.460372][ T5946] veth0_vlan: entered promiscuous mode [ 47.467794][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.475462][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.480514][ T5947] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.484048][ T5947] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.488361][ T5947] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.491799][ T5947] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.498324][ T5946] veth1_vlan: entered promiscuous mode [ 47.541470][ T5959] veth0_vlan: entered promiscuous mode [ 47.558002][ T5945] veth0_vlan: entered promiscuous mode [ 47.563098][ T5959] veth1_vlan: entered promiscuous mode [ 47.566782][ T5946] veth0_macvtap: entered promiscuous mode [ 47.571549][ T5946] veth1_macvtap: entered promiscuous mode [ 47.575347][ T163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.578106][ T163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.580295][ T5945] veth1_vlan: entered promiscuous mode [ 47.599099][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.602437][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.606744][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.611501][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.614453][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.614470][ T5946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.621353][ T5946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.626464][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.639532][ T5946] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.643073][ T5946] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.647369][ T5946] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.650701][ T5946] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.658943][ T5959] veth0_macvtap: entered promiscuous mode [ 47.668319][ T5959] veth1_macvtap: entered promiscuous mode [ 47.675413][ T5945] veth0_macvtap: entered promiscuous mode [ 47.682017][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.683672][ T5947] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 47.686474][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.695457][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.698738][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.702608][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.707521][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.712036][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.716829][ T5959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.720974][ T5959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.726421][ T5959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.731853][ T5945] veth1_macvtap: entered promiscuous mode [ 47.741293][ T5959] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.744753][ T5959] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.748524][ T5959] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.751988][ T5959] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.770753][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.774016][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.793474][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.798199][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.802022][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.806503][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.810328][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 47.814415][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.819405][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.823444][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.824406][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.826799][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.830545][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.836693][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.840696][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.844399][ T5945] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 47.848630][ T5945] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 47.853849][ T5945] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.862110][ T5945] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.868974][ T5945] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.873110][ T5945] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.876892][ T5945] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.923534][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.926464][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.953123][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.965038][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.967106][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.970355][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.979548][ T40] audit: type=1804 audit(1745607245.573:2): pid=6017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4" name="/newroot/0/file0" dev="tmpfs" ino=18 res=1 errno=0 [ 47.980294][ T6017] ref_ctr going negative. vaddr: 0x80ffd002, curr val: -29824, delta: 1 [ 47.990215][ T6017] ref_ctr increment failed for inode: 0x12 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888025003200 [ 47.996820][ T6016] ref_ctr going negative. vaddr: 0x80ffd002, curr val: -29824, delta: -1 [ 47.999543][ T6016] ref_ctr decrement failed for inode: 0x12 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888025003200 [ 48.003251][ T6016] uprobe: syz.3.4:6016 failed to unregister, leaking uprobe [ 48.004681][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.008894][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.125505][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.275664][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 48.378739][ T6037] delete_channel: no stack [ 48.833336][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 48.965107][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.967897][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 48.975488][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.155111][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.157691][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.160233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.162806][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.279226][ T5958] Bluetooth: hci3: command tx timeout [ 49.279287][ T5953] Bluetooth: hci0: command tx timeout [ 49.280929][ T5958] Bluetooth: hci2: command tx timeout [ 49.283058][ T5953] Bluetooth: hci1: command tx timeout [ 49.417407][ T6066] bridge0: port 3(netdevsim0) entered blocking state [ 49.419635][ T6066] bridge0: port 3(netdevsim0) entered disabled state [ 49.422299][ T6066] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 49.456571][ T6066] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 49.459935][ T6066] bridge0: port 3(netdevsim0) entered blocking state [ 49.462117][ T6066] bridge0: port 3(netdevsim0) entered forwarding state [ 49.537059][ T6066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12'. [ 49.823608][ T6076] IPVS: set_ctl: invalid protocol: 0 100.1.1.2:20000 [ 49.833116][ T6076] Cannot find add_set index 3 as target [ 50.095854][ T34] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 50.271707][ T34] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 50.274533][ T34] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 50.278790][ T34] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 50.287448][ T34] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 50.290561][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.293266][ T34] usb 6-1: Product: syz [ 50.294564][ T34] usb 6-1: Manufacturer: syz [ 50.316100][ T34] usb 6-1: SerialNumber: syz [ 51.050077][ T6097] FAULT_INJECTION: forcing a failure. [ 51.050077][ T6097] name failslab, interval 1, probability 0, space 0, times 1 [ 51.054126][ T6097] CPU: 0 UID: 0 PID: 6097 Comm: syz.3.19 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 51.054140][ T6097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.054147][ T6097] Call Trace: [ 51.054150][ T6097] [ 51.054155][ T6097] dump_stack_lvl+0x16c/0x1f0 [ 51.054173][ T6097] should_fail_ex+0x512/0x640 [ 51.054186][ T6097] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 51.054200][ T6097] should_failslab+0xc2/0x120 [ 51.054235][ T6097] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 51.054248][ T6097] ? mas_alloc_nodes+0x18b/0x8b0 [ 51.054263][ T6097] mas_alloc_nodes+0x18b/0x8b0 [ 51.054278][ T6097] mas_node_count_gfp+0x105/0x130 [ 51.054292][ T6097] mas_preallocate+0x53e/0xcd0 [ 51.054304][ T6097] ? __pfx_mas_preallocate+0x10/0x10 [ 51.054318][ T6097] ? anon_vma_name+0x75/0x100 [ 51.054334][ T6097] __split_vma+0x33b/0x1030 [ 51.054348][ T6097] ? __pfx___split_vma+0x10/0x10 [ 51.054365][ T6097] vms_gather_munmap_vmas+0x392/0x1310 [ 51.054379][ T6097] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 51.054392][ T6097] ? mas_walk+0x6a6/0x910 [ 51.054410][ T6097] __mmap_region+0x314/0x27c0 [ 51.054423][ T6097] ? __pfx___mmap_region+0x10/0x10 [ 51.054443][ T6097] ? lockdep_unlock+0x64/0xe0 [ 51.054454][ T6097] ? __lock_acquire+0xf7f/0x1ba0 [ 51.054467][ T6097] ? _parse_integer_limit+0x17f/0x1d0 [ 51.054500][ T6097] ? __lock_acquire+0xaa4/0x1ba0 [ 51.054517][ T6097] mmap_region+0x32b/0x3f0 [ 51.054544][ T6097] do_mmap+0xd8e/0x11b0 [ 51.054563][ T6097] ? __pfx_do_mmap+0x10/0x10 [ 51.054579][ T6097] ? __pfx_down_write_killable+0x10/0x10 [ 51.054598][ T6097] vm_mmap_pgoff+0x281/0x450 [ 51.054616][ T6097] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 51.054638][ T6097] ? __fget_files+0x20e/0x3c0 [ 51.054650][ T6097] ksys_mmap_pgoff+0x32c/0x5c0 [ 51.054665][ T6097] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 51.054682][ T6097] __do_fast_syscall_32+0x73/0x120 [ 51.054698][ T6097] do_fast_syscall_32+0x32/0x80 [ 51.054713][ T6097] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 51.054725][ T6097] RIP: 0023:0xf7fd6579 [ 51.054734][ T6097] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 51.054744][ T6097] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 51.054753][ T6097] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000 [ 51.054759][ T6097] RDX: 000000000200000a RSI: 0000000000028011 RDI: 0000000000000006 [ 51.054765][ T6097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 51.054771][ T6097] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 51.054776][ T6097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 51.054788][ T6097] [ 51.148737][ T6100] netlink: 24 bytes leftover after parsing attributes in process `syz.0.20'. [ 51.179346][ T6100] pim6reg1: entered promiscuous mode [ 51.181042][ T6100] pim6reg1: entered allmulticast mode [ 51.335107][ T5958] Bluetooth: hci2: command tx timeout [ 51.335197][ T5953] Bluetooth: hci1: command tx timeout [ 51.345131][ T5953] Bluetooth: hci3: command tx timeout [ 51.345169][ T5958] Bluetooth: hci0: command tx timeout [ 51.645473][ T955] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 51.797036][ T6119] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 51.807165][ T6119] FAULT_INJECTION: forcing a failure. [ 51.807165][ T6119] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 51.811182][ T6119] CPU: 3 UID: 0 PID: 6119 Comm: syz.0.27 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 51.811196][ T6119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 51.811212][ T6119] Call Trace: [ 51.811218][ T6119] [ 51.811222][ T6119] dump_stack_lvl+0x16c/0x1f0 [ 51.811252][ T6119] should_fail_ex+0x512/0x640 [ 51.811268][ T6119] _copy_from_iter+0x2a4/0x15b0 [ 51.811283][ T6119] ? alloc_pages_mpol+0x25a/0x550 [ 51.811296][ T6119] ? __pfx__copy_from_iter+0x10/0x10 [ 51.811309][ T6119] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 51.811327][ T6119] copy_page_from_iter+0xa5/0x120 [ 51.811341][ T6119] tun_build_skb.constprop.0+0x292/0x1480 [ 51.811360][ T6119] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 51.811376][ T6119] ? __lock_acquire+0x5ca/0x1ba0 [ 51.811391][ T6119] ? rcu_is_watching+0x12/0xc0 [ 51.811409][ T6119] tun_get_user+0x165f/0x3b10 [ 51.811429][ T6119] ? __pfx_tun_get_user+0x10/0x10 [ 51.811442][ T6119] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 51.811459][ T6119] ? find_held_lock+0x2b/0x80 [ 51.811469][ T6119] ? tun_get+0x191/0x370 [ 51.811485][ T6119] tun_chr_write_iter+0xdc/0x210 [ 51.811501][ T6119] vfs_write+0x5ba/0x1180 [ 51.811513][ T6119] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 51.811532][ T6119] ? __pfx_vfs_write+0x10/0x10 [ 51.811541][ T6119] ? find_held_lock+0x2b/0x80 [ 51.811559][ T6119] ksys_write+0x12a/0x240 [ 51.811569][ T6119] ? __pfx_ksys_write+0x10/0x10 [ 51.811578][ T6119] ? rcu_is_watching+0x12/0xc0 [ 51.811589][ T6119] ? rcu_is_watching+0x12/0xc0 [ 51.811600][ T6119] __do_fast_syscall_32+0x73/0x120 [ 51.811616][ T6119] do_fast_syscall_32+0x32/0x80 [ 51.811631][ T6119] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 51.811645][ T6119] RIP: 0023:0xf7f06579 [ 51.811653][ T6119] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 51.811662][ T6119] RSP: 002b:00000000f5005520 EFLAGS: 00000293 ORIG_RAX: 0000000000000004 [ 51.811672][ T6119] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000280 [ 51.811678][ T6119] RDX: 0000000000000066 RSI: 00000000f7392ff4 RDI: 0000000000000000 [ 51.811684][ T6119] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 51.811689][ T6119] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 51.811695][ T6119] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 51.811707][ T6119] [ 51.812347][ T6119] warning: `syz.0.27' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 51.929509][ T6120] bridge_slave_0: left allmulticast mode [ 51.931455][ T6120] bridge_slave_0: left promiscuous mode [ 51.934083][ T6120] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.949673][ T6120] bridge_slave_1: left allmulticast mode [ 51.951614][ T6120] bridge_slave_1: left promiscuous mode [ 51.953588][ T6120] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.969639][ T6120] bond0: (slave bond_slave_0): Releasing backup interface [ 51.978903][ T6120] bond0: (slave bond_slave_1): Releasing backup interface [ 52.003106][ T6120] team0: Port device team_slave_0 removed [ 52.016076][ T6120] team0: Port device team_slave_1 removed [ 52.019510][ T6120] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.021893][ T6120] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 52.033722][ T6120] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.036761][ T6120] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 52.478742][ T6131] process 'syz.0.31' launched './file1' with NULL argv: empty string added [ 52.491068][ T6131] team0: entered allmulticast mode [ 52.961882][ T34] usb 6-1: 0:2 : does not exist [ 52.976417][ T34] usb 6-1: USB disconnect, device number 2 [ 53.266664][ T5954] udevd[5954]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 53.425073][ T5958] Bluetooth: hci3: command tx timeout [ 53.426821][ T5958] Bluetooth: hci2: command tx timeout [ 53.428594][ T5958] Bluetooth: hci1: command tx timeout [ 53.702272][ T6168] netlink: 24 bytes leftover after parsing attributes in process `syz.1.40'. [ 53.747190][ T6168] netlink: 'syz.1.40': attribute type 5 has an invalid length. [ 53.904340][ T6171] sp0: Synchronizing with TNC [ 53.907539][ T6171] sp0: Found TNC [ 54.080942][ T6184] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.117042][ T6190] FAULT_INJECTION: forcing a failure. [ 54.117042][ T6190] name failslab, interval 1, probability 0, space 0, times 0 [ 54.120935][ T6190] CPU: 0 UID: 0 PID: 6190 Comm: syz.3.45 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 54.120948][ T6190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 54.120954][ T6190] Call Trace: [ 54.120958][ T6190] [ 54.120963][ T6190] dump_stack_lvl+0x16c/0x1f0 [ 54.120981][ T6190] should_fail_ex+0x512/0x640 [ 54.120994][ T6190] ? __kmalloc_noprof+0xbf/0x510 [ 54.121007][ T6190] ? iovec_from_user+0x108/0x140 [ 54.121020][ T6190] should_failslab+0xc2/0x120 [ 54.121034][ T6190] __kmalloc_noprof+0xd2/0x510 [ 54.121048][ T6190] iovec_from_user+0x108/0x140 [ 54.121062][ T6190] __import_iovec+0x88/0x660 [ 54.121075][ T6190] ? __might_fault+0xe3/0x190 [ 54.121087][ T6190] ? __might_fault+0x13b/0x190 [ 54.121100][ T6190] import_iovec+0x86/0xb0 [ 54.121115][ T6190] get_compat_msghdr+0x109/0x170 [ 54.121129][ T6190] ? __pfx_get_compat_msghdr+0x10/0x10 [ 54.121146][ T6190] ___sys_sendmsg+0x1ae/0x1d0 [ 54.121161][ T6190] ? __pfx____sys_sendmsg+0x10/0x10 [ 54.121188][ T6190] __sys_sendmsg+0x16d/0x220 [ 54.121201][ T6190] ? __pfx___sys_sendmsg+0x10/0x10 [ 54.121220][ T6190] ? rcu_is_watching+0x12/0xc0 [ 54.121232][ T6190] __do_fast_syscall_32+0x73/0x120 [ 54.121248][ T6190] do_fast_syscall_32+0x32/0x80 [ 54.121263][ T6190] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 54.121276][ T6190] RIP: 0023:0xf7fd6579 [ 54.121284][ T6190] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 54.121294][ T6190] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 54.121303][ T6190] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 54.121310][ T6190] RDX: 00000000000012cd RSI: 0000000000000000 RDI: 0000000000000000 [ 54.121315][ T6190] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 54.121321][ T6190] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 54.121326][ T6190] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 54.121337][ T6190] [ 54.299104][ T6007] libceph: connect (1)[c::]:6789 error -101 [ 54.303793][ T6007] libceph: mon0 (1)[c::]:6789 connect error [ 54.309043][ T6007] libceph: connect (1)[c::]:6789 error -101 [ 54.312108][ T6007] libceph: mon0 (1)[c::]:6789 connect error [ 54.338284][ T6194] ceph: No mds server is up or the cluster is laggy [ 54.414645][ T6197] netlink: zone id is out of range [ 54.416731][ T6197] netlink: zone id is out of range [ 54.418470][ T6197] netlink: zone id is out of range [ 54.604563][ T6170] [U] è` [ 55.116557][ T6212] FAULT_INJECTION: forcing a failure. [ 55.116557][ T6212] name failslab, interval 1, probability 0, space 0, times 0 [ 55.120612][ T6212] CPU: 0 UID: 0 PID: 6212 Comm: syz.2.48 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 55.120626][ T6212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.120633][ T6212] Call Trace: [ 55.120637][ T6212] [ 55.120641][ T6212] dump_stack_lvl+0x16c/0x1f0 [ 55.120660][ T6212] should_fail_ex+0x512/0x640 [ 55.120672][ T6212] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 55.120684][ T6212] should_failslab+0xc2/0x120 [ 55.120698][ T6212] __kmalloc_cache_noprof+0x6a/0x3e0 [ 55.120709][ T6212] ? rxrpc_lookup_local+0x331/0x1220 [ 55.120725][ T6212] rxrpc_lookup_local+0x331/0x1220 [ 55.120741][ T6212] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 55.120756][ T6212] ? __local_bh_enable_ip+0xa4/0x120 [ 55.120771][ T6212] rxrpc_bind+0x369/0x5a0 [ 55.120787][ T6212] __sys_bind+0x211/0x260 [ 55.120799][ T6212] ? __pfx___sys_bind+0x10/0x10 [ 55.120808][ T6212] ? __fget_files+0x20e/0x3c0 [ 55.120823][ T6212] ? __pfx_ksys_write+0x10/0x10 [ 55.120836][ T6212] __ia32_sys_bind+0x71/0xb0 [ 55.120846][ T6212] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 55.120862][ T6212] __do_fast_syscall_32+0x73/0x120 [ 55.120877][ T6212] do_fast_syscall_32+0x32/0x80 [ 55.120892][ T6212] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 55.120906][ T6212] RIP: 0023:0xf7f07579 [ 55.120914][ T6212] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 55.120924][ T6212] RSP: 002b:00000000f4fe455c EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 55.120933][ T6212] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000000 [ 55.120939][ T6212] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000000 [ 55.120945][ T6212] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 55.120951][ T6212] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 55.120956][ T6212] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 55.120969][ T6212] [ 55.378990][ T6218] Driver unsupported XDP return value 0 on prog (id 17) dev N/A, expect packet loss! [ 55.864351][ T6231] FAULT_INJECTION: forcing a failure. [ 55.864351][ T6231] name failslab, interval 1, probability 0, space 0, times 0 [ 55.868314][ T6231] CPU: 1 UID: 0 PID: 6231 Comm: syz.3.55 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 55.868339][ T6231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.868347][ T6231] Call Trace: [ 55.868351][ T6231] [ 55.868356][ T6231] dump_stack_lvl+0x16c/0x1f0 [ 55.868375][ T6231] should_fail_ex+0x512/0x640 [ 55.868388][ T6231] ? fs_reclaim_acquire+0xae/0x150 [ 55.868405][ T6231] ? tomoyo_encode2+0x100/0x3e0 [ 55.868419][ T6231] should_failslab+0xc2/0x120 [ 55.868433][ T6231] __kmalloc_noprof+0xd2/0x510 [ 55.868449][ T6231] tomoyo_encode2+0x100/0x3e0 [ 55.868465][ T6231] tomoyo_encode+0x29/0x50 [ 55.868478][ T6231] tomoyo_realpath_from_path+0x18f/0x6e0 [ 55.868494][ T6231] ? tomoyo_profile+0x47/0x60 [ 55.868512][ T6231] tomoyo_path_number_perm+0x245/0x580 [ 55.868524][ T6231] ? tomoyo_path_number_perm+0x237/0x580 [ 55.868537][ T6231] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 55.868549][ T6231] ? finish_task_switch.isra.0+0x221/0xc10 [ 55.868578][ T6231] ? find_held_lock+0x2b/0x80 [ 55.868588][ T6231] ? hook_file_ioctl_common+0x145/0x410 [ 55.868600][ T6231] ? __fget_files+0x204/0x3c0 [ 55.868611][ T6231] ? __fget_files+0x20e/0x3c0 [ 55.868620][ T6231] ? __fput_deferred+0x300/0x370 [ 55.868635][ T6231] security_file_ioctl_compat+0x9b/0x240 [ 55.868650][ T6231] __ia32_compat_sys_ioctl+0xc3/0x360 [ 55.868666][ T6231] __do_fast_syscall_32+0x73/0x120 [ 55.868682][ T6231] do_fast_syscall_32+0x32/0x80 [ 55.868697][ T6231] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 55.868710][ T6231] RIP: 0023:0xf7fd6579 [ 55.868718][ T6231] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 55.868728][ T6231] RSP: 002b:00000000f50b455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 55.868738][ T6231] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000008949 [ 55.868744][ T6231] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 55.868750][ T6231] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 55.868755][ T6231] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 55.868760][ T6231] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 55.868772][ T6231] [ 55.869890][ T6231] ERROR: Out of memory at tomoyo_realpath_from_path. [ 56.051239][ T955] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 56.221326][ T40] audit: type=1800 audit(1745607253.813:3): pid=6235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.57" name="file1" dev="overlay" ino=72 res=0 errno=0 [ 56.228680][ T6235] evm: overlay not supported [ 56.701298][ T6234] ================================================================== [ 56.703850][ T6234] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320 [ 56.706278][ T6234] Write of size 4064 at addr ffffc90007217020 by task syz.2.57/6234 [ 56.710546][ T6234] [ 56.711316][ T6234] CPU: 3 UID: 0 PID: 6234 Comm: syz.2.57 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 56.711331][ T6234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.711338][ T6234] Call Trace: [ 56.711342][ T6234] [ 56.711346][ T6234] dump_stack_lvl+0x116/0x1f0 [ 56.711364][ T6234] print_report+0xc3/0x670 [ 56.711377][ T6234] ? __virt_addr_valid+0x5e/0x590 [ 56.711393][ T6234] ? vrealloc_noprof+0x132/0x320 [ 56.711404][ T6234] kasan_report+0xe0/0x110 [ 56.711417][ T6234] ? vrealloc_noprof+0x132/0x320 [ 56.711428][ T6234] kasan_check_range+0xef/0x1a0 [ 56.711443][ T6234] __asan_memset+0x23/0x50 [ 56.711454][ T6234] vrealloc_noprof+0x132/0x320 [ 56.711464][ T6234] push_insn_history+0x2ae/0x6c0 [ 56.711478][ T6234] do_check_common+0xbd3/0xc2a0 [ 56.711495][ T6234] ? __pfx_do_check_common+0x10/0x10 [ 56.711506][ T6234] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.711524][ T6234] ? kfree+0x2b6/0x4d0 [ 56.711534][ T6234] ? bpf_check+0x6c86/0xb460 [ 56.711544][ T6234] ? bpf_check+0x7b2f/0xb460 [ 56.711556][ T6234] bpf_check+0x7f51/0xb460 [ 56.711571][ T6234] ? __pfx_bpf_check+0x10/0x10 [ 56.711582][ T6234] ? pcpu_alloc_noprof+0x949/0x1470 [ 56.711597][ T6234] ? __lock_acquire+0xaa4/0x1ba0 [ 56.711614][ T6234] ? find_held_lock+0x2b/0x80 [ 56.711626][ T6234] ? __asan_memset+0x23/0x50 [ 56.711635][ T6234] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 56.711651][ T6234] bpf_prog_load+0xe41/0x2490 [ 56.711667][ T6234] ? __pfx_bpf_prog_load+0x10/0x10 [ 56.711681][ T6234] ? __pfx___futex_wait+0x10/0x10 [ 56.711700][ T6234] ? bpf_lsm_bpf+0x9/0x10 [ 56.711712][ T6234] __sys_bpf+0x433c/0x4d80 [ 56.711727][ T6234] ? __pfx___sys_bpf+0x10/0x10 [ 56.711743][ T6234] ? __lock_acquire+0xaa4/0x1ba0 [ 56.711760][ T6234] ? find_held_lock+0x2b/0x80 [ 56.711769][ T6234] ? __might_fault+0xe3/0x190 [ 56.711784][ T6234] ? __might_fault+0xe3/0x190 [ 56.711795][ T6234] ? __might_fault+0x13b/0x190 [ 56.711809][ T6234] __ia32_sys_bpf+0x76/0xe0 [ 56.711818][ T6234] __do_fast_syscall_32+0x73/0x120 [ 56.711834][ T6234] do_fast_syscall_32+0x32/0x80 [ 56.711848][ T6234] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 56.711862][ T6234] RIP: 0023:0xf7f07579 [ 56.711870][ T6234] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 56.711881][ T6234] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 56.711891][ T6234] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0 [ 56.711898][ T6234] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.711904][ T6234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 56.711909][ T6234] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 56.711915][ T6234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 56.711924][ T6234] [ 56.711928][ T6234] [ 56.805434][ T6234] The buggy address belongs to the virtual mapping at [ 56.805434][ T6234] [ffffc900071f7000, ffffc90007219000) created by: [ 56.805434][ T6234] kvrealloc_noprof+0x7d/0xd0 [ 56.811273][ T6234] [ 56.812070][ T6234] The buggy address belongs to the physical page: [ 56.814099][ T6234] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xe5 pfn:0x2a1b1 [ 56.816787][ T6234] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 56.818942][ T6234] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 56.821566][ T6234] raw: 00000000000000e5 0000000000000000 00000001ffffffff 0000000000000000 [ 56.824184][ T6234] page dumped because: kasan: bad access detected [ 56.826141][ T6234] page_owner tracks the page as allocated [ 56.827876][ T6234] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 6234, tgid 6233 (syz.2.57), ts 56701212495, free_ts 56603960456 [ 56.832942][ T6234] post_alloc_hook+0x181/0x1b0 [ 56.834430][ T6234] get_page_from_freelist+0x135c/0x3920 [ 56.836149][ T6234] __alloc_frozen_pages_noprof+0x5a8/0x23a0 [ 56.838192][ T6234] alloc_pages_mpol+0x1fb/0x550 [ 56.839807][ T6234] alloc_pages_noprof+0x131/0x390 [ 56.841371][ T6234] __vmalloc_node_range_noprof+0x732/0x1540 [ 56.843255][ T6234] __kvmalloc_node_noprof+0x2ff/0x600 [ 56.844875][ T6234] kvrealloc_noprof+0x7d/0xd0 [ 56.846389][ T6234] push_insn_history+0x2ae/0x6c0 [ 56.848218][ T6234] do_check_common+0xbd3/0xc2a0 [ 56.849839][ T6234] bpf_check+0x7f51/0xb460 [ 56.851346][ T6234] bpf_prog_load+0xe41/0x2490 [ 56.852926][ T6234] __sys_bpf+0x433c/0x4d80 [ 56.854292][ T6234] __ia32_sys_bpf+0x76/0xe0 [ 56.855746][ T6234] __do_fast_syscall_32+0x73/0x120 [ 56.857341][ T6234] do_fast_syscall_32+0x32/0x80 [ 56.858846][ T6234] page last free pid 112 tgid 112 stack trace: [ 56.860691][ T6234] free_unref_folios+0x999/0x1630 [ 56.862220][ T6234] shrink_folio_list+0x3255/0x40e0 [ 56.863765][ T6234] evict_folios+0x779/0x1b60 [ 56.865169][ T6234] try_to_shrink_lruvec+0x5a3/0x990 [ 56.866754][ T6234] shrink_one+0x3e3/0x7a0 [ 56.868094][ T6234] shrink_node+0x268e/0x3d20 [ 56.869576][ T6234] balance_pgdat+0xba5/0x19c0 [ 56.871120][ T6234] kswapd+0x590/0xb90 [ 56.872330][ T6234] kthread+0x3c2/0x780 [ 56.873578][ T6234] ret_from_fork+0x45/0x80 [ 56.874941][ T6234] ret_from_fork_asm+0x1a/0x30 [ 56.876399][ T6234] [ 56.877151][ T6234] Memory state around the buggy address: [ 56.878820][ T6234] ffffc90007216f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.881214][ T6234] ffffc90007216f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.883598][ T6234] >ffffc90007217000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 56.885980][ T6234] ^ [ 56.887586][ T6234] ffffc90007217080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 56.890043][ T6234] ffffc90007217100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 56.892510][ T6234] ================================================================== [ 56.899751][ T6234] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.902080][ T6234] CPU: 3 UID: 0 PID: 6234 Comm: syz.2.57 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 56.905943][ T6234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.909333][ T6234] Call Trace: [ 56.910398][ T6234] [ 56.911310][ T6234] dump_stack_lvl+0x3d/0x1f0 [ 56.912768][ T6234] panic+0x71c/0x800 [ 56.913965][ T6234] ? __pfx_panic+0x10/0x10 [ 56.915474][ T6234] ? rcu_is_watching+0x12/0xc0 [ 56.917015][ T6234] ? preempt_schedule_thunk+0x16/0x30 [ 56.918776][ T6234] ? vrealloc_noprof+0x132/0x320 [ 56.920390][ T6234] ? preempt_schedule_common+0x44/0xc0 [ 56.922029][ T6234] ? vrealloc_noprof+0x132/0x320 [ 56.923703][ T6234] check_panic_on_warn+0xab/0xb0 [ 56.925363][ T6234] end_report+0x107/0x170 [ 56.926735][ T6234] kasan_report+0xee/0x110 [ 56.928219][ T6234] ? vrealloc_noprof+0x132/0x320 [ 56.929893][ T6234] kasan_check_range+0xef/0x1a0 [ 56.931636][ T6234] __asan_memset+0x23/0x50 [ 56.933090][ T6234] vrealloc_noprof+0x132/0x320 [ 56.934558][ T6234] push_insn_history+0x2ae/0x6c0 [ 56.936084][ T6234] do_check_common+0xbd3/0xc2a0 [ 56.937566][ T6234] ? __pfx_do_check_common+0x10/0x10 [ 56.939199][ T6234] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.940824][ T6234] ? kfree+0x2b6/0x4d0 [ 56.942119][ T6234] ? bpf_check+0x6c86/0xb460 [ 56.943544][ T6234] ? bpf_check+0x7b2f/0xb460 [ 56.944956][ T6234] bpf_check+0x7f51/0xb460 [ 56.946367][ T6234] ? __pfx_bpf_check+0x10/0x10 [ 56.947885][ T6234] ? pcpu_alloc_noprof+0x949/0x1470 [ 56.949471][ T6234] ? __lock_acquire+0xaa4/0x1ba0 [ 56.950995][ T6234] ? find_held_lock+0x2b/0x80 [ 56.952437][ T6234] ? __asan_memset+0x23/0x50 [ 56.953843][ T6234] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 56.955378][ T6234] bpf_prog_load+0xe41/0x2490 [ 56.956817][ T6234] ? __pfx_bpf_prog_load+0x10/0x10 [ 56.958419][ T6234] ? __pfx___futex_wait+0x10/0x10 [ 56.959935][ T6234] ? bpf_lsm_bpf+0x9/0x10 [ 56.961291][ T6234] __sys_bpf+0x433c/0x4d80 [ 56.962667][ T6234] ? __pfx___sys_bpf+0x10/0x10 [ 56.964114][ T6234] ? __lock_acquire+0xaa4/0x1ba0 [ 56.965585][ T6234] ? find_held_lock+0x2b/0x80 [ 56.967045][ T6234] ? __might_fault+0xe3/0x190 [ 56.968474][ T6234] ? __might_fault+0xe3/0x190 [ 56.969935][ T6234] ? __might_fault+0x13b/0x190 [ 56.971434][ T6234] __ia32_sys_bpf+0x76/0xe0 [ 56.972845][ T6234] __do_fast_syscall_32+0x73/0x120 [ 56.974458][ T6234] do_fast_syscall_32+0x32/0x80 [ 56.975969][ T6234] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 56.977940][ T6234] RIP: 0023:0xf7f07579 [ 56.979233][ T6234] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 56.985722][ T6234] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 56.988433][ T6234] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0 [ 56.991045][ T6234] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.993551][ T6234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 56.996164][ T6234] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 56.998609][ T6234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 57.000995][ T6234] [ 57.002617][ T6234] Kernel Offset: disabled [ 57.003993][ T6234] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:54:14 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000046 RBX=0000000000000000 RCX=0000000000000001 RDX=0000000000080000 RSI=ffffffff8dbe98f8 RDI=ffffffff8bf44f40 RBP=0000000000000246 RSP=ffffc9000376f6a8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=ffff88806a4fbf30 R14=ffff88806a4fbaa8 R15=ffffc9000376f898 RIP=ffffffff8b6f1b9e RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977bf000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f5065da4 CR3=000000005dfa4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000d1c00000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff81a187af RDX=1ffffffff1b9e5a1 RSI=0000000000000008 RDI=ffffffff90866910 RBP=0000000000000001 RSP=ffffc9000046fb88 R8 =0000000000000000 R9 =fffffbfff210cd22 R10=ffffffff90866917 R11=0000000000000000 R12=0000000000000000 R13=ffff88801daaa440 R14=ffffffff90869894 R15=ffff88802b339f00 RIP=ffffffff821f3488 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978bf000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000c43663f CR3=000000005dfa4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000d1c00000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000007 RBX=0000000000000009 RCX=0000000000000000 RDX=0000000000000008 RSI=ffff888021eb0b40 RDI=ffff888021eb0000 RBP=ffffc9000378f5d0 RSP=ffffc9000378f530 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=ffffffff8e3bf440 R12=ffff888021eb0b40 R13=0000000000000200 R14=ffff888021eb0000 R15=ffff888021eb0000 RIP=ffffffff81977c9d RFL=00000003 [------C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979bf000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f5044da4 CR3=000000005dfa4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000d1c00000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000079 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854afb45 RDI=ffffffff9ae0cb80 RBP=ffffffff9ae0cb40 RSP=ffffc9000374ef00 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3963666666662057 R12=0000000000000000 R13=0000000000000079 R14=ffffffff9ae0cb40 R15=ffffffff854afae0 RIP=ffffffff854afb6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097abf000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f32ccecc CR3=000000006d7e2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000