last executing test programs: 9.049888444s ago: executing program 2 (id=23): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x3e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = socket(0xa, 0x3, 0x3a) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_ALLOC_STREAMS(r4, 0x8008551c, &(0x7f0000000400)=ANY=[@ANYBLOB="4a9800000a00000081ec00000486060b830eeaa1144eb44e4c8ac08e6a6eac4a860fdc1851ddab64fe213700008c63f0c84444fdb3d33f1cee37d289ff436030da41bf010000005b3b3b09551036"]) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000200)={0xfffffffc, 0x0, 0x6, 0x0, 0xff, "db8f2d2b3b7596160c6981acf8805944823a7f"}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="e00200001b00000428bd7000fedbdf25fe880000000000040000000000000001640101010000000008000000000000004e2200044e21ffff020020003b000000", @ANYRESDEC=r4, @ANYRES32=0x0, @ANYBLOB="080000000000000001000008000000000900000000000000040000000000000009000000000000000600000000000000ff000000000000000000000000000000080000000000000012070000000000000000970d010000000000010000800000000083000000000000000000030070000000440105007f000001000000000000000000000000000004d32b0000000a000000fe8000000000000000000000000000aa0735000000000300040000000900000000000000ac1e0001000000000000000000000000000004d23300000008000000ffffffff000000000000000000000000043500000203010008000000ac7d000001000000fe880000000000000000000000000101000004d63300000002000000fe8000000000000000000000000000aa053500000103bf000e0000000500000004000000ac1414aa000000000000000000000000000004d36c00000002000000e000000200000000000000000000000003350000a85069c77ed6d7f289623a95a6020700ffff00003c04000000000000ac1414bb000000000000000000000000000004d53c000000020000000a01010100000000000000000000000000000000010306001b688919ffff00000000010008001e0003f54f7cdf380da1d700080001059f008814225708ad569b05a25dc0e3b070b9cad2f1d37670dff7d0268673dc6bec3aa244dd97588777719cd05fdc6c8cc177558b204385df0638027603816a9bfc2e865898e36d52dbd1a48f6c0d4a351098a9aba7fc6b7f5d22fa067588ffa39378a7db68a4062b5437b3830ebaa13ca5ea91c19a19b10c910edf6808ff1fc90114dbbb11210377d27ac0f3ab2aff3fcf8ede2bafc787abe6d51553e189485b810028001a00000000000000000000000000000000000a01010000000000000000000000000002000d0108000c003d0b0000ed8d49cdd4980dc21114532b5b6ae54f7846283ae44ce30975e133f031a1fb2ff5518345a2b20733fc4f018a26d8abdf7e"], 0x2e0}, 0x1, 0x0, 0x0, 0x4040}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c52096c592201040d007000fadb107d820300c9a1fa4d0e7b68634800a983f779945b9e0800000000000000ac93fdf2c5f554b07fe04a672124f2cc316d4a0a02664546c62385939764faf79890e742271ccefcc09cea5ec3bd02b78156d084cc5e12fca6b5edc9a1c230ad38afd7718ce7c38536343cd2636a05eaa6fa6c59d5289aa858807cec1328a74246030c99ef9802c9c6878022d87bd7f86596812f412c167acde02f08a4ba556d130c68719407f2958f457da36b7a93ddaf", @ANYRES32=0x0, @ANYBLOB="900100008ba5072f1c00128009000122626f6e64000000000c00028005001600000000000aa90c7665d4c1835a722f8061248dbef1971b2aac8e4a2999a2e29a781f79f5c098c9f9aac47b858e68bed3dbe2"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x40180) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x8040) memfd_secret(0x0) ppoll(0x0, 0x0, &(0x7f0000000280)={0x77359400}, 0x0, 0x0) unshare(0x40020000) 8.562978317s ago: executing program 1 (id=24): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x6}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0) r5 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r5, 0x29, 0x39, 0x0, 0x0) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) sendmmsg$inet6(r5, &(0x7f0000002940), 0x40000000000017d, 0x811) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0) r7 = openat$fb0(0xffffff9c, &(0x7f0000000040), 0x80280, 0x0) fremovexattr(r7, &(0x7f00000007c0)=@known='user.incfs.size\x00') shutdown(0xffffffffffffffff, 0x0) mount(&(0x7f0000000900)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='squashfs\x00', 0x1408009, 0x0) 7.906628397s ago: executing program 2 (id=26): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x6}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0) r4 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r4, 0x29, 0x39, 0x0, 0x0) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) sendmmsg$inet6(r4, &(0x7f0000002940), 0x40000000000017d, 0x811) fremovexattr(0xffffffffffffffff, &(0x7f00000007c0)=@known='user.incfs.size\x00') mount(&(0x7f0000000900)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f0000000080)='squashfs\x00', 0x1408009, 0x0) 6.686534788s ago: executing program 1 (id=28): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680)) mmap(&(0x7f0000b2a000/0x3000)=nil, 0x3000, 0x2, 0x12, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000895}, 0x44094) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000180)="71e67aff7f00001cfcf33a52a7d86bd1737e15a429b2e4aa8e0df980b1ff4eafc561caac49dcdb684c9f4f4ee477669efbc6b8d0ad2d05aa88582edefb56e5b4babbfb10ad71f8c2756d90fc9437aa0023cae90dc86a566a509ede240af217d7706398ca02e5733c171af5d3e1fda4bf64d15441b2f0cdf116505f299f6a8ef2406bfe864019fc1ac6ef8f18e5f3e3780609", 0x92) 6.33994425s ago: executing program 0 (id=29): setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x15) writev(r4, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2) r5 = socket$rxrpc(0x21, 0x2, 0xa) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800", @ANYBLOB="96f0ba0c", @ANYRES32=r5], 0x74}}, 0x0) bind$rxrpc(r5, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000e1ff00000000000000008500000027000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x4}, 0x94) io_uring_setup(0x240e, &(0x7f0000000480)={0x0, 0xb772, 0x1, 0x0, 0x149}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r8, 0x0, 0xe, 0x0, &(0x7f00000000c0)="ff07000000000000ab5becdc7da9", 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$USBDEVFS_RESETEP(r3, 0x80045503, &(0x7f0000000300)={0x6}) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x14, 0x28b}, &(0x7f0000000140), &(0x7f0000000200)) 6.017814739s ago: executing program 3 (id=30): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f0000000ac0)=[{0x0, 0x2, {0x1, 0xf0, 0x3}, {0x0, 0x0, 0x3}, 0xfe}, {0x3, 0x0, {0x0, 0xff, 0x1}, {0x1, 0xf0}, 0xfe, 0xfd}, {0x3, 0x2, {0x2, 0xf0, 0x4}, {0x0, 0x0, 0x2}, 0xff}], 0x54) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, 0x0}, 0x0) bind$inet6(r4, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) prlimit64(0x0, 0xe, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000023c0)={{{@in6=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@loopback}}, 0x0) getgroups(0x1, &(0x7f0000002500)=[0x0]) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000002540)={0x1, 0xa0000000, {r1}, {0xee01}, 0x5, 0x3}) setxattr$system_posix_acl(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f00000009c0)={{}, {0x1, 0x1}, [{0x2, 0x6}], {}, [{0x8, 0x2}, {0x8, 0x5}, {0x8, 0x6}, {0x8, 0x1}, {}, {0x8, 0x4}, {}, {0x8, 0x2}, {0x8, 0x3}, {0x8, 0x1}], {0x10, 0x5}, {0x20, 0x2}}, 0x7c, 0x3) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002640)=[{{&(0x7f0000000340)=@abs={0x1, 0x0, 0x44e22}, 0x6e, &(0x7f0000000c80)=[{&(0x7f00000003c0)="28f1375e212a8080a02c23599e134e24f31bd8c11e4f14942a6bd010a691b52484a0a339b89040232cde71384e6761c5640b24ec5ec970021eb87072135686cf5611e8a2fb083c0d902f42384ba163c4f5536fa66bbe2d836afe7267bd5d6ef6e390d3cec50b860b65e8d76db930fb3cf85bdf512d9f74829f102f18f6463520abdc979096c418ddf90809e82622323f7696af667eb89396997a9f3c2d27d4da71298159a9fdb810ef4ad67b977a5b0ac0497b72edef4eecadcf170a64f8", 0xbe}, {&(0x7f0000000480)="0893513e546f47b3ccd7f32d46d91b645f41fd45cf0302a507386ab1dce707db4428e4e055b15b0a14eede64736454a9573102676e9128dbea7540c8aed09e57deb17234e9561158724285dbb2bd11caf5c019d9205ce7e2ee60bc3df77baf3678d695ba88f35449081f8804410c", 0x6e}, {&(0x7f0000000640)="486595591c49b4ff4fd51ff5042131aebbeae67f39f588b375180574f8ccadd7267b8e2d6d4c22481d3d7b7e4fe0f53e1d01d41070d5d3fc163f88b6084b8359fe475f8ccccf05e37028cb1c2bf8328a8b68204c079fdf88432db7287b9e4e09bfd72530bd4954b5d1185a3398447149b1b6a31000adad21ef2bc12c3fb9e6bd81103cec2eb06d78ff1a541e8825608d869459ff712f5a8cfc93238ef8d7a304dc2624281ce4dbcc6ecfb345ad938d73494a65772eeef654373122b81c51fc8b2b2515", 0xc3}, {&(0x7f0000000740)="3bbfd084a416db04969e7ebd87d31867d75cfd4ae268b60034b4941b72a4a3b98cbed624f92f61f737b91bf536ed1bfad66c772038890ecaade760b5513b420c476c2f277f3d2d0e8aa8f08065e259415d55d87fc1e5c15515a769a0393345b0cde1fa25c3c13320bde43548a50ead0d7845a2bb50caa342fcce003b51e9a59a41a30dbdd03dda8ceb2793b6d89faff8ae771cbe8f2de18f035676ea31904e25584ffa56843df7d2af36acbae0613d4d7997ed1dbabef88e97e0ef1c75d0946bac2088ac892f22224aba8b471bc2f8949944e6b84a505b818140dfb434cd8111408aa4f2da59afa4b43b9573ea", 0xed}, {&(0x7f00000000c0)="ede5b495f2e58523293ddac802f90dc86995906458", 0x15}, {&(0x7f0000000900)="7a7ee4d422cec75837123b68feff219b4d11106badd5c0c537ee666143d7882409c706d36fe1ec578664b2046ad24ac55679b661c539f0c0020fd629fd1f90ea0fd5cb410b03974d21364a939be391d765bbab58eef70a342cd395a02e92831834c6199e8a8f449e221066d5d780d2fe167efe0e6802f590fbd802e0b3cc79d9bad364bac4443defa3602c11fe", 0x8d}, {&(0x7f0000000280)}, {&(0x7f0000000ac0)}, {&(0x7f0000000500)="e964baa85f7a90ae1b53b8d3f32bc2fe9dc78adf1f5749955b26a6385124333f4b9bbcccf133add280e70b7580304f3e1d66ce0fffda8a82e0417594c7fcdeb7054ce482f7d98f4e61c5b094d93b981227a833592ef31ce1f4fff2b8dcb7cdc118c2d75cf7684e6d6f54db72054981b4bbfa34d643", 0x75}, {&(0x7f0000000bc0)="e61879b7f077e0e207a7c20888da38ec2f45a5f5255ce49fe06367be5ad86702a2b4acd889264bd03a90151468c615e5bc907ca59e99f074a7ec0a5a0f1eafc0cc28e5475ab8efcb123539864f2607eccb96d0f78b605091089c7fd39c516e2e85cf360ffe9e324effcf836e94396eed44ffdcd39cf65af9aba6fd8c5c94b98c5371bba666238fe00351d18798a3ea159e62194f71aba0a48d1e2ad447ea0ad54d3e631ea8cbac94fcb44688ed87593f2657ffa81905f1ad", 0xb8}], 0xa, &(0x7f0000000b40)=[@rights={{0x1c, 0x1, 0x1, [r2, r3, 0xffffffffffffffff, r4]}}, @cred={{0x18, 0x1, 0x2, {r1}}}, @rights={{0x18, 0x1, 0x1, [r4, r4, r2]}}], 0x4c, 0x2000c005}}, {{&(0x7f0000000e40)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000002100), 0x4, &(0x7f0000002580)=[@rights={{0x14, 0x1, 0x1, [r3, r2]}}, @cred={{0x18, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x14, 0x1, 0x1, [r0, r2]}}, @rights={{0x10, 0x1, 0x1, [r4]}}, @cred={{0x18, 0x1, 0x2, {r1, 0x0, 0xee00}}}, @rights={{0x1c, 0x1, 0x1, [r4, r4, 0xffffffffffffffff, r2]}}, @cred={{0x18, 0x1, 0x2, {0x0, r5, r6}}}, @cred={{0x18, 0x1, 0x2, {r1, r7}}}], 0xb4, 0x2}}], 0x2, 0x4000) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in={{0x2, 0x4e20, @private=0xdf8}}, 0x0, 0x0, 0x500, 0x0, 0x54, 0xa}, 0x9c) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) 5.269984537s ago: executing program 2 (id=31): r0 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x801}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x4, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185100}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x120, 0x30, 0x1, 0x0, 0x0, {}, [{0x10c, 0x1, [@m_ife={0xc0, 0x5, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @TCA_IFE_TYPE={0x6, 0x5, 0x6}]}, {0x81, 0x6, "1bd269129218ada79dbce572ae5bebc7c03861414daa2aeeee2f23d22807b2904336ae721bb9b87693d9eb09f938f01ead49499ec5eaaad42de7149db0fa0a2819b419404a9a10ff8b26c53047fc7eca223df3749618222fbe08fd10ec3e65b2ccaaa48b06b9b06f43f26e09ce29ea7a74d1a5df91e1f68da0e5eef227"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x9}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x120}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x0, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) socket$netlink(0x10, 0x3, 0x15) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) pipe(0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r6, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000280)='./file0\x00', 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) io_uring_enter(r0, 0x7277, 0x40006, 0x43, 0x0, 0x0) 5.053850566s ago: executing program 3 (id=32): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x6}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r4, 0x29, 0x39, 0x0, 0x0) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) sendmmsg$inet6(r4, &(0x7f0000002940), 0x40000000000017d, 0x811) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) shutdown(0xffffffffffffffff, 0x0) 4.857559479s ago: executing program 0 (id=33): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00', 0x0}) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000280)={@loopback, r4}, 0x14) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close(r5) ptrace(0x10, r1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) ptrace(0x10, r1) ptrace$peeksig(0x4209, r1, &(0x7f0000000080), 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ptrace$getsig(0x4202, r1, 0xa, &(0x7f0000000140)) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe", 0x16) read$char_usb(r0, &(0x7f00000003c0)=""/241, 0xf1) syz_usbip_server_init(0x3) pselect6(0x40, &(0x7f00000001c0)={0xa00000000000000, 0xfffffffffffffffe, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x9464}, 0x0, 0x0) 4.675386112s ago: executing program 1 (id=34): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x6}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0) r5 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r5, 0x29, 0x39, 0x0, 0x0) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) sendmmsg$inet6(r5, &(0x7f0000002940), 0x40000000000017d, 0x811) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0), 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4}) r7 = openat$fb0(0xffffff9c, &(0x7f0000000040), 0x80280, 0x0) fremovexattr(r7, &(0x7f00000007c0)=@known='user.incfs.size\x00') shutdown(0xffffffffffffffff, 0x0) mount(&(0x7f0000000900)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='squashfs\x00', 0x1408009, 0x0) 4.058939681s ago: executing program 3 (id=35): creat(0x0, 0xecf86c37d53049cc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r2, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}}, 0x4084) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) setgid(0x0) sendmsg(r1, 0x0, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r4, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) write(0xffffffffffffffff, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14) recvmmsg(0xffffffffffffffff, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) 3.815094859s ago: executing program 2 (id=36): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000240)="ad000000000037eb00800000f1cfb65c", 0x10) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0xc040}, 0x8800) readv(r1, &(0x7f0000000140)=[{&(0x7f0000000600)=""/152, 0x98}], 0x1) recvmmsg(r1, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) r2 = syz_genetlink_get_family_id$smc(&(0x7f00000000c0), r1) sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r2, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x40) 3.643026182s ago: executing program 1 (id=37): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0xa, 0x7, 0xffffff59, 0xc, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x2, 0x4}, 0x50) socket$inet_udplite(0x2, 0x2, 0x88) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000002640)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0xa0280, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000300), 0xd, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc044565d, &(0x7f0000000280)=@mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "37bb54f0"}}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000040800000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32, @ANYBLOB="ffffbfea"], 0x50) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000064995c9898e01bac000000001483350077673000"/36], 0x34}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xfdf8) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000)=0x4) setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f00000003c0)=[@mss={0x2, 0x8}, @window={0x3, 0xe, 0x7ff}, @timestamp, @sack_perm, @window={0x3, 0x8000, 0xfffc}, @sack_perm, @sack_perm, @window={0x3, 0xfff, 0x4}, @window={0x3, 0x5}], 0x9) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) 3.498587421s ago: executing program 0 (id=38): socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x9, 0x7fff0000}]}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000100)='H', 0x0}, 0x20) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000100), 0x6) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000280)={0x3, 0x0, 0xfdfdffff, 0xff600000}) munlockall() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) syz_open_dev$evdev(&(0x7f0000000100), 0x68a4, 0x2080) r4 = dup(r3) mount(&(0x7f0000000180)=@sr0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000003c0)='binder\x00', 0x21008, &(0x7f0000000380)='0') write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffffffffffe73) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) 2.7322334s ago: executing program 3 (id=39): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() openat$binderfs_ctrl(0xffffff9c, &(0x7f00000001c0)='./binderfs2/binder-control\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680)) mmap(&(0x7f0000b2a000/0x3000)=nil, 0x3000, 0x2, 0x12, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000895}, 0x44094) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000180)="71e67aff7f00001cfcf33a52a7d86bd1737e15a429b2e4aa8e0df980b1ff4eafc561caac49dcdb684c9f4f4ee477669efbc6b8d0ad2d05aa88582edefb56e5b4babbfb10ad71f8c2756d90fc9437aa0023cae90dc86a566a509ede240af217d7706398ca02e5733c171af5d3e1fda4bf64d15441b2f0cdf116505f299f6a8ef2406bfe864019fc1ac6ef8f18e5f3e3780609", 0x92) 2.547233498s ago: executing program 1 (id=40): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d80)=@newtaction={0xb0, 0x30, 0x1, 0x0, 0x0, {}, [{0x9c, 0x1, [@m_ct={0x60, 0x2, 0x0, 0x0, {{0xffffffffffffff44}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe5b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}, @TCA_CT_ZONE, @TCA_CT_ZONE={0x6, 0x4, 0x3}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x38, 0x1, 0x0, 0x0, {{0x8}, {0x10, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @multicast}]}, {0x66, 0x6, "ae83e1761237bc31453128d334319463960c1d4442796340d4de1fcb5cec1118d26e397c414a363d4aeb8a7e7462835d57e40800744379a5a41cb05478a6a73921ce01d02b9c90d944c0a95278d05cdb49e672140400386d0f142c9b426f716b4d8b45b10da2957d6235061e58929cc8693fccf222320bac7463f3141f1ba1cfae63256ffbc1a0ed04df974285c420ac6e83fecf54ddfa14d709bea5bb3ad2b38737efd23748c7fd410904b0b5bd213793259ae4a96b0142cd7624505e26e3fb07ec020000008990fa20f42ec606902db8279c6fea2ce73718536eb697c0275f810105116b9f7c70246ea5d0d29af1b399bdf6dab252"}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket(0x1d, 0x2, 0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="00000000004e9918387980c60000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/13], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000001500000018010000716c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f0000000bc0)="2178533ba3eaee4801dbb27b11c2b1d9c3bd0a2e6e6dafc746167582f84192713f417b1da0f13ab77cdf2d2458526ab9008637e208f6cf7571e268848fb2a2158f96e3bc4abe437e409b55bdf7e435eb9c002e25c22c69f189ccd699ca9e5368a1cedef105baf76102c0f9350b48d2961971cd9cee59817f77c3258f77d34ef5dce4dadba9a293258c19f24cd9403189c77bd253c9080346e62195ab2d9a470db238a14f262f11b84254036d839076823b47e3f3160c15a71653b1ee4d0f73f93cc0526cdd3fa56c240d3c1f605c8d372555ba59834917b534b60da6cac8a6d2e6b9aaee28f68ca12fdf50402c3db4a5a8b35c9606f34c38b11b4518417e1a027dbc51b9107bc5f36c01ba1cbec8bc01b709a638f8a9a8fd840f91dd1a2d73841f6dd03ccb22616878058dd9996c36b6e0e12f6d2d95f6f6a01bd8d1be3b62f5abcf29f71837915d981b3a8ccf16c5381f33435edb4e67edb30ddcc6215c87ed222b01e77a8fcc4698af223f6cb8dde6338b3e24f219662b7c80059847e7b30c99281f7d49c0d26663542d3e3e3f2052539903d5953134dad64507030cfebbdd1ea3", 0x0, 0x2dff, 0x0, 0x50, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc}, 0x4c) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmsg$can_raw(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000500)=""/111, 0x6f}, {&(0x7f0000000680)=""/217, 0xd9}], 0x2, &(0x7f0000000580)=""/16, 0x10}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 2.328403136s ago: executing program 0 (id=41): socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x400000000010, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private0, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @remote}, {0xa, 0x4e22, 0x0, @mcast1}}, 0x5c) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}}, 0x5c) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4) syz_io_uring_setup(0xa07, &(0x7f0000000200)={0x0, 0xcc75, 0x0, 0x3}, &(0x7f0000000140)=0x0, &(0x7f0000000280)=0x0) socket$kcm(0x11, 0x3, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x5b03, &(0x7f00000003c0)={0x0, 0xef71, 0x800, 0x2, 0x2f1}, &(0x7f00000001c0)=0x0, &(0x7f0000000440)) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_START(r6, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r6, 0x54a3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) times(0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r5, r4, 0x0) 1.341409798s ago: executing program 0 (id=42): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x55, 0xe7, 0x64, 0x20, 0x421, 0x492, 0x49fc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x84, 0x0, 0x1, 0xd3, 0xc0, 0x44, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x8}}]}}]}}]}}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$inet(0xa, 0x801, 0x84) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x2) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @initdev, @local}, &(0x7f0000000400)=0xc) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') pread64(r7, &(0x7f0000000480)=""/154, 0x9a, 0xe4) r8 = syz_open_dev$video4linux(&(0x7f0000000500), 0x322, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r8, 0xc0585604, &(0x7f0000000540)={0x2572d8929a6d88f2, 0x0, {0x100, 0x7, 0x200a, 0x5, 0x2, 0x1, 0x2, 0x2}}) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f00000002c0)={@host, 0x2}) readv(r6, &(0x7f0000000000)=[{&(0x7f0000000300)=""/245, 0xf5}], 0x1) ioctl$TIOCVHANGUP(r6, 0x5437, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a90000000060a010400000000000000000a0000010900010073797a310000000064000480500001800b0001007461726765740000400002802c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c7000000000000000000000000000000000800024000000000080001004c454400100001800a000100696e6e65720000000900020073797a3200000000140000001100010000000000000000000100000afc73d8dc123bda3df314bb2fd3de73b5cd4c47fb30c75e07cc5ebc39b0ecfd213201bbfa6c306ae05f4c889f602ba815067c7bfd20a339b82c40bf42405a8eabf4c41ff3ddef84d75aa821d3f7928e23"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r4, 0x8) r9 = accept4(r4, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r9, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r9, 0x84, 0x7c, &(0x7f0000001400)={0x0, 0x6, 0x1000}, 0x8) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r10, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fedbdf255100000008000300", @ANYRES32=r11, @ANYBLOB="05008affff12000005008a0003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x8010) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r11, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 871.464789ms ago: executing program 3 (id=43): socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$tipc(0x1e, 0x5, 0x0) close(0xffffffffffffffff) openat$rfkill(0xffffffffffffff9c, 0x0, 0x400000, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write$dsp(r0, &(0x7f00000001c0), 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0x2fff) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x4, 0xe, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(r2) 787.747544ms ago: executing program 1 (id=44): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x38) socketpair$unix(0x1, 0x3, 0x0, 0x0) iopl(0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, &(0x7f0000000540)) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) futex_waitv(&(0x7f0000001b00)=[{0xffb, &(0x7f0000000240)=0x200000006, 0xa}], 0x1, 0x0, 0x0, 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r3, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r5, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x29, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x2fe, 0xe5, 0xe0, 0x0, 0x0}) setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="2f060000000000000108000000000000bec300000100000009000000000000000600000000000000000000000000000000010000"], 0x40) sendfile(r4, r3, 0x0, 0x578410eb) madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x15) pipe(0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, &(0x7f0000000380)}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0xc048aeca, 0x0) 749.809809ms ago: executing program 2 (id=45): socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$tipc(0x1e, 0x5, 0x0) close(0xffffffffffffffff) openat$rfkill(0xffffffffffffff9c, 0x0, 0x400000, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write$dsp(r0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0x2fff) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x4, 0xe, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(r2) 268.674364ms ago: executing program 3 (id=46): syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x3a, 0x0, 0x6}, 0x28) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x51}, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x14) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x14) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000002c0)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r5 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) splice(r2, 0x0, r2, 0x0, 0x1ff, 0x8) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) 24.759239ms ago: executing program 0 (id=47): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x6}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10suse\x00\x00\x00\x00\x00\x00\x00dn\x00\x00\x00', 0x0) r5 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r5, 0x29, 0x39, 0x0, 0x0) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) sendmmsg$inet6(r5, &(0x7f0000002940), 0x40000000000017d, 0x811) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) socket$l2tp6(0xa, 0x2, 0x73) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0), 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4}) r7 = openat$fb0(0xffffff9c, &(0x7f0000000040), 0x80280, 0x0) fremovexattr(r7, &(0x7f00000007c0)=@known='user.incfs.size\x00') shutdown(0xffffffffffffffff, 0x0) mount(&(0x7f0000000900)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='squashfs\x00', 0x1408009, 0x0) 0s ago: executing program 2 (id=48): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00', 0x0}) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000280)={@loopback, r4}, 0x14) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close(r5) ptrace(0x10, r1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) ptrace(0x10, r1) ptrace$peeksig(0x4209, r1, &(0x7f0000000080), 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ptrace$getsig(0x4202, r1, 0xa, &(0x7f0000000140)) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe", 0x16) read$char_usb(r0, &(0x7f00000003c0)=""/241, 0xf1) syz_usbip_server_init(0x3) pselect6(0x40, &(0x7f00000001c0)={0xa00000000000000, 0xfffffffffffffffe, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x9464}, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:9562' (ED25519) to the list of known hosts. [ 42.543337][ T5855] cgroup: Unknown subsys name 'net' [ 42.700223][ T5855] cgroup: Unknown subsys name 'cpuset' [ 42.704178][ T5855] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 43.743235][ T5855] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.582616][ T64] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 47.586216][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 47.589273][ T64] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 47.592455][ T64] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 47.592820][ T5944] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 47.595269][ T64] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 47.597879][ T5944] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 47.602597][ T5944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 47.605719][ T5944] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 47.607536][ T5302] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 47.608433][ T5944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 47.614106][ T5944] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 47.616554][ T5944] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 47.629911][ T64] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 47.633323][ T64] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 47.636471][ T64] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 47.640753][ T64] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 47.643059][ T5948] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 47.644467][ T64] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 47.647635][ T5948] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 47.895361][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 47.921601][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 48.051255][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 48.185917][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.189754][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.192147][ T5947] bridge_slave_0: entered allmulticast mode [ 48.194765][ T5947] bridge_slave_0: entered promiscuous mode [ 48.198672][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.200856][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.206705][ T5947] bridge_slave_1: entered allmulticast mode [ 48.210804][ T5947] bridge_slave_1: entered promiscuous mode [ 48.214573][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 48.268312][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.270632][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.272887][ T5939] bridge_slave_0: entered allmulticast mode [ 48.275476][ T5939] bridge_slave_0: entered promiscuous mode [ 48.286205][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.288570][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.290848][ T5939] bridge_slave_1: entered allmulticast mode [ 48.293418][ T5939] bridge_slave_1: entered promiscuous mode [ 48.324220][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.361621][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.442599][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.445393][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.447807][ T5943] bridge_slave_0: entered allmulticast mode [ 48.450966][ T5943] bridge_slave_0: entered promiscuous mode [ 48.462243][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.482606][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.485105][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.487711][ T5943] bridge_slave_1: entered allmulticast mode [ 48.491491][ T5943] bridge_slave_1: entered promiscuous mode [ 48.500622][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.520775][ T5947] team0: Port device team_slave_0 added [ 48.582004][ T5939] team0: Port device team_slave_0 added [ 48.585288][ T5947] team0: Port device team_slave_1 added [ 48.601348][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.640068][ T5939] team0: Port device team_slave_1 added [ 48.642014][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.645001][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.648121][ T5951] bridge_slave_0: entered allmulticast mode [ 48.651646][ T5951] bridge_slave_0: entered promiscuous mode [ 48.682261][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.685035][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.695243][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.701992][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.737672][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.740333][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.743052][ T5951] bridge_slave_1: entered allmulticast mode [ 48.745811][ T5951] bridge_slave_1: entered promiscuous mode [ 48.749540][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.752310][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.760339][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.793173][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 48.795412][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.804093][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 48.829738][ T5943] team0: Port device team_slave_0 added [ 48.832229][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 48.835067][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 48.845353][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 48.864832][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 48.869656][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 48.873608][ T5943] team0: Port device team_slave_1 added [ 49.022682][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.025437][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 49.036238][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.057009][ T5951] team0: Port device team_slave_0 added [ 49.062072][ T5939] hsr_slave_0: entered promiscuous mode [ 49.064269][ T5939] hsr_slave_1: entered promiscuous mode [ 49.067057][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.069854][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 49.082932][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.097151][ T5947] hsr_slave_0: entered promiscuous mode [ 49.100999][ T5947] hsr_slave_1: entered promiscuous mode [ 49.103986][ T5947] debugfs: 'hsr0' already exists in 'hsr' [ 49.106456][ T5947] Cannot create hsr debugfs directory [ 49.109929][ T5951] team0: Port device team_slave_1 added [ 49.154637][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 49.157663][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 49.168089][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 49.248671][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 49.251291][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 49.261764][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 49.340414][ T5943] hsr_slave_0: entered promiscuous mode [ 49.343517][ T5943] hsr_slave_1: entered promiscuous mode [ 49.346172][ T5943] debugfs: 'hsr0' already exists in 'hsr' [ 49.348430][ T5943] Cannot create hsr debugfs directory [ 49.475456][ T5951] hsr_slave_0: entered promiscuous mode [ 49.481164][ T5951] hsr_slave_1: entered promiscuous mode [ 49.484105][ T5951] debugfs: 'hsr0' already exists in 'hsr' [ 49.486481][ T5951] Cannot create hsr debugfs directory [ 49.668104][ T5948] Bluetooth: hci3: command tx timeout [ 49.668111][ T5942] Bluetooth: hci1: command tx timeout [ 49.668331][ T5948] Bluetooth: hci2: command tx timeout [ 49.677551][ T5948] Bluetooth: hci0: command tx timeout [ 49.784699][ T5939] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 49.794287][ T5939] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 49.809658][ T5939] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 49.824464][ T5939] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 49.856431][ T5947] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 49.864443][ T5947] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 49.873914][ T5947] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 49.889479][ T5947] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 49.923189][ T5943] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 49.928964][ T5943] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 49.935923][ T5943] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 49.958450][ T5943] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 50.011592][ T5951] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 50.028772][ T5951] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 50.043312][ T5951] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 50.049860][ T5951] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 50.063386][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.083727][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.111567][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.116282][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.132039][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.134286][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.148828][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.151202][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.155334][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.158422][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.171810][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.174814][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.196645][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.248990][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.273332][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.291157][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.294650][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.310739][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.313231][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.318573][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.328988][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.331527][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.349403][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.352414][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.466661][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.476308][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.512571][ T5947] veth0_vlan: entered promiscuous mode [ 50.515352][ T5939] veth0_vlan: entered promiscuous mode [ 50.525008][ T5939] veth1_vlan: entered promiscuous mode [ 50.530101][ T5947] veth1_vlan: entered promiscuous mode [ 50.549070][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.565157][ T5939] veth0_macvtap: entered promiscuous mode [ 50.572332][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.584948][ T5947] veth0_macvtap: entered promiscuous mode [ 50.590771][ T5939] veth1_macvtap: entered promiscuous mode [ 50.602961][ T5947] veth1_macvtap: entered promiscuous mode [ 50.621403][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.627036][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.638376][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.653988][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.657509][ T81] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.660788][ T81] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.669957][ T5951] veth0_vlan: entered promiscuous mode [ 50.673175][ T81] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.677184][ T81] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.694337][ T62] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.698637][ T62] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.711935][ T62] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.715455][ T62] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.728240][ T5943] veth0_vlan: entered promiscuous mode [ 50.732251][ T5951] veth1_vlan: entered promiscuous mode [ 50.758740][ T5943] veth1_vlan: entered promiscuous mode [ 50.784516][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.788134][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.788749][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.792957][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.820851][ T218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.823431][ T218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.830328][ T5951] veth0_macvtap: entered promiscuous mode [ 50.848445][ T5951] veth1_macvtap: entered promiscuous mode [ 50.853326][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.858589][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.863206][ T5943] veth0_macvtap: entered promiscuous mode [ 50.871370][ T5943] veth1_macvtap: entered promiscuous mode [ 50.878043][ T5947] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 50.879057][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.893920][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.905896][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.915991][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.923340][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 50.929403][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.941146][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 50.944966][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.954575][ T81] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.959095][ T81] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.962281][ T81] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 50.970637][ T81] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.036693][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.044601][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.074471][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.077007][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.118455][ T218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.121268][ T218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.131276][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 51.133899][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 51.167792][ T6030] random: crng reseeded on system resumption [ 51.487840][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.567774][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 51.748449][ T5948] Bluetooth: hci1: command tx timeout [ 51.750598][ T5944] Bluetooth: hci3: command tx timeout [ 51.752558][ T5948] Bluetooth: hci0: command tx timeout [ 51.753054][ T5942] Bluetooth: hci2: command tx timeout [ 51.764465][ T40] audit: type=1326 audit(1762775097.993:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.787403][ T40] audit: type=1326 audit(1762775097.993:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.797614][ T40] audit: type=1326 audit(1762775097.993:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.811508][ T40] audit: type=1326 audit(1762775097.993:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.840730][ T40] audit: type=1326 audit(1762775097.993:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.865783][ T40] audit: type=1326 audit(1762775097.993:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.894285][ T40] audit: type=1326 audit(1762775097.993:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.905375][ T40] audit: type=1326 audit(1762775097.993:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.937526][ T40] audit: type=1326 audit(1762775097.993:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.958457][ T40] audit: type=1326 audit(1762775097.993:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6033 comm="syz.2.3" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f34579 code=0x7fc00000 [ 51.964635][ T6040] SQUASHFS error: Failed to read block 0x0: -5 [ 51.970292][ T6040] unable to read squashfs_super_block [ 52.224955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 52.312620][ T6044] sp0: Synchronizing with TNC [ 52.429728][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 52.433159][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 52.436592][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 52.531992][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 52.534805][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 53.044124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 53.379906][ T6050] SQUASHFS error: Failed to read block 0x0: -5 [ 53.381902][ T6050] unable to read squashfs_super_block [ 53.481738][ T6051] 9pnet_virtio: no channels available for device syz [ 53.500712][ T6051] sp0: Synchronizing with TNC [ 53.827648][ T5944] Bluetooth: hci2: command tx timeout [ 53.828681][ T5948] Bluetooth: hci3: command tx timeout [ 53.828710][ T64] Bluetooth: hci0: command tx timeout [ 53.830191][ T5942] Bluetooth: hci1: command tx timeout [ 54.361817][ T6054] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8'. [ 54.678217][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.747163][ T6068] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10'. [ 54.790606][ T6068] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.876780][ T6068] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.932385][ T6068] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.993007][ T6068] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.129226][ T6072] SQUASHFS error: Failed to read block 0x0: -5 [ 55.131501][ T6072] unable to read squashfs_super_block [ 55.149807][ T62] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.155459][ T62] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.187736][ T62] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.210928][ T62] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.790028][ T6084] SQUASHFS error: Failed to read block 0x0: -5 [ 55.792921][ T6084] unable to read squashfs_super_block [ 55.831733][ T3248] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 55.910465][ T5942] Bluetooth: hci0: command tx timeout [ 55.913533][ T5942] Bluetooth: hci2: command tx timeout [ 55.913601][ T5948] Bluetooth: hci1: command tx timeout [ 55.917790][ T5944] Bluetooth: hci3: command tx timeout [ 55.980273][ T3248] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 55.985015][ T3248] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 55.990960][ T3248] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 55.994738][ T3248] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.020117][ T6083] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 56.027718][ T3248] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 56.651352][ T6090] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 56.654140][ T6090] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 56.658602][ T6090] vhci_hcd vhci_hcd.0: Device attached [ 56.814973][ T6093] sp0: Synchronizing with TNC [ 57.947572][ T6003] usb 44-1: SetAddress Request (2) to port 0 [ 57.949827][ T6003] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 58.434929][ T6073] usb 5-1: USB disconnect, device number 2 [ 58.483617][ T6096] netlink: 80 bytes leftover after parsing attributes in process `syz.0.16'. [ 58.487677][ T6096] netlink: 80 bytes leftover after parsing attributes in process `syz.0.16'. [ 59.746212][ T6102] netlink: 80 bytes leftover after parsing attributes in process `syz.0.17'. [ 59.749913][ T6102] netlink: 80 bytes leftover after parsing attributes in process `syz.0.17'. [ 59.810107][ T6091] vhci_hcd: connection reset by peer [ 59.815555][ T13] vhci_hcd: stop threads [ 59.817217][ T13] vhci_hcd: release socket [ 59.823445][ T13] vhci_hcd: disconnect device [ 60.218151][ T6116] ALSA: mixer_oss: invalid OSS volume '' [ 60.220482][ T6116] random: crng reseeded on system resumption [ 60.279808][ T6115] SQUASHFS error: Failed to read block 0x0: -5 [ 60.281792][ T6115] unable to read squashfs_super_block [ 60.325074][ T6118] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input5 [ 60.409274][ T6117] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 60.411504][ T6117] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 60.422020][ T6117] vhci_hcd vhci_hcd.0: Device attached [ 60.914197][ T6121] vhci_hcd: connection closed [ 60.917706][ T62] vhci_hcd: stop threads [ 60.924876][ T62] vhci_hcd: release socket [ 60.928140][ T62] vhci_hcd: disconnect device [ 61.167053][ T6133] netlink: 60 bytes leftover after parsing attributes in process `syz.0.22'. [ 61.251375][ T6137] usb usb5: usbfs: process 6137 (syz.2.23) did not claim interface 0 before use [ 61.257978][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23'. [ 62.377910][ T6152] sp0: Synchronizing with TNC [ 62.591339][ T6145] SQUASHFS error: Failed to read block 0x0: -5 [ 62.599852][ T6145] unable to read squashfs_super_block [ 63.027748][ T6003] usb 44-1: device descriptor read/8, error -110 [ 63.207284][ T6156] netlink: 4 bytes leftover after parsing attributes in process `syz.3.27'. [ 63.591280][ T6003] usb usb44-port1: attempt power cycle [ 64.011428][ T6159] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 64.014132][ T6159] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 64.016746][ T6159] vhci_hcd vhci_hcd.0: Device attached [ 64.198832][ T6003] usb usb44-port1: unable to enumerate USB device [ 64.548136][ T1454] usb 40-1: SetAddress Request (2) to port 0 [ 64.550354][ T1454] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 64.558673][ T6169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.29'. [ 64.568123][ T6169] netlink: 48 bytes leftover after parsing attributes in process `syz.0.29'. [ 64.683210][ T6169] geneve2: entered promiscuous mode [ 64.692382][ T6169] geneve2: entered allmulticast mode [ 64.722624][ T6164] vhci_hcd: connection reset by peer [ 64.725195][ T46] vhci_hcd: stop threads [ 64.727237][ T46] vhci_hcd: release socket [ 64.728934][ T46] vhci_hcd: disconnect device [ 65.168459][ T6180] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 65.170795][ T6180] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 65.174176][ T6180] vhci_hcd vhci_hcd.0: Device attached [ 65.243323][ T40] kauditd_printk_skb: 9883 callbacks suppressed [ 65.243333][ T40] audit: type=1326 audit(1762775111.473:9895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6186 comm="syz.0.33" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd5579 code=0x0 [ 65.306865][ T6192] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 65.308981][ T6192] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 65.311499][ T6192] vhci_hcd vhci_hcd.0: Device attached [ 65.527500][ T6028] usb 42-1: SetAddress Request (2) to port 0 [ 65.530400][ T6028] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 65.557427][ T3248] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 65.634573][ T6184] vhci_hcd: connection reset by peer [ 65.636715][ T46] vhci_hcd: stop threads [ 65.638475][ T46] vhci_hcd: release socket [ 65.640864][ T46] vhci_hcd: disconnect device [ 65.691970][ T6198] SQUASHFS error: Failed to read block 0x0: -5 [ 65.694177][ T6198] unable to read squashfs_super_block [ 66.016737][ T6193] vhci_hcd: connection reset by peer [ 66.019072][ T46] vhci_hcd: stop threads [ 66.020434][ T46] vhci_hcd: release socket [ 66.021898][ T46] vhci_hcd: disconnect device [ 66.107889][ T6202] netlink: 8 bytes leftover after parsing attributes in process `syz.3.35'. [ 66.110533][ T6202] netlink: 12 bytes leftover after parsing attributes in process `syz.3.35'. [ 66.119600][ T6202] Zero length message leads to an empty skb [ 66.119628][ T218] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.124087][ T218] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.126730][ T218] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.129933][ T13] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.139510][ T6202] loop2: detected capacity change from 0 to 7 [ 66.145325][ T5950] Dev loop2: unable to read RDB block 7 [ 66.149016][ T5950] loop2: unable to read partition table [ 66.151907][ T5950] loop2: partition table beyond EOD, truncated [ 66.157547][ T6202] Dev loop2: unable to read RDB block 7 [ 66.159278][ T6202] loop2: unable to read partition table [ 66.161093][ T6202] loop2: partition table beyond EOD, truncated [ 66.163016][ T6202] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 66.196281][ T5353] Dev loop2: unable to read RDB block 7 [ 66.198969][ T5353] loop2: unable to read partition table [ 66.201329][ T5353] loop2: partition table beyond EOD, truncated [ 66.416080][ T6208] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 66.797808][ T6212] Bluetooth: MGMT ver 1.23 [ 67.757832][ T6224] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 67.759904][ T6224] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 67.766683][ T6224] vhci_hcd vhci_hcd.0: Device attached [ 68.083814][ T1451] usb 44-1: SetAddress Request (6) to port 0 [ 68.086035][ T1451] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd [ 68.092665][ T6229] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 68.094756][ T6229] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 68.098981][ T6229] vhci_hcd vhci_hcd.0: Device attached [ 68.550191][ T6230] vhci_hcd: connection closed [ 68.550549][ T1154] vhci_hcd: stop threads [ 68.554339][ T1154] vhci_hcd: release socket [ 68.556333][ T1154] vhci_hcd: disconnect device [ 68.575201][ T6225] vhci_hcd: connection reset by peer [ 68.583956][ T1154] vhci_hcd: stop threads [ 68.585752][ T1154] vhci_hcd: release socket [ 68.587793][ T1154] vhci_hcd: disconnect device [ 68.967479][ T60] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 69.118787][ T60] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 69.121829][ T60] usb 5-1: config 0 has no interface number 0 [ 69.125643][ T60] usb 5-1: New USB device found, idVendor=0421, idProduct=0492, bcdDevice=49.fc [ 69.128730][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.131287][ T60] usb 5-1: Product: syz [ 69.132610][ T60] usb 5-1: Manufacturer: syz [ 69.134122][ T60] usb 5-1: SerialNumber: syz [ 69.136795][ T60] usb 5-1: config 0 descriptor?? [ 69.140974][ T60] usb-storage 5-1:0.132: USB Mass Storage device detected [ 69.147157][ T60] usb-storage 5-1:0.132: Quirks match for vid 0421 pid 0492: 400 [ 69.359157][ T6235] serio: Serial port ptm0 [ 69.461166][ T6073] usb 5-1: USB disconnect, device number 3 [ 69.667664][ T1454] usb 40-1: device descriptor read/8, error -110 [ 69.857643][ T54] vhci_hcd: vhci_device speed not set [ 70.177254][ T40] audit: type=1326 audit(1762775116.403:9896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6261 comm="syz.2.48" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f34579 code=0x0 [ 70.253649][ T6267] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 70.256159][ T6267] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 70.259017][ T6267] vhci_hcd vhci_hcd.0: Device attached [ 70.488834][ T6274] SQUASHFS error: Failed to read block 0x0: -5 [ 70.491581][ T6274] unable to read squashfs_super_block [ 70.627630][ T6028] usb 42-1: device descriptor read/8, error -110 [ 70.697504][ T3248] vhci_hcd: vhci_device speed not set [ 70.871065][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.873228][ T1415] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.876707][ T1415] ================================================================== [ 70.879337][ T1415] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 70.881807][ T1415] Read of size 8 at addr ffff88805ec6f020 by task aoe_tx0/1415 [ 70.885823][ T1415] [ 70.886611][ T1415] CPU: 1 UID: 0 PID: 1415 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 70.886625][ T1415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.886632][ T1415] Call Trace: [ 70.886636][ T1415] [ 70.886640][ T1415] dump_stack_lvl+0x116/0x1f0 [ 70.886657][ T1415] print_report+0xcd/0x630 [ 70.886672][ T1415] ? __virt_addr_valid+0x81/0x610 [ 70.886687][ T1415] ? __phys_addr+0xe8/0x180 [ 70.886700][ T1415] ? tty_write_room+0x7d/0x90 [ 70.886715][ T1415] kasan_report+0xe0/0x110 [ 70.886729][ T1415] ? tty_write_room+0x7d/0x90 [ 70.886745][ T1415] tty_write_room+0x7d/0x90 [ 70.886760][ T1415] handle_tx+0x14f/0x630 [ 70.886772][ T1415] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 70.886785][ T1415] dev_hard_start_xmit+0x97/0x740 [ 70.886802][ T1415] __dev_queue_xmit+0xa46/0x4490 [ 70.886818][ T1415] ? lockdep_hardirqs_on+0x7c/0x110 [ 70.886830][ T1415] ? finish_task_switch.isra.0+0x221/0xc10 [ 70.886842][ T1415] ? rcu_is_watching+0x12/0xc0 [ 70.886854][ T1415] ? __pfx___dev_queue_xmit+0x10/0x10 [ 70.886869][ T1415] ? __schedule+0x11a3/0x5de0 [ 70.886880][ T1415] ? __lock_acquire+0xb8a/0x1c90 [ 70.886895][ T1415] ? __lock_acquire+0xb8a/0x1c90 [ 70.886911][ T1415] ? do_raw_spin_lock+0x12c/0x2b0 [ 70.886928][ T1415] ? find_held_lock+0x2b/0x80 [ 70.886938][ T1415] ? skb_dequeue+0x126/0x180 [ 70.886952][ T1415] ? find_held_lock+0x2b/0x80 [ 70.886963][ T1415] ? rcu_is_watching+0x12/0xc0 [ 70.886974][ T1415] tx+0xcc/0x190 [ 70.886989][ T1415] ? __pfx_tx+0x10/0x10 [ 70.887003][ T1415] kthread+0x1e4/0x3e0 [ 70.887015][ T1415] ? find_held_lock+0x2b/0x80 [ 70.887025][ T1415] ? __pfx_kthread+0x10/0x10 [ 70.887038][ T1415] ? __pfx_default_wake_function+0x10/0x10 [ 70.887049][ T1415] ? lockdep_hardirqs_on+0x7c/0x110 [ 70.887062][ T1415] ? __kthread_parkme+0x19e/0x250 [ 70.887075][ T1415] ? __pfx_kthread+0x10/0x10 [ 70.887087][ T1415] kthread+0x3c5/0x780 [ 70.887102][ T1415] ? __pfx_kthread+0x10/0x10 [ 70.887118][ T1415] ? rcu_is_watching+0x12/0xc0 [ 70.887129][ T1415] ? __pfx_kthread+0x10/0x10 [ 70.887149][ T1415] ret_from_fork+0x675/0x7d0 [ 70.887165][ T1415] ? __pfx_kthread+0x10/0x10 [ 70.887180][ T1415] ret_from_fork_asm+0x1a/0x30 [ 70.887198][ T1415] [ 70.887201][ T1415] [ 70.937448][ T6269] vhci_hcd: connection closed [ 70.937700][ T1415] Allocated by task 6251: [ 70.940181][ T1154] vhci_hcd: stop threads [ 70.940647][ T1415] kasan_save_stack+0x33/0x60 [ 70.942382][ T1154] vhci_hcd: release socket [ 70.944160][ T1415] kasan_save_track+0x14/0x30 [ 70.946014][ T1154] vhci_hcd: disconnect device [ 70.947422][ T1415] __kasan_kmalloc+0xaa/0xb0 [ 70.947437][ T1415] alloc_tty_struct+0x96/0x8c0 [ 70.947449][ T1415] tty_init_dev.part.0+0x1e/0x500 [ 70.947461][ T1415] tty_init_dev+0x60/0x80 [ 70.947472][ T1415] ptmx_open+0x10d/0x360 [ 70.947487][ T1415] chrdev_open+0x234/0x6a0 [ 70.947499][ T1415] do_dentry_open+0x982/0x1530 [ 70.947510][ T1415] vfs_open+0x82/0x3f0 [ 70.947524][ T1415] path_openat+0x1de4/0x2cb0 [ 70.947535][ T1415] do_filp_open+0x20b/0x470 [ 70.947545][ T1415] do_sys_openat2+0x11b/0x1d0 [ 70.947559][ T1415] __ia32_compat_sys_openat+0x16d/0x210 [ 70.947575][ T1415] __do_fast_syscall_32+0x7c/0x300 [ 70.947589][ T1415] do_fast_syscall_32+0x32/0x80 [ 70.990820][ T1415] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 70.992790][ T1415] [ 70.993554][ T1415] Freed by task 6249: [ 70.994832][ T1415] kasan_save_stack+0x33/0x60 [ 70.996312][ T1415] kasan_save_track+0x14/0x30 [ 70.997792][ T1415] __kasan_save_free_info+0x3b/0x60 [ 70.999432][ T1415] __kasan_slab_free+0x5f/0x80 [ 71.000934][ T1415] kfree+0x2b8/0x6d0 [ 71.002288][ T1415] process_one_work+0x9cf/0x1b70 [ 71.003977][ T1415] worker_thread+0x6c8/0xf10 [ 71.005278][ T1415] kthread+0x3c5/0x780 [ 71.006598][ T1415] ret_from_fork+0x675/0x7d0 [ 71.008011][ T1415] ret_from_fork_asm+0x1a/0x30 [ 71.009472][ T1415] [ 71.010224][ T1415] Last potentially related work creation: [ 71.011973][ T1415] kasan_save_stack+0x33/0x60 [ 71.013397][ T1415] kasan_record_aux_stack+0xa7/0xc0 [ 71.015000][ T1415] insert_work+0x36/0x230 [ 71.016390][ T1415] __queue_work+0x97e/0x1160 [ 71.017813][ T1415] queue_work_on+0x1a4/0x1f0 [ 71.019235][ T1415] release_tty+0x4de/0x5d0 [ 71.020608][ T1415] tty_release_struct+0xb7/0xe0 [ 71.022174][ T1415] tty_release+0xe2d/0x1430 [ 71.023548][ T1415] __fput+0x402/0xb70 [ 71.024779][ T1415] task_work_run+0x150/0x240 [ 71.026236][ T1415] exit_to_user_mode_loop+0xec/0x130 [ 71.027858][ T1415] __do_fast_syscall_32+0x240/0x300 [ 71.029416][ T1415] do_fast_syscall_32+0x32/0x80 [ 71.030910][ T1415] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 71.032835][ T1415] [ 71.033583][ T1415] The buggy address belongs to the object at ffff88805ec6f000 [ 71.033583][ T1415] which belongs to the cache kmalloc-cg-2k of size 2048 [ 71.037889][ T1415] The buggy address is located 32 bytes inside of [ 71.037889][ T1415] freed 2048-byte region [ffff88805ec6f000, ffff88805ec6f800) [ 71.038760][ T6028] usb usb42-port1: attempt power cycle [ 71.041958][ T1415] [ 71.041965][ T1415] The buggy address belongs to the physical page: [ 71.041970][ T1415] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ec68 [ 71.041980][ T1415] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 71.041988][ T1415] memcg:ffff88804aa0ba81 [ 71.041993][ T1415] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 71.042003][ T1415] page_type: f5(slab) [ 71.042012][ T1415] raw: 04fff00000000040 ffff88801b44c140 dead000000000100 dead000000000122 [ 71.042022][ T1415] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88804aa0ba81 [ 71.062930][ T1415] head: 04fff00000000040 ffff88801b44c140 dead000000000100 dead000000000122 [ 71.065506][ T1415] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88804aa0ba81 [ 71.068145][ T1415] head: 04fff00000000003 ffffea00017b1a01 00000000ffffffff 00000000ffffffff [ 71.070753][ T1415] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 71.073467][ T1415] page dumped because: kasan: bad access detected [ 71.075518][ T1415] page_owner tracks the page as allocated [ 71.077313][ T1415] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5947, tgid 5947 (syz-executor), ts 49808402591, free_ts 48036706756 [ 71.084493][ T1415] post_alloc_hook+0x1c0/0x230 [ 71.086218][ T1415] get_page_from_freelist+0x10a3/0x3a30 [ 71.087912][ T1415] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 71.089982][ T1415] alloc_pages_mpol+0x1fb/0x550 [ 71.091477][ T1415] new_slab+0x24a/0x360 [ 71.092823][ T1415] ___slab_alloc+0xd79/0x1a50 [ 71.094262][ T1415] __slab_alloc.constprop.0+0x63/0x110 [ 71.095930][ T1415] __kmalloc_noprof+0x501/0x880 [ 71.097431][ T1415] __register_sysctl_table+0xb3/0x1900 [ 71.099079][ T1415] __devinet_sysctl_register+0x1b9/0x360 [ 71.100796][ T1415] devinet_sysctl_register+0x17b/0x200 [ 71.102476][ T1415] inetdev_init+0x2b8/0x5a0 [ 71.103871][ T1415] inetdev_event+0xc5f/0x18a0 [ 71.105308][ T1415] notifier_call_chain+0xbc/0x410 [ 71.106872][ T1415] call_netdevice_notifiers_info+0xbe/0x140 [ 71.108632][ T1415] register_netdevice+0x182e/0x2270 [ 71.110298][ T1415] page last free pid 5939 tgid 5939 stack trace: [ 71.112278][ T1415] __free_frozen_pages+0x7df/0x1160 [ 71.113842][ T1415] qlist_free_all+0x4d/0x120 [ 71.115266][ T1415] kasan_quarantine_reduce+0x195/0x1e0 [ 71.116941][ T1415] __kasan_slab_alloc+0x69/0x90 [ 71.118447][ T1415] __kmalloc_cache_noprof+0x274/0x780 [ 71.120053][ T1415] kobject_uevent_env+0x265/0x1870 [ 71.121606][ T1415] __kobject_del+0x168/0x1f0 [ 71.123083][ T1415] kobject_put+0x327/0x5a0 [ 71.124454][ T1415] net_rx_queue_update_kobjects+0x54d/0x770 [ 71.126212][ T1415] netif_set_real_num_rx_queues+0x216/0x3b0 [ 71.128026][ T1415] veth_init_queues+0x151/0x190 [ 71.129541][ T1415] veth_newlink+0x4a3/0xa00 [ 71.130943][ T1415] rtnl_newlink+0xc45/0x2000 [ 71.132400][ T1415] rtnetlink_rcv_msg+0x95e/0xe90 [ 71.133903][ T1415] netlink_rcv_skb+0x158/0x420 [ 71.135422][ T1415] netlink_unicast+0x5aa/0x870 [ 71.136944][ T1415] [ 71.137673][ T1415] Memory state around the buggy address: [ 71.139383][ T1415] ffff88805ec6ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.141832][ T1415] ffff88805ec6ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.144250][ T1415] >ffff88805ec6f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.146669][ T1415] ^ [ 71.148227][ T1415] ffff88805ec6f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.150642][ T1415] ffff88805ec6f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.153372][ T1415] ================================================================== [ 71.155985][ T1415] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.158257][ T1415] CPU: 1 UID: 0 PID: 1415 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 71.161383][ T1415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.165275][ T1415] Call Trace: [ 71.166385][ T1415] [ 71.167328][ T1415] dump_stack_lvl+0x3d/0x1f0 [ 71.168749][ T1415] vpanic+0x640/0x6f0 [ 71.169985][ T1415] panic+0xca/0xd0 [ 71.171137][ T1415] ? __pfx_panic+0x10/0x10 [ 71.172600][ T1415] ? check_panic_on_warn+0x1f/0xb0 [ 71.174167][ T1415] check_panic_on_warn+0xab/0xb0 [ 71.175678][ T1415] end_report+0x107/0x170 [ 71.177056][ T1415] kasan_report+0xee/0x110 [ 71.178458][ T1415] ? tty_write_room+0x7d/0x90 [ 71.179893][ T1415] tty_write_room+0x7d/0x90 [ 71.181305][ T1415] handle_tx+0x14f/0x630 [ 71.182640][ T1415] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 71.184406][ T1415] dev_hard_start_xmit+0x97/0x740 [ 71.186091][ T1415] __dev_queue_xmit+0xa46/0x4490 [ 71.188135][ T1415] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.190083][ T1415] ? finish_task_switch.isra.0+0x221/0xc10 [ 71.192244][ T1415] ? rcu_is_watching+0x12/0xc0 [ 71.193783][ T1415] ? __pfx___dev_queue_xmit+0x10/0x10 [ 71.195456][ T1415] ? __schedule+0x11a3/0x5de0 [ 71.196906][ T1415] ? __lock_acquire+0xb8a/0x1c90 [ 71.198468][ T1415] ? __lock_acquire+0xb8a/0x1c90 [ 71.200089][ T1415] ? do_raw_spin_lock+0x12c/0x2b0 [ 71.201641][ T1415] ? find_held_lock+0x2b/0x80 [ 71.203225][ T1415] ? skb_dequeue+0x126/0x180 [ 71.204667][ T1415] ? find_held_lock+0x2b/0x80 [ 71.206090][ T1415] ? rcu_is_watching+0x12/0xc0 [ 71.207576][ T1415] tx+0xcc/0x190 [ 71.208706][ T1415] ? __pfx_tx+0x10/0x10 [ 71.210008][ T1415] kthread+0x1e4/0x3e0 [ 71.211274][ T1415] ? find_held_lock+0x2b/0x80 [ 71.212718][ T1415] ? __pfx_kthread+0x10/0x10 [ 71.214181][ T1415] ? __pfx_default_wake_function+0x10/0x10 [ 71.215951][ T1415] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.217542][ T1415] ? __kthread_parkme+0x19e/0x250 [ 71.219112][ T1415] ? __pfx_kthread+0x10/0x10 [ 71.220510][ T1415] kthread+0x3c5/0x780 [ 71.221763][ T1415] ? __pfx_kthread+0x10/0x10 [ 71.223244][ T1415] ? rcu_is_watching+0x12/0xc0 [ 71.224720][ T1415] ? __pfx_kthread+0x10/0x10 [ 71.226162][ T1415] ret_from_fork+0x675/0x7d0 [ 71.227634][ T1415] ? __pfx_kthread+0x10/0x10 [ 71.229110][ T1415] ret_from_fork_asm+0x1a/0x30 [ 71.230631][ T1415] [ 71.232391][ T1415] Kernel Offset: disabled [ 71.234217][ T1415] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:45:17 Registers: info registers vcpu 0 CPU#0 RAX=000000000011f971 RBX=0000000000000000 RCX=ffffffff8b5d72a9 RDX=0000000000000000 RSI=ffffffff8da28350 RDI=ffffffff8bf075c0 RBP=fffffbfff1c12f40 RSP=ffffffff8e007df8 R8 =0000000000000001 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e097a00 R14=ffffffff908242d0 R15=0000000000000000 RIP=ffffffff8b5d5d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809780d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000008001b000 CR3=00000000509b7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000061 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85268e75 RDI=ffffffff9adc5de0 RBP=ffffffff9adc5da0 RSP=ffffc9000747f428 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000061 R14=ffffffff9adc5da0 R15=ffffffff85268e10 RIP=ffffffff85268e9f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809790d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000303e9ffc CR3=00000000509b7000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000080000000 RBX=0000000000000004 RCX=ffffffff8b568bad RDX=ffff888026554900 RSI=0000000000000003 RDI=0000000000000005 RBP=ffffffff8cf03ce0 RSP=ffffc90006e5f6f8 R8 =0000000000000005 R9 =0000000000000003 R10=0000000000000001 R11=0000000000000001 R12=0000000000000001 R13=0000000000000005 R14=0000000000000004 R15=ffffc90006e5f9fd RIP=ffffffff81bc623c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a0d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f76e8b82286 CR3=000000006d213000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c4c0c004 Opmask01=0000000000000000 Opmask02=0000000011000303 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00752f3a6e69622f ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000002a2e 2573257325003a25 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ff0f0e0d0c0b0a09 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a599b18f28 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 752f3a6e69622f3a 6e6962732f727375 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 00007f76e8a7d42d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a599b0a760 000055a599b0a760 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a599b15710 000055a599b08910 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a59900662d 000055a599b18f28 000055a599b18f48 665f65676e006d72 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a59900662d 000055a599b18f28 000055a599b18f48 665f65676e006d72 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000558a99004902 0000558a999e8f07 0000558a999e8f48 495f4a484100425d ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a599b152f8 0000000000000000 000000000000000f 000055a59900873d ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a599b0fb58 0000000000000000 000000000000000f 0000000000875d81 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88802b342540 RCX=ffffffff81b06431 RDX=ffff88801d6d4900 RSI=ffffffff81b0640b RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900001e7878 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=dffffc0000000000 R13=ffffed10056684a9 R14=0000000000000001 R15=0000000000000001 RIP=ffffffff81b0640d RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097b0d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f76e8b82286 CR3=000000000e182000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000