last executing test programs: 6m58.308063421s ago: executing program 32 (id=839): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount$binder(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800a, &(0x7f0000000240)=ANY=[@ANYBLOB='ma\\=00000000000000000003,\x00']) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1}) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000240)) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 6m18.95196354s ago: executing program 33 (id=1027): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000280)={'wg0\x00', 0x200}) set_thread_area(&(0x7f0000000000)={0xba, 0x20000800, 0xffffffffffffdbff, 0x1, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xb, 0x4, &(0x7f0000000040)=ANY=[@ANYRES64=r1], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc5, &(0x7f0000000080)=""/197, 0x0, 0x57, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 6m12.163706038s ago: executing program 34 (id=1164): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x12, 0x4, 0x8, 0x8002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, 0x0, 0x0}, 0x20) 6m11.635602145s ago: executing program 35 (id=1168): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000004600)=ANY=[@ANYBLOB="ff0002090000000069ec23a4400c090040db13cf1d235e16bdbd9fec7b8502604b0da0f87d6c55"], 0x8) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0x11, 0xf0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1f) 5m55.376381703s ago: executing program 7 (id=1298): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) r0 = socket$xdp(0x2c, 0x3, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x804) (async) r1 = open(&(0x7f0000000280)='.\x00', 0x80, 0x122) fcntl$notify(r1, 0x402, 0x8000003d) (async) fcntl$setown(r1, 0x8, 0xffffffffffffffff) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) r2 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) r3 = syz_io_uring_setup(0xbda, &(0x7f0000000240)={0x0, 0x1d69, 0x80, 0x1, 0x40000333}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x0, 0x0}) (async) add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) (async) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x7, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async, rerun: 32) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (rerun: 32) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd74) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (rerun: 32) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000001680)=@raw={'raw\x00', 0x3c1, 0x3, 0x2dc, 0x0, 0x111, 0x4b4, 0xec, 0xd4feffff, 0x214, 0x202, 0x225, 0x214, 0x278, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0xfc}, @empty, [], [], 'veth1_vlan\x00', 'team_slave_0\x00'}, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x81, 'syz1\x00'}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, [], [0x0, 0xffffffff], 'veth1_to_hsr\x00', 'erspan0\x00'}, 0x0, 0xe0, 0x128, 0x0, {}, [@common=@unspec=@limit={{0x3c}, {0x0, 0x8000000}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xa, 'syz1\x00', {0x7f}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x338) (async) io_uring_enter(r3, 0x847ba, 0x2000, 0x3, 0x0, 0x0) (async, rerun: 64) unshare(0x2c020400) (async, rerun: 64) socketpair$unix(0x1, 0x2, 0x0, 0x0) (async, rerun: 32) setsockopt$XDP_TX_RING(r0, 0x11b, 0x14, 0x0, 0x0) (rerun: 32) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) 5m55.296217521s ago: executing program 7 (id=1300): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0xefff}, 0x6e) 5m55.226543796s ago: executing program 7 (id=1303): r0 = fsopen(&(0x7f0000000300)='jfs\x00', 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x20}}, 0x0) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) getsockopt$sock_buf(r1, 0x1, 0x1f, &(0x7f0000000140)=""/94, &(0x7f00000001c0)=0x5e) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0xc, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x5c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x2c, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_OVERHEAD={0x8, 0x6, 0xfffffffffffffff9}, @TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_OVERHEAD={0x8, 0x6, 0xd2}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x5}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x55}, 0x4000) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c) userfaultfd(0x80000) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @empty}, 0x10) connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 5m55.107101724s ago: executing program 7 (id=1304): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000010c0)='./file0\x00') mount$fuse(0xfff0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 5m55.106687035s ago: executing program 7 (id=1305): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000180)=0x1, 0x4) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x4) io_uring_enter(r3, 0x3d3c, 0xad04, 0x0, &(0x7f0000000100)={[0x6, 0x2]}, 0x8) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfb, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f024}) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000002c0)={0x2, @sliced={0x5000, [0x81, 0xd9, 0xfff, 0x5, 0x1, 0x1000, 0x6, 0x6, 0x3, 0xf3f, 0x80, 0x2, 0xc6e7, 0x10, 0x5, 0x7, 0xfffb, 0x12, 0x1f87, 0xe7b0, 0x4, 0x1, 0xa34, 0xff80, 0xc9, 0x806, 0x8, 0x3, 0xcaa, 0x0, 0x3, 0x1, 0x206, 0x7, 0x593, 0x1, 0x2, 0xfffd, 0x9, 0x6, 0xfff, 0xfffe, 0x9, 0x4, 0x1, 0x1, 0x8, 0x9]}}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}, 0x1, 0x0, 0x0, 0x810}, 0x40000) syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd308", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x100, 0x0, 0x0, {[@generic={0x22, 0x2}]}}}}}}}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0x503, 0x0, 0x700, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @local}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 5m54.81608348s ago: executing program 7 (id=1307): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r1, 0x84, 0x22, &(0x7f00000010c0)=""/4106, &(0x7f0000000000)=0x100a) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{0x6, 0x2, 0x4, 0x64}, {0x5, 0x3, 0x6, 0x4}, {0x0, 0xc0, 0x50, 0x5}, {0x4, 0x1, 0x2, 0xef}]}) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000300)=0x2) 5m54.761267291s ago: executing program 36 (id=1307): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r1, 0x84, 0x22, &(0x7f00000010c0)=""/4106, &(0x7f0000000000)=0x100a) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{0x6, 0x2, 0x4, 0x64}, {0x5, 0x3, 0x6, 0x4}, {0x0, 0xc0, 0x50, 0x5}, {0x4, 0x1, 0x2, 0xef}]}) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000300)=0x2) 5m47.025479598s ago: executing program 5 (id=1352): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x5b14, &(0x7f0000000040)) 5m45.766773179s ago: executing program 5 (id=1358): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)={0x54, r3, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x33, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x1}, @device_b, @device_a, @initial, {0x4, 0x9}, @value=@ver_80211n={0x0, 0x9, 0x3, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x74}, @void, @val={0x72, 0x6}}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x54}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080) (fail_nth: 9) 5m45.556644087s ago: executing program 5 (id=1359): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xfffffffc}, 0x10) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x70bd27, 0x0, {0x2, 0x20, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}}, 0x1c}}, 0x48010) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) syz_open_dev$dri(0x0, 0x1f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x200008, @loopback, 0x39}, 0x1c) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000200), 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x98}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002800)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x2, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) 5m44.656617952s ago: executing program 5 (id=1368): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x23}, @NFTA_SET_EXPR={0x18, 0x11, 0x0, 0x1, @cmp={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xd}]}}}]}], {0x14, 0x10}}, 0x9c}}, 0x40) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn']) io_setup(0x204007, &(0x7f0000000000)) chdir(&(0x7f00000010c0)='./file0\x00') mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 5m44.656367967s ago: executing program 5 (id=1369): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x1c}}, 0x0) 5m44.396543301s ago: executing program 5 (id=1370): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1, 0x0, 0x0, 0x1000000}, 0x0) 5m44.344826101s ago: executing program 37 (id=1370): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1, 0x0, 0x0, 0x1000000}, 0x0) 5m5.185045765s ago: executing program 9 (id=1641): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r3) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r5, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c000500080005"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0) splice(r2, 0x0, r4, 0x0, 0x10d00, 0xf) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f00000002c0)=0x1, 0x4) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x24000010}, 0x800) sendmsg$nl_xfrm(r7, 0x0, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES32=r11, @ANYBLOB="d031d5778a80417fb4e6a81d31f8dcaf758a77d247624a47e48c1802a3458eeece586eac9eaf2e8b0d60511b77c53fe3ac7b1c33487eba81ebfb81f4f8b87d0a686d4988e685a5dd1bb3efa3e3e6f5fee575e9837dc0678701a1264d4b9ff062b17a1944f63300ab91c9dd78f124c94d7ac3a7f42b5c780ee6b8db1bdfd7cf15db380ca512ca4d9c081ce0d351e2e29fa34dee4068fc860465645f31fa7251e7110953f7b15e870f3631e16e81e2b264b8f1cc6ed266ac1af813e40e4c3194380a275f91b5fd2b58e5090f18e53305cf0e0d0af90e09dcefa90760b5537657abdf0c7f8811fa1720f8414716e8380210a78ba3b2f75df55259a2bf64d2f8d0c311c9f0f29edefe78e20518366739ba6ec3864ed65b0012c574427be5bcf5620c38745dc3d12156b064dd7c1cef8ec2909f76ea4270542111ced8b178ad4fc9bea87b23a56b9b3ae1e28c4fbab4824b3215b19c0a98720d4d97712f879a41bee0f96339c10c0b4e872a7fdea1d9db6338726a402be6edcc5c47c5b34a49125880e900"/401], 0x20}}, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) r13 = openat$pfkey(0xffffff9c, &(0x7f0000000080), 0x80000, 0x0) setsockopt$inet6_udp_encap(r13, 0x11, 0x64, &(0x7f0000000280)=0xe15d2688ee8b6a00, 0x4) sendmsg$nl_route(r12, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="240000007d00010002000000fcffff00000c08020000ffe200040000009b5533303cd4cf09390000000000000037bb91534d600dd82e6a3a886a0d5cbb797310e03610e7aa9df48c90961c79ae9661363ecb64d0aefc64229f81089824c53c88a996fbcb3ce51d9424536749621038add14949e2a4ff8be7041336f0e21fa22a0d11ea3edd0bb6e518a5ea0f0483bdfb5330e830f2855ec0278b22859ed0def4d50250b0d1ba34c05e61dc7fd637a9f9bea5fc1a2fb6accc017e7acfe383190018ed514660935629ed7d02ff8fe168f2178a4869a01d7ef277f2afee32a7ea5ec08ec7d624f497e9c054d5af711f"], 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r14 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r14, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000001800dd8d00000000000000000a000000000000060000000008001e0002"], 0x30}}, 0x4090) 5m4.9550386s ago: executing program 9 (id=1644): bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000730130000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x4e22, @rand_addr=0x64010101}, {0x6, @link_local}, 0x50, {0x2, 0x4e21, @rand_addr=0x64010102}, 'veth0_virt_wifi\x00'}) 5m4.914183794s ago: executing program 9 (id=1645): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2021, 0x3, &(0x7f00007fe000/0x800000)=nil) 5m4.792310434s ago: executing program 9 (id=1647): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') chdir(&(0x7f00000010c0)='./file0\x00') r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r1, 0x84, 0x20, &(0x7f00000001c0)=0x3befeb3f, 0x2) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 5m4.791960864s ago: executing program 9 (id=1648): socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00u\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4003, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a0900004001000000000000000000000000ffff"], 0x4c}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ptype\x00') read$msr(r6, &(0x7f0000000040)=""/59, 0xffb5) r7 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x9, &(0x7f0000000000)=@raw=[@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x96}}, @exit], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="4800000010001fff0300"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006272696467650000180002800a001400aaaaaaaaaabb00000800090000000000ecc944151d19cd9a22c30e0b0cd4432e2d1a55d07887c90736debf8921b2cd6749fe9d2f87b77c9e54496e645d38a8fa85d5325cf2c1bd2f740d67a5b09fcbb1dbdd6897aca3e3aa2f1c5e74d2ce3322b7c8d85cf67a3b1779c20e4bf4291f0a478f1d"], 0x48}}, 0x0) ftruncate(r5, 0x8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000ac0)="faba160b193c16a4f6bc60750b2a", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) openat$loop_ctrl(0xffffff9c, &(0x7f0000000100), 0x4000, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) 5m3.845752288s ago: executing program 9 (id=1652): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = gettid() r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000400)) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r3 = openat$cgroup_root(0xffffff9c, &(0x7f0000000740)='./cgroup.net/syz0\x00', 0x200002, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000700)={0xffffffffffffffff, r3, 0xd, 0x0, @void}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0) read$msr(r6, &(0x7f0000019540)=""/102400, 0x19000) ioperm(0x0, 0xd4b7, 0xa) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000040)=0xdfe5) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x1000000000000e0, 0x0}}, 0xfc36) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000005c0)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0xfffffffc, 0x0, 0x30, 0x0, @ib={0x1b, 0x8, 0x5, {}, 0x1, 0x1, 0x4}, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x80000001}}}, 0x118) r7 = io_uring_setup(0x53be, &(0x7f0000000340)={0x0, 0x6504, 0x906, 0x3, 0x29}) io_uring_enter(r7, 0x55e, 0x9f78, 0x23, &(0x7f00000000c0)={[0x7, 0x5]}, 0x8) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18) 5m3.699624404s ago: executing program 38 (id=1652): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = gettid() r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000400)) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r3 = openat$cgroup_root(0xffffff9c, &(0x7f0000000740)='./cgroup.net/syz0\x00', 0x200002, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000700)={0xffffffffffffffff, r3, 0xd, 0x0, @void}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0) read$msr(r6, &(0x7f0000019540)=""/102400, 0x19000) ioperm(0x0, 0xd4b7, 0xa) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000040)=0xdfe5) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x1000000000000e0, 0x0}}, 0xfc36) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000005c0)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0xfffffffc, 0x0, 0x30, 0x0, @ib={0x1b, 0x8, 0x5, {}, 0x1, 0x1, 0x4}, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x80000001}}}, 0x118) r7 = io_uring_setup(0x53be, &(0x7f0000000340)={0x0, 0x6504, 0x906, 0x3, 0x29}) io_uring_enter(r7, 0x55e, 0x9f78, 0x23, &(0x7f00000000c0)={[0x7, 0x5]}, 0x8) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), 0xffffffffffffffff, 0x2}}, 0x18) 5m1.920919555s ago: executing program 0 (id=1653): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) fsopen(&(0x7f0000000040)='hpfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='cq\t\x87\xa5\xb5\xd5#/\xa4\xe9\xb8\xa4_\x1b\x11D\xcd\x15*\xdb\x02+cy]w\xb0u\x8cx\xcc\xbb\x165\xbb\f\x99\x12\x92\xf8\x99G5\xb5\x00\x0fp\xc7\x1eO\x9dW(%\xa2d\xda\xf8C$u;x\xcfS\xfb:l+\x1f\xdf^5\xc3hPI\x96FM\x02yaz\x99B[\xc2\xac\x9f\x94\x9c\xbd\x0e\xff\xe5Y\n\x12\r\xa2\xd1Q\xd1\xeb\xcexG\xae\xf8&y\x9f}cc\v\xcf+\xbe\xba\xa8\xc2F~\xfcc\x15\xf5\x98\x02\v\a\xf5\xd0\x1a<\x18r9\xaa\xc5\xc7]\x18\x9b\xb1\x8c\xad&\xffr\xff\x96x\x99\x91\x0e\x93^\x1f\r\xaei\x8a#~\xd9\xbc\xe6a\x81\x8bF\xc8E\b\xa05\xef\xc4\x97\xbd\x86Y\xaeS\xef\x14\xd0\v\xd2\xf6\x19%`4\v\xef6\x96o=\fm\xb8\x95\x1a\xbc\xfb\xf9\x92\x0exXO\x1e2\x94\x81t\x12\t\xc0\xc6=\rsx\x10[\x90&\x18\xc6\xac\xe74\xbd.4\xffv6]\x9a%L)\xa3U<\x02\x90\x1f\xe7?txd`\xe7\xbc\xa9\x96\x18Q\xff\x8e\xb6\xbcM\xc1\xf2\x05\x00GC\xacnt\x9c\x0f\"Uk\xf4\x1c\xdb\xd1\xa8\x1d\x88\"n\x96\xf9\xea\xec\xdc\xcd\x1f\x8e(\x006\xe9@\x17\n\x18\xd8\xfdj\"U\x04\xc6t\xb9)\xde\xfc\xc9\f3\xd6\xb8\xe5\x93\xe3|\x9aZ\xde\xa7\xa7(\n\v\x16\"\"\xc2(u\xfbaT\x90Anb\xec', &(0x7f0000000600)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\xbf\xc5\x1fz\x00\x00\x00\x00\x00 \xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$F\xba\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xea\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\x00\x00\x00\x00\x00\x00\x00\x01\xc7\xe6\xf28\x19\xa6\xa7\xb1\xc6x\x8c\xc1\x03\x86J\xb2\x19\xee#\xcc>\xdb\xf0b\xe6\x9e\xa2KbW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\xe2\x10\xc8\x1b\xb2\xd9E\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(V\x9f\xb9\x05*\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x81g\x90\x01n%\x7f_\xe1.\xfd\xea\xd7j\xfb\"\xab\xdb\x062e\x14\x91v\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x03\x00\x00\x00\x00\x00\x00\x00\b\xa3\xf1\xd9<\xb9k\xb1Vo\xc07\x19\xc6\"\x9c\x8d\xe7\x01\xf8T\xe5\xae\xbf\x00)WNW2$B$\x84\xf7\x9b\xfd1\x91\xc0\x11\xd2J\x94\x196f\x11\xcfp\xef]\x05fgw\fX\xb5\xdd\x8a\x13o\x05\xbe\x94\xbaR\x9a/dy\xe5\xeb^@h`~\v,|\xbac\xe4n\x1a\xe2K\xe9aiv\xa5nb\xfa5\x98\x91\x1d~b2@~j\xc3\xd44\x81\x91q\x9b\xaaLp\xe3C{OF\xd1\x9c\xa7\xb0v)T\x00\x00QU\xa0<\t0\xf6\x92G\x04\x05\xa1\xcc\x93\b\x18;\x99\x87\xda\x8a\xcd\xae\xc5\xea\x83W\xc8t\x9b%\xb8\xfeO\xf2\xa0y\x8c[\"\xb1\xaa\x1e\xe0:\xf0\x80y_\'.\x18FS\xf59{QA/\x9dw\x12\xde\xa1\x04\xf839~/\xae\xf6\xb7]\x1b\x85\x98+\x10awWO\x18\xc7\x10L\xdf&\xc3f\xbff\x99O\b\\\xd8\'Z\x02\xc4\xe2\xe6\xbb\x1eY\xf6\x80\xa0\xb7\xe5i\x82~\x87\xab\x0f\x12\xab\xbfe\xe6OsiJH\xe0S\xf1\xa6\xf7\xb4\x12V\xce\xfd_?r\x92\x18\xbd\"\xb8Zwj\xd3\xe5\x14\x8e\x9b\xde\x14d\x95S\xd2\x1d\xf9\xfbO\xcba\xd5\xe7\x17\xf6\xae\x8d\xbf\xfa\xc9\x06\xe8=v\x1d\x0es3\b\x7f?<\xed\xd9mi\xf4\xc2\x8b\xf6\xce/\xb9z\xd6\xd5\xff]\xc8\xa0\xcf\x04G\xca\xb5H?:\x06\x9b\x19\xf8\x1aw\xb9(\x8a\xbbR\xf5\x15\x98\xc6\xa7\xca\x05\x9c\xce\x9e/\xa5\xfa8\x83-D\xcc\xae\xa6\xde$\x95\xa2\x99!\xf2\x91\xec\x98p\x80\x16\xbco%@\xbcI\x1e\xdfw\xefp\x04\xdd\xe6*Moe\xe2\xb2\xc7\xf7\\\x8aC\rd\xad\xc6\x1bs\xf1Q\x12\xd2\xd2\x85\x85\x96\x9d\xfb>@s\xe1\x19\xbf\x89\xdb\x8d\v\xaa,\xc3\xbe\x0f\xe6E8tk\xc20\xd1w\xbf\xdf\x1d}\xb5\x7f\f\xb0\xa8u9~w\xc3/\xb3em\xa7p\x8b\xf8Y\xd1\x80\vp\f@\xeb\xef\xf9\xdf\xe6\xef\xd5T\xd9\xec\x88\xdc\xa6\xafcD\x12\xc2\xfc\xb3\x95\x93\x15L\xf6%\xbc:\b\xfb\xfehx\x14\xb5\xd8I\x02\xf8\a\x90*=\xa6\xf7\xefu&\xa5\x10\xfaZ\xbc\xa4\x8a8\x0f\x14s{K,\xad\xb1\x89\xe9\x90\xbe_\xb6\xa8\xd1\x9f\xd7\xd6\x03\xf9D\x95V\xb2\x8d\xac\xd2gY\xddHv#G\xb3#\x10\xf2t$K\xe0\xbf\x19i\xce\xc2\x94\\\x0fU\x97\x1a\xbck\x98{R\xf9>\xba\x05\x8f\x1e\xbe\xe9\xdd\xc9\xed\xc7,D\x99\x91\xf9\x8ay\xf1\x8f', 0x0) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYRES32=r1, @ANYBLOB="082453566a5feaeb3de879ead18223c6290e8e153259aeaea30ed341b562186eb5e4498cc8c21dc23665d731c88f769fcc3a3748dfe282aa902b1830a5d8759fa53d282c10980f195b79eebf7ec44940c7b80b03018c1bcc2c820039dd76ecac2cda5288f9d85c0dde3ffd9a58c15980fda31723861dc0d9bd03dc4eb3cfe75b598242e65a139e36e9cd298dd90b8af9b81fdf6c2f0190504df2338d0faaba98f5fe6ec280bd69acf70b9a9bf915c3a304ab2725c496a63f45e830466d6b1db1662043c5dbee0d4e97e360c6d7b6"], 0x39) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9"], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="0f0000001d00040037d571990400000012000000000000006efec8", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r3, @ANYRES32=r3, @ANYBLOB="000000000000000000000000000000000000000000feffffff00000011a935f3c9873c0a201896c9b6f9ae5b4a255437f3233abb99913d43e69720c3a3a22b2fb5fd6873a9375c6ad250f6bea4a1f6964a7518345ff9fded496b67433246223abdf7137cf935a7cd01a06756f5c4e579908772b24d5f0d35dca98fceb75d938342a4c3518217891f58caf38c5161c350bb703cbdd7f2c64e71fbcb6e00c11e8eeac833aefed4b2592f3e5ef46788c63c9732b0ce7d1d1da3dc1b693d0f1f587a015595242930142ff046f49b2c4986de5f85"], 0x50) close(0x3) close(r4) r5 = userfaultfd(0x80001) mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYBLOB="01000000040000000200"/21], 0x50) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}}, 0x2000, 0x0, 0x400, 0x0, 0xa5}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x91}, 0x1c) sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) mlockall(0x7) shutdown(r6, 0x2) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r7 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) socket$netlink(0x10, 0x3, 0x12) 5m1.416053725s ago: executing program 0 (id=1671): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x8, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r1, 0x18000000000002a0, 0x4f, 0x0, &(0x7f00000002c0)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000300, 0x0, 0x0, 0x0, 0x0}, 0x50) 5m1.355352685s ago: executing program 0 (id=1672): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x3, &(0x7f00000000c0)=@framed, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = syz_open_procfs(0xffffffffffffffff, 0x0) move_mount(r1, 0x0, r1, &(0x7f00000003c0)='./file0\x00', 0x40) r2 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x6, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_io_uring_setup(0x24fc, &(0x7f0000000080)={0x0, 0xffffffbf, 0x10100, 0x3}, &(0x7f0000000100)=0x0, &(0x7f0000001040)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_UNLINKAT={0x24, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_clone3(&(0x7f0000000480)={0x20000000, 0x0, 0x0, 0x0, {}, &(0x7f0000000400)=""/55, 0x37, 0x0, 0x0}, 0x58) madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$bt_hci(r8, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f00000010c0)=0x1006) r9 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) ioctl$EVIOCSMASK(r9, 0x40104593, &(0x7f0000000000)={0x1, 0x1, &(0x7f0000000400)="d1"}) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x2fc, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "e4ff0100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9eb85f401b0000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x358) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={@mcast1, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5, 0x4, 0xfff2, 0x100, 0x4, 0x80108}) 5m0.469541118s ago: executing program 0 (id=1674): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01010000000000000000010000000900010073797a30000000000900020073797a300000000014000380080002400000000008000140000000002c000000180a05000000000000000000010000000900010073797a30000000000c000540000000000000000114000000020a01"], 0xc8}}, 0x4000450) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x8e, 0x0, 0x5}]}) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn']) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='setgroups\x00') write$UHID_INPUT(r4, &(0x7f0000001bc0)={0x8, {"cc12e5fcd799b3bb3a75593bc424e03a85d20ec6b45bfd1b7867dafe8b66fe9ed5bd7e79fd7ff737f8b297231c3e5550d7838acb8ed41d5477015dbe82e30dfd6b4d2712cb7ecf279d7d91b69a0708965a006709e96c49634b94926af4b0878564e49bfa7c7f267be8fb63cca6eae5953908d01f2ec8b64a9a36e810447b2d86a945200d6f695b37a389f747b86f5f9a2bc94f989a99f90cffecb8af76b1e874a5209b78d2b31f7941f6a3058d14063fc060c43f952d30fe493314138ef402052a6b2f147df42cfc00450f9e9dffb6dd5c7330a80a38a533cacbf885e1a6e814eafca95699ad6b780d7731c5e4a630ef0a159cf04dce52c781c13782f9e3253f8084b15627548ced7bc6aec1d20a3772ca981df2e0ed7538ecefdee738431b105841322e4b6796d46cd133c5f77532ac32ee10c64ecf7302abc4f7c637d31101d733c7e5265d3aa6d3684ab6b2644b9362f5918ed9be47d0a53e10c1c0dcfd6488d2fa4e85af0610fb6098c3c39271034ef31fc6402e29ada0d5e987994881648360c3ec29db98e2e794ddde4ec0050adde09b50522fcdabc715e93ba2b8d74238de41ad23a7619481c9dd4ce40dbbba953df2f2b654b14d9f249f0e159658e6766dc84fc343c4ccd68105d0160bd831d168fb896d47b94e528f7d8bddde52a21996d5bd89b89a08ada238b84a3f3d26646b8a9ffa7cb8f06d98b57726a6ea00df239b4fca1dcad8e8a8a7aac54e9562277af209b301484b9db3a2d95e5a0734e215647cb7cc1761aae6a0f0e3aaca7b19e8557e343192d448218d4a321b029681156e02cd2576d5029b2db4440f0695afd5571ff363baaad02e6085a4dc0717a647f269278d7a8145fe79d4e5a11783379799aeaa82cb7f77d65e2329c13047c1cd6c1d463766225f38f805c6ee9859e80d2c51c1472f10e4445260c15bbe715805f366cf22566b2958cb8442ab4e3243a0e82a1a6d0aac291433d2fd6c931f9e31386f71dcd09a4902f146f9fb2c92ef478cf718798d5e03be91494b43918177f1766bf3c97f5dd749d635fb3d787d6b692e6f5782c59af46652ae6932b3e24600e45c521af5f9e6109e438c2de6ab60a463317cfa1b130bfdbb359ec854c0cd578e70fde0fd4990ac523fd9153764a813bd6eb45dffe22ca36c8296ccbeb477c33eef2c9fa9a04c79e772f1620b0dab1e06bbd11fedf7973a1e26986a4f8719602b7e73805036707eef338fdb4fd1b0c33ad2569dc5667124e6b21700b16fc46ac6e41541573850ab9b55985c6e6335d193bbecb93a11e757ff2fd9d8f0708cb0f252affbed03792ffb05c40dee2067e993cc2417f2fca9391a8b604010d7053dee6dda207e060dc1d8f7646e6fe113bef7789d9b89706f328a8a8e7b5faff3b234b6d2b15c75f2e09ce00a514d6f621242c89ac0744672c18479eed27fb05cad165216b8174663d2b237bc25ec491f39f39ab10467951d861fb3d9e5135c1829f4267440c7f19511cdd14077f92628c9e0fbb8b72f4fd80e382f1d2bb751fa7dd046274f65ad85655cb7c1d4f223200262396ce48f163802f10d18dc62eb30476dd1d89bf7d59f3ee4e4752dcc76020c6adf7fbccbedea12584e8d971032e71440f19f6efe704d1114c95ce27bcb571ae8fa16a8169f5addf6cd719bf2ef79a3d461e1638e3cad140c443fdf6d9f45e3cfe6b669a6be32dab4a0e2cb2594685953bb599e9938fa230eff2c77c4486e9eeb99f0a6a0f6dc6be502b995b530ae80db3eb004bee9a96738517926d548bd1f04f5fd02c140ba45415e3bc9c3a674557811eaf12c9e9f3e45c7253d05c25044d731bf2165405a97a4afa34f458b7b58a86576819eb1970fcc19ae067702a4a5200da0029fcab0275a1814d2f971189f34d4c537140799af43336c95a823ba28ec28c9ece95a13d714c6e975b63924045eb55362dd7627d7457e3aff87c3909478e9cbf4af03d25b7383acc9ee99cd907d67c07c055b9a3c523164c5fbb846a583f54e9f512b13b993ab951b96f38e960a159abf4862194150e8307ca89d0e805fa580ce5a2677cc3ba4ae8e6787007061426606a0163d210d447c319dd558a22ca9581f050a5ce1d52600dee788b2348301da47def0a177c17e5e27f9eb02423cc7f7ea16a541a99611296a9661f8b072b3f1ea063b6fb64a056b2ae92a9008219d29ddedd5d8b9caa60835140aff3fb1b2523e277201338e091e1231584973d0460000f10de3219a5b950eb66bb5d85bf3bffc7891ab4c08656a62415b835a67cf95397d87c81d293206ec4604d0d17b03e0e0334c2cc50ed0ebd6bfd673179f0fb9bbf7fbfc478a1f634e5ba0ec84baed2a93e54514a02db4faa6ef1763ae8c351fefccde69d26c6f5c1b16f63517ecaa44b44cd6907070557f883fb7f5f0d076f92ad681640b4f69c49367d9e57b51374178a4fa645bb0b0d27a0569936a50e1ff32f48b2995709bdb8c6385ea9994cb18578f531b71aa32087ca93ea39a2f99aaf0e638ce984433195017728ed7a31d2a8627c3b94dedd6f1960adc45c796281d97a9381524562dd191bf5283e3c37b3cc215e8f9e7b9f61dcc7e83a9ebd8a158f23403dde735479fd343e0d924b1804bbfea9b741c7213816a57738bbacd59f5813c32d6ecab432e2d08b6b1fc6c51c0c1d81dc50de54e6f0bae9649a8023b2445208ee4d175b12030613a2e1b7c1691576c8e0ac8613925db5000450d925af0c95d956c6fb94186f41708b69783516c33f6658ead06d805043fd11f223fb5972e0e60ada4365acb35c163bc54a523d8d7a1fe58a9898a684c56f86d5d651d2bf07c7755d8df5d7ac014d3fa11d2105e048d8fc77bc6d460d744a92a6d8ee26a6982a30daf1c404e9f6f37d5aeb0ca59f253007a1e8175b0c2ee25f2ee7c24ec85ac9e90f4f19b65581d0a4da70afc2fbeaee65a2268d35e6e6618f4af8d1c9a42cc72c9ce0db9d4055530b72cecb3e937e2d67a9f65936f98bf462215eca86b61642b440b2e9b7e18cc4f23fd6dbf43fcbcace921f1176e185799bed399952eae96b0d78fb3ed848315aed6fa5a54794bb722c172da93c45289abadff627d16826450afa423f647dc4605d8a1005156685b09e275d523a4c7509b621d67188beababf83b7df0cc54c090fa29a251f95ca7b3b25bc7521318a0c357b5b645fdfd0d39d45e3c8ecd8c4ec427c284b90b011359017838cd9046ad778828646f1002ae3f76133eb22f077cd7ac01617d397b73f12137d059bc98d566528a524aaf43074b80bca884508189cd3a04425bd9c908011f940a5c4166bc2b1759d88092e2449d77bcabd435fc2f350b1887ba5732995e8e3740116367e43f8cbe7c696a4d070b16fbfd37fe4860b4e1dc632172f92241d7831e11f3288f51117ba268b57ed34d1d0404ec2a82e6adb7c814ed658449790989086d1b90206be99af9cb347ad4f9509f6ba7967083262cf5e80ad3c011ed96d22b8a5619e50d1bfa6faf6d3939b32f58db80350ad7d0197cf6f27d9640880cd68064f1773e352b8a5d54a65b6585f0c9b6d965293c43b50f771f5b64c5ede66a61ceec729c431500f833b5a0ea7a200d0c413cd1c728e0f05d8b325f69071a5680cf1272f48ec9cffcbaf01a617edb749d8d0d18bf113bacec8fd81952ecd629455f0915e100a31066151ae1907d6ead89e1f842b3ebcc247aee60ebcb31152429f1e1aa46c1ebe3f6be50ff6cda397ffb54fb6a6b519a77bb12089f8d0ead0f0348341d2acfd3c99ea1f9cdc30b5126acd47784f9242b822b7564a05d38ef33813ad310f465f8b0a9ee91824b6605ea64a5bd60e33beeb866285ea2983c9356f8a2912264e5577bc07eb0ea12c63e49bbe36be2dee74cf2d663ef28f408454e7a5271ca8463cd530659ed67015df0f80558bd22d22b94d12fa4e961dd819d1e72f32e8dc3e723bb37588781b9c0e828a9d64cb0e2f9dd25061daa3b5178a17d5f469db1db7d4ab761d649edfb613298574d23d313eeb86c21f617a7ce13da92d6b095addc06c6e1f2da8cd553373b02a812db47da18d327c961263e3a91f5977b2a3895ca3c1430839ae11f1b415453e658f96e71e2d34d613029c4f09e0219c9b7edc0c0cdebecb25a650feb0dcb558353c9bdea64c42625787af1dee2af6b72fe4b23a0108df412ce67a93dc4f58b17c72702560f7e806b01112ae0d9ad560bc80d91a07fea6b11d07565adaf28908ee6eaf1d756b1baad3367d33bea594c6baf0beb33f062ef5b9bd2b266011c4a3aa4d558783c3be2307bde36d00ad6f95520e8ed9ebbc68eac641fbe5b2e2108b61963a1b3e0ed0bb61b28997f409313b2fff021be0ef43cc47346e3ee80c17d0d94416591f4ea41b9ef7c8a65f837b2fd48c452084f7905b0d8518d2dbeed817c3be9c1f191163e015e3f42c33991acd19485678aff19cb6b7f0200a85aaef1d8a80bffbeab3c61cbc5ea5a163597d522f8cbedfd4bb2d008514a9b43dc02af96d6c09ce1fc6ac87c9a73c7ecb12700a48c79babe8d753a3b306a0b7f3d80394d6b40ff0f6c3508d283ba22ea52f91f7d09716dc431e3653ecbf08df51a5998aaf72278f34ae7a57d2a7ff2645aae3be8b30405b1bb10505c97012ade8d110620d324051f6f829e64b03c2feb5544ad750db5c9be60fcd5c0d20e299ce5f53baf0291dc198d743cb70b06a7fafe8519ab473bd8970b6cad8a67053b6fad8a5ef71ee2cf190af1ca90a3ac4aec23cf3bdf7f5ed5d95f47f09ba7567dd856f04d0bba7b968d9d1098baaa3a2f0ecadd60749ac9adb9154c4d9688dfe913bb623b731e55785158142fe905ba537949d7fe487659e76d0962ae4805a3e5bb48cdef2246cbefdca5a7e4c62ff918af1e6ed9503c74ac93a8ee6da2f97fc6ff27c3df238fc453c391b53e9b516e94ad64c4fb5376010b3b13acc893c392d5744eb6df687667f350978f44a56890f11c0724234088c7f336df27a9ffe23a5af03fa0318fa270ee6a85d135d8c788d01d8de893f46bf6d4159d53955ccc6979f4d0e06c64ac001bd92cf157d6e1fceef33a3bf103aca4425bf3e8961d2c60a457238f04008649132f48c609e0e24a4125b8f9f5fdf30a26cf7bea5d567356125c087df9e0a4d7d7021531886c79de2678bf40456df4980a52442bbd0cca68955d3fd39379e84c7d9e9620f268bf224f39a6cf153b634003774594e8a33fe9a8d44ac6d58299ebfbec574b2c9db49009ede30bcb37e6a8c42f45bb68cd27ad26d79c9feb154a0e763da9e6efbbd23c430090d49563a8f75f42ed6d10bd9d6216ff4c66ada36f75cfb66785688e8e1db90b1c23e9d83454553f13679795eff3d4cd2ea6cafa0125a9ffa1a7944473aa270c274054be096d3f7befb01c7632d3080d9db7360f356b06404aa6361906ff53ccede05d65d609d45dbc922023d76ff2095cd2d6f83615978d33a955b08d1ed50f055f67c7049c0ace4fa91290f21d28ce36cf1ad921f82986421a5f0d9293416790a5e307967e9647feeb025a6a936b0c7deaff580fc0a197c670d2c803725383d2597eeab5c0d388fb43bb696dfa81fcc405b6342e32591e6910359c4f7ad5cca3869654e16fc54b3447e6c3e4226850ee200775a38d26614fee6602f746bbf1b4fd1485dee7b78b79f77d789bcb4ffe62dc47a3b91158b7670d462667f0db50d73aaf140d56d2c92905cd6e3273d901d90b46209414310ae6f83db79f08a2e33c0806f76ebdc952ee0f4a9dc44aa94edff663d4825d20c1311", 0x1000}}, 0x1006) ioctl$vim2m_VIDIOC_TRY_FMT(r4, 0xc0cc5640, &(0x7f0000000340)={0x1, @raw_data="b0b8267f7a74f384f7f48d5627580d820c01f7372c1f12482c9946afc8b3b0e90b72364c0d545fdd420eff8d380bcb41134fecdb794096a751d2a90598af4c1ae65c795b2c9a50628d9643cb000753541c7e6a06cd6d2f42cf61fbd8bc3bfc150ad37eefd20c3a41f3b1240adc57c0540e220d3abf450658cc54b1af9b1e9ecd7cbe45f62ea02dbd237828b9b4b3aee50b683bc49ec57f047a8919f38091f91b7316adb1f8dcbbf8f442ffd85d9f5e5e52d1ae00d99e7a5174d202ea97114b3f877526a08cdc8799"}) chdir(&(0x7f00000000c0)='./file0\x00') mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn']) 5m0.147754692s ago: executing program 0 (id=1677): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/zoneinfo\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) read$FUSE(r1, &(0x7f0000000940)={0x2020}, 0x2020) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000", 0x4}], 0x1}, 0x0) 4m57.49619466s ago: executing program 0 (id=1689): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1000012, &(0x7f0000000280)={'trans=virtio,', {[{@version_u}]}}) chdir(&(0x7f0000001040)='./file0/../file0\x00') keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6ef8ff756c7420757365723a73797a20"], 0x2a, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="be", 0x1}, {0x0}], 0x13, 0xfffffffc, 0x3) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 4m57.417228851s ago: executing program 39 (id=1689): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1000012, &(0x7f0000000280)={'trans=virtio,', {[{@version_u}]}}) chdir(&(0x7f0000001040)='./file0/../file0\x00') keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6ef8ff756c7420757365723a73797a20"], 0x2a, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="be", 0x1}, {0x0}], 0x13, 0xfffffffc, 0x3) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 1m24.760126163s ago: executing program 6 (id=2996): r0 = openat$cachefiles(0xffffff9c, &(0x7f0000000300), 0x40, 0x0) r1 = add_key$fscrypt_v1(&(0x7f0000000540), &(0x7f0000000580)={'fscrypt:', @desc2}, &(0x7f0000000700)={0x0, "6b0ad8e98a9dc75c64e9675dead826667dfff9f396d55717e9b494313b6e0f715dfbca4bf0e5e98f8b11c8103c58b63448feae3f8bdc8ac9bb565847bf4d8171", 0x18}, 0x48, 0xfffffffffffffff9) add_key(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000a00)="b4126d9c937d7705225564cbfa8c254bb82dba5450e7459fb4ab4a2bc502f7dc64a2674d227c0f88a2de8dd0d9529cda8a8588d4e68819b11ad1c06d09bebf59c9bfe6092ba6472602f15bdebc3ced19dc74f7733547f3d0be73affe7c54c2c4c3c5090fda267c24eb7d5e7653ef1bbff0fd93fbe3bf637b7206269b54cc5a7e31cd45c7448ee57be560ee149230dd351c2a97909a424b50b60d2389848719ef1d637fe0a81400bde8527978d5d97d15901d30dc88a938337af50b9fc27e87087d8515d7feb5ed050000000000000014ed2e530ec185788285d44dfc0474161a1b1f", 0xe2, r1) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0086426, &(0x7f0000000440)={0x4, &(0x7f0000000400)=[{}, {}, {0x0}, {0x0}]}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000480)={r3, 0x2}) r4 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, r4, 0x3, &(0x7f0000000000)) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000001a40)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000000)="2e000300010000", 0x7) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f00000000c0)) sendmsg$BATADV_CMD_GET_DAT_CACHE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)=ANY=[@ANYBLOB="7824196fd58b8139ec21070020aa95be1d1f82dee6f90fc9fe3c450886e69b6c21cc70c89be028cf9096fc265fb6276bb973d531a1782743109996cb66e96a4e8630168d8304fb3bf86a4c6cdba181ee3a5dced0db97", @ANYRES16=r2, @ANYBLOB="050300000000000000000700000008000300", @ANYRESHEX=r4, @ANYBLOB="cc39fe1a07724ad6f6de845f3d40050c2ed9d3b77ff00a00cdd89d9ff55d88e2d9a802abbaea361f10cc9a807422084ce8edfaf96cedb202ed85eb620868eae205c22ba258cd91c2cb22d489e0c7421648d3f814e9d16d590ce690b77a286b8f05a190f1095d5311311b87044686c01c3bb3989d2f5d7729d2d98678f1ff7ca72279d031bbe6338cae43f805b9fa7bb153aa4c2a4896e808713d0c0c4d28d90134b317a66f2ee8e4a785e73524"], 0x1c}}, 0x20044090) r7 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, 0x0, &(0x7f0000000380)) r8 = open_tree(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x9101) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'erspan0\x00', &(0x7f0000000940)={'gre0\x00', 0x0, 0x10, 0x700, 0x7f, 0x6, {{0x1d, 0x4, 0x0, 0x0, 0x74, 0x67, 0x0, 0x9, 0x4, 0x0, @multicast2, @multicast1, {[@end, @end, @noop, @cipso={0x86, 0x15, 0xffffffffffffffff, [{0x6, 0xf, "76a3c160495765c9947d3d0f31"}]}, @ssrr={0x89, 0x17, 0xa2, [@remote, @multicast2, @local, @rand_addr=0x64010100, @remote]}, @timestamp_addr={0x44, 0x24, 0x1d, 0x1, 0x0, [{@private=0xa010100}, {@loopback, 0x9}, {@local, 0x6}, {@empty, 0x8}]}, @timestamp_prespec={0x44, 0xc, 0x35, 0x3, 0x4, [{@loopback, 0x8}]}]}}}}}) sendmsg$xdp(r8, &(0x7f00000002c0)={&(0x7f0000000240)={0x2c, 0x1, r9, 0x2d}, 0x10, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x400c0}, 0x880) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x0, 0x0) pipe2(&(0x7f0000000040), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, r4, 0x2, &(0x7f0000000200)) openat$cgroup_root(0xffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) r10 = socket$inet_udplite(0x2, 0x2, 0x88) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r12 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r11, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000100)=[0x7], 0x0, 0x0, 0x1, 0x0, r12}}, 0x40) ptrace$setsig(0x4203, r12, 0x7a8b, &(0x7f0000000380)={0x0, 0x1, 0x6}) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) 1m24.721881844s ago: executing program 6 (id=2997): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000500)=ANY=[@ANYRESDEC, @ANYBLOB="6a39f3ccfd9c561bc42a2ebe4caf07e71d9f0af469e34fd4b186554bff26d4f8957c68efbbd33d9b4b5a939a07c891e1c9a564160035ff20b7b939cb24dc61241741122fc1e67fdb86bee7536f056619f893ac52b58dbf2540ce862d5c3d2fa4ab8158d77876cada4da6d910867242f0877898b67322c209ece6537b6a5bafa9baf23887e77d6d56991cb7dfd865783dda059ffa603bb156bc6a40d2fd037f66fdd0462817480c62cb8ac24cbc4aeffdcda064ade7a9000264bfd8a83308fdcd73fe6023ba28f7fb4c8c6f8d6c5d50f4f54b09c7c19c535f18"], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x6b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r3, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$igmp(0x2, 0x3, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x110) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000440)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000480)=ANY=[@ANYRES8=r1]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)) socket$nl_route(0x10, 0x3, 0x0) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 1m22.722102858s ago: executing program 6 (id=3000): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000340)={0x34, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0xb}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c080}, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_LISTALL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, r2, 0x800, 0x70bd28, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @local}, @NLBL_MGMT_A_DOMAIN={0xd, 0x1, 'nl802154\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1e}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x15}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x40) 1m22.70872438s ago: executing program 6 (id=3001): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') mount$afs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000010c0)='./file0\x00') syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 1m22.674386396s ago: executing program 6 (id=3002): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000c9f000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x630d, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 1m22.534519618s ago: executing program 6 (id=3003): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r4 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) close(r4) dup3(r1, r4, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r5, 0x400448cb, 0x0) 1m22.524714776s ago: executing program 40 (id=3003): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r4 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) close(r4) dup3(r1, r4, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r5, 0x400448cb, 0x0) 1m17.782169504s ago: executing program 4 (id=3021): r0 = socket$nl_crypto(0x10, 0x3, 0x15) recvmmsg(r0, &(0x7f0000007000)=[{{&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @empty}}, 0x80, &(0x7f0000002440)=[{&(0x7f0000000080)=""/115, 0x73}, {&(0x7f0000000100)=""/243, 0xf3}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/192, 0xc0}, {&(0x7f00000022c0)=""/95, 0x5f}, {&(0x7f0000002340)=""/130, 0x82}, {&(0x7f0000002400)=""/20, 0x14}], 0x8, &(0x7f0000002480)=""/71, 0x47}, 0xfffffff3}, {{0x0, 0x0, &(0x7f00000047c0)=[{&(0x7f0000002500)=""/4096, 0x1000}, {&(0x7f0000003500)=""/4096, 0x1000}, {&(0x7f0000004500)=""/97, 0x61}, {&(0x7f0000004580)=""/255, 0xff}, {&(0x7f0000004680)=""/87, 0x57}, {&(0x7f0000004700)=""/184, 0xb8}], 0x6, &(0x7f0000004800)=""/30, 0x1e}, 0x8}, {{&(0x7f0000004840)=@pppoe={0x18, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000005bc0)=[{&(0x7f00000048c0)=""/4096, 0x1000}, {&(0x7f00000058c0)=""/13, 0xd}, {&(0x7f0000005900)=""/33, 0x21}, {&(0x7f0000005940)=""/7, 0x7}, {&(0x7f0000005980)=""/108, 0x6c}, {&(0x7f0000005a00)=""/212, 0xd4}, {&(0x7f0000005b00)=""/180, 0xb4}], 0x7}, 0x8}, {{&(0x7f0000005c00)=@generic, 0x80, &(0x7f0000006040)=[{&(0x7f0000005c80)=""/92, 0x5c}, {&(0x7f0000005d00)=""/234, 0xea}, {&(0x7f0000005e00)=""/92, 0x5c}, {&(0x7f0000005e80)=""/139, 0x8b}, {&(0x7f0000005f40)=""/151, 0x97}, {&(0x7f0000006000)=""/19, 0x13}], 0x6}, 0x400}, {{&(0x7f0000006080)=@in={0x2, 0x0, @local}, 0x80, &(0x7f0000006140)=[{&(0x7f0000006100)=""/15, 0xf}], 0x1}, 0x1}, {{&(0x7f0000006180)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f0000006480)=[{&(0x7f0000006200)=""/192, 0xc0}, {&(0x7f00000062c0)=""/114, 0x72}, {&(0x7f0000006340)=""/50, 0x32}, {&(0x7f0000006380)=""/180, 0xb4}, {&(0x7f0000006440)=""/3, 0x3}], 0x5, &(0x7f00000064c0)=""/226, 0xe2}, 0x80}, {{&(0x7f00000065c0)=@nl, 0x80, &(0x7f0000006880)=[{&(0x7f0000006640)=""/228, 0xe4}, {&(0x7f0000006740)=""/140, 0x8c}, {&(0x7f0000006800)=""/81, 0x51}], 0x3}, 0xffffb075}, {{0x0, 0x0, &(0x7f0000006a40)=[{&(0x7f00000068c0)=""/110, 0x6e}, {&(0x7f0000006940)=""/233, 0xe9}], 0x2}, 0xfffffff8}, {{&(0x7f0000006a80)=@xdp, 0x80, &(0x7f0000006d00)=[{&(0x7f0000006b00)=""/141, 0x8d}, {&(0x7f0000006bc0)=""/146, 0x92}, {&(0x7f0000006c80)=""/93, 0x5d}], 0x3, &(0x7f0000006d40)=""/221, 0xdd}, 0xd5}, {{0x0, 0x0, &(0x7f0000006f80)=[{&(0x7f0000006e40)=""/247, 0xf7}, {&(0x7f0000006f40)=""/5, 0x5}], 0x2, &(0x7f0000006fc0)=""/4, 0x4}, 0x9}], 0xa, 0x40000000, &(0x7f0000007140)={0x0, 0x3938700}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x80000000, 0x7c04, &(0x7f0000007180)) io_setup(0xffffffff, &(0x7f00000071c0)=0x0) (async) r3 = userfaultfd(0x80000) ioctl$int_out(r3, 0x2, &(0x7f0000007200)) (async) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000007240)={{0x2, 0x4e22, @rand_addr=0x64010102}, {0x306}, 0x2, {0x2, 0x4e23, @local}, 'bridge0\x00'}) syz_emit_ethernet(0x45, &(0x7f00000072c0)={@multicast, @local, @val={@val={0x88a8, 0x1, 0x1, 0x2}, {0x8100, 0x2, 0x1}}, {@x25={0x805, {0x1, 0xe, 0x13, "95bf9c1be3242df3f3452ad41112b36eab1d08957b2604d906021f1af7416bb2e36d003a6fb5dd6fa4605b68"}}}}, &(0x7f0000007340)={0x1, 0x2, [0x1e8, 0x32c, 0xbf, 0x547]}) (async) truncate(&(0x7f0000007380)='./file0\x00', 0x7) (async, rerun: 64) io_pgetevents(r2, 0x2e80, 0x1, &(0x7f00000073c0)=[{}], &(0x7f0000007400)={0x77359400}, &(0x7f0000007480)={&(0x7f0000007440)={[0x5, 0x2]}, 0x8}) (async, rerun: 64) r5 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f00000074c0)=0xb1c, 0x4) (async) readv(r0, &(0x7f0000008b00)=[{&(0x7f0000007500)=""/153, 0x99}, {&(0x7f00000075c0)=""/33, 0x21}, {&(0x7f0000007600)=""/4096, 0x1000}, {&(0x7f0000008600)=""/252, 0xfc}, {&(0x7f0000008700)=""/216, 0xd8}, {&(0x7f0000008800)=""/115, 0x73}, {&(0x7f0000008880)=""/96, 0x60}, {&(0x7f0000008900)}, {&(0x7f0000008940)=""/218, 0xda}, {&(0x7f0000008a40)=""/137, 0x89}], 0xa) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000008c40)={&(0x7f0000008b80)={0x10, 0x0, 0x0, 0x404000}, 0xc, &(0x7f0000008c00)={&(0x7f0000008bc0)=@newchain={0x34, 0x64, 0x8, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x2, 0x8}, {0xfff1, 0x6}, {0x1, 0xc}}, [@TCA_RATE={0x6, 0x5, {0x2, 0xd}}, @TCA_RATE={0x6, 0x5, {0xa, 0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4840}, 0x841) io_uring_enter(0xffffffffffffffff, 0x5942, 0x7a47, 0x0, &(0x7f0000008c80)={[0x5c, 0x80000000]}, 0x8) (async) io_setup(0xf, &(0x7f0000008cc0)=0x0) io_destroy(r6) (async) r7 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000008d00)={0x8, {{0xa, 0x4e23, 0x3, @mcast2, 0xb}}}, 0x84) (async) r8 = openat$dsp1(0xffffff9c, &(0x7f0000008dc0), 0x80000, 0x0) ioctl$SNDCTL_DSP_SPEED(r8, 0xc0045002, &(0x7f0000008e00)=0xcd) r9 = fcntl$dupfd(r7, 0x0, r0) (async) r10 = openat$dir(0xffffff9c, &(0x7f0000008ec0)='./file0\x00', 0x40, 0xc7) fsconfig$FSCONFIG_SET_PATH_EMPTY(r9, 0x4, &(0x7f0000008e40)='bridge0\x00', &(0x7f0000008e80)='./file1\x00', r10) (async, rerun: 32) setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000008f40)=@security={'security\x00', 0xe, 0x4, 0x50c, 0xffffffff, 0x0, 0xc8, 0x444, 0xffffffff, 0xffffffff, 0x444, 0x444, 0x444, 0xffffffff, 0x4, &(0x7f0000008f00), {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @empty}, @private0, [0x0, 0xffffffff, 0xffffff00, 0xffffff00], [0x0, 0xffffffff, 0xff, 0x807fff00], 'veth1_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x3c, 0xcd, 0x4, 0x1}, 0x0, 0xa4, 0xc8}, @common=@unspec=@AUDIT={0x24}}, {{@uncond, 0x0, 0xc8, 0x1f0, 0x0, {}, [@common=@mh={{0x24}, {"25b1", 0x1}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xfffffffc, 'system_u:object_r:watchdog_device_t:s0\x00'}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xffffffff, 0x0, 0xffffffff], [0xffffff00, 0xffffff00, 0xffffffff, 0xff], 'xfrm0\x00', 'rose0\x00', {0xff}, {0xff}, 0x2f, 0x4b, 0x51ac956bcd347ca3, 0x3e}, 0x0, 0x168, 0x18c, 0x0, {}, [@common=@unspec=@conntrack3={{0xc4}, {{@ipv4=@loopback, [0x0, 0xff, 0xffffff, 0xf9233a4fbbacb494], @ipv4=@empty, [0x0, 0xff, 0x0, 0xff000000], @ipv4=@empty, [0xffffffff, 0xffffffff, 0x0, 0xff000000], @ipv6=@mcast1, [0x0, 0xff000000, 0xff000000, 0xff], 0x2, 0x5, 0x62, 0x4e24, 0x4e24, 0x4e23, 0x4e22, 0x129, 0x2c06}, 0x0, 0xc0, 0x4e24, 0x4e23, 0x4e22, 0x4e21}}]}, @common=@unspec=@NFQUEUE0={0x24, 'NFQUEUE\x00', 0x0, {0x5}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x568) (async, rerun: 32) pipe2$watch_queue(&(0x7f00000094c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) finit_module(r11, &(0x7f0000009500)='AUDIT\x00', 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000096c0)={&(0x7f0000009540)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000009680)={&(0x7f0000009580)={0xf0, 0x0, 0x1, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@CTA_TUPLE_ORIG={0xc8, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x39}}, {0x8, 0x2, @multicast2}}}]}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xe, 0x1, 'irc-20000\x00'}}]}, 0xf0}, 0x1, 0x0, 0x0, 0x8000}, 0x4081) 1m17.707369544s ago: executing program 4 (id=3023): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) readv(r3, &(0x7f0000000240)=[{&(0x7f0000000080)=""/119, 0x77}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000000100)=""/105, 0x69}, {&(0x7f0000000300)=""/254, 0xfe}, {&(0x7f0000000180)=""/107, 0x6b}, {&(0x7f0000001480)=""/213, 0xd5}, {&(0x7f0000001580)=""/74, 0x4a}, {&(0x7f0000001600)=""/4096, 0x1000}], 0x8) syz_io_uring_setup(0x7bc6, &(0x7f0000000280)={0x0, 0x1c2a, 0x20, 0x0, 0xfffffffc, 0x0, r3}, 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_ADD_IFACE(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110225bd7000fcdbdf252100000005002000000000000c000500000000800000000009001f0070687931"], 0x34}, 0x1, 0x0, 0x0, 0x24008000}, 0x0) 1m17.632146965s ago: executing program 4 (id=3025): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) fanotify_init(0x40, 0xc1403) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x28, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000815}, 0x850) 1m17.543758516s ago: executing program 4 (id=3026): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f000009f580), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x303, 0xf000, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) 1m17.542990595s ago: executing program 4 (id=3027): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r0, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0xffff, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, &(0x7f0000000180)=0xc) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) r3 = signalfd(r0, &(0x7f0000000200)={[0x4, 0x8]}, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='rpcgss_upcall_result\x00', r3, 0x0, 0xc9}, 0x18) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='highspeed\x00', 0xa) r6 = socket$inet6(0xa, 0x811, 0x7) r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r8 = dup(r7) ioctl$HIDIOCGNAME(r8, 0x80404806, &(0x7f00000000c0)) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) r9 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xb1ea, 0x10100, 0x0, 0x0, 0x0, r8}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r7, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r9, 0x2ded, 0xef92, 0x0, 0x0, 0x0) r12 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) writev(r12, &(0x7f0000000b00)=[{&(0x7f0000000940)=':', 0xfdef}], 0x1) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'sit0\x00'}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040) timer_create(0xb, 0x0, &(0x7f00000000c0)=0x0) timer_settime(r13, 0x0, &(0x7f0000000080)={{0x77359400}, {0x0, 0x989680}}, 0x0) timer_settime(r13, 0x0, &(0x7f0000000040), &(0x7f0000000180)) connect$bt_rfcomm(r2, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa) shutdown(r0, 0x1) 1m16.644260793s ago: executing program 4 (id=3030): accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f00000012c0)={0x0, 0x0, 0x96, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) unshare(0x28040680) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='attr\x00') write$binfmt_aout(r1, 0x0, 0xff2e) unshare(0x2a020480) fchdir(r1) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, 0x0) pipe2$9p(&(0x7f0000000040), 0x80080) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f00000035c0)={{0x2, 0xffff, @multicast2}, {0x0, @broadcast}, 0x4, {0x2, 0x0, @private}, 'sit0\x00'}) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGDEV(r3, 0x80045432, &(0x7f0000000000)) socket$netlink(0x10, 0x3, 0x4) pipe(&(0x7f0000000080)) socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, &(0x7f00000006c0)=[{0x2, 0x3, {0x1, 0x1, 0x3}, {0x1, 0x1, 0x4}, 0x8d582fc6ec6e7987}, {0x2, 0x10000000000000, {0x0, 0xff, 0x4}, {0x2}, 0xfe, 0xff}], 0x40) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0xffeb}, {0x1, 0x1}, {0x1, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 1m1.596530341s ago: executing program 41 (id=3030): accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f00000012c0)={0x0, 0x0, 0x96, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) unshare(0x28040680) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='attr\x00') write$binfmt_aout(r1, 0x0, 0xff2e) unshare(0x2a020480) fchdir(r1) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, 0x0) pipe2$9p(&(0x7f0000000040), 0x80080) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f00000035c0)={{0x2, 0xffff, @multicast2}, {0x0, @broadcast}, 0x4, {0x2, 0x0, @private}, 'sit0\x00'}) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGDEV(r3, 0x80045432, &(0x7f0000000000)) socket$netlink(0x10, 0x3, 0x4) pipe(&(0x7f0000000080)) socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, &(0x7f00000006c0)=[{0x2, 0x3, {0x1, 0x1, 0x3}, {0x1, 0x1, 0x4}, 0x8d582fc6ec6e7987}, {0x2, 0x10000000000000, {0x0, 0xff, 0x4}, {0x2}, 0xfe, 0xff}], 0x40) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0xffeb}, {0x1, 0x1}, {0x1, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 58.718621461s ago: executing program 3 (id=2633): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={0x0, 0x30000, &(0x7f0000000580)={&(0x7f00000004c0)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0) 49.133244702s ago: executing program 3 (id=2633): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={0x0, 0x30000, &(0x7f0000000580)={&(0x7f00000004c0)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0) 38.221670325s ago: executing program 3 (id=2633): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={0x0, 0x30000, &(0x7f0000000580)={&(0x7f00000004c0)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0) 27.661810671s ago: executing program 3 (id=2633): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={0x0, 0x30000, &(0x7f0000000580)={&(0x7f00000004c0)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0) 18.91410634s ago: executing program 3 (id=2633): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={0x0, 0x30000, &(0x7f0000000580)={&(0x7f00000004c0)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0) 9.381501966s ago: executing program 3 (id=2633): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000005c0)={0x0, 0x30000, &(0x7f0000000580)={&(0x7f00000004c0)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x480c0) 2.954778781s ago: executing program 1 (id=3273): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2000000, 0xe2001) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0xfffffffffffffff8]}}) 2.893815231s ago: executing program 1 (id=3274): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, 0x0) syz_io_uring_setup(0x24ad, &(0x7f0000000300)={0x0, 0x10077f4, 0x10100, 0x3, 0x5c}, &(0x7f0000000100), 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x11) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r4, 0xc01064c7, 0x0) r5 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000280), 0x181002, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000140)=0x1c90, 0xfffffffffffffec3) recvfrom(r7, 0x0, 0x0, 0x40002000, 0x0, 0x0) r8 = fcntl$dupfd(r7, 0x406, r7) read$char_usb(r8, &(0x7f00000000c0)=""/88, 0x58) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x6b007d05, 0x400000) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fstatfs(r1, &(0x7f0000000000)=""/14) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7) 1.883045585s ago: executing program 1 (id=3275): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setfsuid(0x0) prlimit64(0x0, 0x2, &(0x7f0000000180)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$rdma_cm(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = socket(0x1e, 0x4, 0xfffffffe) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req={0x5, 0xfffffffd, 0x4, 0x6}, 0x10) recvmmsg$unix(r2, &(0x7f0000003100)=[{{&(0x7f0000000000), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1, 0x0, 0x28}}], 0x1, 0x0, 0x0) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) getsockopt$inet_opts(r2, 0x0, 0x0, &(0x7f00000003c0)=""/244, &(0x7f0000000040)=0xf4) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usbip_server_init(0x1) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xc, {"a2e3ad21ed0d52f91b23090987f70e06d038e7ff7fc6e5539b3264078b089b0c08384d090890e0878f0e1ac6e7049b334a959b4b9a240a5b67f3988f7ef319520100ffe8d178708c523c921b1b6d31310d075d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa17d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe2c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a605608057228652a449df466c63d36770243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1008892fd6b21ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928900d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b03000000cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f632a70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171608bdc00fbbd0385075465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c113d12a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571ebff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4804afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa34046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b08005f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d789364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c220300000007b3d5bd3b01faffd0a5dbed2881a970fbf561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000ebffffffffffffff00", 0x1000}}, 0xffffffffffffff90) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'dummy0\x00', 0x0}) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000000)={@dev, 0x0, r6}) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x20101) 1.593742231s ago: executing program 2 (id=3280): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0x1, &(0x7f00000000c0)=0x3a7b, 0x4) socket$nl_route(0x10, 0x3, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x8041) recvmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)=""/200, 0xc8}], 0x1}, 0x10040) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f0000000f40)=""/4073, 0x0, 0xffffff56, 0x1, 0x1, 0x0, @void, @value}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100677470001400028008000100", @ANYRES32=r6], 0x48}}, 0x810) 1.51073262s ago: executing program 1 (id=3281): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'lblcr\x00'}, 0x2c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x3c, 0x0, @void}, 0x10) r5 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil) shmat(r5, &(0x7f0000ffc000/0x2000)=nil, 0x4000) shmat(r5, &(0x7f0000ff9000/0x1000)=nil, 0x5000) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8001, &(0x7f0000000000)=0x6, 0x8, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r6, 0x0, 0x0) pread64(r0, &(0x7f0000000080)=""/9, 0x9, 0x7f9) sched_setscheduler(r2, 0x0, &(0x7f0000000040)=0x9) io_uring_setup(0x53c4, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 1.392511957s ago: executing program 8 (id=3283): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r1, 0x1, {0x0, 0x0, 0x4}}, 0x18) close(0x3) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) r2 = io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x71}) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000100)=@arm64) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 1.302125625s ago: executing program 8 (id=3284): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = open$dir(&(0x7f0000000040)='./file0\x00', 0x8000, 0x0) getdents(r1, &(0x7f00000005c0)=""/162, 0xa2) r2 = openat$dlm_monitor(0xffffff9c, &(0x7f0000000140), 0x10882, 0x0) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000002c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000080)={@my=0x1}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x80}) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000180)=r2) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="c40000001900674c0000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="010000000000000000000000000000000000000000000000100000000000000000000000b23d63f644ed0000000000008000000000000000000000000000fcffffffffffffff0000000000000000b0ac00000000000000000000040000000000000000000000000400000000000000000000a1710e6d0100964ba586768ecd382b662ae53694a9faaa17edad2bb192386252eb10237dbfd33e748cfec690a33e527af0e2625a4335302ed0ba46180f69a4f54e839bd71cbc000f0d9d043214493938d20d444ce3d299a29f51a12d2096c29c1c9706695c65b13c30d14de0dabe3d7d8c245ec74e0d017e9ca5699917f07d19a294a700bb37db68f6fe3658c403ce709173540719adef993ba921329e8f0ed44e6da8c041a1587d271a3af1f58084a7ad45ebbe6bcba67421a6fe2349eb4666caef805e440e3aed40008bc6a304813d2ad977ba44c0be94bcfa22d53040ee154a038b35e1d6bc74f37191c00066a3b61a9e1a8d51c8325222b2603c9aabe3db72ac5830156413c6e0d8e900966cf108413813a6e1a0b797b7bf250edc4ef0c4e70ca609eda8f7c07feb88082d4238f3fb3f208664362dda16bd3ad04cc174b513703ee58937535c"], 0xc4}}, 0x4c050) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x40000000000000}}, [@tmpl={0x44, 0x5, [{{@in6=@mcast2, 0x0, 0x33}, 0x0, @in6=@dev, 0x0, 0x4}]}]}, 0xfc}}, 0x0) r5 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$apparmor_exec(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB='exec &'], 0x149) syz_emit_ethernet(0x46, &(0x7f00000009c0)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra}}}}}, 0x0) 1.241997457s ago: executing program 8 (id=3285): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, 0x0) syz_io_uring_setup(0x24ad, &(0x7f0000000300)={0x0, 0x10077f4, 0x10100, 0x3, 0x5c}, &(0x7f0000000100), 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x11) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r4, 0xc01064c7, 0x0) r5 = openat$sw_sync_info(0xffffff9c, &(0x7f0000000280), 0x181002, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000140)=0x1c90, 0xfffffffffffffec3) recvfrom(r7, 0x0, 0x0, 0x40002000, 0x0, 0x0) r8 = fcntl$dupfd(r7, 0x406, r7) read$char_usb(r8, &(0x7f00000000c0)=""/88, 0x58) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) syz_open_dev$evdev(0x0, 0x6b007d05, 0x400000) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fstatfs(r1, &(0x7f0000000000)=""/14) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7) 750.292248ms ago: executing program 2 (id=3286): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4$alg(r0, 0x0, 0x0, 0x80800) sendmmsg(r1, &(0x7f0000003d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) io_setup(0xff, &(0x7f0000000380)=0x0) io_submit(r2, 0x1, &(0x7f0000001440)=[&(0x7f00000000c0)={0x1000000, 0x0, 0x700000000000000, 0x1, 0x0, r1, &(0x7f0000000000)="73f1d5302ad500d7a7b51a60eb90111bee9fa0469bfc02d3d611f702955f9fab85c648d745eacecd3794ddcd23305be20abb972491e06c06e9a93bb520b2a93d7181b40b6acb37741a2b0496d66f96d6876a29abfadd66d0409e5ae45c7fc402fdb810928c03c1e5eb3ffcf95f2ce36e8b65532aafdeeacc4a653a984b0e53064592ab150285e6cd609f7dca2e1cc7f04a7fec6ed1912223eb4ece458fb4b05af3706ffa", 0xa4, 0x0, 0x0, 0x3}]) 532.322434ms ago: executing program 2 (id=3287): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000400)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) (fail_nth: 5) 483.851307ms ago: executing program 2 (id=3288): openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0) (async) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0xfffffffe}]}}) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES64], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/netlink\x00') sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="38000000031404002ab1000f4938c29ebda883bd7000ffdbdf250900020073797a32000000000800410073697700140033007465616d5f73"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) (async) writev(r1, 0x0, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$inet_udplite(0x2, 0x2, 0x88) (async) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setresuid(0x0, 0xee00, 0x0) (async) syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) (async) r5 = socket(0x10, 0x80002, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) ioctl$USBDEVFS_CONNECTINFO(r6, 0x8004550f, &(0x7f0000002a40)) (async) connect$inet6(r5, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) (async) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r7, &(0x7f0000000340)=ANY=[], 0xff2e) (async) ioctl$TCXONC(r7, 0x540a, 0x2) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000100)) (async) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x9}}}, 0x24}}, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) 330.824827ms ago: executing program 1 (id=3289): socket$inet6(0xa, 0x1, 0x0) r0 = syz_clone(0x81000000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x35f48f9e250dba0b, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) clock_adjtime(0xffffffd3, &(0x7f0000000000)={0xb, 0x86, 0xfffffffffffffffe, 0x9, 0x7, 0xb, 0x651, 0xfffffffffffffffc, 0x9657, 0x0, 0x7fffffff, 0x0, 0x0, 0xb, 0x80000000000000, 0xcc0, 0x1, 0x1, 0x94d6, 0x0, 0xfffffffd, 0x8, 0x8, 0xfffffffffffffffa, 0x3, 0x2000000000000}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000210400000000fedbdf25ffff0000", @ANYRES32=0x0, @ANYBLOB="adffa888e1600000240012800b00010067656e6576650000140002800500080000000000060005004e200000"], 0x44}}, 0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000400)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_ro(r5, &(0x7f0000000440)='freezer.state\x00', 0x275a, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x4001, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000000a0601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xd, 0xe, &(0x7f0000000fc0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5c768a40538be5f76e9c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548ef8e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb030621204d3ded6f260af62d91faae95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5ffff000000000000c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb33b6b21675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e959212181d4bf32ed89c96d421c8171698c49403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751beed5f79de29a67a579150bfb31232d296b9d2977ed027ca90af7088d6466f1501d96a32bfa3cf9ab0dcd626ac9341833e92685af6917ae05473ae4768341426e244159b3c3e002b6f8ee80cbe6e26c816ab92658d956d849cd3a21ebf4b143d338035cd91f087633aa668e0644b05dc5a7937cd5fb62bd08242a858aeeda8c0cbb4fc2478a8155b859e88493f322702277939832bd4a1d8109f98c5a187564c9eb80acc63ac57459593c81ce8998e38ea231b81ebaa6b242ebdf382d70232f1d8e516a8eaf39d09ea40198cf1b72eb5ce5327d3a3861470be47a9a9dbf569e6f6f474fd1448adfd70c4f4a4487edaf193a00a808389a110a4286905ba81309735f6ac5d2ba7ab2be01fa25c11dbb3170258e9d9fed944fd85c03336a49f7016517a1988bc84ee301e167d3cf88c46c4eba6e2bfd099acd2eec5c624679aa7ebab76061a9ca792bffe3d6df4dbe70b5cab6299a51e63826fd0bda4846d06e322ebd745e73da718ba0c93e7567df9ed7ea8d2fdbde44e65a4cd01748b"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xdf43d46ec3a63b0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0x56, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff886411004048633321fbac14142ce934a0a662079f4b4d2f87e56dca6aab845013f208001a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000001c40)="beb61ec2ca90080239f2a54e2368fa761313c3a024a98109ba1e2e7b780d03c54b7a83d56fce397842e724674507d531762055fca371ea775f418df7bee236c9b9968146efb3232ae3413b617445e98bb644a892b9337f1a9135d9f30457a8ffb21aef4a95a155fab70a40b086056b0f63331a66b3457c", 0x2}, 0x2c) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='f2fs_lookup_start\x00', r6, 0x0, 0xfffffffffffffffc}, 0x18) r10 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) syz_pidfd_open(r0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000001c00)={{0x0, 0xa3c, 0x7, 0x762, 0x8, 0x7, 0x2, 0xe, 0x400, 0xfffffffc, 0x5, 0x51e, 0x5, 0x9, 0x5146}}) socket(0x40000000015, 0x5, 0x0) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10) 165.052014ms ago: executing program 8 (id=3290): pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) r2 = landlock_create_ruleset(&(0x7f0000000140)={0x895, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$can_bcm(r1, &(0x7f0000000280), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="05"], 0x48}}, 0x4040000) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)=ANY=[@ANYBLOB="050000008008"], 0x80}}, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20) r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r7, 0x106, 0x482, 0x0, 0x0) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fd23291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) close_range(r0, 0xffffffffffffffff, 0x0) 120.790998ms ago: executing program 8 (id=3291): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000040)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000002100)='syzkaller\x00', 0x3, 0x57, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94) r5 = socket(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r5, 0xa00000000000000, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000010000000068000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e670000000000000000000000001b00000000000000000400000000001804000000000000000000000c0000000000000056000000000000000000000000000000000000000000000000000000000000fa0100000000000000000000000000000000000000000000000000000000004037118bc35d3037960000000000000000000000000000000000000000000000000000000000001f0000000000000000000000938d5e000000000000558d7a2006c2257800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e4f500000000000000000300020000000000000000006c00000000000000000000000000000000000000000000000000000000000000000000000000892f9284b45f00000000000000000000000000000000a600000000000000000000000040f9ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000080000001567cc0fb18ebd10677f000000000000000000000000b038562daba737bd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1000000000000000000000000000000000000000000c50000000000000000000000000011000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000ce90b91aedadb0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ce113362da06ccfa83f39b50390000000000000000ed2c14bc1d077b4817d693d02c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000037ff1cf2f8e52e074300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d659920000000000e5c7ffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff80000ff0f000000000000000000000000000000000000deffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002292091a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000f5000000000000000000000000000000000000000000000000c1a8a95ba6a3ba677371c303b5426300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c81e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000000000008000000000000000020000000000000000000000052000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d1000000000000000000df0000ecffffff0000000000000000000000000000000010be099dac2faa3c6cb226eccfecd203000072656469726563740000697456a100"/2376]}, 0x998) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x102481, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_MAX_VCPU_ID(r7, 0x4068aea3, &(0x7f0000000000)={0x80, 0x0, 0x1}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda501009bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f00000001c0)={"0080bced01eb0100000000000000000700000000000000c900", r8}) r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_REMOVEDEF(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r9, 0x409, 0x70bd27, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @remote}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}]}, 0x68}}, 0x40008) 39.81438ms ago: executing program 2 (id=3292): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_test', 0x41e43, 0x8) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0xfffffffffffffff8]}}) 22.614851ms ago: executing program 1 (id=3293): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSARP(r0, 0x8955, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)=0x2) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x0, 0x0) read$dsp(r1, &(0x7f0000000300)=""/79, 0x4f) syz_clone(0x2000211, 0x0, 0x0, 0x0, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7e00, 0x0) (fail_nth: 10) 14.297799ms ago: executing program 2 (id=3294): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x95}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000005480)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000dc0)="d368670ca054bc64a9f561e275b5670eaf766517813ac3a25841287f597160e1e11c93f9b02e76d5f1bc895132a3db759785120f5150b2034cabc8354d3114ccac5ae866c45daad5200ee17c5ada8eebd595555e261be058e432c5ca4da48f2b4a905acd5cde8a751cb6e972482a98652c75b585fb07eda90254ba913d8d9c55bb6d389c9b461356fe02e20cfa51e4d0ee7cb85f2a776b3e658eca5039702fbdadfa05956c37c5e7145fa7a42d74638a1cdab0b58903e56179", 0xb9}], 0x1, 0x0, 0x0, 0x4000}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="30e27b1e04dd6905f076a3dfeb21efa286e7cd7c4bfcf4c9fae0d4c8d41412ee32e77423cea4debb8d2a2f40d0f23bfcbda225d8846280dda4e7ea48eeea59eb3a673381884ad547c22b89dbda0308150b17ea2c415791629fda2f9229a283500b5adb654fcf346f3741cc430d857bd1c7d66468ba4a908c68853bad7a2499792e523e95893c824c316f40a61272a4ab9bfac5351b9ec8a6c078f77fc45086a7059aae07e0ac88dd69cf61d6819303a1d53cfabe10cfa0721bdbd225df629b0ab676c90d96a396ad5c7876b9217b195fbd1c0aa9eaf3d30291659156e64b9b0c5d5d8b01b18c060c15ff3d265c7ed8185dcbc5752b76d68d", 0xf8}, {&(0x7f0000000540)="a153a1020862ecb2de93e7953700a524e4a8a6e916f2f766c994e0f7b397e91cb366211da901c518f042f3b28c4102786f7946fd65c6db5e87912bb9825dc1e54e22cb0c1f3d6c67ede4940e08bbcbd817fbcba31400e39c9262f33891f9e4eb47231747cbf3bf53441d0e812117816e760f9a3d1c839fbd8986d5925c65a6e3b8ea98782820f774476d8cd33edff4ea3eb6599484ff069b4062d624176dd8b54645c05cb34f1d439827a74f8e2f3ee94e72762507ece617c0cbcb8233209fe99e29b37178122cb65f472d9a9d3d9939cc0706944028fe4bd040bde3b369dee216912e91d4c4bf92c36db57f4968d8132b46c91e", 0xf4}, {&(0x7f0000000700)="2d79f20f4256b02d7bd5e65138d6b5a96b669cd21c0dad8a05bf874e432907c98b53bb39c31fbd3a245fe565b7c725066f1a63c29a8ec2e89faf441143b63104c60fdb11afb33d3c778f43e1ae0a051b98c331878d9bf71228f4fe993024a11e2bd4478d2ce9dd58b7abdac6c4d4f77c01a06fccf828089cc4d66913b9cdb3c13c9f4112d87b01eb49428b22887003f7c28c2d65901f8795e7b4ab269436ca45cff8aaed6a7725ca3dd9291045cfeb3288238a371de643f6b38f4a4dd667cb394a85efb90aef695ed013f0f6c73161c84b678f003aba75ece2f723a584384f769571aad8ba02237946b3f1a080c3936694d50dc20a1423aa84f58835d92dce", 0xff}, {&(0x7f0000000440)="62365b40c16057d77ccd70248df8070e257bedab261103fd68e9f30e13b0687c353c4537e880b0e5212358f99fd1d621f751e6209733f445dafec574e32fb05a0e37c42bf3533e86fbdf1da014bc06789be21dc4b37b62d40d1bfa0bd5cb90c33908144f6fecb47c9500a1931054fcbfbbdcc52c8e023c5f52c4dcb6cb5e469681677f9012244f2af886bcbb93ccb17e92f49e197e7a5bc28988874f4b627e54b8e7e7ede16ce4097fb745d2a2", 0xad}], 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="200000000100000001000000", @ANYRES32=r4, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32=r2, @ANYBLOB="340000000100130001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32, @ANYRES32=r1, @ANYRES32=r5, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r2], 0x54, 0x4004014}}, {{&(0x7f0000000900)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000000f80)=[{&(0x7f0000000980)="e5e9294b12221c54b2c48a7fabafca4da2d45d0aa4b8d3d9a8ae0e4a10af2db0da62053aca10b0aacfda83d1214db7ebb66381f8eba216dfda054ffe7a4985746cd3893475f31e0f8d802d04077f844f19d266a04135f888dd39cef22e50492546f2afb541312c965515c2da75ab3bcad92aa95c9ca7b8f87ffc8267b36121c50a8b01bd3b79aa581bf54278b1d4943b3b3dedbf5adb8d8f41a7dc55f5099fa437928d6ae325b0db4683df000a60e3a2afdce6f1ce", 0xb5}, {&(0x7f0000000ac0)="b9a2d37dfba9bcfe69a11cc3b42835b710ebd1b38f05a7ea605fcc8b63bebf7a6beddc0dbb196002369e164193ac7f38cd42e435480d3cf323d299eaffbb69f068", 0x41}, {&(0x7f0000000bc0)="34e6e10d535410b25252312ec9181d6ea0673a178b4cb462969712d55ea12de94fbea0c115d33625560c48d3146224fb2d07d3d33512b17ccf3bba8865d2fdfc17d53e576c79f7e88dc0b0d9eaee28f98370d2bb4e99a113282355546bce418d5cdefb51", 0x64}, {&(0x7f0000000c40)="5ea7505b7375895fe0f62cb9321854055f1dbe6768db8dfe438a5acd5f23d3c97b33be9e0adea094b55bf93b208a7e6f316d9687e11d47e996b738cf7459dc51aac6d2766fad065a57b8c917ba9e426859faa75fb8ef96f2cbb587f6e34443", 0x5f}, {&(0x7f00000011c0)="8dc25607e531d5ba5bfc81db206d7b094aaa9c37a0fdf503b9fd2ea71bf3993de150b319856b56697ea2e98a85ea78c0e7656720ba23511a518c0838f674cb1cb34821e58d393b466d8bad32990798783d69f4f7e0e34cab770ecb305574d3e0fe2a83b0801304be306cced45fa5557728486a31b5c37da0fa966fa2da42753bd23938a0ffc90bb415e3c47cec44268f846ce1b362db00ea4d25b7a477e4b43645770718f54ded3c262c9d261c4804177a2a042283d46f9024dd93951e8fcf6fcd6836435f5e2090424684c2a5ccb41e4a9d780f2d9e0ffee06da8f313b3e5248ba515624a4bf0153b87e94614fbae0452f1f5bf7ceaeeabf1a02f4b2dc0302baba7a1ea57f00948602677d9b5d8cf65d0224cb4d90f32fc4b21efc9dd5c694aad1895faa6ffffab96753b9979fd58d08a4d851342f272bf7c615b5fa2c89574335d8a5e558222e4b5284a73f3fb35c9dcbf0d6781ad36e0ce4a870e6e24cd7996e16c7255a7442111615d56fa94981985cbd3c1d909d7c5f9a940316b4dcfdc3e4d834182b23818720063ceb3d93aa286f136976a552ff5c400000000", 0x19d}, {&(0x7f0000001000)="5a54a87cf889a701ef5ead4ef7a98a263eb4ceb2706777f152cf0eee9f89e2a6864253894de436dc20060cdcdda8f4b3a3c5927a19afca97f5396b600822d97c18efcd9e71c2abea00bb2eb2fdf43ce41fe743d296f501c4b80b34e5036bf44e4f5cbcc1adf57adfc893725153616e2bfde0d791a07896708d8ece1d1f32a26deaa13802f76115ac15ea0c8af0edba413bc44131a4c2a12edd63fef2952336198c9f9678c1b236f9d1d07b682564b00459da7a5c4b3e71851ca841f069b82de35be48276cea674d7394da66c20c4d527685e5cbdd5fb4fa5294b5dd707a03b90f09e316bf9594ac0b4676f929a35b5f44a4524c660402c10e53d2a7dc5e033b2f9091ae8cc4ffa53093195bae1a931b6ce908aa24cc537b2a1aefe76ec392c6787dd3a07886d6576c1c02d2982e0edef3452e231a735ac889df47e57f5f43b0f3ed6ec554d4803e42302f1ede27f86a6aebd8a2af450c192c5092f0b2e623dbd56c80193b52aedfe118f6f7a474d7ea8d07eaa3676364dfef3e9747155c33b8ffffe2a3841aac9efcead543632e5fd6a64b09b4afb459455c2198835033848b1a09200"/429, 0x1ad}, {&(0x7f0000000680)="d6a946de9dabdce841715c429e105f4e3e66467e017663f812a6", 0x1a}, {&(0x7f0000000e80)="0b2a56ce09405c76f6cf9ab2feba8d5975ce2388663727227fd19cbc419527db087ae010e3a4d8a7ce118d4627a51e24e33c31d0de085cefb5613408b2b3ae1568f28f1a42cdf5fbc2455075a2d76ad34780b064e2e73fa8de72fdaa857b0d", 0x5f}, {&(0x7f0000000f00)="95c00c7c11d0e7990b4e15bd3fa120eb3a1f98b54c932b77c2c11ce571e975fe29b241ddcc70b5a8e13980d15ad5d194edfce7f58ec68fe2844614bcca65066b492d1adcbe972b4f81098a1e961eb8e253921bdce4f74cc008bd2757636220675e81d0cf67055e17f826b0b606e1f579c6a82f6719aa6b7d4356d0", 0x7b}], 0x9, &(0x7f0000000cc0)=ANY=[@ANYBLOB="300000000100000001000000", @ANYRES8=r0, @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r1, @ANYRES32, @ANYRES32=r4, @ANYRES32=r1, @ANYRES32, @ANYRES32=r5, @ANYBLOB="2c0000000100060001000000", @ANYRES32=r4, @ANYRES32=r4, @ANYRES32, @ANYRES32=r2, @ANYRES32=r5, @ANYRES32=r5, @ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="180000000100000002000000", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0x0], 0x74, 0x52c83ee37291d567}}, {{&(0x7f00000032c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000003440)=[{&(0x7f0000003340)="65b24443610778ef28205a3d7b57d7408534dac5a2afe89123f264bf19aa30dca7348c882e2089ed9d656b0be92a74ae87f63d44ff6f9a85d5162502d3e31349828cfe19025354dd4597fad877ea7a8a613b9cffaed77292a52cdce6c4c95c9472aa4f6ecf54e51c93e650bf5bf20d3d57e58b68bc00ba18a7424fb4b1286f7595de364e0fe8c815d5b12aee7af4e691d431d03ea6af10aca33dd858de9018a9a8babda137d4558d9a0ea195a63b562c3fe5ce3df2b63c200fa50dba94ed4ca79ad2b4ee4f0ba59b11c2a18e48399f3213d516e455d8bac7cda8c80157406d5ff7baa3750f26085c86e51468adb7f5749be4ff3b379ab5ab", 0xf8}], 0x1, &(0x7f0000003580)=ANY=[@ANYBLOB="200000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYBLOB="180000000100000002000000", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="300000000100000001000000", @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYBLOB, @ANYRES32, @ANYBLOB="280000000100000001000000", @ANYRES32=r4, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32, @ANYRES32, @ANYRES32=r0], 0xa0, 0x4040}}, {{&(0x7f0000003640)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000003800)=[{&(0x7f00000036c0)}, {&(0x7f0000003700)="e2fbeb71a2afea4eb2f58d9307f71bbc554898c8f94baf5345d6462698d61d6bb30f2690", 0x24}, {&(0x7f0000003740)="15f1e7458d8cb2df2b4d24d56ce07d8d8676a75df4f6700704bccb96518fa06a12cbdff02a736435a7ddc8e1b278de17ee70d43e1c9500687804143b8473f99938498881ac581fe51f6ed25509872a158e9894971b4293c344e2148aef9ba80077f4c624dd4f8705bcc123b327179bf02b47b634baddd8c1a3fbc2f45339d019bf080d17809dbdc370cad814e8a2d6ccca3d032f328ca940bf1190a19e", 0x9d}], 0x3, &(0x7f0000001380)=ANY=[@ANYBLOB="180000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="180000000500000002000000", @ANYRES32=r3, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="140000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="2c0000000100000001000000", @ANYRESHEX=r1, @ANYRES32=r5, @ANYRES32, @ANYRES32=r2, @ANYRES32, @ANYRES32=r0, @ANYRES32=r5, @ANYRES32, @ANYBLOB="140000000100000001000000", @ANYRES32, @ANYRES32], 0x84, 0x20000000}}, {{&(0x7f00000039c0), 0x6e, &(0x7f0000003d00)=[{&(0x7f0000003a40)="b62ac8e16ec9a410dca7f9633b698910ecd6906865d255844791ef1ece450c19558affa504d7a7ac354b08d574646f3097371546470854e30e3ff16e29657919fe1f977b2af21678fc906b00e9577ab14793d25c8b831caaa46619b23e7e0c61fc32c373f47c", 0x66}, {&(0x7f0000003ac0)="b244f1ef739ab12e414964e97bab8d425ca4d2f29190fd224f32347927af464896a0e696d2c789508677b9506067228f49e56aabcfbaca44a5910f28b03cf79b5679b17b6f6a022d9f8ee81cf7f8b3b69af83c1765a7724e00e49766a6ade22ae628c9be0d53644f5f8360bd85fb2ea83ea12292e0f8c4d327fa2f1d6a11f12ef7fd5c76351faff5", 0x88}, {&(0x7f0000003b80)}, {&(0x7f0000001440)="b18b6a676798ad4b9ae5d075b15259efca4da497bac3d2cf36debb3e0366e2c33e4826307b0f93886e305ba9e576ecfd6b13d725873a10d8cf5e389fa2b8fcc5201153ad4bf1fa382696d407c65bca4ba5b776d506dd8dcd624f7c145044e5acf2c1f7e8fd600308d1b62a75ded88a6b049707c1a61b5506600023c6f7460ebc", 0x80}, {&(0x7f0000003c00)="7fa8232a122db3c4ec75ed595ac86e5ea4450e55f62628063e3abdfae18bce64c22f38059e828087153d22126be7452d5ae875e26a49e5cb284d210dc2651182711d21ae34bf5518b1cfd0574b44e183c617b9c14053fb5d1703b7a9c4f09b6eb75fc686b939c6c7386fd4d3adec5f2c2bbc39484cc9a534ac5eeaf85e77e564457630a55c4818238e812a968a8cbf91069095f871b68624bbeb9ba634700f9b", 0xa0}, {&(0x7f0000003cc0)="7af172a457f3c06d4d906a2d68dba99bce03a631a9480d9b4526740e324401141fa36b7f9d3edc41f3faa0f8d88424b439efc516ee40f635e46e", 0x3a}], 0x6, &(0x7f0000000800)=[@rights={{0x20, 0x1, 0x1, [r1, r2, r4, r4, 0xffffffffffffffff]}}], 0x20, 0x4008800}}], 0x6, 0x80) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r6, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmmsg$inet6(r6, &(0x7f0000002940), 0x0, 0x0) r7 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc}) r8 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r8, 0x0, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_GET_ADDR(r9, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000d40)=ANY=[@ANYRES8, @ANYRES16=0x0, @ANYBLOB="010007000000fddbdf2503000000ff000180a3324d0cc93355c300db72c6af1360bfc6615d459e0f129be6fd1fea1f3d2017205dbeea018748d4657ea57a6676e1ec1dfacdebe7b4c2e97144fda651f0294dc200753677d77c3859d567c8a7089a248eafebfc4e38cb9a40d72510a598b8b0"], 0x18}, 0x1, 0x0, 0x0, 0x5800}, 0x4) listen(r8, 0x2) close_range(r7, r8, 0x0) r10 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) ioctl$USBDEVFS_CONTROL(r10, 0xc0185500, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmmsg$inet(r1, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000000005000000050001000700"/28], 0x1c}}, 0x0) 0s ago: executing program 8 (id=3295): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0x1, &(0x7f00000000c0)=0x3a7b, 0x4) socket$nl_route(0x10, 0x3, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x8041) recvmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)=""/200, 0xc8}], 0x1}, 0x10040) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f0000000f40)=""/4073, 0x0, 0xffffff56, 0x1, 0x1, 0x0, @void, @value}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100677470001400028008000100", @ANYRES32=r6], 0x48}}, 0x810) kernel console output (not intermixed with test programs): 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 523.526234][T16964] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 523.526248][T16964] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 523.526257][T16964] RDX: 0000000000000235 RSI: 0000000000000000 RDI: 0000000000000000 [ 523.526265][T16964] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 523.526273][T16964] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 523.526281][T16964] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 523.526301][T16964] [ 523.600516][T16962] lo speed is unknown, defaulting to 1000 [ 523.688782][T16962] syzkaller0 speed is unknown, defaulting to 1000 [ 524.410013][T13753] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.502957][ T5311] Bluetooth: hci0: command tx timeout [ 525.746005][T13753] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 525.815282][T16992] FAULT_INJECTION: forcing a failure. [ 525.815282][T16992] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 525.820648][T16992] CPU: 0 UID: 60928 PID: 16992 Comm: syz.1.3083 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 525.820672][T16992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 525.820684][T16992] Call Trace: [ 525.820690][T16992] [ 525.820698][T16992] dump_stack_lvl+0x16c/0x1f0 [ 525.820731][T16992] should_fail_ex+0x512/0x640 [ 525.820762][T16992] _copy_to_user+0x32/0xd0 [ 525.820791][T16992] simple_read_from_buffer+0xcb/0x170 [ 525.820817][T16992] proc_fail_nth_read+0x197/0x270 [ 525.820840][T16992] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 525.820863][T16992] ? rw_verify_area+0xcf/0x680 [ 525.820884][T16992] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 525.820904][T16992] vfs_read+0x1e1/0xc60 [ 525.820928][T16992] ? fdget_pos+0x2a2/0x370 [ 525.820955][T16992] ? __pfx_vfs_read+0x10/0x10 [ 525.820976][T16992] ? find_held_lock+0x2b/0x80 [ 525.821001][T16992] ? __fget_files+0x20e/0x3c0 [ 525.821033][T16992] ksys_read+0x12a/0x250 [ 525.821056][T16992] ? __pfx_ksys_read+0x10/0x10 [ 525.821082][T16992] ? rcu_is_watching+0x12/0xc0 [ 525.821103][T16992] __do_fast_syscall_32+0x7c/0x3a0 [ 525.821124][T16992] do_fast_syscall_32+0x32/0x80 [ 525.821141][T16992] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 525.821162][T16992] RIP: 0023:0xf706e579 [ 525.821176][T16992] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 525.821192][T16992] RSP: 002b:00000000f505e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 525.821210][T16992] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f505e620 [ 525.821221][T16992] RDX: 000000000000000f RSI: 00000000f73d2ff4 RDI: 0000000000000000 [ 525.821231][T16992] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 525.821241][T16992] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 525.821251][T16992] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 525.821275][T16992] [ 525.916176][ T5954] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 525.926274][ T5954] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 525.931657][ T5954] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 525.953394][ T5954] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 525.956091][ T5954] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 526.046733][T13753] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.115748][T16994] lo speed is unknown, defaulting to 1000 [ 526.192218][T16994] syzkaller0 speed is unknown, defaulting to 1000 [ 526.194780][T17002] FAULT_INJECTION: forcing a failure. [ 526.194780][T17002] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 526.198801][T17002] CPU: 0 UID: 0 PID: 17002 Comm: syz.1.3086 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 526.198816][T17002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 526.198823][T17002] Call Trace: [ 526.198827][T17002] [ 526.198832][T17002] dump_stack_lvl+0x16c/0x1f0 [ 526.198853][T17002] should_fail_ex+0x512/0x640 [ 526.198873][T17002] _copy_from_user+0x2e/0xd0 [ 526.198890][T17002] kvm_arch_vcpu_ioctl+0xdd5/0x5120 [ 526.198901][T17002] ? is_bpf_text_address+0x94/0x1a0 [ 526.198917][T17002] ? kernel_text_address+0x8d/0x100 [ 526.198933][T17002] ? __kernel_text_address+0xd/0x40 [ 526.198949][T17002] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 526.198965][T17002] ? stack_trace_save+0x8e/0xc0 [ 526.198978][T17002] ? __lock_acquire+0xb8a/0x1c90 [ 526.198994][T17002] ? kasan_save_stack+0x42/0x60 [ 526.199010][T17002] ? kasan_save_track+0x14/0x30 [ 526.199025][T17002] ? __mutex_trylock_common+0xe9/0x250 [ 526.199041][T17002] ? __pfx___mutex_trylock_common+0x10/0x10 [ 526.199056][T17002] ? __pfx___might_resched+0x10/0x10 [ 526.199067][T17002] ? rcu_is_watching+0x12/0xc0 [ 526.199078][T17002] ? trace_contention_end+0xdd/0x130 [ 526.199092][T17002] ? __mutex_lock+0x1ca/0xb90 [ 526.199103][T17002] ? kvm_vcpu_ioctl+0x280/0x1690 [ 526.199117][T17002] ? __pfx___mutex_lock+0x10/0x10 [ 526.199132][T17002] ? kasan_quarantine_put+0x10a/0x240 [ 526.199149][T17002] ? kvm_vcpu_ioctl+0x1236/0x1690 [ 526.199160][T17002] kvm_vcpu_ioctl+0x1236/0x1690 [ 526.199177][T17002] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 526.199190][T17002] ? tomoyo_path_number_perm+0x18d/0x580 [ 526.199204][T17002] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 526.199216][T17002] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 526.199232][T17002] ? do_vfs_ioctl+0x523/0x1a60 [ 526.199247][T17002] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 526.199270][T17002] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 526.199284][T17002] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 526.199296][T17002] ? __fget_files+0x20e/0x3c0 [ 526.199309][T17002] ? fput+0x60/0xf0 [ 526.199321][T17002] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 526.199334][T17002] __ia32_compat_sys_ioctl+0x242/0x370 [ 526.199348][T17002] __do_fast_syscall_32+0x7c/0x3a0 [ 526.199360][T17002] do_fast_syscall_32+0x32/0x80 [ 526.199370][T17002] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 526.199384][T17002] RIP: 0023:0xf706e579 [ 526.199405][T17002] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 526.199416][T17002] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 526.199426][T17002] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000004008ae90 [ 526.199433][T17002] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 526.199439][T17002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 526.199445][T17002] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 526.199451][T17002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 526.199465][T17002] [ 526.329618][T13753] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 526.404989][T16994] chnl_net:caif_netlink_parms(): no params data found [ 526.517169][T16994] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.521792][T16994] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.524752][T16994] bridge_slave_0: entered allmulticast mode [ 526.527603][T16994] bridge_slave_0: entered promiscuous mode [ 526.569031][T16994] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.571872][T16994] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.583178][T16994] bridge_slave_1: entered allmulticast mode [ 526.588275][T16994] bridge_slave_1: entered promiscuous mode [ 526.613030][ T6032] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 526.642975][T13753] bridge_slave_1: left allmulticast mode [ 526.645052][T13753] bridge_slave_1: left promiscuous mode [ 526.648079][T13753] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.651875][T13753] bridge_slave_0: left allmulticast mode [ 526.654032][T13753] bridge_slave_0: left promiscuous mode [ 526.655857][T13753] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.934366][ T6032] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 526.938485][ T6032] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 526.941389][ T6032] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.947067][ T6032] usb 7-1: config 0 descriptor?? [ 527.038242][T13753] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 527.043121][T13753] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 527.047061][T13753] bond0 (unregistering): Released all slaves [ 527.064546][T16994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.071288][T16994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.134072][T16994] team0: Port device team_slave_0 added [ 527.142857][T16994] team0: Port device team_slave_1 added [ 527.153188][ T6032] usbhid 7-1:0.0: can't add hid device: -71 [ 527.155182][ T6032] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 527.158805][ T6032] usb 7-1: USB disconnect, device number 33 [ 527.209821][T16994] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 527.212054][T16994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.225408][T16994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 527.231679][T16994] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 527.237027][T16994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 527.247891][T16994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 527.303247][T16994] hsr_slave_0: entered promiscuous mode [ 527.305631][T16994] hsr_slave_1: entered promiscuous mode [ 527.308091][T16994] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 527.314514][T16994] Cannot create hsr debugfs directory [ 527.463005][ T838] libceph: connect (1)[c::]:6789 error -101 [ 527.465046][ T838] libceph: mon0 (1)[c::]:6789 connect error [ 527.540767][T17029] ceph: No mds server is up or the cluster is laggy [ 527.583015][ T5311] Bluetooth: hci0: command tx timeout [ 527.612842][ T29] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 527.654837][T13753] hsr_slave_0: left promiscuous mode [ 527.657059][T13753] hsr_slave_1: left promiscuous mode [ 527.659080][T13753] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 527.661415][T13753] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 527.670623][T13753] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 527.684600][T13753] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 527.720322][T13753] veth1_macvtap: left promiscuous mode [ 527.722089][T13753] veth0_macvtap: left promiscuous mode [ 527.724515][T13753] veth1_vlan: left promiscuous mode [ 527.726210][T13753] veth0_vlan: left promiscuous mode [ 527.805576][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.809168][ T29] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 527.817946][T17036] atomic_op ffff88804e1c4198 conn xmit_atomic 0000000000000000 [ 527.824127][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.841243][ T29] usb 7-1: config 0 descriptor?? [ 527.914819][T17041] FAULT_INJECTION: forcing a failure. [ 527.914819][T17041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 527.919071][T17041] CPU: 2 UID: 0 PID: 17041 Comm: syz.8.3095 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 527.919087][T17041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 527.919094][T17041] Call Trace: [ 527.919098][T17041] [ 527.919103][T17041] dump_stack_lvl+0x16c/0x1f0 [ 527.919123][T17041] should_fail_ex+0x512/0x640 [ 527.919140][T17041] _copy_from_user+0x2e/0xd0 [ 527.919158][T17041] kvm_vm_compat_ioctl+0x275/0x430 [ 527.919175][T17041] ? __pfx_kvm_vm_compat_ioctl+0x10/0x10 [ 527.919192][T17041] ? find_held_lock+0x2b/0x80 [ 527.919202][T17041] ? hook_file_ioctl_common+0x145/0x410 [ 527.919217][T17041] ? fput+0x60/0xf0 [ 527.919229][T17041] ? __pfx_kvm_vm_compat_ioctl+0x10/0x10 [ 527.919246][T17041] __ia32_compat_sys_ioctl+0x242/0x370 [ 527.919260][T17041] __do_fast_syscall_32+0x7c/0x3a0 [ 527.919272][T17041] do_fast_syscall_32+0x32/0x80 [ 527.919282][T17041] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 527.919295][T17041] RIP: 0023:0xf70de579 [ 527.919304][T17041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 527.919314][T17041] RSP: 002b:00000000f50ad55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 527.919324][T17041] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c018aec0 [ 527.919331][T17041] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 527.919337][T17041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 527.919343][T17041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 527.919349][T17041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 527.919362][T17041] [ 528.059813][ T29] usbhid 7-1:0.0: can't add hid device: -71 [ 528.061839][ T29] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 528.068006][ T29] usb 7-1: USB disconnect, device number 34 [ 528.069662][ T5311] Bluetooth: hci4: command tx timeout [ 528.336598][T17049] syz.8.3098: vmalloc error: size 12288, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 528.342946][T17049] CPU: 2 UID: 0 PID: 17049 Comm: syz.8.3098 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 528.342970][T17049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 528.342979][T17049] Call Trace: [ 528.342986][T17049] [ 528.342994][T17049] dump_stack_lvl+0x16c/0x1f0 [ 528.343023][T17049] warn_alloc+0x248/0x3a0 [ 528.343048][T17049] ? __pfx_warn_alloc+0x10/0x10 [ 528.343073][T17049] ? alloc_pages_mpol+0x25a/0x550 [ 528.343098][T17049] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 528.343123][T17049] ? trace_kmalloc+0x2b/0xd0 [ 528.343147][T17049] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 528.343175][T17049] ? kernel_clone+0xfc/0x960 [ 528.343201][T17049] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 528.343224][T17049] ? __memcg_slab_post_alloc_hook+0x4a0/0x960 [ 528.343252][T17049] ? kernel_clone+0xfc/0x960 [ 528.343271][T17049] __vmalloc_node_noprof+0xad/0xf0 [ 528.343292][T17049] ? kernel_clone+0xfc/0x960 [ 528.343313][T17049] copy_process+0x2c70/0x76a0 [ 528.343343][T17049] ? __pfx_copy_process+0x10/0x10 [ 528.343377][T17049] kernel_clone+0xfc/0x960 [ 528.343400][T17049] ? __pfx_kernel_clone+0x10/0x10 [ 528.343428][T17049] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 528.343446][T17049] __do_compat_sys_ia32_clone+0xcb/0x110 [ 528.343466][T17049] ? __pfx___do_compat_sys_ia32_clone+0x10/0x10 [ 528.343495][T17049] ? ksys_write+0x1ac/0x250 [ 528.343517][T17049] ? __pfx_ksys_write+0x10/0x10 [ 528.343541][T17049] ? rcu_is_watching+0x12/0xc0 [ 528.343561][T17049] __do_fast_syscall_32+0x7c/0x3a0 [ 528.343579][T17049] do_fast_syscall_32+0x32/0x80 [ 528.343594][T17049] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 528.343614][T17049] RIP: 0023:0xf70de579 [ 528.343626][T17049] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 528.343642][T17049] RSP: 002b:00000000f50ce50c EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 528.343657][T17049] RAX: ffffffffffffffda RBX: 000000000c300000 RCX: 0000000000000000 [ 528.343668][T17049] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 528.343677][T17049] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 528.343687][T17049] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 528.343696][T17049] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 528.343718][T17049] [ 528.343723][T17049] Mem-Info: [ 528.442999][T17049] active_anon:273 inactive_anon:4449 isolated_anon:0 [ 528.442999][T17049] active_file:1471 inactive_file:473 isolated_file:0 [ 528.442999][T17049] unevictable:1768 dirty:107 writeback:0 [ 528.442999][T17049] slab_reclaimable:6720 slab_unreclaimable:80026 [ 528.442999][T17049] mapped:41156 shmem:4639 pagetables:1296 [ 528.442999][T17049] sec_pagetables:332 bounce:0 [ 528.442999][T17049] kernel_misc_reclaimable:0 [ 528.442999][T17049] free:24836 free_pcp:8999 free_cma:0 [ 528.456962][T17049] Node 0 active_anon:32kB inactive_anon:976kB active_file:24kB inactive_file:1428kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:1524kB dirty:0kB writeback:0kB shmem:5192kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:8168kB pagetables:1164kB sec_pagetables:1168kB all_unreclaimable? yes Balloon:0kB [ 528.467057][T17049] Node 1 active_anon:1060kB inactive_anon:16820kB active_file:5860kB inactive_file:464kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:147360kB dirty:428kB writeback:0kB shmem:13364kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7384kB pagetables:4020kB sec_pagetables:160kB all_unreclaimable? no Balloon:0kB [ 528.477207][T17049] Node 0 DMA free:1888kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:232kB local_pcp:0kB free_cma:0kB [ 528.487876][T17049] lowmem_reserve[]: 0 289 289 289 289 [ 528.489780][T17049] Node 0 DMA32 free:16908kB boost:2048kB min:15380kB low:18712kB high:22044kB reserved_highatomic:4096KB free_highatomic:284KB active_anon:32kB inactive_anon:976kB active_file:24kB inactive_file:1428kB unevictable:3536kB writepending:0kB present:1032196kB managed:296672kB mlocked:0kB bounce:0kB free_pcp:7684kB local_pcp:2836kB free_cma:0kB [ 528.500160][T17049] lowmem_reserve[]: 0 0 0 0 0 [ 528.501815][T17049] Node 1 DMA32 free:80548kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:2048KB free_highatomic:640KB active_anon:560kB inactive_anon:7920kB active_file:5860kB inactive_file:464kB unevictable:3536kB writepending:428kB present:1048432kB managed:948268kB mlocked:0kB bounce:0kB free_pcp:37576kB local_pcp:11412kB free_cma:0kB [ 528.523691][T17049] lowmem_reserve[]: 0 0 0 0 0 [ 528.525419][T17049] Node 0 DMA: 0*4kB 4*8kB (UM) 2*16kB (M) 1*32kB (M) 2*64kB (M) 1*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 1888kB [ 528.531010][T17049] Node 0 DMA32: 45*4kB (UMEH) 53*8kB (UEH) 97*16kB (UMEH) 127*32kB (UMEH) 61*64kB (UMEH) 29*128kB (UM) 8*256kB (UM) 0*512kB 1*1024kB (E) 0*2048kB 0*4096kB = 16908kB [ 528.538073][T17049] Node 1 DMA32: 766*4kB (UME) 597*8kB (UMEH) 289*16kB (UMEH) 133*32kB (MEH) 88*64kB (UMEH) 58*128kB (UMEH) 50*256kB (UME) 31*512kB (ME) 19*1024kB (UM) 1*2048kB (U) 0*4096kB = 79952kB [ 528.544722][T17049] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 528.547769][T17049] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 528.548426][T17051] netlink: 27 bytes leftover after parsing attributes in process `syz.1.3099'. [ 528.550689][T17049] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 528.550701][T17049] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 528.550709][T17049] 3982 total pagecache pages [ 528.550714][T17049] 221 pages in swap cache [ 528.550718][T17049] Free swap = 96044kB [ 528.550722][T17049] Total swap = 124996kB [ 528.550727][T17049] 524155 pages RAM [ 528.550731][T17049] 0 pages HighMem/MovableOnly [ 528.568691][T17049] 209080 pages reserved [ 528.569993][T17049] 0 pages cma reserved [ 528.582890][ T29] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 528.631558][ T6872] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 528.641268][ T6872] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 528.647448][T17054] Bluetooth: MGMT ver 1.23 [ 528.758506][T17058] fido_id[17058]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 528.764459][ T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 528.777484][ T29] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 528.781735][ T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.790375][ T29] usb 7-1: config 0 descriptor?? [ 529.108574][ T29] usbhid 7-1:0.0: can't add hid device: -71 [ 529.112890][ T29] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 529.116613][ T29] usb 7-1: USB disconnect, device number 35 [ 529.176430][T13753] team0 (unregistering): Port device team_slave_1 removed [ 529.278468][T13753] team0 (unregistering): Port device team_slave_0 removed [ 529.672914][ T5311] Bluetooth: hci0: command tx timeout [ 530.104535][T17076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3105'. [ 530.107683][T17076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3105'. [ 530.146281][ T5311] Bluetooth: hci4: command tx timeout [ 530.452097][T17083] lo speed is unknown, defaulting to 1000 [ 530.452182][T16994] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 530.464322][T16994] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 530.472039][T16994] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 530.479438][T16994] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 530.511090][T17092] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3106'. [ 530.514804][T17092] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3106'. [ 530.537558][T16994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 530.551724][T16994] 8021q: adding VLAN 0 to HW filter on device team0 [ 530.557280][ T80] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.559633][ T80] bridge0: port 1(bridge_slave_0) entered forwarding state [ 530.566737][T13732] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.569050][T13732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 530.702493][T16994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 530.728515][T16994] veth0_vlan: entered promiscuous mode [ 530.732373][T17083] syzkaller0 speed is unknown, defaulting to 1000 [ 530.734814][T16994] veth1_vlan: entered promiscuous mode [ 530.746683][T16994] veth0_macvtap: entered promiscuous mode [ 530.751527][T16994] veth1_macvtap: entered promiscuous mode [ 530.762137][T16994] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 530.769239][T16994] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 530.774926][T16994] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.777711][T16994] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.780514][T16994] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.786037][T16994] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.834457][T13753] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 530.837634][T13753] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.871977][T13744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 530.874577][T13744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 531.335360][T17107] atomic_op ffff88806d66e198 conn xmit_atomic 0000000000000000 [ 531.485662][T17113] Cannot find del_set index 3 as target [ 531.575731][T17113] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3113'. [ 532.072047][T17126] loop2: detected capacity change from 0 to 7 [ 532.106519][T17126] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 532.108269][T17126] loop2: partition table partially beyond EOD, truncated [ 532.146781][T17126] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 532.229290][ T5959] udevd[5959]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 532.343339][T17138] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3120'. [ 532.346834][T17138] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3120'. [ 532.350327][T17138] netlink: 'syz.8.3120': attribute type 12 has an invalid length. [ 532.353777][T17138] netlink: 'syz.8.3120': attribute type 11 has an invalid length. [ 532.387870][T17137] FAULT_INJECTION: forcing a failure. [ 532.387870][T17137] name failslab, interval 1, probability 0, space 0, times 0 [ 532.388000][T17137] CPU: 0 UID: 0 PID: 17137 Comm: syz.1.3119 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 532.388023][T17137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 532.388034][T17137] Call Trace: [ 532.388041][T17137] [ 532.388048][T17137] dump_stack_lvl+0x16c/0x1f0 [ 532.388080][T17137] should_fail_ex+0x512/0x640 [ 532.388105][T17137] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 532.388135][T17137] should_failslab+0xc2/0x120 [ 532.388152][T17137] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 532.388178][T17137] ? __alloc_skb+0x2b2/0x380 [ 532.388207][T17137] __alloc_skb+0x2b2/0x380 [ 532.388233][T17137] ? __pfx___alloc_skb+0x10/0x10 [ 532.388254][T17137] ? find_held_lock+0x2b/0x80 [ 532.388282][T17137] alloc_skb_with_frags+0xe0/0x860 [ 532.388308][T17137] tcp_send_rcvq+0x111/0x4e0 [ 532.388332][T17137] ? __pfx_tcp_send_rcvq+0x10/0x10 [ 532.388356][T17137] ? __lock_acquire+0x622/0x1c90 [ 532.388385][T17137] tcp_sendmsg_locked+0x3979/0x4300 [ 532.388417][T17137] ? is_bpf_text_address+0x8a/0x1a0 [ 532.388450][T17137] ? __asan_memcpy+0x3c/0x60 [ 532.388472][T17137] ? memcpy_to_scatterwalk+0x2ef/0x410 [ 532.388500][T17137] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 532.388542][T17137] tls_push_sg+0x243/0x9a0 [ 532.388565][T17137] ? __pfx_tls_push_sg+0x10/0x10 [ 532.388582][T17137] ? __pfx_gcm_encrypt_vaes_avx10_256+0x10/0x10 [ 532.388614][T17137] ? lock_acquire+0x179/0x350 [ 532.388637][T17137] ? find_held_lock+0x2b/0x80 [ 532.388657][T17137] tls_tx_records+0x345/0x6e0 [ 532.388683][T17137] tls_push_record+0x2546/0x3170 [ 532.388709][T17137] ? __print_lock_name+0x90/0xe0 [ 532.388733][T17137] ? __pfx_tls_push_record+0x10/0x10 [ 532.388752][T17137] ? sk_psock_get+0x13e/0x470 [ 532.388771][T17137] ? __pfx_sk_psock_get+0x10/0x10 [ 532.388798][T17137] bpf_exec_tx_verdict+0xf7b/0x14d0 [ 532.388820][T17137] ? iov_iter_advance+0x7d/0x6c0 [ 532.388854][T17137] ? __pfx_bpf_exec_tx_verdict+0x10/0x10 [ 532.388875][T17137] ? stack_trace_save+0x8e/0xc0 [ 532.388959][T17137] ? sk_msg_alloc+0x65b/0x920 [ 532.388996][T17137] tls_sw_sendmsg+0x1b8c/0x23f0 [ 532.389040][T17137] ? __pfx_tls_sw_sendmsg+0x10/0x10 [ 532.389059][T17137] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 532.389090][T17137] ? aa_sk_perm+0x2f4/0xb10 [ 532.389110][T17137] ? __fget_files+0x204/0x3c0 [ 532.389135][T17137] ? __pfx_aa_sk_perm+0x10/0x10 [ 532.389155][T17137] ? __fget_files+0x20e/0x3c0 [ 532.389176][T17137] ? __print_lock_name+0x90/0xe0 [ 532.389193][T17137] ? __pfx_tls_sw_sendmsg+0x10/0x10 [ 532.389215][T17137] inet6_sendmsg+0x119/0x140 [ 532.389234][T17137] __sys_sendto+0x376/0x520 [ 532.389260][T17137] ? __pfx___sys_sendto+0x10/0x10 [ 532.389310][T17137] ? ksys_write+0x1ac/0x250 [ 532.389333][T17137] ? __pfx_ksys_write+0x10/0x10 [ 532.389359][T17137] __ia32_sys_sendto+0xdd/0x1b0 [ 532.389383][T17137] ? lockdep_hardirqs_on+0x7c/0x110 [ 532.389409][T17137] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 532.389436][T17137] __do_fast_syscall_32+0x7c/0x3a0 [ 532.389459][T17137] do_fast_syscall_32+0x32/0x80 [ 532.389476][T17137] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 532.389497][T17137] RIP: 0023:0xf706e579 [ 532.389511][T17137] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 532.389527][T17137] RSP: 002b:00000000f501c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 532.389544][T17137] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800001c0 [ 532.389554][T17137] RDX: 00000000fffffede RSI: 0000000000000000 RDI: 0000000000000000 [ 532.389564][T17137] RBP: 0000000003000137 R08: 0000000000000000 R09: 0000000000000000 [ 532.389574][T17137] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 532.389584][T17137] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 532.389608][T17137] [ 533.825155][T17153] FAULT_INJECTION: forcing a failure. [ 533.825155][T17153] name failslab, interval 1, probability 0, space 0, times 0 [ 533.830441][T17153] CPU: 1 UID: 0 PID: 17153 Comm: syz.2.3124 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 533.830466][T17153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 533.830478][T17153] Call Trace: [ 533.830485][T17153] [ 533.830492][T17153] dump_stack_lvl+0x16c/0x1f0 [ 533.830524][T17153] should_fail_ex+0x512/0x640 [ 533.830550][T17153] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 533.830579][T17153] should_failslab+0xc2/0x120 [ 533.830597][T17153] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 533.830623][T17153] ? __d_alloc+0x31/0xaa0 [ 533.830652][T17153] __d_alloc+0x31/0xaa0 [ 533.830676][T17153] ? __d_lookup+0x266/0x4a0 [ 533.830698][T17153] d_alloc+0x4a/0x1e0 [ 533.830725][T17153] lookup_one_qstr_excl_raw.part.0+0x96/0x160 [ 533.830744][T17153] ? lookup_dcache+0x66/0x170 [ 533.830764][T17153] lookup_one_qstr_excl+0x3e/0x120 [ 533.830785][T17153] do_renameat2+0x5aa/0xc90 [ 533.830820][T17153] ? __pfx_do_renameat2+0x10/0x10 [ 533.830849][T17153] ? find_held_lock+0x2b/0x80 [ 533.830866][T17153] ? __might_fault+0xe3/0x190 [ 533.830891][T17153] ? __might_fault+0x13b/0x190 [ 533.830928][T17153] ? getname_flags.part.0+0x1c5/0x550 [ 533.830954][T17153] __ia32_sys_renameat2+0xe7/0x130 [ 533.830984][T17153] __do_fast_syscall_32+0x7c/0x3a0 [ 533.831004][T17153] do_fast_syscall_32+0x32/0x80 [ 533.831021][T17153] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 533.831042][T17153] RIP: 0023:0xf704e579 [ 533.831057][T17153] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 533.831073][T17153] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000161 [ 533.831090][T17153] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000140 [ 533.831102][T17153] RDX: 00000000ffffff9c RSI: 0000000080000600 RDI: 0000000000000002 [ 533.831112][T17153] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 533.831122][T17153] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 533.831133][T17153] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 533.831157][T17153] [ 533.904875][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.947639][T17154] netlink: 'syz.1.3122': attribute type 10 has an invalid length. [ 534.135524][T13753] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 534.256669][T17154] batman_adv: batadv0: Adding interface: team0 [ 534.262878][T17154] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 534.278845][T17154] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 535.691021][T17164] 9pnet_fd: Insufficient options for proto=fd [ 535.696533][T17164] FAULT_INJECTION: forcing a failure. [ 535.696533][T17164] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 535.701570][T17164] CPU: 3 UID: 0 PID: 17164 Comm: syz.2.3127 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 535.701586][T17164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 535.701593][T17164] Call Trace: [ 535.701597][T17164] [ 535.701601][T17164] dump_stack_lvl+0x16c/0x1f0 [ 535.701622][T17164] should_fail_ex+0x512/0x640 [ 535.701640][T17164] _copy_to_iter+0x29f/0x16f0 [ 535.701652][T17164] ? do_raw_spin_unlock+0x172/0x230 [ 535.701668][T17164] ? _raw_spin_unlock+0x28/0x50 [ 535.701683][T17164] ? __pfx__copy_to_iter+0x10/0x10 [ 535.701697][T17164] ? __folio_put+0x32e/0x450 [ 535.701714][T17164] copy_page_to_iter+0x12a/0x1e0 [ 535.701726][T17164] pipe_to_user+0xb0/0x170 [ 535.701738][T17164] ? anon_pipe_buf_release+0x3ed/0x500 [ 535.701755][T17164] __splice_from_pipe+0x397/0x800 [ 535.701770][T17164] ? __pfx_pipe_to_user+0x10/0x10 [ 535.701785][T17164] __do_sys_vmsplice+0x716/0x1180 [ 535.701802][T17164] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 535.701817][T17164] ? get_pid_task+0x106/0x250 [ 535.701832][T17164] ? find_held_lock+0x2b/0x80 [ 535.701846][T17164] ? find_held_lock+0x2b/0x80 [ 535.701864][T17164] ? __fget_files+0x20e/0x3c0 [ 535.701877][T17164] ? handle_mm_fault+0x230/0xd10 [ 535.701893][T17164] ? fput+0x70/0xf0 [ 535.701903][T17164] ? ksys_write+0x1ac/0x250 [ 535.701916][T17164] ? __pfx_ksys_write+0x10/0x10 [ 535.701934][T17164] ? __do_fast_syscall_32+0x7c/0x3a0 [ 535.701944][T17164] __do_fast_syscall_32+0x7c/0x3a0 [ 535.701955][T17164] do_fast_syscall_32+0x32/0x80 [ 535.701965][T17164] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 535.701978][T17164] RIP: 0023:0xf704e579 [ 535.701987][T17164] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 535.701997][T17164] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 000000000000013c [ 535.702007][T17164] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 535.702014][T17164] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 535.702019][T17164] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 535.702025][T17164] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 535.702031][T17164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 535.702045][T17164] [ 535.746253][T17167] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3129'. [ 535.826588][ T5954] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 535.831410][ T5954] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 535.834862][ T5954] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 535.841040][ T5954] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 535.849290][ T5954] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 535.863779][T13753] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.918492][T17173] lo speed is unknown, defaulting to 1000 [ 535.966020][T13753] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.974270][T17175] random: crng reseeded on system resumption [ 536.022027][T17173] syzkaller0 speed is unknown, defaulting to 1000 [ 536.104328][T13753] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.285989][T13753] bridge_slave_1: left allmulticast mode [ 536.297267][T13753] bridge_slave_1: left promiscuous mode [ 536.307843][T13753] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.321990][T13753] bridge_slave_0: left allmulticast mode [ 536.330592][T13753] bridge_slave_0: left promiscuous mode [ 536.334014][T13753] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.672202][T17186] netlink: 'syz.2.3130': attribute type 27 has an invalid length. [ 536.894733][T13753] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 536.899058][T13753] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 536.902843][ T60] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 536.903726][T13753] bond0 (unregistering): Released all slaves [ 537.011333][T17186] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.013897][T17186] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.032922][ T60] usb 6-1: device descriptor read/64, error -71 [ 537.272960][ T60] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 537.402926][ T60] usb 6-1: device descriptor read/64, error -71 [ 537.475426][T17186] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 537.486280][T17186] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 537.523220][ T60] usb usb6-port1: attempt power cycle [ 537.538891][T17186] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.541688][T17186] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.544598][T17186] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.547244][T17186] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.586914][T17187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 537.589656][T17187] 8021q: adding VLAN 0 to HW filter on device team0 [ 537.595115][T17187] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 537.614693][T17173] chnl_net:caif_netlink_parms(): no params data found [ 537.716815][T17203] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3135'. [ 537.723385][T17201] netlink: 'syz.2.3134': attribute type 27 has an invalid length. [ 537.841331][T17173] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.843773][T17173] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.846071][T17173] bridge_slave_0: entered allmulticast mode [ 537.849158][T17173] bridge_slave_0: entered promiscuous mode [ 537.872881][ T60] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 537.884405][T17201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 537.887210][T17201] 8021q: adding VLAN 0 to HW filter on device team0 [ 537.892121][T17201] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 537.897581][T17173] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.902998][T17173] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.904054][ T60] usb 6-1: device descriptor read/8, error -71 [ 537.905361][T17173] bridge_slave_1: entered allmulticast mode [ 537.911468][T17173] bridge_slave_1: entered promiscuous mode [ 537.984725][ T5954] Bluetooth: hci4: command tx timeout [ 537.993429][T17173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 538.009432][T17173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 538.015848][T17217] 9pnet_fd: Insufficient options for proto=fd [ 538.174303][ T60] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 538.194617][T17173] team0: Port device team_slave_0 added [ 538.203683][ T60] usb 6-1: device descriptor read/8, error -71 [ 538.276314][T13753] hsr_slave_0: left promiscuous mode [ 538.278492][T13753] hsr_slave_1: left promiscuous mode [ 538.281041][T13753] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 538.285169][T13753] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 538.287964][T13753] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 538.290282][T13753] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.322976][ T60] usb usb6-port1: unable to enumerate USB device [ 538.324203][T13753] veth1_macvtap: left promiscuous mode [ 538.326889][T13753] veth0_macvtap: left promiscuous mode [ 538.328689][T13753] veth1_vlan: left promiscuous mode [ 538.330359][T13753] veth0_vlan: left promiscuous mode [ 539.468805][T13753] team0 (unregistering): Port device team_slave_1 removed [ 539.577296][T13753] team0 (unregistering): Port device team_slave_0 removed [ 539.735318][T17243] FAULT_INJECTION: forcing a failure. [ 539.735318][T17243] name failslab, interval 1, probability 0, space 0, times 0 [ 539.740627][T17243] CPU: 1 UID: 0 PID: 17243 Comm: syz.1.3144 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 539.740653][T17243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 539.740680][T17243] Call Trace: [ 539.740690][T17243] [ 539.740699][T17243] dump_stack_lvl+0x16c/0x1f0 [ 539.740732][T17243] should_fail_ex+0x512/0x640 [ 539.740758][T17243] ? fs_reclaim_acquire+0xae/0x150 [ 539.740781][T17243] ? tomoyo_encode2+0x100/0x3e0 [ 539.740805][T17243] should_failslab+0xc2/0x120 [ 539.740824][T17243] __kmalloc_noprof+0xd2/0x510 [ 539.740848][T17243] ? __get_fs_type+0x12c/0x170 [ 539.740880][T17243] tomoyo_encode2+0x100/0x3e0 [ 539.740908][T17243] tomoyo_encode+0x29/0x50 [ 539.740931][T17243] tomoyo_mount_acl+0x314/0x850 [ 539.740952][T17243] ? __kernel_text_address+0xd/0x40 [ 539.740980][T17243] ? unwind_get_return_address+0x59/0xa0 [ 539.741011][T17243] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 539.741064][T17243] ? tomoyo_domain+0xbb/0x150 [ 539.741089][T17243] ? tomoyo_profile+0x47/0x60 [ 539.741118][T17243] tomoyo_mount_permission+0x16d/0x420 [ 539.741139][T17243] ? tomoyo_mount_permission+0x14f/0x420 [ 539.741162][T17243] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 539.741199][T17243] security_sb_mount+0x9b/0x260 [ 539.741221][T17243] path_mount+0x128/0x2020 [ 539.741247][T17243] ? kmem_cache_free+0x2d1/0x4d0 [ 539.741271][T17243] ? __pfx_path_mount+0x10/0x10 [ 539.741296][T17243] ? getname_flags.part.0+0x1c5/0x550 [ 539.741318][T17243] ? putname+0x154/0x1a0 [ 539.741339][T17243] __ia32_sys_mount+0x28b/0x310 [ 539.741366][T17243] ? __pfx___ia32_sys_mount+0x10/0x10 [ 539.741399][T17243] ? rcu_is_watching+0x12/0xc0 [ 539.741424][T17243] __do_fast_syscall_32+0x7c/0x3a0 [ 539.741445][T17243] do_fast_syscall_32+0x32/0x80 [ 539.741462][T17243] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 539.741484][T17243] RIP: 0023:0xf706e579 [ 539.741499][T17243] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 539.741517][T17243] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 539.741535][T17243] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000040 [ 539.741547][T17243] RDX: 0000000080000b80 RSI: 0000000000000000 RDI: 0000000080000000 [ 539.741558][T17243] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 539.741569][T17243] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 539.741580][T17243] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 539.741605][T17243] [ 540.064191][ T5954] Bluetooth: hci4: command tx timeout [ 540.425393][T17173] team0: Port device team_slave_1 added [ 540.481892][T17173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 540.484471][T17173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.492471][T17173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 540.516912][T17173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 540.519542][T17173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.528123][T17173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.569164][T17173] hsr_slave_0: entered promiscuous mode [ 540.571421][T17173] hsr_slave_1: entered promiscuous mode [ 540.574241][T17173] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 540.577317][T17173] Cannot create hsr debugfs directory [ 541.161197][T13753] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 541.239418][T13753] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 541.324095][T13753] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 541.372031][T17173] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 541.376235][T17173] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 541.381030][T17173] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 541.394339][T17173] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 541.412991][T13753] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 541.461892][T17173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.470856][T17173] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.500985][T13732] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.503965][T13732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.510698][T13732] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.514102][T13732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.152894][ T5954] Bluetooth: hci4: command tx timeout [ 542.425469][T13753] bond0 (unregistering): (slave team0): Releasing backup interface [ 542.429771][T13753] bond0 (unregistering): Released all slaves [ 542.616004][T13753] bond1 (unregistering): Released all slaves [ 542.740052][T13753] bond2 (unregistering): Released all slaves [ 542.753436][T13753] bond3 (unregistering): Released all slaves [ 542.845828][T17173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.877885][T13753] tipc: Disabling bearer [ 542.885187][T13753] tipc: Left network mode [ 542.899590][T13753] IPVS: stopping backup sync thread 15658 ... [ 542.904072][T17173] veth0_vlan: entered promiscuous mode [ 542.922893][T17173] veth1_vlan: entered promiscuous mode [ 542.939473][T17173] veth0_macvtap: entered promiscuous mode [ 542.943869][T17173] veth1_macvtap: entered promiscuous mode [ 542.953942][T17173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.961704][T17173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 542.985793][T17173] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.988561][T17173] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.991303][T17173] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.997047][T17173] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.078525][T13744] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.093259][T13744] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.126091][T13744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.130460][T13744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.309347][T13753] hsr_slave_0: left promiscuous mode [ 543.322866][T13753] hsr_slave_1: left promiscuous mode [ 543.503510][T13753] pim6reg (unregistering): left allmulticast mode [ 544.922890][T17315] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3158'. [ 545.617291][T17314] : entered promiscuous mode [ 546.032062][T13753] IPVS: stop unused estimator thread 0... [ 546.124625][T13753] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.838064][T17327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3159'. [ 546.850182][T17327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3159'. [ 546.948134][ T5311] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 546.956655][ T5311] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 546.960465][ T5311] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 546.969989][ T5311] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 546.974797][ T5311] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 547.068759][T17328] lo speed is unknown, defaulting to 1000 [ 547.204212][T17328] syzkaller0 speed is unknown, defaulting to 1000 [ 547.434099][T13753] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.618961][T17346] FAULT_INJECTION: forcing a failure. [ 547.618961][T17346] name failslab, interval 1, probability 0, space 0, times 0 [ 547.627154][T17346] CPU: 2 UID: 0 PID: 17346 Comm: syz.1.3166 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 547.627180][T17346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 547.627191][T17346] Call Trace: [ 547.627198][T17346] [ 547.627206][T17346] dump_stack_lvl+0x16c/0x1f0 [ 547.627245][T17346] should_fail_ex+0x512/0x640 [ 547.627270][T17346] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 547.627301][T17346] should_failslab+0xc2/0x120 [ 547.627319][T17346] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 547.627347][T17346] ? kasprintf+0xc7/0x100 [ 547.627369][T17346] kvasprintf+0xbc/0x160 [ 547.627386][T17346] ? __pfx_kvasprintf+0x10/0x10 [ 547.627406][T17346] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 547.627431][T17346] ? lockdep_hardirqs_on+0x7c/0x110 [ 547.627457][T17346] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 547.627481][T17346] kasprintf+0xc7/0x100 [ 547.627494][T17346] ? __pfx_kasprintf+0x10/0x10 [ 547.627513][T17346] ? __pfx_sta_info_cleanup+0x10/0x10 [ 547.627537][T17346] ieee80211_alloc_led_names+0x86/0x420 [ 547.627553][T17346] ieee80211_alloc_hw_nm+0x1941/0x2260 [ 547.627572][T17346] mac80211_hwsim_new_radio+0x1d4/0x54d0 [ 547.627608][T17346] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 547.627632][T17346] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 547.627665][T17346] hwsim_new_radio_nl+0xb51/0x12c0 [ 547.627689][T17346] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 547.627722][T17346] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 547.627747][T17346] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 547.627774][T17346] genl_family_rcv_msg_doit+0x206/0x2f0 [ 547.627821][T17346] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 547.627846][T17346] ? trace_cap_capable+0x18d/0x200 [ 547.627869][T17346] ? bpf_lsm_capable+0x9/0x10 [ 547.627886][T17346] ? security_capable+0x7e/0x260 [ 547.627903][T17346] ? ns_capable+0xd7/0x110 [ 547.627921][T17346] genl_rcv_msg+0x55c/0x800 [ 547.627946][T17346] ? __pfx_genl_rcv_msg+0x10/0x10 [ 547.627968][T17346] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 547.627999][T17346] netlink_rcv_skb+0x155/0x420 [ 547.628017][T17346] ? __pfx_genl_rcv_msg+0x10/0x10 [ 547.628039][T17346] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 547.628069][T17346] ? netlink_deliver_tap+0x1ae/0xd30 [ 547.628091][T17346] genl_rcv+0x28/0x40 [ 547.628110][T17346] netlink_unicast+0x53d/0x7f0 [ 547.628131][T17346] ? __pfx_netlink_unicast+0x10/0x10 [ 547.628159][T17346] netlink_sendmsg+0x8d1/0xdd0 [ 547.628181][T17346] ? __pfx_netlink_sendmsg+0x10/0x10 [ 547.628203][T17346] ? __import_iovec+0x1dd/0x650 [ 547.628224][T17346] ____sys_sendmsg+0xa98/0xc70 [ 547.628254][T17346] ? __pfx_____sys_sendmsg+0x10/0x10 [ 547.628273][T17346] ? get_compat_msghdr+0x11a/0x170 [ 547.628303][T17346] ___sys_sendmsg+0x134/0x1d0 [ 547.628332][T17346] ? __pfx____sys_sendmsg+0x10/0x10 [ 547.628373][T17346] ? find_held_lock+0x2b/0x80 [ 547.628410][T17346] __sys_sendmsg+0x16d/0x220 [ 547.628427][T17346] ? __pfx___sys_sendmsg+0x10/0x10 [ 547.628467][T17346] ? rcu_is_watching+0x12/0xc0 [ 547.628488][T17346] __do_fast_syscall_32+0x7c/0x3a0 [ 547.628508][T17346] do_fast_syscall_32+0x32/0x80 [ 547.628524][T17346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 547.628542][T17346] RIP: 0023:0xf706e579 [ 547.628554][T17346] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 547.628568][T17346] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 547.628583][T17346] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 547.628593][T17346] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 547.628601][T17346] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 547.628610][T17346] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 547.628618][T17346] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 547.628638][T17346] [ 547.644925][T17328] chnl_net:caif_netlink_parms(): no params data found [ 547.847891][T13753] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.899909][T17328] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.903871][T17328] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.907320][T17328] bridge_slave_0: entered allmulticast mode [ 547.910422][T17328] bridge_slave_0: entered promiscuous mode [ 547.914318][T17328] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.916591][T17328] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.919021][T17328] bridge_slave_1: entered allmulticast mode [ 547.922256][T17328] bridge_slave_1: entered promiscuous mode [ 547.990969][T13753] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 548.084074][T17328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.093877][T17328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 548.191435][T17328] team0: Port device team_slave_0 added [ 548.197361][T17328] team0: Port device team_slave_1 added [ 548.200155][T17353] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3167'. [ 548.354457][T17328] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 548.360794][T17328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 548.370456][T17328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 548.381694][T17328] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 548.391046][T17328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 548.402891][T17328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 548.653893][T17328] hsr_slave_0: entered promiscuous mode [ 548.656494][T17328] hsr_slave_1: entered promiscuous mode [ 548.660732][T17328] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 548.665842][T17328] Cannot create hsr debugfs directory [ 549.023067][ T5311] Bluetooth: hci4: command tx timeout [ 549.026765][T17365] atomic_op ffff888077101998 conn xmit_atomic 0000000000000000 [ 549.082159][T13753] bridge_slave_1: left allmulticast mode [ 549.084914][T13753] bridge_slave_1: left promiscuous mode [ 549.086821][T13753] bridge0: port 2(bridge_slave_1) entered disabled state [ 549.096172][T13753] bridge_slave_0: left allmulticast mode [ 549.098027][T13753] bridge_slave_0: left promiscuous mode [ 549.100122][T13753] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.574484][T17375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3172'. [ 549.577542][T17375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3172'. [ 549.589980][T13753] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 549.596641][T13753] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 549.601464][T13753] bond0 (unregistering): Released all slaves [ 549.782991][ T6600] usb 13-1: new high-speed USB device number 60 using dummy_hcd [ 549.967039][ T6600] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 549.970434][ T6600] usb 13-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 549.973220][ T6600] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.976995][ T6600] usb 13-1: config 0 descriptor?? [ 550.187597][T13753] hsr_slave_0: left promiscuous mode [ 550.188296][ T6600] usbhid 13-1:0.0: can't add hid device: -71 [ 550.191278][ T6600] usbhid 13-1:0.0: probe with driver usbhid failed with error -71 [ 550.194554][T13753] hsr_slave_1: left promiscuous mode [ 550.197120][T13753] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 550.199946][T13753] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 550.203368][ T6600] usb 13-1: USB disconnect, device number 60 [ 550.207183][T13753] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 550.209502][T13753] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 550.302214][T13753] veth1_macvtap: left promiscuous mode [ 550.304269][T13753] veth0_macvtap: left promiscuous mode [ 550.306043][T13753] veth1_vlan: left promiscuous mode [ 550.307725][T13753] veth0_vlan: left promiscuous mode [ 550.415153][ T60] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 550.594205][ T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 550.598753][ T60] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 550.601855][ T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.606345][ T60] usb 6-1: config 0 descriptor?? [ 550.673357][ T6600] usb 13-1: new high-speed USB device number 61 using dummy_hcd [ 550.820514][ T60] usbhid 6-1:0.0: can't add hid device: -71 [ 550.822723][ T60] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 550.827111][ T60] usb 6-1: USB disconnect, device number 29 [ 550.834905][ T6600] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 550.838973][ T6600] usb 13-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 550.844554][ T6600] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.846604][T17386] FAULT_INJECTION: forcing a failure. [ 550.846604][T17386] name failslab, interval 1, probability 0, space 0, times 0 [ 550.851563][T17386] CPU: 0 UID: 0 PID: 17386 Comm: syz.2.3178 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 550.851578][T17386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 550.851586][T17386] Call Trace: [ 550.851590][T17386] [ 550.851595][T17386] dump_stack_lvl+0x16c/0x1f0 [ 550.851616][T17386] should_fail_ex+0x512/0x640 [ 550.851631][T17386] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 550.851648][T17386] should_failslab+0xc2/0x120 [ 550.851658][T17386] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 550.851674][T17386] ? alloc_empty_file+0x55/0x1e0 [ 550.851687][T17386] alloc_empty_file+0x55/0x1e0 [ 550.851698][T17386] path_openat+0xda/0x2cb0 [ 550.851712][T17386] ? do_fast_syscall_32+0x32/0x80 [ 550.851722][T17386] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 550.851741][T17386] ? __pfx_path_openat+0x10/0x10 [ 550.851756][T17386] ? __lock_acquire+0xb8a/0x1c90 [ 550.851795][T17386] do_filp_open+0x20b/0x470 [ 550.851815][T17386] ? __pfx_do_filp_open+0x10/0x10 [ 550.851839][T17386] ? alloc_fd+0x471/0x7d0 [ 550.851858][T17386] do_sys_openat2+0x11b/0x1d0 [ 550.851869][T17386] ? __pfx_do_sys_openat2+0x10/0x10 [ 550.851882][T17386] ? __fget_files+0x20e/0x3c0 [ 550.851894][T17386] ? handle_mm_fault+0x230/0xd10 [ 550.851911][T17386] __ia32_compat_sys_open+0x146/0x1e0 [ 550.851923][T17386] ? __pfx___ia32_compat_sys_open+0x10/0x10 [ 550.851938][T17386] ? rcu_is_watching+0x12/0xc0 [ 550.851949][T17386] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 550.851967][T17386] __do_fast_syscall_32+0x7c/0x3a0 [ 550.851979][T17386] do_fast_syscall_32+0x32/0x80 [ 550.851991][T17386] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 550.852003][T17386] RIP: 0023:0xf704e579 [ 550.852012][T17386] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 550.852023][T17386] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005 [ 550.852034][T17386] RAX: ffffffffffffffda RBX: 00000000800001c0 RCX: 0000000000000000 [ 550.852040][T17386] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 550.852046][T17386] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 550.852052][T17386] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 550.852058][T17386] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 550.852071][T17386] [ 550.852127][ T6600] usb 13-1: config 0 descriptor?? [ 551.112896][ T5311] Bluetooth: hci4: command tx timeout [ 551.152098][ T6600] usbhid 13-1:0.0: can't add hid device: -71 [ 551.154160][ T6600] usbhid 13-1:0.0: probe with driver usbhid failed with error -71 [ 551.158016][ T6600] usb 13-1: USB disconnect, device number 61 [ 551.341738][T13753] team0 (unregistering): Port device team_slave_1 removed [ 551.352952][ T60] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 551.455843][T13753] team0 (unregistering): Port device team_slave_0 removed [ 551.516727][ T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 551.520270][ T60] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 551.523377][ T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.526965][ T60] usb 6-1: config 0 descriptor?? [ 551.612867][ T5809] usb 13-1: new high-speed USB device number 62 using dummy_hcd [ 551.741834][ T60] usbhid 6-1:0.0: can't add hid device: -71 [ 551.745681][ T60] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 551.756609][ T60] usb 6-1: USB disconnect, device number 30 [ 551.782939][ T5809] usb 13-1: Using ep0 maxpacket: 32 [ 551.807557][ T5809] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 551.813101][ T5809] usb 13-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40 [ 551.816832][ T5809] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.847550][ T5809] usb 13-1: config 0 descriptor?? [ 552.068045][ T5809] usbhid 13-1:0.0: can't add hid device: -71 [ 552.070049][ T5809] usbhid 13-1:0.0: probe with driver usbhid failed with error -71 [ 552.073756][ T5809] usb 13-1: USB disconnect, device number 62 [ 552.292954][ T60] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 552.686027][ T60] usb 6-1: Using ep0 maxpacket: 32 [ 552.691149][ T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 552.695662][ T60] usb 6-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40 [ 552.699329][ T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.703852][ T60] usb 6-1: config 0 descriptor?? [ 552.720641][T17389] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3179'. [ 552.824830][T17328] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 552.835155][T17328] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 552.840418][T17328] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 552.854635][T17328] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 552.914140][ T60] usbhid 6-1:0.0: can't add hid device: -71 [ 552.916132][ T60] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 552.920830][ T60] usb 6-1: USB disconnect, device number 31 [ 552.924880][T17406] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3180'. [ 552.957716][T17328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 552.971172][T17328] 8021q: adding VLAN 0 to HW filter on device team0 [ 552.978892][T13732] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.981371][T13732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 552.995262][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.997680][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 553.188214][T17328] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 553.192964][ T5311] Bluetooth: hci4: command tx timeout [ 553.228090][T17328] veth0_vlan: entered promiscuous mode [ 553.242690][T17328] veth1_vlan: entered promiscuous mode [ 553.278177][T17328] veth0_macvtap: entered promiscuous mode [ 553.287186][T17328] veth1_macvtap: entered promiscuous mode [ 553.302653][T17328] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 553.319354][T17328] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 553.348201][T17328] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.351701][T17328] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.355561][T17328] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.358396][T17328] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.433804][T13754] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.437285][T13754] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.457512][T13732] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 553.460703][T13732] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 553.783219][T17419] netlink: 'syz.1.3184': attribute type 4 has an invalid length. [ 553.786506][T17419] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3184'. [ 553.794537][T17419] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1124 [ 554.218924][T17431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3187'. [ 554.221650][T17431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3187'. [ 554.915886][ T1019] usb 13-1: new high-speed USB device number 63 using dummy_hcd [ 555.074285][ T1019] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.077716][ T1019] usb 13-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 555.080905][ T1019] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.086445][ T1019] usb 13-1: config 0 descriptor?? [ 555.103066][ T61] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 555.209717][ T46] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.255199][ T61] usb 6-1: config 0 has no interfaces? [ 555.259344][ T61] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 555.263271][ T61] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.266609][ T61] usb 6-1: Product: syz [ 555.268464][ T61] usb 6-1: Manufacturer: syz [ 555.270437][ T61] usb 6-1: SerialNumber: syz [ 555.274587][ T61] usb 6-1: config 0 descriptor?? [ 555.293728][ T1019] usbhid 13-1:0.0: can't add hid device: -71 [ 555.295762][ T1019] usbhid 13-1:0.0: probe with driver usbhid failed with error -71 [ 555.299765][ T1019] usb 13-1: USB disconnect, device number 63 [ 555.372926][ T10] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 555.534412][ T10] usb 7-1: config 0 has no interfaces? [ 555.539614][ T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 555.543260][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.546372][ T10] usb 7-1: Product: syz [ 555.548039][ T10] usb 7-1: Manufacturer: syz [ 555.549875][ T10] usb 7-1: SerialNumber: syz [ 555.554996][ T10] usb 7-1: config 0 descriptor?? [ 555.658922][T17441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 555.662204][T17441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 555.743035][ T60] usb 13-1: new high-speed USB device number 64 using dummy_hcd [ 555.907899][ T60] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.911460][ T60] usb 13-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 555.914403][ T60] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.919834][ T60] usb 13-1: config 0 descriptor?? [ 555.935454][T17442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 555.939307][T17442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 556.130052][ T60] usbhid 13-1:0.0: can't add hid device: -71 [ 556.132051][ T60] usbhid 13-1:0.0: probe with driver usbhid failed with error -71 [ 556.137505][ T60] usb 13-1: USB disconnect, device number 64 [ 556.554619][T17437] Set syz1 is full, maxelem 65536 reached [ 556.582942][ T60] usb 13-1: new high-speed USB device number 65 using dummy_hcd [ 556.732841][ T60] usb 13-1: Using ep0 maxpacket: 32 [ 556.737201][ T60] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 556.741518][ T60] usb 13-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40 [ 556.744820][ T60] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.749085][ T60] usb 13-1: config 0 descriptor?? [ 556.966522][ T60] usbhid 13-1:0.0: can't add hid device: -71 [ 556.968645][ T60] usbhid 13-1:0.0: probe with driver usbhid failed with error -71 [ 556.969532][ T46] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.972300][ T60] usb 13-1: USB disconnect, device number 65 [ 557.058950][ T46] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.101025][ T5954] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 557.105995][ T5954] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 557.109150][ T5954] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 557.112427][ T5954] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 557.116037][ T5954] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 557.142305][T17446] lo speed is unknown, defaulting to 1000 [ 557.160559][ T46] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.220770][T17446] syzkaller0 speed is unknown, defaulting to 1000 [ 557.407950][ T46] bridge_slave_1: left allmulticast mode [ 557.410403][ T46] bridge_slave_1: left promiscuous mode [ 557.413156][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.418658][ T46] bridge_slave_0: left allmulticast mode [ 557.421097][ T46] bridge_slave_0: left promiscuous mode [ 557.424467][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.806008][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 557.810401][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 557.815326][ T46] bond0 (unregistering): Released all slaves [ 557.829286][T17446] chnl_net:caif_netlink_parms(): no params data found [ 557.911409][T17446] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.919952][T17446] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.937716][T17446] bridge_slave_0: entered allmulticast mode [ 557.941820][T17446] bridge_slave_0: entered promiscuous mode [ 557.948365][T17446] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.951424][T17446] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.954477][T17446] bridge_slave_1: entered allmulticast mode [ 557.958298][T17446] bridge_slave_1: entered promiscuous mode [ 558.016861][ T29] usb 6-1: USB disconnect, device number 32 [ 558.104502][T17446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 558.109335][T17446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 558.161476][ T10] usb 7-1: USB disconnect, device number 36 [ 558.255388][T17462] mkiss: ax0: crc mode is auto. [ 558.295310][T17446] team0: Port device team_slave_0 added [ 558.299829][T17446] team0: Port device team_slave_1 added [ 558.455510][T17446] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 558.458312][T17446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.470990][T17446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 558.478188][ T46] hsr_slave_0: left promiscuous mode [ 558.481144][ T46] hsr_slave_1: left promiscuous mode [ 558.486254][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 558.489190][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 558.492449][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 558.495556][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 558.525062][ T46] veth1_macvtap: left promiscuous mode [ 558.527300][ T46] veth0_macvtap: left promiscuous mode [ 558.529556][ T46] veth1_vlan: left promiscuous mode [ 558.531668][ T46] veth0_vlan: left promiscuous mode [ 558.607279][ T10] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 558.754190][T17474] netlink: 'syz.1.3196': attribute type 4 has an invalid length. [ 558.784491][ T10] usb 7-1: config 0 has no interfaces? [ 558.789693][ T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 558.792456][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.795031][ T10] usb 7-1: Product: syz [ 558.796337][ T10] usb 7-1: Manufacturer: syz [ 558.799676][ T10] usb 7-1: SerialNumber: syz [ 558.803913][ T10] usb 7-1: config 0 descriptor?? [ 558.820776][T17475] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3197'. [ 559.049773][T17465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 559.052611][T17465] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 559.193338][ T5954] Bluetooth: hci4: command tx timeout [ 559.629922][ T46] team0 (unregistering): Port device team_slave_1 removed [ 559.729119][ T46] team0 (unregistering): Port device team_slave_0 removed [ 560.459089][T17446] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 560.461453][T17446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 560.469168][T17446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 560.636652][T17446] hsr_slave_0: entered promiscuous mode [ 560.639034][T17446] hsr_slave_1: entered promiscuous mode [ 560.641123][T17446] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 560.644167][T17446] Cannot create hsr debugfs directory [ 560.882911][ T10] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 561.042916][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 561.042982][ T29] usb 13-1: new high-speed USB device number 66 using dummy_hcd [ 561.047302][ T10] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 561.050150][ T10] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 561.052655][ T10] usb 6-1: Product: syz [ 561.054052][ T10] usb 6-1: Manufacturer: syz [ 561.055521][ T10] usb 6-1: SerialNumber: syz [ 561.058162][ T10] usb 6-1: config 0 descriptor?? [ 561.194444][ T29] usb 13-1: Using ep0 maxpacket: 8 [ 561.197382][ T29] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 561.200882][ T29] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 561.204858][ T29] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 561.208007][ T29] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 561.212001][ T29] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 561.215482][ T29] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.224529][ T60] usb 7-1: USB disconnect, device number 37 [ 561.232635][T17446] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 561.240426][T17446] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 561.246928][T17446] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 561.262961][ T5954] Bluetooth: hci4: command tx timeout [ 561.276908][ T10] usb 6-1: USB disconnect, device number 33 [ 561.313296][T17446] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 561.358981][T17446] 8021q: adding VLAN 0 to HW filter on device bond0 [ 561.373189][T17446] 8021q: adding VLAN 0 to HW filter on device team0 [ 561.379292][ T80] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.381594][ T80] bridge0: port 1(bridge_slave_0) entered forwarding state [ 561.387609][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.389903][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 561.547451][T17446] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 561.577913][T17446] veth0_vlan: entered promiscuous mode [ 561.587998][T17446] veth1_vlan: entered promiscuous mode [ 561.610028][T17446] veth0_macvtap: entered promiscuous mode [ 561.615543][T17446] veth1_macvtap: entered promiscuous mode [ 561.625074][T17446] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 561.646982][T17446] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 561.655764][T17446] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.658530][T17446] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.662885][T17446] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.665671][T17446] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.717125][ T29] usb 13-1: GET_CAPABILITIES returned 0 [ 561.719079][ T29] usbtmc 13-1:16.0: can't read capabilities [ 562.107771][T17502] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 562.109916][T17502] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 562.151680][T17502] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 562.153889][T17502] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 562.232503][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 562.237729][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.253272][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 562.259538][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.315764][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.741706][ T1138] Bluetooth: hci4: Frame reassembly failed (-84) [ 562.745976][ T1138] Bluetooth: hci4: Frame reassembly failed (-84) [ 563.583208][ T29] usb 13-1: USB disconnect, device number 66 [ 564.025367][T13754] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.783011][ T5954] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 564.783041][ T5311] Bluetooth: hci4: command 0x1003 tx timeout [ 565.627952][T13754] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.701475][T13754] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.793145][T17539] netlink: 'syz.8.3211': attribute type 10 has an invalid length. [ 565.796316][T17539] team0: Device hsr_slave_0 failed to register rx_handler [ 565.800215][T17541] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3212'. [ 565.836401][T13754] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.931028][ T5311] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 565.937597][ T5311] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 565.944447][ T5311] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 565.947548][ T5311] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 565.950212][ T5311] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 565.966877][T13754] bridge_slave_1: left allmulticast mode [ 565.968770][T13754] bridge_slave_1: left promiscuous mode [ 565.970619][T13754] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.997983][T13754] bridge_slave_0: left allmulticast mode [ 566.000330][T13754] bridge_slave_0: left promiscuous mode [ 566.002197][T13754] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.023348][ T10] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 566.104750][T17557] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3214'. [ 566.107664][T17557] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3214'. [ 566.174164][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 566.177534][ T10] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 566.180246][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.183948][ T10] usb 6-1: config 0 descriptor?? [ 566.340983][T13754] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 566.345701][T13754] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 566.350033][T13754] bond0 (unregistering): Released all slaves [ 566.377502][T17549] lo speed is unknown, defaulting to 1000 [ 566.399254][ T10] usbhid 6-1:0.0: can't add hid device: -71 [ 566.401190][ T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 566.407725][ T10] usb 6-1: USB disconnect, device number 34 [ 566.491860][T17549] syzkaller0 speed is unknown, defaulting to 1000 [ 566.712598][T17549] chnl_net:caif_netlink_parms(): no params data found [ 566.821553][T13754] hsr_slave_0: left promiscuous mode [ 566.823863][T13754] hsr_slave_1: left promiscuous mode [ 566.826111][T13754] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 566.828828][T13754] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 566.831686][T13754] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 566.842291][T13754] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 566.852958][ T838] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 566.890557][T13754] veth1_macvtap: left promiscuous mode [ 566.892380][T13754] veth0_macvtap: left promiscuous mode [ 566.894190][T13754] veth1_vlan: left promiscuous mode [ 566.895862][T13754] veth0_vlan: left promiscuous mode [ 567.024543][ T838] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.028342][ T838] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 567.031144][ T838] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.039139][ T838] usb 6-1: config 0 descriptor?? [ 567.256053][ T838] usbhid 6-1:0.0: can't add hid device: -71 [ 567.258007][ T838] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 567.268600][ T838] usb 6-1: USB disconnect, device number 35 [ 567.694059][ T54] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 567.863060][ T54] usb 6-1: Using ep0 maxpacket: 32 [ 567.872835][ T54] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.877115][ T54] usb 6-1: New USB device found, idVendor=0f11, idProduct=3321, bcdDevice= 0.40 [ 567.880634][ T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.887921][ T54] usb 6-1: config 0 descriptor?? [ 567.963300][T13754] team0 (unregistering): Port device team_slave_1 removed [ 567.988158][ T5954] Bluetooth: hci4: command tx timeout [ 568.106439][ T54] usbhid 6-1:0.0: can't add hid device: -71 [ 568.108841][ T54] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 568.118252][T13754] team0 (unregistering): Port device team_slave_0 removed [ 568.134517][ T54] usb 6-1: USB disconnect, device number 36 [ 569.088627][T17549] bridge0: port 1(bridge_slave_0) entered blocking state [ 569.098718][T17549] bridge0: port 1(bridge_slave_0) entered disabled state [ 569.101663][T17549] bridge_slave_0: entered allmulticast mode [ 569.104826][T17549] bridge_slave_0: entered promiscuous mode [ 569.108025][T17549] bridge0: port 2(bridge_slave_1) entered blocking state [ 569.110230][T17549] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.112300][T17549] bridge_slave_1: entered allmulticast mode [ 569.115642][T17549] bridge_slave_1: entered promiscuous mode [ 569.152295][T17549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 569.157510][T17549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 569.203744][T17604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3228'. [ 569.214087][T17604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3228'. [ 569.238716][T17549] team0: Port device team_slave_0 added [ 569.250084][T17549] team0: Port device team_slave_1 added [ 569.281061][T17549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 569.286090][T17549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 569.294568][T17549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 569.299079][T17549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 569.301247][T17549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 569.309434][T17549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 569.378493][T17549] hsr_slave_0: entered promiscuous mode [ 569.381729][T17549] hsr_slave_1: entered promiscuous mode [ 569.385752][T17549] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 569.388919][T17549] Cannot create hsr debugfs directory [ 569.782829][T17549] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 569.787001][T17549] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 569.791761][T17549] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 569.796577][T17549] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 569.810173][T17549] bridge0: port 2(bridge_slave_1) entered blocking state [ 569.813040][T17549] bridge0: port 2(bridge_slave_1) entered forwarding state [ 569.815977][T17549] bridge0: port 1(bridge_slave_0) entered blocking state [ 569.818742][T17549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 569.870859][T17549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 569.891888][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state [ 569.903509][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.941898][T17549] 8021q: adding VLAN 0 to HW filter on device team0 [ 569.982587][T13753] bridge0: port 1(bridge_slave_0) entered blocking state [ 569.985232][T13753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.006106][T13732] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.008288][T13732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 570.062914][ T5954] Bluetooth: hci4: command tx timeout [ 570.067550][T17624] netlink: 'syz.8.3235': attribute type 1 has an invalid length. [ 570.082922][T17624] 8021q: adding VLAN 0 to HW filter on device bond3 [ 570.107904][T17624] ip6erspan0: entered promiscuous mode [ 570.111821][T17624] bond3: (slave ip6erspan0): making interface the new active one [ 570.115740][T17624] bond3: (slave ip6erspan0): Enslaving as an active interface with an up link [ 570.292651][T17549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 570.328779][T17549] veth0_vlan: entered promiscuous mode [ 570.336144][T17549] veth1_vlan: entered promiscuous mode [ 570.357111][T17549] veth0_macvtap: entered promiscuous mode [ 570.361703][T17549] veth1_macvtap: entered promiscuous mode [ 570.370462][T17549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 570.376759][T17549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 570.380877][T17549] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.385350][T17549] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.388095][T17549] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.391319][T17549] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 570.479509][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.486322][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.512899][T13753] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 570.515678][T13753] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 570.535028][T17644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3236'. [ 570.537957][T17644] netlink: 'syz.1.3236': attribute type 5 has an invalid length. [ 570.540517][T17644] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3236'. [ 570.560182][T17644] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 570.563137][T17644] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 570.565867][T17644] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 570.568674][T17644] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 570.579824][T17644] geneve2: entered promiscuous mode [ 570.581680][T17644] geneve2: entered allmulticast mode [ 571.645847][T17663] xt_HMARK: spi-set and port-set can't be combined [ 571.665735][T17654] : entered promiscuous mode [ 571.677185][T17654] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3240'. [ 573.023629][T17676] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(5) [ 573.025732][T17676] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 573.030047][T17676] vhci_hcd vhci_hcd.0: Device attached [ 573.210970][T17681] FAULT_INJECTION: forcing a failure. [ 573.210970][T17681] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 573.215234][T17681] CPU: 2 UID: 0 PID: 17681 Comm: syz.2.3248 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 573.215249][T17681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 573.215255][T17681] Call Trace: [ 573.215259][T17681] [ 573.215264][T17681] dump_stack_lvl+0x16c/0x1f0 [ 573.215284][T17681] should_fail_ex+0x512/0x640 [ 573.215302][T17681] __kvm_read_guest_page+0x186/0x250 [ 573.215316][T17681] kvm_fetch_guest_virt+0x128/0x1a0 [ 573.215335][T17681] __do_insn_fetch_bytes+0x41e/0x6d0 [ 573.215353][T17681] ? __pfx___do_insn_fetch_bytes+0x10/0x10 [ 573.215370][T17681] ? bpf_trace_run4+0x2be/0x5a0 [ 573.215386][T17681] ? __pfx_bpf_trace_run4+0x10/0x10 [ 573.215402][T17681] x86_decode_insn+0xb90/0x5540 [ 573.215419][T17681] ? vmx_segment_cache_test_set+0x14b/0x400 [ 573.215436][T17681] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 573.215451][T17681] ? __pfx_x86_decode_insn+0x10/0x10 [ 573.215463][T17681] ? vmx_cache_reg+0x333/0x5e0 [ 573.215476][T17681] ? kvm_register_read_raw+0xe9/0x240 [ 573.215487][T17681] ? init_decode_cache+0xd/0x210 [ 573.215498][T17681] ? init_emulate_ctxt+0x337/0x510 [ 573.215511][T17681] ? __pfx_init_emulate_ctxt+0x10/0x10 [ 573.215526][T17681] ? kvm_multiple_exception+0x379/0x750 [ 573.215539][T17681] x86_emulate_instruction+0x9b2/0x1a90 [ 573.215556][T17681] handle_ud+0x103/0x280 [ 573.215582][T17681] ? __pfx_handle_ud+0x10/0x10 [ 573.215596][T17681] ? __lock_acquire+0xb8a/0x1c90 [ 573.215610][T17681] ? __vmx_complete_interrupts+0x111/0x4e0 [ 573.215623][T17681] handle_exception_nmi+0x856/0x1750 [ 573.215641][T17681] ? __pfx_handle_exception_nmi+0x10/0x10 [ 573.215657][T17681] vmx_handle_exit+0x124c/0x1bd0 [ 573.215677][T17681] vcpu_run+0x315e/0x5500 [ 573.215694][T17681] ? __pfx_vcpu_run+0x10/0x10 [ 573.215708][T17681] ? fpu_swap_kvm_fpstate+0x1be/0x410 [ 573.215719][T17681] ? __local_bh_enable_ip+0xa4/0x120 [ 573.215733][T17681] ? kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 573.215745][T17681] kvm_arch_vcpu_ioctl_run+0x51e/0x18c0 [ 573.215761][T17681] kvm_vcpu_ioctl+0x5eb/0x1690 [ 573.215774][T17681] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 573.215787][T17681] ? tomoyo_path_number_perm+0x18d/0x580 [ 573.215801][T17681] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 573.215812][T17681] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 573.215828][T17681] ? do_vfs_ioctl+0x523/0x1a60 [ 573.215840][T17681] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 573.215864][T17681] kvm_vcpu_compat_ioctl+0x20f/0x3d0 [ 573.215877][T17681] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 573.215890][T17681] ? __fget_files+0x20e/0x3c0 [ 573.215902][T17681] ? fput+0x60/0xf0 [ 573.215914][T17681] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 573.215927][T17681] __ia32_compat_sys_ioctl+0x242/0x370 [ 573.215941][T17681] __do_fast_syscall_32+0x7c/0x3a0 [ 573.215953][T17681] do_fast_syscall_32+0x32/0x80 [ 573.215963][T17681] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 573.215976][T17681] RIP: 0023:0xf704e579 [ 573.215985][T17681] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 573.216001][T17681] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 573.216012][T17681] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ae80 [ 573.216018][T17681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 573.216025][T17681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 573.216030][T17681] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 573.216036][T17681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 573.216051][T17681] [ 573.282897][ T61] usb 53-1: new low-speed USB device number 2 using vhci_hcd [ 573.379903][T17677] vhci_hcd: connection closed [ 573.380615][T13735] vhci_hcd: stop threads [ 573.384030][T13735] vhci_hcd: release socket [ 573.385500][T13735] vhci_hcd: disconnect device [ 573.519931][ T1138] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.978430][ T1138] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.038696][ T1138] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.115997][ T1138] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.234293][ T1138] bridge_slave_1: left allmulticast mode [ 575.236508][ T1138] bridge_slave_1: left promiscuous mode [ 575.240733][ T1138] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.248162][ T1138] bridge_slave_0: left allmulticast mode [ 575.250426][ T1138] bridge_slave_0: left promiscuous mode [ 575.252905][ T1138] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.532120][T17690] loop2: detected capacity change from 0 to 7 [ 575.553692][T17690] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 575.556411][T17690] loop2: partition table partially beyond EOD, truncated [ 575.560027][T17690] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 575.628704][ T5959] udevd[5959]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 575.705315][ T5311] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 575.731647][ T5311] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 575.736162][ T5311] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 575.748796][ T5311] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 575.753612][ T5311] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 575.811020][T17704] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 575.874727][ T1138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 575.883302][ T1138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 575.903377][ T1138] bond0 (unregistering): Released all slaves [ 575.951476][T17699] lo speed is unknown, defaulting to 1000 [ 576.104011][T17699] syzkaller0 speed is unknown, defaulting to 1000 [ 576.585693][T17699] chnl_net:caif_netlink_parms(): no params data found [ 576.673035][ T1138] hsr_slave_0: left promiscuous mode [ 576.676008][ T1138] hsr_slave_1: left promiscuous mode [ 576.678144][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 576.680496][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 576.689942][ T1138] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 576.692562][ T1138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 576.721076][ T1138] veth1_macvtap: left promiscuous mode [ 576.723035][ T1138] veth0_macvtap: left promiscuous mode [ 576.724804][ T1138] veth1_vlan: left promiscuous mode [ 576.726462][ T1138] veth0_vlan: left promiscuous mode [ 577.848647][ T5954] Bluetooth: hci4: command tx timeout [ 577.913659][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 577.913671][ T40] audit: type=1326 audit(2000000731.563:7111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.922060][ T40] audit: type=1326 audit(2000000731.563:7112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.928785][ T40] audit: type=1326 audit(2000000731.563:7113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=430 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.935376][ T40] audit: type=1326 audit(2000000731.563:7114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.942210][ T40] audit: type=1326 audit(2000000731.563:7115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.949268][ T40] audit: type=1326 audit(2000000731.583:7116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.957439][ T40] audit: type=1326 audit(2000000731.583:7117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.976300][ T40] audit: type=1326 audit(2000000731.583:7118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.989021][ T40] audit: type=1326 audit(2000000731.583:7119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=432 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 577.998618][ T40] audit: type=1326 audit(2000000731.583:7120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17734 comm="syz.1.3263" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000 [ 578.058377][T17741] FAULT_INJECTION: forcing a failure. [ 578.058377][T17741] name failslab, interval 1, probability 0, space 0, times 0 [ 578.063738][T17741] CPU: 3 UID: 0 PID: 17741 Comm: syz.2.3265 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 578.063755][T17741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 578.063762][T17741] Call Trace: [ 578.063767][T17741] [ 578.063772][T17741] dump_stack_lvl+0x16c/0x1f0 [ 578.063793][T17741] should_fail_ex+0x512/0x640 [ 578.063812][T17741] should_failslab+0xc2/0x120 [ 578.063823][T17741] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 578.063840][T17741] ? skb_clone+0x190/0x3f0 [ 578.063852][T17741] skb_clone+0x190/0x3f0 [ 578.063862][T17741] netlink_deliver_tap+0xabd/0xd30 [ 578.063878][T17741] netlink_unicast+0x5df/0x7f0 [ 578.063891][T17741] ? __pfx_netlink_unicast+0x10/0x10 [ 578.063907][T17741] netlink_sendmsg+0x8d1/0xdd0 [ 578.063922][T17741] ? __pfx_netlink_sendmsg+0x10/0x10 [ 578.063935][T17741] ? __import_iovec+0x1dd/0x650 [ 578.063948][T17741] ____sys_sendmsg+0xa98/0xc70 [ 578.063963][T17741] ? __pfx_____sys_sendmsg+0x10/0x10 [ 578.063975][T17741] ? get_compat_msghdr+0x11a/0x170 [ 578.063993][T17741] ___sys_sendmsg+0x134/0x1d0 [ 578.064010][T17741] ? __pfx____sys_sendmsg+0x10/0x10 [ 578.064033][T17741] ? find_held_lock+0x2b/0x80 [ 578.064053][T17741] __sys_sendmsg+0x16d/0x220 [ 578.064063][T17741] ? __pfx___sys_sendmsg+0x10/0x10 [ 578.064086][T17741] ? rcu_is_watching+0x12/0xc0 [ 578.064099][T17741] __do_fast_syscall_32+0x7c/0x3a0 [ 578.064111][T17741] do_fast_syscall_32+0x32/0x80 [ 578.064121][T17741] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 578.064134][T17741] RIP: 0023:0xf704e579 [ 578.064143][T17741] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 578.064153][T17741] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 578.064163][T17741] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000500 [ 578.064170][T17741] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 578.064176][T17741] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 578.064182][T17741] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 578.064187][T17741] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 578.064201][T17741] [ 578.423254][ T1019] usb 13-1: new high-speed USB device number 67 using dummy_hcd [ 578.463324][ T61] vhci_hcd: vhci_device speed not set [ 578.578620][ T1019] usb 13-1: Using ep0 maxpacket: 32 [ 578.582644][ T1019] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 578.587780][ T1019] usb 13-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 578.590703][ T1019] usb 13-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 578.593746][ T1019] usb 13-1: Product: syz [ 578.595104][ T1019] usb 13-1: Manufacturer: syz [ 578.596583][ T1019] usb 13-1: SerialNumber: syz [ 578.604394][ T1019] usb 13-1: config 0 descriptor?? [ 578.607422][T17743] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 578.610570][ T1019] hub 13-1:0.0: bad descriptor, ignoring hub [ 578.612440][ T1019] hub 13-1:0.0: probe with driver hub failed with error -5 [ 578.661623][T17750] ubi: mtd0 is already attached to ubi31 [ 578.670829][ T1138] team0 (unregistering): Port device team_slave_1 removed [ 578.804817][ T6033] IPVS: starting estimator thread 0... [ 578.842748][ T1138] team0 (unregistering): Port device team_slave_0 removed [ 578.893326][T17752] IPVS: using max 44 ests per chain, 105600 per kthread [ 579.577863][T17760] FAULT_INJECTION: forcing a failure. [ 579.577863][T17760] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 579.584867][T17760] CPU: 1 UID: 0 PID: 17760 Comm: syz.2.3271 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 579.584883][T17760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 579.584890][T17760] Call Trace: [ 579.584894][T17760] [ 579.584899][T17760] dump_stack_lvl+0x16c/0x1f0 [ 579.584919][T17760] should_fail_ex+0x512/0x640 [ 579.584938][T17760] _copy_to_user+0x32/0xd0 [ 579.584956][T17760] simple_read_from_buffer+0xcb/0x170 [ 579.584971][T17760] proc_fail_nth_read+0x197/0x270 [ 579.584984][T17760] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 579.584997][T17760] ? rw_verify_area+0xcf/0x680 [ 579.585010][T17760] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 579.585035][T17760] vfs_read+0x1e1/0xc60 [ 579.585050][T17760] ? fdget_pos+0x2a2/0x370 [ 579.585066][T17760] ? __pfx_vfs_read+0x10/0x10 [ 579.585079][T17760] ? find_held_lock+0x2b/0x80 [ 579.585094][T17760] ? __fget_files+0x20e/0x3c0 [ 579.585112][T17760] ksys_read+0x12a/0x250 [ 579.585125][T17760] ? __pfx_ksys_read+0x10/0x10 [ 579.585141][T17760] ? rcu_is_watching+0x12/0xc0 [ 579.585153][T17760] __do_fast_syscall_32+0x7c/0x3a0 [ 579.585165][T17760] do_fast_syscall_32+0x32/0x80 [ 579.585176][T17760] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 579.585189][T17760] RIP: 0023:0xf704e579 [ 579.585198][T17760] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 579.585209][T17760] RSP: 002b:00000000f503e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 579.585219][T17760] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f503e620 [ 579.585226][T17760] RDX: 000000000000000f RSI: 00000000f73b2ff4 RDI: 0000000000000000 [ 579.585232][T17760] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 579.585238][T17760] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 579.585244][T17760] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 579.585258][T17760] [ 579.596371][T17743] usb 13-1: reset high-speed USB device number 67 using dummy_hcd [ 579.679038][T17743] usb 13-1: device reset changed ep0 maxpacket size! [ 579.706800][ T54] usb 13-1: USB disconnect, device number 67 [ 579.859197][T17699] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.861554][T17699] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.866479][ T54] usb 13-1: new high-speed USB device number 68 using dummy_hcd [ 579.869336][T17699] bridge_slave_0: entered allmulticast mode [ 579.872676][T17699] bridge_slave_0: entered promiscuous mode [ 579.877767][T17699] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.880289][T17699] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.882544][T17699] bridge_slave_1: entered allmulticast mode [ 579.882879][ T61] usb 7-1: new low-speed USB device number 38 using dummy_hcd [ 579.888606][T17699] bridge_slave_1: entered promiscuous mode [ 579.902931][ T5954] Bluetooth: hci4: command tx timeout [ 579.943774][T17699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 579.948563][T17699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 579.983286][T17699] team0: Port device team_slave_0 added [ 579.986842][T17699] team0: Port device team_slave_1 added [ 580.013364][ T54] usb 13-1: Using ep0 maxpacket: 16 [ 580.015580][ T54] usb 13-1: no configurations [ 580.017109][ T54] usb 13-1: can't read configurations, error -22 [ 580.049863][ T61] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 580.058882][ T61] usb 7-1: config 0 has no interface number 0 [ 580.062255][T17699] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 580.065170][T17699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 580.065709][ T61] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 580.073867][T17699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 580.079545][ T61] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 580.081969][T17699] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 580.083759][ T61] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 580.086415][T17699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 580.089229][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.100868][T17699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 580.137698][ T61] usb 7-1: config 0 descriptor?? [ 580.142203][T17762] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 580.152923][ T54] usb 13-1: new high-speed USB device number 69 using dummy_hcd [ 580.157943][ T61] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 580.187527][T17699] hsr_slave_0: entered promiscuous mode [ 580.189800][T17699] hsr_slave_1: entered promiscuous mode [ 580.191883][T17699] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 580.202122][T17699] Cannot create hsr debugfs directory [ 580.305054][ T54] usb 13-1: Using ep0 maxpacket: 16 [ 580.310037][ T54] usb 13-1: no configurations [ 580.311601][ T54] usb 13-1: can't read configurations, error -22 [ 580.322706][ T54] usb usb13-port1: attempt power cycle [ 580.360286][ T60] usb 7-1: USB disconnect, device number 38 [ 580.381735][T17762] netlink: 'syz.2.3272': attribute type 10 has an invalid length. [ 580.623305][T17699] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 580.628718][T17699] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 580.632688][T17699] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 580.637254][T17699] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 580.673171][ T54] usb 13-1: new high-speed USB device number 70 using dummy_hcd [ 580.695601][ T54] usb 13-1: Using ep0 maxpacket: 16 [ 580.697725][ T54] usb 13-1: no configurations [ 580.699223][ T54] usb 13-1: can't read configurations, error -22 [ 580.776573][T17699] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.778876][T17699] bridge0: port 2(bridge_slave_1) entered forwarding state [ 580.781283][T17699] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.783638][T17699] bridge0: port 1(bridge_slave_0) entered forwarding state [ 580.823630][ T54] usb 13-1: new high-speed USB device number 71 using dummy_hcd [ 580.825210][T17699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 580.835827][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.839789][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.843851][ T54] usb 13-1: Using ep0 maxpacket: 16 [ 580.846137][ T54] usb 13-1: no configurations [ 580.847641][ T54] usb 13-1: can't read configurations, error -22 [ 580.849898][ T54] usb usb13-port1: unable to enumerate USB device [ 580.868797][T17699] 8021q: adding VLAN 0 to HW filter on device team0 [ 580.876134][T13753] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.878443][T13753] bridge0: port 1(bridge_slave_0) entered forwarding state [ 580.886897][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.890010][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 581.007418][T17783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3276'. [ 581.010957][T17783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3276'. [ 581.068365][T17699] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 581.079056][T17784] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 581.081164][T17784] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 581.084369][T17784] vhci_hcd vhci_hcd.0: Device attached [ 581.107446][T17699] veth0_vlan: entered promiscuous mode [ 581.139755][T17699] veth1_vlan: entered promiscuous mode [ 581.147692][T17794] FAULT_INJECTION: forcing a failure. [ 581.147692][T17794] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 581.152181][T17794] CPU: 3 UID: 0 PID: 17794 Comm: syz.2.3278 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 581.152197][T17794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 581.152204][T17794] Call Trace: [ 581.152209][T17794] [ 581.152214][T17794] dump_stack_lvl+0x16c/0x1f0 [ 581.152235][T17794] should_fail_ex+0x512/0x640 [ 581.152253][T17794] should_fail_alloc_page+0xe7/0x130 [ 581.152265][T17794] prepare_alloc_pages+0x3c2/0x610 [ 581.152279][T17794] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 581.152298][T17794] ? page_table_check_set+0x631/0x750 [ 581.152318][T17794] ? __page_table_check_ptes_set+0x1ae/0x420 [ 581.152341][T17794] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 581.152360][T17794] ? const_folio_flags+0x5b/0x100 [ 581.152378][T17794] ? folio_add_file_rmap_ptes+0x548/0x840 [ 581.152409][T17794] ? find_held_lock+0x2b/0x80 [ 581.152423][T17794] ? find_held_lock+0x2b/0x80 [ 581.152436][T17794] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 581.152459][T17794] ? policy_nodemask+0xea/0x4e0 [ 581.152485][T17794] alloc_pages_mpol+0x1fb/0x550 [ 581.152512][T17794] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 581.152532][T17794] ? find_held_lock+0x2b/0x80 [ 581.152544][T17794] alloc_pages_noprof+0x131/0x390 [ 581.152561][T17794] binder_alloc_new_buf+0x17c7/0x3270 [ 581.152583][T17794] ? __pfx_binder_alloc_new_buf+0x10/0x10 [ 581.152595][T17794] ? find_held_lock+0x2b/0x80 [ 581.152605][T17794] ? binder_transaction+0x1051/0x9af0 [ 581.152619][T17794] binder_transaction+0x13f6/0x9af0 [ 581.152641][T17794] ? __lock_acquire+0x622/0x1c90 [ 581.152658][T17794] ? __pfx_binder_transaction+0x10/0x10 [ 581.152676][T17794] ? find_held_lock+0x2b/0x80 [ 581.152687][T17794] ? __lock_acquire+0xb8a/0x1c90 [ 581.152707][T17794] ? find_held_lock+0x2b/0x80 [ 581.152716][T17794] ? __might_fault+0xe3/0x190 [ 581.152731][T17794] ? __might_fault+0xe3/0x190 [ 581.152744][T17794] ? __might_fault+0x13b/0x190 [ 581.152778][T17794] binder_thread_write+0xaae/0x4e70 [ 581.152792][T17794] ? kasan_save_track+0x14/0x30 [ 581.152811][T17794] ? __pfx_binder_thread_write+0x10/0x10 [ 581.152835][T17794] ? binder_debug+0xde/0x1a0 [ 581.152849][T17794] ? binder_debug+0xde/0x1a0 [ 581.152858][T17794] ? __pfx_binder_debug+0x10/0x10 [ 581.152868][T17794] ? find_held_lock+0x2b/0x80 [ 581.152883][T17794] ? __pfx_binder_ioctl+0x10/0x10 [ 581.152895][T17794] binder_ioctl+0x26a7/0x72c0 [ 581.152911][T17794] ? tomoyo_path_number_perm+0x295/0x580 [ 581.152927][T17794] ? tomoyo_path_number_perm+0x18d/0x580 [ 581.152945][T17794] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 581.152958][T17794] ? __pfx_binder_ioctl+0x10/0x10 [ 581.152970][T17794] ? do_vfs_ioctl+0x523/0x1a60 [ 581.152982][T17794] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 581.153003][T17794] ? find_held_lock+0x2b/0x80 [ 581.153013][T17794] ? hook_file_ioctl_common+0x145/0x410 [ 581.153027][T17794] ? __fget_files+0x20e/0x3c0 [ 581.153040][T17794] ? fput+0x60/0xf0 [ 581.153050][T17794] ? __pfx_binder_ioctl+0x10/0x10 [ 581.153062][T17794] compat_ptr_ioctl+0x6b/0xa0 [ 581.153073][T17794] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 581.153085][T17794] __ia32_compat_sys_ioctl+0x242/0x370 [ 581.153099][T17794] __do_fast_syscall_32+0x7c/0x3a0 [ 581.153111][T17794] do_fast_syscall_32+0x32/0x80 [ 581.153121][T17794] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 581.153135][T17794] RIP: 0023:0xf704e579 [ 581.153143][T17794] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 581.153154][T17794] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 581.153164][T17794] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 581.153171][T17794] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 581.153177][T17794] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 581.153183][T17794] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 581.153189][T17794] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 581.153202][T17794] [ 581.154620][T17699] veth0_macvtap: entered promiscuous mode [ 581.170035][T17789] vhci_hcd: connection closed [ 581.173059][T17699] veth1_macvtap: entered promiscuous mode [ 581.176515][ T80] vhci_hcd: stop threads [ 581.185663][T17699] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 581.189305][ T80] vhci_hcd: release socket [ 581.244752][T17699] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 581.246108][ T80] vhci_hcd: disconnect device [ 581.248569][T17699] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.303186][T17699] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.305955][T17699] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.308678][T17699] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 581.312887][ T1019] vhci_hcd: vhci_device speed not set [ 581.338384][ T10] IPVS: starting estimator thread 0... [ 581.355980][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.359135][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 581.380630][T13744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 581.391728][T13744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 581.432900][T17800] IPVS: using max 45 ests per chain, 108000 per kthread [ 581.505083][T17807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3280'. [ 581.509677][T17807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3280'. [ 581.555011][T17809] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3284'. [ 581.558994][T17809] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3284'. [ 582.225412][T17819] FAULT_INJECTION: forcing a failure. [ 582.225412][T17819] name failslab, interval 1, probability 0, space 0, times 0 [ 582.229860][T17819] CPU: 1 UID: 0 PID: 17819 Comm: syz.2.3287 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 582.229882][T17819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 582.229892][T17819] Call Trace: [ 582.229899][T17819] [ 582.229905][T17819] dump_stack_lvl+0x16c/0x1f0 [ 582.229926][T17819] should_fail_ex+0x512/0x640 [ 582.229944][T17819] should_failslab+0xc2/0x120 [ 582.229954][T17819] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 582.229971][T17819] ? skb_clone+0x190/0x3f0 [ 582.229993][T17819] skb_clone+0x190/0x3f0 [ 582.230010][T17819] netlink_deliver_tap+0xabd/0xd30 [ 582.230034][T17819] netlink_unicast+0x5df/0x7f0 [ 582.230056][T17819] ? __pfx_netlink_unicast+0x10/0x10 [ 582.230081][T17819] netlink_sendmsg+0x8d1/0xdd0 [ 582.230104][T17819] ? __pfx_netlink_sendmsg+0x10/0x10 [ 582.230125][T17819] ? __import_iovec+0x1dd/0x650 [ 582.230147][T17819] ____sys_sendmsg+0xa98/0xc70 [ 582.230171][T17819] ? __pfx_____sys_sendmsg+0x10/0x10 [ 582.230188][T17819] ? get_compat_msghdr+0x11a/0x170 [ 582.230217][T17819] ___sys_sendmsg+0x134/0x1d0 [ 582.230243][T17819] ? __pfx____sys_sendmsg+0x10/0x10 [ 582.230279][T17819] ? find_held_lock+0x2b/0x80 [ 582.230312][T17819] __sys_sendmsg+0x16d/0x220 [ 582.230328][T17819] ? __pfx___sys_sendmsg+0x10/0x10 [ 582.230364][T17819] ? rcu_is_watching+0x12/0xc0 [ 582.230384][T17819] __do_fast_syscall_32+0x7c/0x3a0 [ 582.230404][T17819] do_fast_syscall_32+0x32/0x80 [ 582.230420][T17819] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 582.230439][T17819] RIP: 0023:0xf704e579 [ 582.230453][T17819] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 582.230469][T17819] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 582.230484][T17819] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000500 [ 582.230495][T17819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 582.230504][T17819] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 582.230513][T17819] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 582.230523][T17819] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 582.230545][T17819] [ 582.659555][T17826] netdevsim netdevsim1 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 582.664658][T17826] netdevsim netdevsim1 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 582.668913][T17826] netdevsim netdevsim1 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 582.672322][T17826] netdevsim netdevsim1 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0 [ 582.834306][T17836] FAULT_INJECTION: forcing a failure. [ 582.834306][T17836] name failslab, interval 1, probability 0, space 0, times 0 [ 582.839423][T17836] CPU: 0 UID: 0 PID: 17836 Comm: syz.1.3293 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 582.839439][T17836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 582.839446][T17836] Call Trace: [ 582.839450][T17836] [ 582.839455][T17836] dump_stack_lvl+0x16c/0x1f0 [ 582.839493][T17836] should_fail_ex+0x512/0x640 [ 582.839511][T17836] ? lockdep_hardirqs_on+0x7c/0x110 [ 582.839528][T17836] should_failslab+0xc2/0x120 [ 582.839539][T17836] __kmalloc_cache_noprof+0x6a/0x3e0 [ 582.839552][T17836] ? do_raw_spin_lock+0x12c/0x2b0 [ 582.839579][T17836] ? find_held_lock+0x2b/0x80 [ 582.839589][T17836] ? async_schedule_node_domain+0x54/0x120 [ 582.839603][T17836] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 582.839618][T17836] async_schedule_node_domain+0x54/0x120 [ 582.839631][T17836] dev_cache_fw_image+0x38e/0x490 [ 582.839646][T17836] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 582.839662][T17836] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 582.839676][T17836] dpm_for_each_dev+0x5a/0xb0 [ 582.839689][T17836] fw_pm_notify+0x81/0x150 [ 582.839701][T17836] notifier_call_chain+0xbc/0x410 [ 582.839713][T17836] ? __pfx_fw_pm_notify+0x10/0x10 [ 582.839728][T17836] blocking_notifier_call_chain_robust+0xc8/0x160 [ 582.839742][T17836] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 582.839756][T17836] ? do_raw_spin_unlock+0x172/0x230 [ 582.839775][T17836] pm_notifier_call_chain_robust+0x27/0x60 [ 582.839789][T17836] snapshot_open+0x189/0x2b0 [ 582.839801][T17836] ? __pfx_snapshot_open+0x10/0x10 [ 582.839814][T17836] misc_open+0x35d/0x420 [ 582.839827][T17836] ? __pfx_misc_open+0x10/0x10 [ 582.839840][T17836] chrdev_open+0x234/0x6a0 [ 582.839856][T17836] ? __pfx_apparmor_file_open+0x10/0x10 [ 582.839870][T17836] ? __pfx_chrdev_open+0x10/0x10 [ 582.839887][T17836] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 582.839904][T17836] do_dentry_open+0x741/0x1c10 [ 582.839925][T17836] ? __pfx_chrdev_open+0x10/0x10 [ 582.839944][T17836] vfs_open+0x82/0x3f0 [ 582.839957][T17836] path_openat+0x1de4/0x2cb0 [ 582.839977][T17836] ? __pfx_path_openat+0x10/0x10 [ 582.839996][T17836] do_filp_open+0x20b/0x470 [ 582.840011][T17836] ? __pfx_do_filp_open+0x10/0x10 [ 582.840037][T17836] ? _raw_spin_unlock+0x28/0x50 [ 582.840051][T17836] ? alloc_fd+0x471/0x7d0 [ 582.840069][T17836] do_sys_openat2+0x11b/0x1d0 [ 582.840081][T17836] ? __pfx_do_sys_openat2+0x10/0x10 [ 582.840094][T17836] ? __fget_files+0x20e/0x3c0 [ 582.840106][T17836] ? handle_mm_fault+0x230/0xd10 [ 582.840123][T17836] __ia32_compat_sys_openat+0x16d/0x210 [ 582.840135][T17836] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 582.840147][T17836] ? ksys_write+0x1ac/0x250 [ 582.840164][T17836] ? rcu_is_watching+0x12/0xc0 [ 582.840176][T17836] __do_fast_syscall_32+0x7c/0x3a0 [ 582.840188][T17836] do_fast_syscall_32+0x32/0x80 [ 582.840198][T17836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 582.840211][T17836] RIP: 0023:0xf706e579 [ 582.840221][T17836] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 582.840231][T17836] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 582.840241][T17836] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800002c0 [ 582.840248][T17836] RDX: 0000000000007e00 RSI: 0000000000000000 RDI: 0000000000000000 [ 582.840254][T17836] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 582.840260][T17836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 582.840266][T17836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 582.840280][T17836] [ 582.966328][T17836] [ 582.967142][T17836] ============================================ [ 582.969104][T17836] WARNING: possible recursive locking detected [ 582.970997][T17836] 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 Not tainted [ 582.974281][T17836] -------------------------------------------- [ 582.977065][T17836] syz.1.3293/17836 is trying to acquire lock: [ 582.979020][T17836] ffffffff8f315bc8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640 [ 582.981505][T17836] [ 582.981505][T17836] but task is already holding lock: [ 582.983709][T17836] ffffffff8f315bc8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 582.986225][T17836] [ 582.986225][T17836] other info that might help us debug this: [ 582.988855][T17836] Possible unsafe locking scenario: [ 582.988855][T17836] [ 582.991178][T17836] CPU0 [ 582.992256][T17836] ---- [ 582.993319][T17836] lock(fw_lock); [ 582.994511][T17836] lock(fw_lock); [ 582.995715][T17836] [ 582.995715][T17836] *** DEADLOCK *** [ 582.995715][T17836] [ 582.998218][T17836] May be due to missing lock nesting notation [ 582.998218][T17836] [ 583.000716][T17836] 5 locks held by syz.1.3293/17836: [ 583.002353][T17836] #0: ffffffff8f103a28 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 583.004978][T17836] #1: ffffffff8e287ba8 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 583.008144][T17836] #2: ffffffff8e2c8350 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 583.011758][T17836] #3: ffffffff8f315bc8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 583.014382][T17836] #4: ffffffff8f3105c8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 583.017259][T17836] [ 583.017259][T17836] stack backtrace: [ 583.019116][T17836] CPU: 3 UID: 0 PID: 17836 Comm: syz.1.3293 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 583.019131][T17836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 583.019138][T17836] Call Trace: [ 583.019143][T17836] [ 583.019148][T17836] dump_stack_lvl+0x116/0x1f0 [ 583.019167][T17836] print_deadlock_bug+0x1e9/0x240 [ 583.019180][T17836] __lock_acquire+0x1106/0x1c90 [ 583.019194][T17836] ? __kasan_slab_free+0x51/0x70 [ 583.019211][T17836] lock_acquire+0x179/0x350 [ 583.019224][T17836] ? assign_fw+0x4e/0x640 [ 583.019237][T17836] ? __pfx___might_resched+0x10/0x10 [ 583.019247][T17836] ? do_sys_openat2+0x11b/0x1d0 [ 583.019258][T17836] ? __ia32_compat_sys_openat+0x16d/0x210 [ 583.019269][T17836] ? __do_fast_syscall_32+0x7c/0x3a0 [ 583.019280][T17836] __mutex_lock+0x199/0xb90 [ 583.019289][T17836] ? assign_fw+0x4e/0x640 [ 583.019302][T17836] ? assign_fw+0x4e/0x640 [ 583.019315][T17836] ? __pfx___mutex_lock+0x10/0x10 [ 583.019326][T17836] ? kasan_quarantine_put+0x10a/0x240 [ 583.019340][T17836] ? lockdep_hardirqs_on+0x7c/0x110 [ 583.019356][T17836] ? assign_fw+0x4e/0x640 [ 583.019368][T17836] assign_fw+0x4e/0x640 [ 583.019381][T17836] ? _request_firmware+0x957/0x1470 [ 583.019395][T17836] _request_firmware+0x988/0x1470 [ 583.019410][T17836] ? __pfx__request_firmware+0x10/0x10 [ 583.019424][T17836] ? dump_stack_lvl+0x197/0x1f0 [ 583.019439][T17836] ? dump_stack_lvl+0x1a3/0x1f0 [ 583.019455][T17836] __async_dev_cache_fw_image+0xb1/0x340 [ 583.019470][T17836] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 583.019512][T17836] ? mark_held_locks+0x49/0x80 [ 583.019527][T17836] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 583.019542][T17836] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 583.019556][T17836] async_schedule_node_domain+0xd4/0x120 [ 583.019568][T17836] dev_cache_fw_image+0x38e/0x490 [ 583.019581][T17836] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 583.019595][T17836] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 583.019607][T17836] dpm_for_each_dev+0x5a/0xb0 [ 583.019620][T17836] fw_pm_notify+0x81/0x150 [ 583.019635][T17836] notifier_call_chain+0xbc/0x410 [ 583.019647][T17836] ? __pfx_fw_pm_notify+0x10/0x10 [ 583.019660][T17836] blocking_notifier_call_chain_robust+0xc8/0x160 [ 583.019673][T17836] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 583.019686][T17836] ? do_raw_spin_unlock+0x172/0x230 [ 583.019703][T17836] pm_notifier_call_chain_robust+0x27/0x60 [ 583.019716][T17836] snapshot_open+0x189/0x2b0 [ 583.019728][T17836] ? __pfx_snapshot_open+0x10/0x10 [ 583.019740][T17836] misc_open+0x35d/0x420 [ 583.019753][T17836] ? __pfx_misc_open+0x10/0x10 [ 583.019765][T17836] chrdev_open+0x234/0x6a0 [ 583.019780][T17836] ? __pfx_apparmor_file_open+0x10/0x10 [ 583.019793][T17836] ? __pfx_chrdev_open+0x10/0x10 [ 583.019808][T17836] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 583.019823][T17836] do_dentry_open+0x741/0x1c10 [ 583.019838][T17836] ? __pfx_chrdev_open+0x10/0x10 [ 583.019854][T17836] vfs_open+0x82/0x3f0 [ 583.019865][T17836] path_openat+0x1de4/0x2cb0 [ 583.019882][T17836] ? __pfx_path_openat+0x10/0x10 [ 583.019897][T17836] do_filp_open+0x20b/0x470 [ 583.019911][T17836] ? __pfx_do_filp_open+0x10/0x10 [ 583.019929][T17836] ? _raw_spin_unlock+0x28/0x50 [ 583.019942][T17836] ? alloc_fd+0x471/0x7d0 [ 583.019956][T17836] do_sys_openat2+0x11b/0x1d0 [ 583.019967][T17836] ? __pfx_do_sys_openat2+0x10/0x10 [ 583.019978][T17836] ? __fget_files+0x20e/0x3c0 [ 583.019990][T17836] ? handle_mm_fault+0x230/0xd10 [ 583.020004][T17836] __ia32_compat_sys_openat+0x16d/0x210 [ 583.020016][T17836] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 583.020028][T17836] ? ksys_write+0x1ac/0x250 [ 583.020042][T17836] ? rcu_is_watching+0x12/0xc0 [ 583.020054][T17836] __do_fast_syscall_32+0x7c/0x3a0 [ 583.020064][T17836] do_fast_syscall_32+0x32/0x80 [ 583.020074][T17836] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 583.020087][T17836] RIP: 0023:0xf706e579 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 583.020125][T17836] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 583.020136][T17836] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 583.020146][T17836] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800002c0 [ 583.020152][T17836] RDX: 0000000000007e00 RSI: 0000000000000000 RDI: 0000000000000000 [ 583.020158][T17836] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 583.020164][T17836] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 583.020170][T17836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 583.020179][T17836] [ 583.111185][T17844] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3295'. [ 583.171572][T17844] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3295'. VM DIAGNOSIS: 09:06:40 Registers: info registers vcpu 0 CPU#0 RAX=0000000000876b34 RBX=0000000000000000 RCX=ffffffff8b7bfc69 RDX=ffffed1005646646 RSI=ffffffff8bf559e0 RDI=ffffffff81917691 RBP=fffffbfff1c12ef0 RSP=ffffffff8e007e08 R8 =0000000000000000 R9 =ffffed1005646645 R10=ffff88802b23322b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097780 R14=ffffffff90882a50 R15=0000000000000000 RIP=ffffffff8b7be7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097761000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000002c50eff8 CR3=000000004797a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 00c800a400000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000100000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000080000 RBX=0000000000000000 RCX=ffffc9000d232000 RDX=0000000000080000 RSI=ffffffff81f275b3 RDI=0000000000000001 RBP=00000000000003e8 RSP=ffffc9000430f750 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000010513 R12=0000000000000000 R13=ffffea0001d4ca00 R14=ffffc9000430f9c0 R15=dffffc0000000000 RIP=ffffffff81f275b8 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097861000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f736f748 CR3=00000000629a9000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000002000000 RBX=ffff8880201d98f0 RCX=0000000000000019 RDX=ffff88802349c880 RSI=ffffffff865ea53a RDI=0000000000000005 RBP=0000000000000019 RSP=ffffc900038cf120 R8 =0000000000000005 R9 =000000000000001f R10=0000000000000019 R11=0000000000000012 R12=ffffc90000415138 R13=ffff8880201d994c R14=ffff8880201d98f8 R15=0000000000000000 RIP=ffffffff865ea547 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ff4dd9fe300 ffffffff 00c00000 GS =0000 ffff888097961000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000056140f394f40 CR3=000000004a048000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=1a1522e53f322079 07a2a5f62d26f9e0 1a1522e53f322079 07a2a5f62d26f9e0 1a1522e53f322079 07a2a5f62d26f9e0 1a1522e53f322079 07a2a5f62d26f9e0 ZMM18=737490ba01665353 0e511f920ac9b724 737490ba01665353 0e511f920ac9b724 737490ba01665353 0e511f920ac9b724 737490ba01665353 0e511f920ac9b724 ZMM19=d815000000000000 0000000000000004 d815000000000000 0000000000000003 d815000000000000 0000000000000002 d815000000000000 0000000000000001 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 026fe20880020880 a2d3940800010000 000806060126e806 8882040008a00300 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000317265 6c6c616b7a797301 ffffffffffffffff df08088003000400 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2089820800000201 c70800080049ea00 6e75742f74656e2f 7665642f01ffffff ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 046fdc000170f20f ffffffff0235c080 0200080000080008 01759c12080035c0 ZMM25=0e511f920e511f92 0e511f920e511f92 0e511f920e511f92 0e511f920e511f92 0e511f920e511f92 0e511f920e511f92 0e511f920e511f92 0e511f920e511f92 ZMM26=0166535301665353 0166535301665353 0166535301665353 0166535301665353 0166535301665353 0166535301665353 0166535301665353 0166535301665353 ZMM27=737490ba737490ba 737490ba737490ba 737490ba737490ba 737490ba737490ba 737490ba737490ba 737490ba737490ba 737490ba737490ba 737490ba737490ba ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=d7150000d7150000 d7150000d7150000 d7150000d7150000 d7150000d7150000 d7150000d7150000 d7150000d7150000 d7150000d7150000 d7150000d7150000 info registers vcpu 3 CPU#3 RAX=000000000000005d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8557d555 RDI=ffffffff9ae6da80 RBP=ffffffff9ae6da40 RSP=ffffc90003ad6d00 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000005d R14=ffffffff9ae6da40 R15=ffffffff8557d4f0 RIP=ffffffff8557d57f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097a61000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f74019a8 CR3=000000004797a000 CR4=00352ef0 DR0=0000040000000000 DR1=000000000000064f DR2=0000000000000006 DR3=0000000000000006 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000009000000000 0000000200000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000009000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000