last executing test programs: 22.373435126s ago: executing program 0 (id=1): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000"], 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) msgget(0x0, 0xe5fe9c796870f283) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x80000003) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) read$FUSE(r1, &(0x7f00000063c0)={0x2020}, 0x2020) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x4000) 21.6501725s ago: executing program 2 (id=3): syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x910ec27568a00e35, 0x40000002, 0x0) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x2, 0x0) write$proc_mixer(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="564f4c554d4520274c696e652720303030303030303030303030303030301d09c98414daa1880a000008"], 0x2a) close(r3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, 0x0, &(0x7f0000000180)='GPL\x00', 0x9}, 0x94) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'lo\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "ae37a5fee7f817d0e7c80c5e531c83ef941fd0e94c6071d4265aeea524c7baf5", "0c7829aeda9446f0e8cf944fbac5a72f154a5c2529c572cceeee9c61aaded410", "0c65a946e6cd2bea44adc1d1ab71e142d0111c20ce139373e647e119edbb66a3", "fec3f28745c3a8a5d6ddb195c8e8ca612bf943471cf9c6af9e075ad4d09d59ea", "a0f17d77c0d227f7ee532514c328d9b827496ff8f10f3356079dfa3457ecfb14", "fbf7d34f9695832c057dfaf6", 0xa4d, 0xffff, 0x0, 0xffffffff, 0xfffffffa}}) socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d20"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) syz_usbip_server_init(0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) r6 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0) landlock_restrict_self(r6, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) 20.893398102s ago: executing program 3 (id=5): syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) r0 = syz_io_uring_setup(0x222f, &(0x7f0000000280)={0x0, 0x8cdb, 0x10000, 0x400000}, 0x0, &(0x7f0000000140)) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) openat$tun(0xffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpgid(0x0) r5 = socket$kcm(0x25, 0x1, 0x0) recvmsg(r5, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x10160) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x48) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x2c, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0xc, @dev={0xfe, 0x80, '\x00', 0x23}, 0x1}, @in={0x2, 0x4e21, @broadcast}]}, &(0x7f0000000080)=0xc) close(r1) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) syz_extract_tcp_res(&(0x7f0000000140), 0x4e6, 0x6) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)={0x14, 0x25, 0x1, 0x70bd2f, 0x25dfdbfb, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x10) io_uring_enter(r0, 0x3653, 0xc2d7, 0x5c, 0x0, 0x0) 19.851263243s ago: executing program 3 (id=6): socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000140)='syzkaller\x00'}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[], 0x30}}, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0500000001000100ff7f00000202000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'xfrm0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3104, 0x1b400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r7}]}}}]}, 0x3c}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES64, @ANYRES32=r5, @ANYRES8, @ANYRES16], 0x7c}, 0x1, 0x0, 0x0, 0x8890}, 0x0) 19.183669741s ago: executing program 0 (id=7): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000040)=0x3, 0x4) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000f80)=@newtaction={0x84, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0xffffffffffffffff, 0x30a7, 0x2, 0x2, {0x2, 0x0, 0x4, 0x5, 0x1, 0x7}, {0x3, 0x0, 0x6, 0x1, 0x5201, 0x7}, 0x80000001, 0x2, 0x2}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000), 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000080)=0x7) readv(r3, &(0x7f0000000240), 0x0) write$evdev(r3, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x24c01, 0x0) lseek(r4, 0x1, 0x1) writev(r4, &(0x7f0000000240)=[{&(0x7f0000000180)}, {0x0}, {&(0x7f00000003c0)="543dbf774f46eb7c9d4c45610d4ed164ed0bb635311f952cef66d7a4d254107cdc2fbd669f340837d7efcc70d90b1bf34924b72399a046649e", 0x39}, {&(0x7f0000000500)}, {&(0x7f0000000580)="1d3015520d3a8a9ea1e4b23a11685917e8db4d2906d195beb905e03b284ad66c5ac3aaf24b6ec8ed4f1d06bd7976e93de58007302f2220454d3907db6523aed966c87c8777a634ba34ace14a68f80c93365e78ee781581ae892531de7ebefa62253a5c6c487f0b15cdc03024fec659cca89a777bf18e39546f88bd934fcb0b439fab98a93534e4e6d6424b10028850f93fb9460ccb5b54f027212de6aa8fcd1a2f299dcf867f56a9043ba1edff", 0xad}, {&(0x7f0000000640)="03f0809f717fd9013cf853e0794a9f10f0b0368edb0559ab7b99fecee861aa845a162dcbe7ae26e857f543a14cffc373091c24ca9bb7d74e5cfa2820377f7e2fb65545288f05d1ff3270159c4d44defeb9ac6db4bceaf918e01415159b002b5b1ac03bd69d65279e64d0ead2d39e2207d1a86567eab23b7ea6d317a99da1007ed70033ed5cefda50e9a04471ba654374c116aea585f20f1719dcffd169367693fc", 0xa1}, {&(0x7f00000001c0)}], 0x7) mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e79"]) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) ftruncate(r5, 0x5) 18.787363691s ago: executing program 3 (id=9): readv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f0000000080)=""/200, 0xc8}, {0x0}], 0x2) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x32, 0xd86, 0x2c1, 0x9, 0x4, 0x7f, 0x5, 0x29d0}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000000140)={@link_local={0x3}, @link_local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @redirect={0x5, 0x1, 0x0, @loopback, {0x10, 0x4, 0x2, 0x27, 0x3, 0x64, 0x200, 0xff, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x1a}, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x24, 0x36, 0x1, 0x4, [{@dev={0xac, 0x14, 0x14, 0x39}, 0x9}, {@local, 0x9bf}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x8}, {@local, 0x5}]}, @lsrr={0x83, 0x3, 0xcf}]}}}}}}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x0, 0x5004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f000000c2c0)=[0x0], 0x1}, 0x58) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) write$uinput_user_dev(r6, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5b, 0x3, 0x6, 0x1000005, 0x10000, 0x2, 0x3, 0x0, 0x3, 0x10, 0x3, 0x0, 0x2, 0x3, 0x2, 0x6, 0x3, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x8, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0xffff, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x4, 0x5e81339d, 0xffffc256, 0x5, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x9, 0x1, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2000002, 0x8000, 0x7fff, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x2, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x81, 0x7, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffffa, 0x7, 0x9, 0x6, 0x4, 0x5, 0xa3, 0x3, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x2, 0x5, 0x6, 0x100, 0x7c83, 0x800d, 0x1, 0x4, 0xf, 0x7f, 0x47, 0x7, 0xfffffffe, 0x11, 0x3, 0xffd, 0x3, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x6, 0xc35], [0x81, 0x3, 0x80, 0x4e26, 0x3, 0x3d, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x3, 0x9, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0x8, 0x7, 0x9, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) 18.311262225s ago: executing program 2 (id=10): r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) setxattr$trusted_overlay_opaque(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1) listxattr(&(0x7f0000001cc0)='./bus\x00', &(0x7f0000001d00)=""/4096, 0x1000) semctl$GETALL(0x0, 0x0, 0xd, 0x0) mount(0x0, 0x0, &(0x7f0000000280)='nfsd\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r3, 0x20, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/150, 0x96}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) ioctl$sock_qrtr_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000340)) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mknod$loop(0x0, 0xfff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000840)='net/packet\x00') ioctl$sock_ifreq(r4, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r4, 0x8949, &(0x7f0000000000)) 18.10831982s ago: executing program 0 (id=11): r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) setxattr$trusted_overlay_opaque(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1) listxattr(&(0x7f0000001cc0)='./bus\x00', &(0x7f0000001d00)=""/4096, 0x1000) semctl$GETALL(0x0, 0x0, 0xd, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r3, 0x20, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/150, 0x96}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) ioctl$sock_qrtr_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000340)) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mknod$loop(0x0, 0xfff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000840)='net/packet\x00') ioctl$sock_ifreq(r4, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r4, 0x8949, &(0x7f0000000000)) 3.626171326s ago: executing program 3 (id=12): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000"], 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) msgget(0x0, 0xe5fe9c796870f283) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)=0x80000003) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r1) read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x4000) 3.543514915s ago: executing program 1 (id=13): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000040)=0x3, 0x4) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000f80)=@newtaction={0x84, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0xffffffffffffffff, 0x30a7, 0x2, 0x2, {0x2, 0x0, 0x4, 0x5, 0x1, 0x7}, {0x3, 0x0, 0x6, 0x1, 0x5201, 0x7}, 0x80000001, 0x2, 0x2}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000), 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000080)=0x7) readv(r3, &(0x7f0000000240), 0x0) write$evdev(r3, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x24c01, 0x0) lseek(r4, 0x1, 0x1) writev(r4, &(0x7f0000000240)=[{&(0x7f0000000180)}, {0x0}, {&(0x7f00000003c0)="543dbf774f46eb7c9d4c45610d4ed164ed0bb635311f952cef66d7a4d254107cdc2fbd669f340837d7efcc70d90b1bf34924b72399a046649e", 0x39}, {&(0x7f0000000500)}, {&(0x7f0000000580)="1d3015520d3a8a9ea1e4b23a11685917e8db4d2906d195beb905e03b284ad66c5ac3aaf24b6ec8ed4f1d06bd7976e93de58007302f2220454d3907db6523aed966c87c8777a634ba34ace14a68f80c93365e78ee781581ae892531de7ebefa62253a5c6c487f0b15cdc03024fec659cca89a777bf18e39546f88bd934fcb0b439fab98a93534e4e6d6424b10028850f93fb9460ccb5b54f027212de6aa8fcd1a2f299dcf867f56a9043ba1edff", 0xad}, {&(0x7f0000000640)="03f0809f717fd9013cf853e0794a9f10f0b0368edb0559ab7b99fecee861aa845a162dcbe7ae26e857f543a14cffc373091c24ca9bb7d74e5cfa2820377f7e2fb65545288f05d1ff3270159c4d44defeb9ac6db4bceaf918e01415159b002b5b1ac03bd69d65279e64d0ead2d39e2207d1a86567eab23b7ea6d317a99da1007ed70033ed5cefda50e9a04471ba654374c116aea585f20f1719dcffd169367693fc", 0xa1}, {&(0x7f00000001c0)}], 0x7) mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e79"]) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) ftruncate(r5, 0x5) 3.525959745s ago: executing program 1 (id=14): r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)) setxattr$trusted_overlay_opaque(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1) listxattr(&(0x7f0000001cc0)='./bus\x00', &(0x7f0000001d00)=""/4096, 0x1000) semctl$GETALL(0x0, 0x0, 0xd, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r3, 0x20, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/150, 0x96}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) ioctl$sock_qrtr_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000340)) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mknod$loop(0x0, 0xfff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000840)='net/packet\x00') ioctl$sock_ifreq(r4, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r4, 0x8949, &(0x7f0000000000)) 3.507238686s ago: executing program 0 (id=15): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000"], 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) msgget(0x0, 0xe5fe9c796870f283) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)=0x80000003) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r1) read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x4000) 3.437588748s ago: executing program 2 (id=16): readv(0xffffffffffffffff, &(0x7f0000001580)=[{&(0x7f0000000080)=""/200, 0xc8}, {0x0}], 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@setlink={0x28, 0x13, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x2624, 0x7920}, [@IFLA_NET_NS_PID={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0xc0008cd}, 0x20048000) openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000000140)={@link_local={0x3}, @link_local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @redirect={0x5, 0x1, 0x0, @loopback, {0x10, 0x4, 0x2, 0x27, 0x3, 0x64, 0x200, 0xff, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x1a}, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x24, 0x36, 0x1, 0x4, [{@dev={0xac, 0x14, 0x14, 0x39}, 0x9}, {@local, 0x9bf}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x8}, {@local, 0x5}]}, @lsrr={0x83, 0x3, 0xcf}]}}}}}}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x0, 0x5004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f000000c2c0)=[0x0], 0x1}, 0x58) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) write$uinput_user_dev(r6, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5b, 0x3, 0x6, 0x1000005, 0x10000, 0x2, 0x3, 0x0, 0x3, 0x10, 0x3, 0x0, 0x2, 0x3, 0x2, 0x6, 0x3, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x8, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0xffff, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x4, 0x5e81339d, 0xffffc256, 0x5, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x9, 0x1, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2000002, 0x8000, 0x7fff, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x2, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x81, 0x7, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffffa, 0x7, 0x9, 0x6, 0x4, 0x5, 0xa3, 0x3, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x2, 0x5, 0x6, 0x100, 0x7c83, 0x800d, 0x1, 0x4, 0xf, 0x7f, 0x47, 0x7, 0xfffffffe, 0x11, 0x3, 0xffd, 0x3, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x6, 0xc35], [0x81, 0x3, 0x80, 0x4e26, 0x3, 0x3d, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x3, 0x9, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0x8, 0x7, 0x9, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) 3.388211432s ago: executing program 1 (id=17): syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) r0 = syz_io_uring_setup(0x222f, &(0x7f0000000280)={0x0, 0x8cdb, 0x10000, 0x400000}, &(0x7f0000000080), &(0x7f0000000140)) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) openat$tun(0xffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpgid(0x0) socket$kcm(0x25, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x48) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) syz_extract_tcp_res(&(0x7f0000000140), 0x4e6, 0x6) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)={0x14, 0x25, 0x1, 0x70bd2f, 0x25dfdbfb, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x10) io_uring_enter(r0, 0x3653, 0xc2d7, 0x5c, 0x0, 0x0) 3.282942655s ago: executing program 2 (id=18): r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) setxattr$trusted_overlay_opaque(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1) listxattr(&(0x7f0000001cc0)='./bus\x00', &(0x7f0000001d00)=""/4096, 0x1000) semctl$GETALL(0x0, 0x0, 0xd, 0x0) mount(0x0, 0x0, &(0x7f0000000280)='nfsd\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={r3, 0x20, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/150, 0x96}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) ioctl$sock_qrtr_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000340)) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mknod$loop(0x0, 0xfff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000840)='net/packet\x00') ioctl$sock_ifreq(r4, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r4, 0x8949, &(0x7f0000000000)) 2.702332632s ago: executing program 1 (id=19): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000040)=0x3, 0x4) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000f80)=@newtaction={0x84, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0xffffffffffffffff, 0x30a7, 0x2, 0x2, {0x2, 0x0, 0x4, 0x5, 0x1, 0x7}, {0x3, 0x0, 0x6, 0x1, 0x5201, 0x7}, 0x80000001, 0x2, 0x2}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x84}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000), 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000080)=0x7) readv(r3, &(0x7f0000000240), 0x0) write$evdev(r3, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x24c01, 0x0) lseek(r4, 0x1, 0x1) writev(r4, &(0x7f0000000240)=[{&(0x7f0000000180)}, {0x0}, {&(0x7f00000003c0)="543dbf774f46eb7c9d4c45610d4ed164ed0bb635311f952cef66d7a4d254107cdc2fbd669f340837d7efcc70d90b1bf34924b72399a046649e", 0x39}, {&(0x7f0000000500)}, {&(0x7f0000000580)="1d3015520d3a8a9ea1e4b23a11685917e8db4d2906d195beb905e03b284ad66c5ac3aaf24b6ec8ed4f1d06bd7976e93de58007302f2220454d3907db6523aed966c87c8777a634ba34ace14a68f80c93365e78ee781581ae892531de7ebefa62253a5c6c487f0b15cdc03024fec659cca89a777bf18e39546f88bd934fcb0b439fab98a93534e4e6d6424b10028850f93fb9460ccb5b54f027212de6aa8fcd1a2f299dcf867f56a9043ba1edff", 0xad}, {&(0x7f0000000640)="03f0809f717fd9013cf853e0794a9f10f0b0368edb0559ab7b99fecee861aa845a162dcbe7ae26e857f543a14cffc373091c24ca9bb7d74e5cfa2820377f7e2fb65545288f05d1ff3270159c4d44defeb9ac6db4bceaf918e01415159b002b5b1ac03bd69d65279e64d0ead2d39e2207d1a86567eab23b7ea6d317a99da1007ed70033ed5cefda50e9a04471ba654374c116aea585f20f1719dcffd169367693fc", 0xa1}, {&(0x7f00000001c0)}], 0x7) mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e79"]) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) ftruncate(r5, 0x5) 1.706227819s ago: executing program 0 (id=20): syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) r0 = syz_io_uring_setup(0x222f, &(0x7f0000000280)={0x0, 0x8cdb, 0x10000, 0x400000}, &(0x7f0000000080), &(0x7f0000000140)) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) openat$tun(0xffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r4 = socket$kcm(0x25, 0x1, 0x0) recvmsg(r4, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x10160) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x48) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x2c, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0xc, @dev={0xfe, 0x80, '\x00', 0x23}, 0x1}, @in={0x2, 0x4e21, @broadcast}]}, &(0x7f0000000080)=0xc) close(r1) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) syz_extract_tcp_res(&(0x7f0000000140), 0x4e6, 0x6) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)={0x14, 0x25, 0x1, 0x70bd2f, 0x25dfdbfb, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x10) io_uring_enter(r0, 0x3653, 0xc2d7, 0x5c, 0x0, 0x0) 1.705792934s ago: executing program 1 (id=21): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@remote, @in=@loopback, 0x4e24, 0x100, 0x4e24, 0x0, 0xa, 0x80, 0x0, 0x33}, {0x7, 0xffffffffc9de0286, 0x5, 0x9, 0x3, 0x80, 0x4, 0xffffffffffff8000}, {0x75, 0x4, 0x2, 0x1000}, 0x0, 0x0, 0x0, 0x1, 0x3, 0x2}, {{@in6=@remote, 0x4d2, 0x2b}, 0xa, @in=@local, 0x3501, 0x2, 0x0, 0x6, 0x659fbcf4, 0xe, 0x5}}, 0xe8) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x14, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41100}, 0x94) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r2, &(0x7f0000000340)="0a000300010000", 0x7) recvmmsg(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x40001af, 0x12122, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$TIPC_NL_BEARER_DISABLE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="58000000088ae835cd1f64ebbbfdd52b3c491af155d248a6a529e5f0c40be8d3872c593a1a91e53f3f88639c9db1", @ANYRES16=0x0, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x20006841}, 0x4004011) recvmmsg(r4, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000380)=""/135, 0x87}], 0x2}, 0x2}], 0x1, 0x40000060, 0x0) fanotify_init(0x202, 0x0) r5 = syz_io_uring_setup(0xbdd, &(0x7f0000000640)={0x0, 0x79a8, 0x8, 0x1, 0x5000032d}, &(0x7f00000006c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) 1.705449799s ago: executing program 2 (id=22): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000"], 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) msgget(0x0, 0xe5fe9c796870f283) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r1) read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x4000) 1.705162388s ago: executing program 3 (id=23): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000"], 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) msgget(0x0, 0xe5fe9c796870f283) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000080)=0x80000003) socket$packet(0x11, 0x2, 0x300) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r1) read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x4000) 63.570366ms ago: executing program 2 (id=24): socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00'}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[], 0x30}}, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0500000001000100ff7f00000202000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'xfrm0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3104, 0x1b400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r7}]}}}]}, 0x3c}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES64, @ANYRES32=r5, @ANYRES8, @ANYRES16], 0x7c}, 0x1, 0x0, 0x0, 0x8890}, 0x0) 34.010355ms ago: executing program 1 (id=25): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000040)=0x3, 0x4) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000), 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f0000000080)=0x7) readv(r3, &(0x7f0000000240), 0x0) write$evdev(r3, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x24c01, 0x0) lseek(r4, 0x1, 0x1) writev(r4, &(0x7f0000000240)=[{&(0x7f0000000180)}, {0x0}, {&(0x7f00000003c0)="543dbf774f46eb7c9d4c45610d4ed164ed0bb635311f952cef66d7a4d254107cdc2fbd669f340837d7efcc70d90b1bf34924b72399a046649e", 0x39}, {&(0x7f0000000500)}, {&(0x7f0000000580)="1d3015520d3a8a9ea1e4b23a11685917e8db4d2906d195beb905e03b284ad66c5ac3aaf24b6ec8ed4f1d06bd7976e93de58007302f2220454d3907db6523aed966c87c8777a634ba34ace14a68f80c93365e78ee781581ae892531de7ebefa62253a5c6c487f0b15cdc03024fec659cca89a777bf18e39546f88bd934fcb0b439fab98a93534e4e6d6424b10028850f93fb9460ccb5b54f027212de6aa8fcd1a2f299dcf867f56a9043ba1edff", 0xad}, {&(0x7f0000000640)="03f0809f717fd9013cf853e0794a9f10f0b0368edb0559ab7b99fecee861aa845a162dcbe7ae26e857f543a14cffc373091c24ca9bb7d74e5cfa2820377f7e2fb65545288f05d1ff3270159c4d44defeb9ac6db4bceaf918e01415159b002b5b1ac03bd69d65279e64d0ead2d39e2207d1a86567eab23b7ea6d317a99da1007ed70033ed5cefda50e9a04471ba654374c116aea585f20f1719dcffd169367693fc", 0xa1}, {&(0x7f00000001c0)="5e542e6c5be7fe8cc463bc42d67a4884ed9b1f4bed60", 0x16}], 0x7) mount$9p_virtio(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e79"]) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) ftruncate(r5, 0x5) 17.172046ms ago: executing program 0 (id=26): socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000140)='syzkaller\x00'}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x10, 0x400000002, 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[], 0x30}}, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0500000001000100ff7f00000202000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'xfrm0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3104, 0x1b400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r7}]}}}]}, 0x3c}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRES8, @ANYRES64, @ANYRES32=r5, @ANYRES8, @ANYRES16], 0x7c}, 0x1, 0x0, 0x0, 0x8890}, 0x0) 0s ago: executing program 3 (id=27): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000"], 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) msgget(0x0, 0xe5fe9c796870f283) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000080)=0x80000003) socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0xffe, 0x3, 0x1000, 0x3a, 0x0, 0x0, 0x7}, 0x75) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) read$FUSE(r1, &(0x7f00000063c0)={0x2020}, 0x2020) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) openat$tun(0xffffff9c, &(0x7f0000000380), 0x800, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000010c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x4000) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:40793' (ED25519) to the list of known hosts. [ 42.556195][ T5879] cgroup: Unknown subsys name 'net' [ 42.727149][ T5879] cgroup: Unknown subsys name 'cpuset' [ 42.731266][ T5879] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 43.727822][ T5879] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.461190][ T5937] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 47.465222][ T5947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 47.468218][ T5952] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 47.469529][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 47.471149][ T5952] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 47.474872][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 47.475981][ T5952] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 47.477946][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 47.480279][ T5952] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 47.482150][ T5948] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 47.482854][ T5948] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 47.483525][ T5946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 47.484516][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 47.485897][ T64] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 47.486815][ T5953] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 47.489067][ T5948] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 47.492187][ T5937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 47.494927][ T5948] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 47.499483][ T5937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 47.502115][ T5948] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 47.853024][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 47.860674][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 47.906131][ T5936] chnl_net:caif_netlink_parms(): no params data found [ 47.932310][ T5938] chnl_net:caif_netlink_parms(): no params data found [ 48.060670][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.064083][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.067105][ T5949] bridge_slave_0: entered allmulticast mode [ 48.070593][ T5949] bridge_slave_0: entered promiscuous mode [ 48.100904][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.103332][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.105864][ T5949] bridge_slave_1: entered allmulticast mode [ 48.108892][ T5949] bridge_slave_1: entered promiscuous mode [ 48.169436][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.171738][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.175013][ T5935] bridge_slave_0: entered allmulticast mode [ 48.177958][ T5935] bridge_slave_0: entered promiscuous mode [ 48.222490][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.224942][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.227323][ T5935] bridge_slave_1: entered allmulticast mode [ 48.230149][ T5935] bridge_slave_1: entered promiscuous mode [ 48.303487][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.312359][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.378591][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.386168][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.389887][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.392298][ T5938] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.394738][ T5938] bridge_slave_0: entered allmulticast mode [ 48.397409][ T5938] bridge_slave_0: entered promiscuous mode [ 48.451053][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.453322][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.455857][ T5936] bridge_slave_0: entered allmulticast mode [ 48.458576][ T5936] bridge_slave_0: entered promiscuous mode [ 48.487078][ T5938] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.489729][ T5938] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.492109][ T5938] bridge_slave_1: entered allmulticast mode [ 48.495553][ T5938] bridge_slave_1: entered promiscuous mode [ 48.511988][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.515693][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.518114][ T5936] bridge_slave_1: entered allmulticast mode [ 48.520984][ T5936] bridge_slave_1: entered promiscuous mode [ 48.563431][ T5949] team0: Port device team_slave_0 added [ 48.608803][ T5935] team0: Port device team_slave_0 added [ 48.631320][ T5949] team0: Port device team_slave_1 added [ 48.665026][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.669354][ T5935] team0: Port device team_slave_1 added [ 48.673215][ T5938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.693516][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.714484][ T5938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.718075][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.720547][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.728931][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.766854][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.769085][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.778087][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.800457][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.802664][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.811337][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.856933][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.859946][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.871112][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.927908][ T5936] team0: Port device team_slave_0 added [ 48.935829][ T5938] team0: Port device team_slave_0 added [ 48.940743][ T5938] team0: Port device team_slave_1 added [ 48.961401][ T5936] team0: Port device team_slave_1 added [ 49.011719][ T5949] hsr_slave_0: entered promiscuous mode [ 49.014579][ T5949] hsr_slave_1: entered promiscuous mode [ 49.050437][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.053078][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 49.062731][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.143230][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.145553][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 49.153499][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.160798][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.163214][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 49.171719][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.191482][ T5935] hsr_slave_0: entered promiscuous mode [ 49.193803][ T5935] hsr_slave_1: entered promiscuous mode [ 49.196195][ T5935] debugfs: 'hsr0' already exists in 'hsr' [ 49.198129][ T5935] Cannot create hsr debugfs directory [ 49.217223][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.219463][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 49.227700][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.269985][ T5936] hsr_slave_0: entered promiscuous mode [ 49.272271][ T5936] hsr_slave_1: entered promiscuous mode [ 49.274485][ T5936] debugfs: 'hsr0' already exists in 'hsr' [ 49.276305][ T5936] Cannot create hsr debugfs directory [ 49.414676][ T5938] hsr_slave_0: entered promiscuous mode [ 49.417110][ T5938] hsr_slave_1: entered promiscuous mode [ 49.419287][ T5938] debugfs: 'hsr0' already exists in 'hsr' [ 49.421131][ T5938] Cannot create hsr debugfs directory [ 49.534724][ T5945] Bluetooth: hci3: command tx timeout [ 49.534855][ T5948] Bluetooth: hci1: command tx timeout [ 49.537347][ T5945] Bluetooth: hci0: command tx timeout [ 49.539539][ T5948] Bluetooth: hci2: command tx timeout [ 49.716695][ T5949] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 49.723724][ T5949] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 49.733526][ T5949] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 49.745159][ T5949] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 49.788766][ T5935] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 49.796073][ T5935] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 49.802191][ T5935] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 49.808964][ T5935] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 49.871848][ T5936] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 49.878027][ T5936] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 49.884852][ T5936] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 49.890097][ T5936] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 49.947940][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.958561][ T5938] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 49.963716][ T5938] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 49.971755][ T5938] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 49.984792][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.987309][ T5938] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 50.011678][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.014899][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.039531][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.042595][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.052704][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.082815][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.097441][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.109272][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.112292][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.134786][ T5936] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.139394][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.141725][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.152046][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.154405][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.183195][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.185547][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.208025][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.236956][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.255494][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.257786][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.261032][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.263219][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.294857][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.341425][ T5949] veth0_vlan: entered promiscuous mode [ 50.350896][ T5949] veth1_vlan: entered promiscuous mode [ 50.381167][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.388543][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.406614][ T5949] veth0_macvtap: entered promiscuous mode [ 50.419004][ T5949] veth1_macvtap: entered promiscuous mode [ 50.453352][ T5935] veth0_vlan: entered promiscuous mode [ 50.457504][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.466799][ T5936] veth0_vlan: entered promiscuous mode [ 50.473833][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.479516][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.490113][ T46] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.493121][ T46] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.496995][ T5936] veth1_vlan: entered promiscuous mode [ 50.503704][ T46] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.506735][ T46] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.515118][ T5935] veth1_vlan: entered promiscuous mode [ 50.562969][ T5938] veth0_vlan: entered promiscuous mode [ 50.569947][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.570869][ T5935] veth0_macvtap: entered promiscuous mode [ 50.573144][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.593858][ T5938] veth1_vlan: entered promiscuous mode [ 50.598417][ T5935] veth1_macvtap: entered promiscuous mode [ 50.606774][ T5936] veth0_macvtap: entered promiscuous mode [ 50.612863][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.616269][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.617123][ T5936] veth1_macvtap: entered promiscuous mode [ 50.631426][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.638549][ T5938] veth0_macvtap: entered promiscuous mode [ 50.647652][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.653083][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.654427][ T5949] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 50.658615][ T5938] veth1_macvtap: entered promiscuous mode [ 50.666130][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.675774][ T61] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.678717][ T61] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.697117][ T61] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.702012][ T61] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.708709][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.723048][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.726532][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.730855][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.743539][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.760343][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.764573][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.785991][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.788747][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.807946][ T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.813183][ T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.816922][ T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.829740][ T6027] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.834588][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.834602][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.840586][ T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.845519][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.848598][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.884716][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.887479][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.972430][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.977545][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.023257][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.031008][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.105809][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.211049][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.234250][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.354081][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.414086][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.415575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.518015][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.644364][ T5948] Bluetooth: hci2: command tx timeout [ 51.645095][ T5299] Bluetooth: hci0: command tx timeout [ 51.647624][ T5299] Bluetooth: hci1: command tx timeout [ 51.651834][ T5945] Bluetooth: hci3: command tx timeout [ 52.234910][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 52.244089][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.694344][ T5948] Bluetooth: hci1: command tx timeout [ 53.694377][ T5937] Bluetooth: hci3: command tx timeout [ 53.696359][ T5948] Bluetooth: hci0: command tx timeout [ 53.698937][ T5299] Bluetooth: hci2: command tx timeout [ 53.872116][ T6049] ALSA: mixer_oss: invalid OSS volume '' [ 53.906749][ T6049] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 53.909554][ T6049] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 53.915170][ T6049] vhci_hcd vhci_hcd.0: Device attached [ 54.134011][ T6025] vhci_hcd: vhci_device speed not set [ 54.194152][ T6025] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 54.265058][ T6050] vhci_hcd: connection reset by peer [ 54.269011][ T92] vhci_hcd: stop threads [ 54.271446][ T92] vhci_hcd: release socket [ 54.274115][ T92] vhci_hcd: disconnect device [ 54.694652][ T6062] ALSA: mixer_oss: invalid OSS volume '' [ 54.705171][ T6062] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 54.707316][ T6062] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 54.711480][ T6062] vhci_hcd vhci_hcd.0: Device attached [ 54.895236][ T842] vhci_hcd: vhci_device speed not set [ 54.954468][ T842] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 55.037409][ T6063] vhci_hcd: connection reset by peer [ 55.049226][ T1179] vhci_hcd: stop threads [ 55.050601][ T1179] vhci_hcd: release socket [ 55.052085][ T1179] vhci_hcd: disconnect device [ 55.338570][ T6073] overlayfs: missing 'lowerdir' [ 55.479161][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 55.774143][ T5937] Bluetooth: hci3: command tx timeout [ 55.775983][ T5937] Bluetooth: hci2: command tx timeout [ 55.784108][ T5299] Bluetooth: hci0: command tx timeout [ 55.800579][ T5299] Bluetooth: hci1: command tx timeout [ 56.916969][ T6100] overlayfs: missing 'lowerdir' [ 57.094406][ T60] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 58.934649][ T5781] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 59.284081][ T6025] vhci_hcd: vhci_device speed not set [ 60.084060][ T842] vhci_hcd: vhci_device speed not set [ 70.851624][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.936316][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 74.436487][ C0] ================================================================== [ 74.440868][ C0] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60 [ 74.448395][ C0] Read of size 1 at addr ffff88802583a818 by task kworker/0:2H/6170 [ 74.479498][ C0] [ 74.480485][ C0] CPU: 0 UID: 0 PID: 6170 Comm: kworker/0:2H Not tainted syzkaller #0 PREEMPT(full) [ 74.480501][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.480511][ C0] Workqueue: events_highpri snd_vmidi_output_work [ 74.480533][ C0] Call Trace: [ 74.480541][ C0] [ 74.480547][ C0] dump_stack_lvl+0x116/0x1f0 [ 74.480565][ C0] print_report+0xcd/0x630 [ 74.480582][ C0] ? __virt_addr_valid+0x81/0x610 [ 74.480598][ C0] ? __phys_addr+0xe8/0x180 [ 74.480613][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 74.480628][ C0] kasan_report+0xe0/0x110 [ 74.480644][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 74.480658][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 74.480671][ C0] __kasan_check_byte+0x36/0x50 [ 74.480686][ C0] lock_acquire+0xfc/0x350 [ 74.480703][ C0] ? do_raw_spin_unlock+0x53/0x230 [ 74.480714][ C0] ? .slowpath+0x9/0x18 [ 74.480729][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 74.480742][ C0] ? p9_req_put+0xaf/0x250 [ 74.480759][ C0] p9_req_put+0xaf/0x250 [ 74.480775][ C0] req_done+0x1dc/0x2e0 [ 74.480789][ C0] ? __pfx_req_done+0x10/0x10 [ 74.480803][ C0] ? __pfx_req_done+0x10/0x10 [ 74.480816][ C0] vring_interrupt+0x31e/0x400 [ 74.480836][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 74.480853][ C0] __handle_irq_event_percpu+0x236/0x920 [ 74.480869][ C0] handle_irq_event+0xab/0x1e0 [ 74.480882][ C0] handle_edge_irq+0x3ca/0x9e0 [ 74.480896][ C0] __common_interrupt+0xd0/0x2f0 [ 74.480913][ C0] common_interrupt+0x61/0xe0 [ 74.480932][ C0] asm_common_interrupt+0x26/0x40 [ 74.480946][ C0] RIP: 0010:handle_softirqs+0x1dd/0x8e0 [ 74.480962][ C0] Code: 88 6c 24 26 4c 89 7c 24 18 48 c7 c7 20 ce 8b 8b e8 68 df e0 09 65 66 c7 05 46 54 24 12 00 00 e8 49 7c 47 00 fb bb ff ff ff ff <49> c7 c7 c0 c0 00 8e 41 0f bc dc 83 c3 01 0f 85 a4 00 00 00 e9 b1 [ 74.480974][ C0] RSP: 0000:ffffc90000007f28 EFLAGS: 00000206 [ 74.480984][ C0] RAX: 0000000000027d48 RBX: 00000000ffffffff RCX: 0000000000000002 [ 74.480992][ C0] RDX: 0000000000000000 RSI: ffffffff8da29329 RDI: ffffffff8bf078c0 [ 74.481000][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 74.481008][ C0] R10: ffffffff90824cd7 R11: 0000000000000001 R12: 0000000000000002 [ 74.481015][ C0] R13: 000000000000000a R14: 1ffff92000000fed R15: ffffed1004ecb490 [ 74.481028][ C0] ? handle_softirqs+0x1d7/0x8e0 [ 74.481041][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 74.481057][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 74.481073][ C0] __irq_exit_rcu+0x109/0x170 [ 74.481086][ C0] irq_exit_rcu+0x9/0x30 [ 74.481099][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 74.481113][ C0] [ 74.481117][ C0] [ 74.481122][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 74.481135][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 74.481149][ C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 a6 f1 37 f6 48 89 df e8 8e 45 38 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 b5 4d 28 f6 65 8b 05 7e d5 40 08 85 c0 74 16 5b [ 74.481160][ C0] RSP: 0000:ffffc90006307b40 EFLAGS: 00000246 [ 74.481170][ C0] RAX: 0000000000000006 RBX: ffff888043bcb338 RCX: 0000000000000006 [ 74.481177][ C0] RDX: 0000000000000000 RSI: ffffffff8da29329 RDI: ffffffff8bf078c0 [ 74.481185][ C0] RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000001 [ 74.481197][ C0] R10: ffffffff90824cd7 R11: 0000000000000000 R12: ffff888043bcb338 [ 74.481205][ C0] R13: 0000000000000293 R14: 0000000000000001 R15: ffff888049f4b800 [ 74.481217][ C0] snd_rawmidi_transmit+0x117/0x160 [ 74.481236][ C0] snd_vmidi_output_work+0x111/0x390 [ 74.481252][ C0] ? __pfx_snd_vmidi_output_work+0x10/0x10 [ 74.481268][ C0] ? rcu_is_watching+0x12/0xc0 [ 74.481283][ C0] process_one_work+0x9cf/0x1b70 [ 74.481305][ C0] ? __pfx_process_one_work+0x10/0x10 [ 74.481326][ C0] ? assign_work+0x1a0/0x250 [ 74.481343][ C0] worker_thread+0x6c8/0xf10 [ 74.481356][ C0] ? __kthread_parkme+0x19e/0x250 [ 74.481371][ C0] ? __pfx_worker_thread+0x10/0x10 [ 74.481382][ C0] kthread+0x3c5/0x780 [ 74.481399][ C0] ? __pfx_kthread+0x10/0x10 [ 74.481416][ C0] ? rcu_is_watching+0x12/0xc0 [ 74.481429][ C0] ? __pfx_kthread+0x10/0x10 [ 74.481446][ C0] ret_from_fork+0x675/0x7d0 [ 74.481464][ C0] ? __pfx_kthread+0x10/0x10 [ 74.481480][ C0] ret_from_fork_asm+0x1a/0x30 [ 74.481502][ C0] [ 74.481506][ C0] [ 74.828128][ C0] Allocated by task 6191: [ 74.840807][ C0] kasan_save_stack+0x33/0x60 [ 74.843613][ C0] kasan_save_track+0x14/0x30 [ 74.846903][ C0] __kasan_kmalloc+0xaa/0xb0 [ 74.849482][ C0] p9_client_create+0xc7/0x11d0 [ 74.853017][ C0] v9fs_session_init+0x1f7/0x1a80 [ 74.856194][ C0] v9fs_mount+0xc5/0xa90 [ 74.858391][ C0] legacy_get_tree+0x10c/0x220 [ 74.861363][ C0] vfs_get_tree+0x8e/0x340 [ 74.864413][ C0] path_mount+0x7b9/0x23a0 [ 74.868289][ C0] __ia32_sys_mount+0x291/0x310 [ 74.872702][ C0] __do_fast_syscall_32+0x7c/0x300 [ 74.876106][ C0] do_fast_syscall_32+0x32/0x80 [ 74.879422][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 74.883599][ C0] [ 74.885554][ C0] Freed by task 6191: [ 74.888188][ C0] kasan_save_stack+0x33/0x60 [ 74.891074][ C0] kasan_save_track+0x14/0x30 [ 74.894210][ C0] __kasan_save_free_info+0x3b/0x60 [ 74.897955][ C0] __kasan_slab_free+0x5f/0x80 [ 74.900467][ C0] kfree+0x2b8/0x6d0 [ 74.902991][ C0] p9_client_create+0xa28/0x11d0 [ 74.906598][ C0] v9fs_session_init+0x1f7/0x1a80 [ 74.910586][ C0] v9fs_mount+0xc5/0xa90 [ 74.913424][ C0] legacy_get_tree+0x10c/0x220 [ 74.916563][ C0] vfs_get_tree+0x8e/0x340 [ 74.918456][ C0] path_mount+0x7b9/0x23a0 [ 74.920221][ C0] __ia32_sys_mount+0x291/0x310 [ 74.922499][ C0] __do_fast_syscall_32+0x7c/0x300 [ 74.924814][ C0] do_fast_syscall_32+0x32/0x80 [ 74.927210][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 74.931289][ C0] [ 74.932841][ C0] The buggy address belongs to the object at ffff88802583a800 [ 74.932841][ C0] which belongs to the cache kmalloc-512 of size 512 [ 74.942362][ C0] The buggy address is located 24 bytes inside of [ 74.942362][ C0] freed 512-byte region [ffff88802583a800, ffff88802583aa00) [ 74.975579][ C0] [ 74.977157][ C0] The buggy address belongs to the physical page: [ 74.981563][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25838 [ 74.986508][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 74.989836][ C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 74.993248][ C0] page_type: f5(slab) [ 74.995297][ C0] raw: 00fff00000000040 ffff88801b442c80 0000000000000000 dead000000000001 [ 75.000412][ C0] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 75.005394][ C0] head: 00fff00000000040 ffff88801b442c80 0000000000000000 dead000000000001 [ 75.021224][ C0] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 75.032108][ C0] head: 00fff00000000002 ffffea0000960e01 00000000ffffffff 00000000ffffffff [ 75.038564][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 75.042362][ C0] page dumped because: kasan: bad access detected [ 75.045762][ C0] page_owner tracks the page as allocated [ 75.048892][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2000(__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8463428723, free_ts 0 [ 75.061133][ C0] post_alloc_hook+0x1af/0x220 [ 75.064340][ C0] get_page_from_freelist+0x10a3/0x3a30 [ 75.067821][ C0] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 75.070328][ C0] alloc_pages_mpol+0x1fb/0x550 [ 75.072360][ C0] new_slab+0x24a/0x360 [ 75.074016][ C0] ___slab_alloc+0xd79/0x1a50 [ 75.091575][ C0] __slab_alloc.constprop.0+0x63/0x110 [ 75.096840][ C0] __kmalloc_cache_noprof+0x477/0x780 [ 75.102883][ C0] device_add+0xccc/0x1aa0 [ 75.105283][ C0] device_create_groups_vargs+0x1f8/0x270 [ 75.107897][ C0] device_create+0xed/0x130 [ 75.110335][ C0] bdi_register_va+0x114/0x820 [ 75.112814][ C0] bdi_register+0xc7/0x100 [ 75.115196][ C0] __add_disk+0xb0b/0xf00 [ 75.128132][ C0] add_disk_fwnode+0x13f/0x5d0 [ 75.131179][ C0] loop_add+0x903/0xb70 [ 75.133310][ C0] page_owner free stack trace missing [ 75.137655][ C0] [ 75.139083][ C0] Memory state around the buggy address: [ 75.141538][ C0] ffff88802583a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.163673][ C0] ffff88802583a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.167198][ C0] >ffff88802583a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.170509][ C0] ^ [ 75.173201][ C0] ffff88802583a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.187763][ C0] ffff88802583a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.192173][ C0] ================================================================== [ 75.195591][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.216524][ C0] CPU: 0 UID: 0 PID: 6170 Comm: kworker/0:2H Not tainted syzkaller #0 PREEMPT(full) [ 75.227462][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.240321][ C0] Workqueue: events_highpri snd_vmidi_output_work [ 75.243126][ C0] Call Trace: [ 75.244593][ C0] [ 75.245854][ C0] dump_stack_lvl+0x3d/0x1f0 [ 75.247897][ C0] vpanic+0x640/0x6f0 [ 75.271291][ C0] panic+0xca/0xd0 [ 75.273662][ C0] ? __pfx_panic+0x10/0x10 [ 75.286818][ C0] ? end_report+0x4c/0x170 [ 75.289170][ C0] ? rcu_is_watching+0x12/0xc0 [ 75.291495][ C0] ? lock_release+0x201/0x2f0 [ 75.310236][ C0] ? check_panic_on_warn+0x1f/0xb0 [ 75.312482][ C0] check_panic_on_warn+0xab/0xb0 [ 75.314648][ C0] end_report+0x107/0x170 [ 75.316385][ C0] kasan_report+0xee/0x110 [ 75.328495][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 75.331147][ C0] ? _raw_spin_lock_irqsave+0x3a/0x60 [ 75.334252][ C0] __kasan_check_byte+0x36/0x50 [ 75.338124][ C0] lock_acquire+0xfc/0x350 [ 75.341112][ C0] ? do_raw_spin_unlock+0x53/0x230 [ 75.346598][ C0] ? .slowpath+0x9/0x18 [ 75.350240][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 75.354163][ C0] ? p9_req_put+0xaf/0x250 [ 75.375354][ C0] p9_req_put+0xaf/0x250 [ 75.377106][ C0] req_done+0x1dc/0x2e0 [ 75.379405][ C0] ? __pfx_req_done+0x10/0x10 [ 75.381449][ C0] ? __pfx_req_done+0x10/0x10 [ 75.383561][ C0] vring_interrupt+0x31e/0x400 [ 75.385935][ C0] ? __pfx_vring_interrupt+0x10/0x10 [ 75.389820][ C0] __handle_irq_event_percpu+0x236/0x920 [ 75.396578][ C0] handle_irq_event+0xab/0x1e0 [ 75.398617][ C0] handle_edge_irq+0x3ca/0x9e0 [ 75.400428][ C0] __common_interrupt+0xd0/0x2f0 [ 75.410203][ C0] common_interrupt+0x61/0xe0 [ 75.418269][ C0] asm_common_interrupt+0x26/0x40 [ 75.420749][ C0] RIP: 0010:handle_softirqs+0x1dd/0x8e0 [ 75.428435][ C0] Code: 88 6c 24 26 4c 89 7c 24 18 48 c7 c7 20 ce 8b 8b e8 68 df e0 09 65 66 c7 05 46 54 24 12 00 00 e8 49 7c 47 00 fb bb ff ff ff ff <49> c7 c7 c0 c0 00 8e 41 0f bc dc 83 c3 01 0f 85 a4 00 00 00 e9 b1 [ 75.450552][ C0] RSP: 0000:ffffc90000007f28 EFLAGS: 00000206 [ 75.453749][ C0] RAX: 0000000000027d48 RBX: 00000000ffffffff RCX: 0000000000000002 [ 75.471459][ C0] RDX: 0000000000000000 RSI: ffffffff8da29329 RDI: ffffffff8bf078c0 [ 75.475894][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 75.478566][ C0] R10: ffffffff90824cd7 R11: 0000000000000001 R12: 0000000000000002 [ 75.481087][ C0] R13: 000000000000000a R14: 1ffff92000000fed R15: ffffed1004ecb490 [ 75.484915][ C0] ? handle_softirqs+0x1d7/0x8e0 [ 75.500539][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 75.504962][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 75.508370][ C0] __irq_exit_rcu+0x109/0x170 [ 75.510932][ C0] irq_exit_rcu+0x9/0x30 [ 75.513180][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 75.516108][ C0] [ 75.517596][ C0] [ 75.519362][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 75.523471][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 75.528893][ C0] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 a6 f1 37 f6 48 89 df e8 8e 45 38 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 b5 4d 28 f6 65 8b 05 7e d5 40 08 85 c0 74 16 5b [ 75.539808][ C0] RSP: 0000:ffffc90006307b40 EFLAGS: 00000246 [ 75.543643][ C0] RAX: 0000000000000006 RBX: ffff888043bcb338 RCX: 0000000000000006 [ 75.547916][ C0] RDX: 0000000000000000 RSI: ffffffff8da29329 RDI: ffffffff8bf078c0 [ 75.552503][ C0] RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000001 [ 75.558985][ C0] R10: ffffffff90824cd7 R11: 0000000000000000 R12: ffff888043bcb338 [ 75.564455][ C0] R13: 0000000000000293 R14: 0000000000000001 R15: ffff888049f4b800 [ 75.568937][ C0] snd_rawmidi_transmit+0x117/0x160 [ 75.571645][ C0] snd_vmidi_output_work+0x111/0x390 [ 75.574486][ C0] ? __pfx_snd_vmidi_output_work+0x10/0x10 [ 75.577540][ C0] ? rcu_is_watching+0x12/0xc0 [ 75.580347][ C0] process_one_work+0x9cf/0x1b70 [ 75.584620][ C0] ? __pfx_process_one_work+0x10/0x10 [ 75.588414][ C0] ? assign_work+0x1a0/0x250 [ 75.591468][ C0] worker_thread+0x6c8/0xf10 [ 75.594860][ C0] ? __kthread_parkme+0x19e/0x250 [ 75.599057][ C0] ? __pfx_worker_thread+0x10/0x10 [ 75.601888][ C0] kthread+0x3c5/0x780 [ 75.604029][ C0] ? __pfx_kthread+0x10/0x10 [ 75.606516][ C0] ? rcu_is_watching+0x12/0xc0 [ 75.608996][ C0] ? __pfx_kthread+0x10/0x10 [ 75.611431][ C0] ret_from_fork+0x675/0x7d0 [ 75.613875][ C0] ? __pfx_kthread+0x10/0x10 [ 75.617519][ C0] ret_from_fork_asm+0x1a/0x30 [ 75.621890][ C0] [ 75.630779][ C0] Kernel Offset: disabled [ 75.633861][ C0] Rebooting in 86400 seconds.. VM DIAGNOSIS: 22:09:13 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8526ad15 RDI=ffffffff9adc5de0 RBP=ffffffff9adc5da0 RSP=ffffc900000075b0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3532303838386652 R12=0000000000000000 R13=0000000000000038 R14=ffffffff9adc5da0 R15=ffffffff8526acb0 RIP=ffffffff8526ad3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809780d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080005000 CR3=0000000068778000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000058000000000 0000001100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=ffff88802b324088 RCX=ffffc90000590d5c RDX=0000000000000003 RSI=ffff88802b324088 RDI=ffff88801dad2480 RBP=0000000000000002 RSP=ffffc90000590d28 R8 =0000000000000000 R9 =fffffbfff1c562ce R10=ffffffff8e2b1677 R11=0000000000000001 R12=ffff88802b324088 R13=ffffc90000590d5c R14=0000000000000003 R15=0000000000000003 RIP=ffffffff8197da53 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809790d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000002fe05ffc CR3=0000000068778000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000058000000000 0000001100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000000e2299 RBX=0000000000000002 RCX=ffffffff8b5db2a9 RDX=0000000000000000 RSI=ffffffff8da29329 RDI=ffffffff8bf078c0 RBP=ffffed1003b5a920 RSP=ffffc9000047fde8 R8 =0000000000000001 R9 =ffffed1005686655 R10=ffff88802b4332ab R11=0000000000000001 R12=0000000000000002 R13=ffff88801dad4900 R14=ffffffff90824cd0 R15=0000000000000000 RIP=ffffffff8b5d9d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a0d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000030004ffc CR3=0000000065a60000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000005d000000000 0000001200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=dffffc0000000000 RBX=ffffc90006567a48 RCX=ffffc90007911000 RDX=1ffff110056a4b69 RSI=0000000000000000 RDI=0000000000000000 RBP=0000000000000004 RSP=ffffc900065678f8 R8 =0000000000000004 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000001 R12=ffff88802b525b00 R13=00000000ffffa76b R14=00000000ffffa76b R15=0000000000000000 RIP=ffffffff81bc5300 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097b0d000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080006000 CR3=0000000065a60000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000