last executing test programs: 15.295845555s ago: executing program 3 (id=72): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 14.36087362s ago: executing program 2 (id=73): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 13.354262586s ago: executing program 1 (id=75): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc30}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) ptrace(0x4208, r0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='lowerdir', &(0x7f0000000100)='{\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90f24fc60", 0x8c0}], 0x1}, 0x0) 12.137493816s ago: executing program 1 (id=78): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCFLSH(r3, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 12.072976746s ago: executing program 3 (id=79): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCFLSH(r3, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 11.324959167s ago: executing program 2 (id=80): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc30}, 0x90) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) ptrace(0x4208, r0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='lowerdir', &(0x7f0000000100)='{\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90f24fc60", 0x8c0}], 0x1}, 0x0) 10.778187104s ago: executing program 0 (id=81): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc30}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) ptrace(0x4208, r0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='lowerdir', &(0x7f0000000100)='{\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90f24fc60", 0x8c0}], 0x1}, 0x0) 10.082784045s ago: executing program 2 (id=82): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 9.662112373s ago: executing program 0 (id=83): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmsg$unix(r2, 0x0, 0x8000) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x2000)=nil) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcmda12\x00', [0x4f27, 0x8, 0x10000, 0x9, 0x8, 0xfffffbf6, 0xfffffffc, 0xfffffffe, 0x800000, 0x100100, 0x2, 0x1, 0x1, 0xfffffffe, 0x404, 0xf, 0xfffffffc, 0x0, 0x3, 0x40000003, 0x89, 0xfffffff6, 0x0, 0x20001e52, 0x400000b, 0xfff, 0x0, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]}) r5 = dup(0xffffffffffffffff) r6 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_LINK(r6, 0x40044160, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) socket$kcm(0x29, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$I2C_SLAVE_FORCE(r5, 0x706, 0x8001) close_range(r0, 0xffffffffffffffff, 0x0) 8.810801874s ago: executing program 3 (id=84): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmsg$unix(r2, 0x0, 0x8000) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x2000)=nil) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcmda12\x00', [0x4f27, 0x8, 0x10000, 0x9, 0x8, 0xfffffbf6, 0xfffffffc, 0xfffffffe, 0x800000, 0x100100, 0x2, 0x1, 0x1, 0xfffffffe, 0x404, 0xf, 0xfffffffc, 0x0, 0x3, 0x40000003, 0x89, 0xfffffff6, 0x0, 0x20001e52, 0x400000b, 0xfff, 0x0, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]}) r5 = dup(0xffffffffffffffff) r6 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_LINK(r6, 0x40044160, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) socket$kcm(0x29, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$I2C_SLAVE_FORCE(r5, 0x706, 0x8001) close_range(r0, 0xffffffffffffffff, 0x0) 7.99557333s ago: executing program 0 (id=85): socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x50) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='lowerdir', &(0x7f0000000100)='{\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90f24fc60", 0x8c0}], 0x1}, 0x0) 6.930283626s ago: executing program 0 (id=86): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 6.924449888s ago: executing program 3 (id=87): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)=ANY=[], 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) r7 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r7, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) sendmmsg(r7, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r7, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0) socket$netlink(0x10, 0x3, 0x0) 6.264979227s ago: executing program 1 (id=88): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) socket$netlink(0x10, 0x3, 0x15) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x0, 0x5004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r5, 0x0, 0x1}, 0x18) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) r7 = accept4$alg(r6, 0x0, 0x0, 0x0) sendmmsg$sock(r7, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4080050) io_setup(0xff, &(0x7f0000000380)=0x0) io_submit(r8, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r7, &(0x7f0000000340), 0x41}]) 5.166311692s ago: executing program 2 (id=89): r0 = socket$nl_rdma(0x10, 0x3, 0x14) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a44000010400010902600042010000", @ANYRES64], 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x24, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x18, 0x26, 0x1, 0x7fffd, 0x1000, {0x4}, [@nested={0x4, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000051}, 0x4008090) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r4, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r4, 0x0, 0x4000000) syz_usb_connect$cdc_ecm(0x5, 0x5f, &(0x7f0000000980)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4d, 0x1, 0x1, 0x9, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x2, 0x6, 0x0, 0x7f, {{0x5}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x401, 0x669, 0x1}, [@mbim={0xc, 0x24, 0x1b, 0x5, 0x1, 0xfa, 0x1, 0x1, 0x8}, @ncm={0x6, 0x24, 0x1a, 0x1, 0xc}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0xf, 0xf9, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x2, 0x6, 0x9}}}}}]}}]}}, &(0x7f0000000c00)={0xa, &(0x7f0000000a00)={0xa, 0x6, 0x311, 0x7, 0x8, 0x5, 0x40, 0x5}, 0x11, &(0x7f0000000a40)={0x5, 0xf, 0x11, 0x1, [@ssp_cap={0xc, 0x10, 0xa, 0x5, 0x0, 0x4, 0xf000, 0x7}]}}) bind$alg(r3, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r3, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000001140)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, [0x3, 0x2, 0x8, 0x7fffffff, 0xf5c, 0x5, 0x9, 0x400000000000, 0x80000000, 0x0, 0x4, 0x46166682, 0x40, 0x4, 0xc]}, &(0x7f0000000d00)=0x100) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000d40)={r6, 0x9}, &(0x7f0000000dc0)=0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001080)=@bpf_tracing={0x1a, 0x2c, &(0x7f0000000e80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb96, 0x0, 0x0, 0x0, 0x1}, {}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @generic={0x0, 0x1, 0x1, 0x2, 0x4588}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xf18}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000c40)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x54, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000c80)={0x5, 0x2, 0x5, 0x4}, 0x10, 0x2b4d3, 0xffffffffffffffff, 0x0, &(0x7f0000000cc0)=[0x1], 0x0, 0x10, 0x5}, 0x94) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f00000003c0)}], 0x2}], 0x1, 0x48800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/62, 0x3e}], 0x2}, 0x0) r7 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0) r8 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff) keyctl$read(0x2, r8, &(0x7f00000000c0)=""/4096, 0x1000) ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000580)={0x1, 0x0, 0x7, &(0x7f0000000540)={0x1c, "584fc4dfae9a34fb1ffbb539b436cc843759a57bf235d2f60200"}}) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYRES16=r3, @ANYRES64=r5, @ANYRESHEX=r0, @ANYRES8=r5, @ANYRES16=r5, @ANYRESHEX=r5, @ANYRESDEC=r3], 0x10}, 0x1, 0x0, 0x0, 0x4000000}, 0x4400) 5.051931361s ago: executing program 1 (id=90): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) socket$netlink(0x10, 0x3, 0x15) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x0, 0x5004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r5, 0x0, 0x1}, 0x18) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) r7 = accept4$alg(r6, 0x0, 0x0, 0x0) sendmmsg$sock(r7, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4080050) io_setup(0xff, &(0x7f0000000380)=0x0) io_submit(r8, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r7, &(0x7f0000000340), 0x41}]) shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) 4.820366078s ago: executing program 3 (id=91): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmsg$unix(r2, 0x0, 0x8000) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x2000)=nil) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcmda12\x00', [0x4f27, 0x8, 0x10000, 0x9, 0x8, 0xfffffbf6, 0xfffffffc, 0xfffffffe, 0x800000, 0x100100, 0x2, 0x1, 0x1, 0xfffffffe, 0x404, 0xf, 0xfffffffc, 0x0, 0x3, 0x40000003, 0x89, 0xfffffff6, 0x0, 0x20001e52, 0x400000b, 0xfff, 0x0, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]}) r5 = dup(0xffffffffffffffff) r6 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_LINK(r6, 0x40044160, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000140)={'full'}, 0xfffffdef) socket$alg(0x26, 0x5, 0x0) ioctl$I2C_SLAVE_FORCE(r5, 0x706, 0x8001) close_range(r0, 0xffffffffffffffff, 0x0) 3.754979621s ago: executing program 0 (id=92): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 3.101715631s ago: executing program 3 (id=93): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 2.790355846s ago: executing program 1 (id=94): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 2.041490099s ago: executing program 2 (id=95): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'macvtap0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001980)=@newqdisc={0x50, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfc, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xfff1}, {0x2, 0x8}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x80, '\x00', 0x7cb, 0x5, 0xfffffffd, 0x9}}}}, @TCA_RATE={0x6, 0x5, {0xff, 0x11}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40098}, 0x4048840) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0x3}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000200)) ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000080)=0x200000000) r5 = dup2(r4, r4) write$vhost_msg_v2(r5, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000100)=0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x44, 0x5, r3, 0x0, 0x0, 0x0, 0x80000, 0x1}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r6) 1.608178751s ago: executing program 2 (id=96): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="7a04", 0x0, 0x91eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x82}, 0x50) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000"], 0xfdef) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x16, 0x1c, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000007c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100), 0x200a00, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0x1, 0xffffffff}}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCXONC(r4, 0x540a, 0x0) ioctl$TCFLSH(r4, 0x400455c8, 0x1) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x4, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r6 = syz_open_pts(r4, 0x101000) ioctl$KDDISABIO(r6, 0x4b37) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200000000000000000000000000012c"], 0x0) 919.103009ms ago: executing program 0 (id=97): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmsg$unix(r2, 0x0, 0x8000) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x2000)=nil) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcmda12\x00', [0x4f27, 0x8, 0x10000, 0x9, 0x8, 0xfffffbf6, 0xfffffffc, 0xfffffffe, 0x800000, 0x100100, 0x2, 0x1, 0x1, 0xfffffffe, 0x404, 0xf, 0xfffffffc, 0x0, 0x3, 0x40000003, 0x89, 0xfffffff6, 0x0, 0x20001e52, 0x400000b, 0xfff, 0x0, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]}) r5 = dup(0xffffffffffffffff) r6 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_LINK(r6, 0x40044160, 0x0) r7 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r7, &(0x7f0000000140)={'full'}, 0xfffffdef) socket$alg(0x26, 0x5, 0x0) ioctl$I2C_SLAVE_FORCE(r5, 0x706, 0x8001) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=98): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) sendmsg$unix(r2, 0x0, 0x8000) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0) prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x2000)=nil) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcmda12\x00', [0x4f27, 0x8, 0x10000, 0x9, 0x8, 0xfffffbf6, 0xfffffffc, 0xfffffffe, 0x800000, 0x100100, 0x2, 0x1, 0x1, 0xfffffffe, 0x404, 0xf, 0xfffffffc, 0x0, 0x3, 0x40000003, 0x89, 0xfffffff6, 0x0, 0x20001e52, 0x400000b, 0xfff, 0x0, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]}) r5 = dup(0xffffffffffffffff) r6 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_LINK(r6, 0x40044160, 0x0) r7 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r7, &(0x7f0000000140)={'full'}, 0xfffffdef) socket$alg(0x26, 0x5, 0x0) ioctl$I2C_SLAVE_FORCE(r5, 0x706, 0x8001) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:13385' (ED25519) to the list of known hosts. [ 48.150777][ T5854] cgroup: Unknown subsys name 'net' [ 48.280864][ T5854] cgroup: Unknown subsys name 'cpuset' [ 48.285381][ T5854] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.345572][ T5854] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.220415][ T5955] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.224737][ T5955] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.228552][ T5955] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.231182][ T5955] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.233222][ T5957] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.234367][ T5955] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.236372][ T5956] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.236578][ T5956] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.238190][ T5956] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.238569][ T5957] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.239399][ T5957] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.239978][ T5955] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.240368][ T5955] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.242585][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.245209][ T5957] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.247506][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.249192][ T5956] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.253368][ T5957] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.253638][ T5304] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.255609][ T5955] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.519524][ T5944] chnl_net:caif_netlink_parms(): no params data found [ 53.616458][ T5948] chnl_net:caif_netlink_parms(): no params data found [ 53.653948][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 53.660471][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 53.677006][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.680217][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.682753][ T5944] bridge_slave_0: entered allmulticast mode [ 53.686020][ T5944] bridge_slave_0: entered promiscuous mode [ 53.725010][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.727826][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.730687][ T5944] bridge_slave_1: entered allmulticast mode [ 53.733392][ T5944] bridge_slave_1: entered promiscuous mode [ 53.844089][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.857458][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.860248][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.862591][ T5948] bridge_slave_0: entered allmulticast mode [ 53.865356][ T5948] bridge_slave_0: entered promiscuous mode [ 53.871827][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.879910][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.882252][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.884772][ T5942] bridge_slave_0: entered allmulticast mode [ 53.887483][ T5942] bridge_slave_0: entered promiscuous mode [ 53.890830][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.893994][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.897145][ T5948] bridge_slave_1: entered allmulticast mode [ 53.902576][ T5948] bridge_slave_1: entered promiscuous mode [ 53.925173][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.927444][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.929902][ T5942] bridge_slave_1: entered allmulticast mode [ 53.932594][ T5942] bridge_slave_1: entered promiscuous mode [ 53.957586][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.960358][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.963431][ T5943] bridge_slave_0: entered allmulticast mode [ 53.967226][ T5943] bridge_slave_0: entered promiscuous mode [ 53.973679][ T5944] team0: Port device team_slave_0 added [ 53.989555][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.992557][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.995664][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.999537][ T5943] bridge_slave_1: entered allmulticast mode [ 54.003685][ T5943] bridge_slave_1: entered promiscuous mode [ 54.009947][ T5944] team0: Port device team_slave_1 added [ 54.013638][ T5948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.018392][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.045049][ T5948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.077628][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.079915][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.087170][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.093032][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.096631][ T5942] team0: Port device team_slave_0 added [ 54.099970][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.110072][ T5948] team0: Port device team_slave_0 added [ 54.112398][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.115215][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.127149][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.134064][ T5942] team0: Port device team_slave_1 added [ 54.148716][ T5948] team0: Port device team_slave_1 added [ 54.170165][ T5943] team0: Port device team_slave_0 added [ 54.175130][ T5943] team0: Port device team_slave_1 added [ 54.200538][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.202865][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.210907][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.215196][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.217188][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.224674][ T5948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.252134][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.254784][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.263793][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.268883][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.271650][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.282094][ T5948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.287461][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.290712][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.299639][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.307416][ T5944] hsr_slave_0: entered promiscuous mode [ 54.309885][ T5944] hsr_slave_1: entered promiscuous mode [ 54.323388][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.326773][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.338196][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.406162][ T5942] hsr_slave_0: entered promiscuous mode [ 54.409582][ T5942] hsr_slave_1: entered promiscuous mode [ 54.412872][ T5942] debugfs: 'hsr0' already exists in 'hsr' [ 54.415856][ T5942] Cannot create hsr debugfs directory [ 54.459698][ T5943] hsr_slave_0: entered promiscuous mode [ 54.463462][ T5943] hsr_slave_1: entered promiscuous mode [ 54.466626][ T5943] debugfs: 'hsr0' already exists in 'hsr' [ 54.469172][ T5943] Cannot create hsr debugfs directory [ 54.476790][ T5948] hsr_slave_0: entered promiscuous mode [ 54.480538][ T5948] hsr_slave_1: entered promiscuous mode [ 54.483879][ T5948] debugfs: 'hsr0' already exists in 'hsr' [ 54.486779][ T5948] Cannot create hsr debugfs directory [ 54.883689][ T5944] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.893185][ T5944] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.900392][ T5944] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.916612][ T5944] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.976305][ T5943] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.986086][ T5943] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.993570][ T5943] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.003997][ T5943] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.071249][ T5942] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.077074][ T5942] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.084118][ T5942] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.091521][ T5942] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.174284][ T5948] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.186094][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.191864][ T5948] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.198403][ T5948] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.208945][ T5948] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.233988][ T5944] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.255669][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.258232][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.282224][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.284931][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.299302][ T5955] Bluetooth: hci1: command tx timeout [ 55.299310][ T64] Bluetooth: hci0: command tx timeout [ 55.308519][ T5955] Bluetooth: hci3: command tx timeout [ 55.308526][ T64] Bluetooth: hci2: command tx timeout [ 55.319588][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.325460][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.370590][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.376106][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.392192][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.395608][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.402879][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.405815][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.422717][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.425209][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.429148][ T1147] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.432048][ T1147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.440459][ T5948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.500289][ T5948] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.513514][ T1147] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.516596][ T1147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.537710][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.540739][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.607935][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.651399][ T5944] veth0_vlan: entered promiscuous mode [ 55.656626][ T5944] veth1_vlan: entered promiscuous mode [ 55.675675][ T5944] veth0_macvtap: entered promiscuous mode [ 55.682449][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.686282][ T5944] veth1_macvtap: entered promiscuous mode [ 55.706601][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.713772][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.726267][ T46] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.738507][ T46] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.744020][ T46] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.751068][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.756197][ T46] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.808453][ T5943] veth0_vlan: entered promiscuous mode [ 55.839190][ T5943] veth1_vlan: entered promiscuous mode [ 55.855678][ T5948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.866146][ T5942] veth0_vlan: entered promiscuous mode [ 55.868799][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.871903][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.896870][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.900579][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.908475][ T5942] veth1_vlan: entered promiscuous mode [ 55.921529][ T5943] veth0_macvtap: entered promiscuous mode [ 55.931647][ T5943] veth1_macvtap: entered promiscuous mode [ 55.950767][ T5944] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.952724][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.975438][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.986064][ T5948] veth0_vlan: entered promiscuous mode [ 55.988374][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.993440][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.996293][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.004403][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.009684][ T5942] veth0_macvtap: entered promiscuous mode [ 56.030856][ T5942] veth1_macvtap: entered promiscuous mode [ 56.035223][ T5948] veth1_vlan: entered promiscuous mode [ 56.075839][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.100361][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.104039][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.109564][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.116928][ T1186] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.129963][ T1186] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.133585][ T1186] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.151811][ T1186] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.155926][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.158300][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.159814][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.163395][ T5948] veth0_macvtap: entered promiscuous mode [ 56.184918][ T5948] veth1_macvtap: entered promiscuous mode [ 56.218276][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.336579][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.341185][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.344564][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.382122][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.456529][ T6037] netlink: 'syz.3.4': attribute type 1 has an invalid length. [ 56.461289][ T1147] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.465089][ T1147] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.473174][ T1147] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.478522][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.480009][ T1147] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.481930][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.541199][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 56.643061][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.646032][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 56.649419][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.652565][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.658208][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.697802][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.704065][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.950713][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.258126][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 57.379483][ T5952] Bluetooth: hci0: command tx timeout [ 57.381361][ T64] Bluetooth: hci2: command tx timeout [ 57.388246][ T5952] Bluetooth: hci1: command tx timeout [ 57.390149][ T64] Bluetooth: hci3: command tx timeout [ 57.769786][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.808861][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 58.376962][ T6055] overlayfs: failed to resolve './file0': -2 [ 58.601250][ T6054] netlink: 'syz.3.5': attribute type 1 has an invalid length. [ 58.828706][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 58.829152][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 59.468623][ T5304] Bluetooth: hci0: command tx timeout [ 59.470994][ T64] Bluetooth: hci1: command tx timeout [ 59.472985][ T5952] Bluetooth: hci2: command tx timeout [ 59.476798][ T5955] Bluetooth: hci3: command tx timeout [ 60.996738][ T6078] netlink: 'syz.0.9': attribute type 1 has an invalid length. [ 61.538080][ T5952] Bluetooth: hci3: command tx timeout [ 61.538338][ T5304] Bluetooth: hci1: command tx timeout [ 61.539005][ T5957] Bluetooth: hci0: command tx timeout [ 61.544366][ T64] Bluetooth: hci2: command tx timeout [ 61.868137][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 61.871283][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 62.338621][ T6089] 9pnet_virtio: no channels available for device syz [ 64.827586][ T6105] ======================================================= [ 64.827586][ T6105] WARNING: The mand mount option has been deprecated and [ 64.827586][ T6105] and is ignored by this kernel. Remove the mand [ 64.827586][ T6105] option from the mount to silence this warning. [ 64.827586][ T6105] ======================================================= [ 64.884530][ T6105] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 65.187865][ T6109] netlink: 'syz.1.16': attribute type 1 has an invalid length. [ 65.987476][ T6120] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 65.989643][ T6120] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 65.994252][ T6120] vhci_hcd vhci_hcd.0: Device attached [ 66.268275][ T53] usb 38-1: SetAddress Request (2) to port 0 [ 66.271632][ T53] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 66.658207][ T5952] Bluetooth: hci4: command 0x1003 tx timeout [ 66.658342][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 66.739058][ T6121] vhci_hcd: connection reset by peer [ 66.743282][ T1147] vhci_hcd vhci_hcd.0: stop threads [ 66.745973][ T1147] vhci_hcd vhci_hcd.0: release socket [ 66.749066][ T1147] vhci_hcd vhci_hcd.0: disconnect device [ 67.016584][ T6130] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 67.019091][ T6130] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 67.043645][ T6130] vhci_hcd vhci_hcd.0: Device attached [ 67.138156][ T64] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 67.338103][ T34] usb 44-1: SetAddress Request (2) to port 0 [ 67.340082][ T34] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 67.477260][ T6138] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 67.856946][ T6131] vhci_hcd: connection reset by peer [ 67.863051][ T1258] vhci_hcd vhci_hcd.3: stop threads [ 67.865078][ T1258] vhci_hcd vhci_hcd.3: release socket [ 67.867408][ T1258] vhci_hcd vhci_hcd.3: disconnect device [ 68.018103][ T5955] Bluetooth: hci6: command 0x1003 tx timeout [ 68.018145][ T5304] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 68.345496][ T6147] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 69.400386][ T6157] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 70.418157][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 70.548113][ T5304] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 71.057647][ T6168] 9pnet_virtio: no channels available for device syz [ 71.538716][ T53] usb 38-1: device descriptor read/8, error -110 [ 71.869979][ T5955] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 71.872844][ T64] Bluetooth: hci5: command 0x1003 tx timeout [ 71.939346][ T53] usb usb38-port1: attempt power cycle [ 72.428283][ T34] usb 44-1: device descriptor read/8, error -110 [ 72.531225][ T53] usb usb38-port1: unable to enumerate USB device [ 72.828764][ T34] usb usb44-port1: attempt power cycle [ 73.389098][ T34] usb usb44-port1: unable to enumerate USB device [ 73.546439][ T6182] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 73.858204][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 73.858226][ T5304] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 73.938239][ T5955] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 73.938352][ T5304] Bluetooth: hci6: command 0x1003 tx timeout [ 75.222380][ T6194] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 75.224610][ T6194] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 75.228864][ T6194] vhci_hcd vhci_hcd.0: Device attached [ 75.518156][ T53] usb 40-1: SetAddress Request (2) to port 0 [ 75.520488][ T53] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 75.660067][ T6204] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 76.023348][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.025934][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.404721][ T6195] vhci_hcd: connection reset by peer [ 76.407756][ T4416] vhci_hcd vhci_hcd.1: stop threads [ 76.410644][ T4416] vhci_hcd vhci_hcd.1: release socket [ 76.413166][ T4416] vhci_hcd vhci_hcd.1: disconnect device [ 77.248930][ T6217] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 77.251180][ T6217] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 77.254995][ T6217] vhci_hcd vhci_hcd.0: Device attached [ 77.486271][ T6218] vhci_hcd: connection closed [ 77.486503][ T46] vhci_hcd vhci_hcd.0: stop threads [ 77.490249][ T46] vhci_hcd vhci_hcd.0: release socket [ 77.492634][ T46] vhci_hcd vhci_hcd.0: disconnect device [ 77.872607][ T6225] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 77.875436][ T6225] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 77.879944][ T6225] vhci_hcd vhci_hcd.0: Device attached [ 78.108139][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 78.108192][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 78.148083][ T6163] usb 42-1: SetAddress Request (2) to port 0 [ 78.150861][ T6163] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 78.581078][ T6226] vhci_hcd: connection reset by peer [ 78.588847][ T61] vhci_hcd vhci_hcd.2: stop threads [ 78.590549][ T61] vhci_hcd vhci_hcd.2: release socket [ 78.592338][ T61] vhci_hcd vhci_hcd.2: disconnect device [ 79.378164][ T5304] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 79.378362][ T64] Bluetooth: hci5: command 0x1003 tx timeout [ 80.031571][ T6240] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 80.418095][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 80.488165][ T6245] netlink: 'syz.2.42': attribute type 1 has an invalid length. [ 80.578095][ T53] usb 40-1: device descriptor read/8, error -110 [ 80.742350][ T6248] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 80.745118][ T6248] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 80.756092][ T6248] vhci_hcd vhci_hcd.0: Device attached [ 81.038130][ T145] usb 38-1: SetAddress Request (7) to port 0 [ 81.040228][ T145] usb 38-1: new SuperSpeed USB device number 7 using vhci_hcd [ 81.917109][ T53] usb usb40-port1: attempt power cycle [ 82.484128][ T53] usb usb40-port1: unable to enumerate USB device [ 82.819132][ T6260] 9pnet_virtio: no channels available for device syz [ 82.940881][ T6249] vhci_hcd: connection reset by peer [ 82.942990][ T13] vhci_hcd vhci_hcd.0: stop threads [ 82.944865][ T13] vhci_hcd vhci_hcd.0: release socket [ 82.947552][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 83.218114][ T6163] usb 42-1: device descriptor read/8, error -110 [ 83.560531][ T6267] netlink: 'syz.2.46': attribute type 1 has an invalid length. [ 83.663627][ T6163] usb usb42-port1: attempt power cycle [ 83.828293][ T6272] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 83.831462][ T6272] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 83.851761][ T6272] vhci_hcd vhci_hcd.0: Device attached [ 84.208107][ T10] usb 44-1: SetAddress Request (6) to port 0 [ 84.212589][ T10] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd [ 84.301350][ T6286] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 84.304053][ T6286] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 84.312092][ T6286] vhci_hcd vhci_hcd.0: Device attached [ 84.898803][ T6163] usb usb42-port1: unable to enumerate USB device [ 85.687580][ T6287] vhci_hcd: connection closed [ 85.688179][ T74] vhci_hcd vhci_hcd.0: stop threads [ 85.691907][ T74] vhci_hcd vhci_hcd.0: release socket [ 85.694720][ T74] vhci_hcd vhci_hcd.0: disconnect device [ 86.098223][ T145] usb 38-1: device descriptor read/8, error -110 [ 86.289267][ T54] cfg80211: failed to load regulatory.db [ 86.302049][ T6273] vhci_hcd: connection reset by peer [ 86.309924][ T61] vhci_hcd vhci_hcd.3: stop threads [ 86.312482][ T61] vhci_hcd vhci_hcd.3: release socket [ 86.317076][ T61] vhci_hcd vhci_hcd.3: disconnect device [ 86.525279][ T6302] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 86.527536][ T6302] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 86.536446][ T6302] vhci_hcd vhci_hcd.0: Device attached [ 86.578891][ T145] usb usb38-port1: attempt power cycle [ 86.798074][ T6047] usb 42-1: SetAddress Request (6) to port 0 [ 86.800105][ T6047] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 86.868797][ T6307] netlink: 'syz.0.52': attribute type 1 has an invalid length. [ 86.910806][ T5955] Bluetooth: hci4: command 0x1003 tx timeout [ 86.913481][ T5304] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 87.149760][ T145] usb usb38-port1: unable to enumerate USB device [ 87.611936][ T6303] vhci_hcd: connection reset by peer [ 87.615498][ T1165] vhci_hcd vhci_hcd.2: stop threads [ 87.617591][ T1165] vhci_hcd vhci_hcd.2: release socket [ 87.620715][ T1165] vhci_hcd vhci_hcd.2: disconnect device [ 87.830154][ T6313] netlink: 'syz.0.53': attribute type 1 has an invalid length. [ 88.212875][ T6320] netlink: 'syz.0.55': attribute type 1 has an invalid length. [ 89.318141][ T10] usb 44-1: device descriptor read/8, error -110 [ 89.863018][ T10] usb usb44-port1: attempt power cycle [ 90.108699][ T5304] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 90.222070][ T6338] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 90.570511][ T10] usb usb44-port1: unable to enumerate USB device [ 91.008541][ T6345] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 91.858253][ T6047] usb 42-1: device descriptor read/8, error -110 [ 92.259316][ T6047] usb usb42-port1: attempt power cycle [ 92.845420][ T6047] usb usb42-port1: unable to enumerate USB device [ 92.963444][ T6356] netlink: 'syz.1.63': attribute type 1 has an invalid length. [ 94.526630][ T6369] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 95.553427][ T6375] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 95.788121][ T5304] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 95.788585][ T64] Bluetooth: hci4: command 0x1003 tx timeout [ 96.159244][ T6380] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 96.258403][ T5304] Bluetooth: hci5: command 0x1003 tx timeout [ 96.348288][ T5955] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 96.700833][ T6384] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 98.903467][ T6413] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 99.618186][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 99.777364][ T6420] Zero length message leads to an empty skb [ 99.961335][ T6423] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 100.178282][ T5955] Bluetooth: hci5: command 0x1003 tx timeout [ 100.204071][ T5304] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 100.738125][ T5304] Bluetooth: hci6: command 0x1003 tx timeout [ 100.740838][ T64] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 102.042606][ T6441] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 102.891913][ T6444] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 103.778522][ T64] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 103.778534][ T5952] Bluetooth: hci5: command 0x1003 tx timeout [ 103.779681][ T5957] Bluetooth: hci4: command 0x1003 tx timeout [ 103.787783][ T5304] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 104.482934][ T6459] 9pnet_virtio: no channels available for device syz [ 105.378142][ T5955] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 105.378747][ T5304] Bluetooth: hci6: command 0x1003 tx timeout [ 105.395377][ T6463] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 108.098199][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 108.251030][ T24] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 108.254746][ T24] usb 7-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 108.258108][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 108.258676][ T24] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 66 [ 108.266091][ T24] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 108.270287][ T24] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 108.272891][ T24] usb 7-1: Product: syz [ 108.274441][ T24] usb 7-1: Manufacturer: syz [ 108.283199][ T24] usb 7-1: rejected 1 configuration due to insufficient available bus power [ 108.318983][ T24] usb 7-1: no configuration chosen from 1 choice [ 109.222042][ T6489] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 109.222078][ T6489] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 109.222301][ T6489] vhci_hcd vhci_hcd.0: Device attached [ 109.425713][ T6491] vhci_hcd: connection closed [ 109.425923][ T61] vhci_hcd vhci_hcd.1: stop threads [ 109.430840][ T61] vhci_hcd vhci_hcd.1: release socket [ 109.432760][ T61] vhci_hcd vhci_hcd.1: disconnect device [ 109.488117][ T6008] usb 40-1: enqueue for inactive port 0 [ 110.119718][ T6008] usb usb40-port1: attempt power cycle [ 110.678795][ T6008] usb usb40-port1: unable to enumerate USB device [ 110.875739][ T6008] usb 7-1: USB disconnect, device number 2 [ 110.966656][ T6510] netlink: 'syz.2.95': attribute type 1 has an invalid length. [ 112.578268][ T5957] Bluetooth: hci4: command 0x1003 tx timeout [ 112.580463][ T64] Bluetooth: hci5: command 0x1003 tx timeout [ 112.582653][ T5955] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 112.618092][ T5304] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 113.252911][ T6526] 9pnet_virtio: no channels available for device syz [ 113.538053][ T5952] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 113.538178][ T5304] Bluetooth: hci6: command 0x1003 tx timeout [ 113.543259][ T5952] ================================================================== [ 113.545767][ T5952] BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x3d/0x1a0 [ 113.548265][ T5952] Write of size 4 at addr ffff888023a57264 by task kworker/u33:2/5952 [ 113.552634][ T5952] [ 113.553428][ T5952] CPU: 3 UID: 0 PID: 5952 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 113.553447][ T5952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 113.553455][ T5952] Workqueue: hci6 hci_power_on [ 113.553475][ T5952] Call Trace: [ 113.553479][ T5952] [ 113.553483][ T5952] dump_stack_lvl+0x116/0x1f0 [ 113.553501][ T5952] print_report+0xcd/0x630 [ 113.553519][ T5952] ? __virt_addr_valid+0x81/0x610 [ 113.553536][ T5952] ? __phys_addr+0xe8/0x180 [ 113.553553][ T5952] ? sk_skb_reason_drop+0x3d/0x1a0 [ 113.553568][ T5952] kasan_report+0xe0/0x110 [ 113.553584][ T5952] ? sk_skb_reason_drop+0x3d/0x1a0 [ 113.553600][ T5952] kasan_check_range+0x100/0x1b0 [ 113.553611][ T5952] sk_skb_reason_drop+0x3d/0x1a0 [ 113.553626][ T5952] hci_uart_flush+0xa7/0x5d0 [ 113.553637][ T5952] ? __pfx_hci_uart_flush+0x10/0x10 [ 113.553647][ T5952] hci_dev_open_sync+0x80f/0x2590 [ 113.553660][ T5952] ? __pfx_hci_dev_open_sync+0x10/0x10 [ 113.553670][ T5952] ? add_lock_to_list+0x9d/0x130 [ 113.553687][ T5952] ? lockdep_unlock+0x64/0xd0 [ 113.553701][ T5952] ? __lock_acquire+0x12c2/0x2890 [ 113.553711][ T5952] hci_dev_do_open+0x2a/0xb0 [ 113.553725][ T5952] hci_power_on+0x131/0x640 [ 113.553741][ T5952] ? __pfx_hci_power_on+0x10/0x10 [ 113.553758][ T5952] ? rcu_is_watching+0x12/0xc0 [ 113.553774][ T5952] process_one_work+0x9ba/0x1b20 [ 113.553788][ T5952] ? __pfx_process_one_work+0x10/0x10 [ 113.553802][ T5952] ? assign_work+0x1a0/0x250 [ 113.553813][ T5952] worker_thread+0x6c8/0xf10 [ 113.553827][ T5952] ? __pfx_worker_thread+0x10/0x10 [ 113.553839][ T5952] kthread+0x3c5/0x780 [ 113.553850][ T5952] ? __pfx_kthread+0x10/0x10 [ 113.553861][ T5952] ? rcu_is_watching+0x12/0xc0 [ 113.553876][ T5952] ? __pfx_kthread+0x10/0x10 [ 113.553886][ T5952] ret_from_fork+0x983/0xb10 [ 113.553898][ T5952] ? __pfx_ret_from_fork+0x10/0x10 [ 113.553909][ T5952] ? __switch_to+0x7af/0x10d0 [ 113.553923][ T5952] ? __pfx_kthread+0x10/0x10 [ 113.553933][ T5952] ret_from_fork_asm+0x1a/0x30 [ 113.553954][ T5952] [ 113.553958][ T5952] [ 113.627907][ T5952] Allocated by task 10: [ 113.629223][ T5952] kasan_save_stack+0x33/0x60 [ 113.630727][ T5952] kasan_save_track+0x14/0x30 [ 113.632223][ T5952] __kasan_slab_alloc+0x89/0x90 [ 113.633760][ T5952] kmem_cache_alloc_node_noprof+0x298/0x800 [ 113.635703][ T5952] __alloc_skb+0x156/0x410 [ 113.637099][ T5952] bcsp_prepare_pkt+0xe0/0xae0 [ 113.638754][ T5952] bcsp_dequeue+0x237/0x4b0 [ 113.640205][ T5952] hci_uart_write_work+0x4e3/0x960 [ 113.641815][ T5952] process_one_work+0x9ba/0x1b20 [ 113.643397][ T5952] worker_thread+0x6c8/0xf10 [ 113.644856][ T5952] kthread+0x3c5/0x780 [ 113.646177][ T5952] ret_from_fork+0x983/0xb10 [ 113.647660][ T5952] ret_from_fork_asm+0x1a/0x30 [ 113.649211][ T5952] [ 113.649959][ T5952] Freed by task 6517: [ 113.651244][ T5952] kasan_save_stack+0x33/0x60 [ 113.652857][ T5952] kasan_save_track+0x14/0x30 [ 113.654412][ T5952] kasan_save_free_info+0x3b/0x60 [ 113.656003][ T5952] __kasan_slab_free+0x5f/0x80 [ 113.657531][ T5952] kmem_cache_free+0x2d8/0x770 [ 113.659209][ T5952] kfree_skbmem+0x1a4/0x1f0 [ 113.660815][ T5952] sk_skb_reason_drop+0x136/0x1a0 [ 113.662566][ T5952] hci_uart_flush+0xa7/0x5d0 [ 113.664143][ T5952] hci_uart_close+0x1d/0xa0 [ 113.665577][ T5952] hci_uart_tty_close+0xb0/0x2d0 [ 113.667163][ T5952] tty_ldisc_close+0x114/0x1a0 [ 113.669011][ T5952] tty_ldisc_kill+0x8e/0x150 [ 113.670687][ T5952] tty_ldisc_hangup+0x365/0x730 [ 113.672323][ T5952] __tty_hangup.part.0+0x3fe/0x8c0 [ 113.674150][ T5952] tty_ioctl+0x1057/0x1650 [ 113.676071][ T5952] tty_compat_ioctl+0xb9/0x4d0 [ 113.678157][ T5952] __ia32_compat_sys_ioctl+0x242/0x370 [ 113.680264][ T5952] __do_fast_syscall_32+0xe8/0x680 [ 113.681911][ T5952] do_fast_syscall_32+0x32/0x80 [ 113.683492][ T5952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 113.685557][ T5952] [ 113.686404][ T5952] The buggy address belongs to the object at ffff888023a57180 [ 113.686404][ T5952] which belongs to the cache skbuff_head_cache of size 240 [ 113.690894][ T5952] The buggy address is located 228 bytes inside of [ 113.690894][ T5952] freed 240-byte region [ffff888023a57180, ffff888023a57270) [ 113.695188][ T5952] [ 113.695937][ T5952] The buggy address belongs to the physical page: [ 113.697881][ T5952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23a56 [ 113.700697][ T5952] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 113.703482][ T5952] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 113.706354][ T5952] page_type: f5(slab) [ 113.707641][ T5952] raw: 00fff00000000040 ffff88801c3ee8c0 ffffea00004de800 dead000000000002 [ 113.710345][ T5952] raw: 0000000000000000 0000000000190019 00000000f5000000 0000000000000000 [ 113.713050][ T5952] head: 00fff00000000040 ffff88801c3ee8c0 ffffea00004de800 dead000000000002 [ 113.715853][ T5952] head: 0000000000000000 0000000000190019 00000000f5000000 0000000000000000 [ 113.718680][ T5952] head: 00fff00000000001 ffffea00008e9581 00000000ffffffff 00000000ffffffff [ 113.721390][ T5952] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 113.724188][ T5952] page dumped because: kasan: bad access detected [ 113.726485][ T5952] page_owner tracks the page as allocated [ 113.728289][ T5952] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 0, tgid 0 (swapper/2), ts 51333919081, free_ts 48178269825 [ 113.735074][ T5952] post_alloc_hook+0x1af/0x220 [ 113.736987][ T5952] get_page_from_freelist+0xd0b/0x31a0 [ 113.739160][ T5952] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 113.741509][ T5952] alloc_pages_mpol+0x1fb/0x550 [ 113.743477][ T5952] new_slab+0x2c3/0x430 [ 113.745164][ T5952] ___slab_alloc+0xe18/0x1c90 [ 113.747060][ T5952] __kmem_cache_alloc_bulk+0x1fb/0x6c0 [ 113.749227][ T5952] kmem_cache_alloc_bulk_noprof+0x4e1/0x800 [ 113.751593][ T5952] napi_skb_cache_get+0x6ac/0x900 [ 113.753607][ T5952] __alloc_skb+0x2aa/0x410 [ 113.755443][ T5952] napi_alloc_skb+0x44b/0x820 [ 113.757324][ T5952] e1000_clean_rx_irq+0x2ae/0x1180 [ 113.759370][ T5952] e1000_clean+0x9cb/0x2670 [ 113.761144][ T5952] __napi_poll.constprop.0+0xb3/0x540 [ 113.763294][ T5952] net_rx_action+0x9f9/0xfa0 [ 113.765185][ T5952] handle_softirqs+0x219/0x950 [ 113.767111][ T5952] page last free pid 0 tgid 0 stack trace: [ 113.769410][ T5952] __free_frozen_pages+0x7df/0x1170 [ 113.771480][ T5952] rcu_core+0x79c/0x15f0 [ 113.773170][ T5952] handle_softirqs+0x219/0x950 [ 113.775107][ T5952] __irq_exit_rcu+0x109/0x170 [ 113.776984][ T5952] irq_exit_rcu+0x9/0x30 [ 113.778683][ T5952] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 113.780949][ T5952] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.783333][ T5952] [ 113.784302][ T5952] Memory state around the buggy address: [ 113.786508][ T5952] ffff888023a57100: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 113.789371][ T5952] ffff888023a57180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.791876][ T5952] >ffff888023a57200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 113.794425][ T5952] ^ [ 113.796671][ T5952] ffff888023a57280: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 113.799244][ T5952] ffff888023a57300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.801743][ T5952] ================================================================== [ 113.998928][ T5952] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 114.001289][ T5952] CPU: 3 UID: 0 PID: 5952 Comm: kworker/u33:2 Not tainted syzkaller #0 PREEMPT(full) [ 114.004353][ T5952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.007715][ T5952] Workqueue: hci6 hci_power_on [ 114.009262][ T5952] Call Trace: [ 114.010371][ T5952] [ 114.011352][ T5952] dump_stack_lvl+0x3d/0x1f0 [ 114.012869][ T5952] vpanic+0x640/0x6f0 [ 114.014244][ T5952] panic+0xca/0xd0 [ 114.015494][ T5952] ? __pfx_panic+0x10/0x10 [ 114.016970][ T5952] ? sk_skb_reason_drop+0x3d/0x1a0 [ 114.018617][ T5952] ? preempt_schedule_common+0x44/0xc0 [ 114.020352][ T5952] ? preempt_schedule_thunk+0x16/0x30 [ 114.022029][ T5952] ? check_panic_on_warn+0x1f/0xb0 [ 114.023661][ T5952] check_panic_on_warn+0xab/0xb0 [ 114.025272][ T5952] end_report+0x107/0x160 [ 114.026720][ T5952] kasan_report+0xee/0x110 [ 114.028157][ T5952] ? sk_skb_reason_drop+0x3d/0x1a0 [ 114.029792][ T5952] kasan_check_range+0x100/0x1b0 [ 114.031385][ T5952] sk_skb_reason_drop+0x3d/0x1a0 [ 114.032962][ T5952] hci_uart_flush+0xa7/0x5d0 [ 114.034497][ T5952] ? __pfx_hci_uart_flush+0x10/0x10 [ 114.036156][ T5952] hci_dev_open_sync+0x80f/0x2590 [ 114.037789][ T5952] ? __pfx_hci_dev_open_sync+0x10/0x10 [ 114.039534][ T5952] ? add_lock_to_list+0x9d/0x130 [ 114.041175][ T5952] ? lockdep_unlock+0x64/0xd0 [ 114.042678][ T5952] ? __lock_acquire+0x12c2/0x2890 [ 114.044340][ T5952] hci_dev_do_open+0x2a/0xb0 [ 114.045834][ T5952] hci_power_on+0x131/0x640 [ 114.047323][ T5952] ? __pfx_hci_power_on+0x10/0x10 [ 114.048926][ T5952] ? rcu_is_watching+0x12/0xc0 [ 114.050478][ T5952] process_one_work+0x9ba/0x1b20 [ 114.052057][ T5952] ? __pfx_process_one_work+0x10/0x10 [ 114.053770][ T5952] ? assign_work+0x1a0/0x250 [ 114.055317][ T5952] worker_thread+0x6c8/0xf10 [ 114.056810][ T5952] ? __pfx_worker_thread+0x10/0x10 [ 114.058537][ T5952] kthread+0x3c5/0x780 [ 114.060114][ T5952] ? __pfx_kthread+0x10/0x10 [ 114.061735][ T5952] ? rcu_is_watching+0x12/0xc0 [ 114.063304][ T5952] ? __pfx_kthread+0x10/0x10 [ 114.064799][ T5952] ret_from_fork+0x983/0xb10 [ 114.066298][ T5952] ? __pfx_ret_from_fork+0x10/0x10 [ 114.067949][ T5952] ? __switch_to+0x7af/0x10d0 [ 114.069512][ T5952] ? __pfx_kthread+0x10/0x10 [ 114.071087][ T5952] ret_from_fork_asm+0x1a/0x30 [ 114.072692][ T5952] [ 114.074483][ T5952] Kernel Offset: disabled [ 114.075855][ T5952] Rebooting in 86400 seconds.. VM DIAGNOSIS: 22:39:57 Registers: info registers vcpu 0 CPU#0 RAX=0000000040000000 RBX=ffff88804d3e24c0 RCX=ffffffff815e4b33 RDX=ffff88804d3e24c0 RSI=0000000000000000 RDI=0000000000000007 RBP=ffff888023600000 RSP=ffffc90003e17678 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000080 R11=0000000000000001 R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=ffff88804d3e3d90 RIP=ffffffff81be6588 RFL=00000012 [----A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f2cf501fc80 ffffffff 00c00000 GS =0000 ffff8880976fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2d24f225d0 CR3=00000000246ae000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000005000001 Opmask01=0000000000000001 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffb81db59b 00007fffb81db59b ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffb81dbaa0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffb81dbaa0 0000003000000018 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65746e6f63007325 203a726f72726520 64656e7275746572 2072657672657300 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40514b4a46005600 051f574a57574005 41404b5750514057 0557405357405600 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20656572662d7265 7466612d6573752d 62616c73203a4e41 53414b203a475542 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e7974696c616e6f 6974636e75662073 696874206e6f2064 6e6570656420756f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 792066692067726f 2e6b6361766b406d 6d2d78756e696c20 6f74206573616365 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 73752072756f7920 74726f7065722065 7361656c50202e64 65766f6d65722065 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 62206c6c69772064 6e61206465746163 6572706564207369 2073657479625f6e ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2e6d656c626f7270 206568742065766c 6f7320646c756f77 2032333531206f74 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000030d745 RBX=0000000000000001 RCX=ffffffff8b7596d9 RDX=0000000000000000 RSI=ffffffff8dacaa85 RDI=ffffffff8bf2b500 RBP=ffffed1003b51498 RSP=ffffc9000046fde8 R8 =0000000000000001 R9 =ffffed100566673d R10=ffff88802b3339eb R11=ffff88801da8aff0 R12=0000000000000001 R13=ffff88801da8a4c0 R14=ffffffff9088ebd0 R15=0000000000000000 RIP=ffffffff8b757dcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000008002f000 CR3=000000004bb7a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000019800000000 0000000500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000001 RBX=ffff88802b23adc0 RCX=0000000000000100 RDX=0000000000000001 RSI=0000000000000002 RDI=ffff88802b23adc2 RBP=dffffc0000000000 RSP=ffffc90026b6f4e8 R8 =0000000000000001 R9 =ffff88802b43bd14 R10=ffff88802b23adc3 R11=ffff8880276caff0 R12=0000000000007ebc R13=0000000000000000 R14=ffff88802b43bd00 R15=ffffed10056475b8 RIP=ffffffff8b787e58 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978fc000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f50b1a29 CR3=000000004bb7a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000019800000000 0000000500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000035 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85302df5 RDI=ffffffff9aed92a0 RBP=ffffffff9aed9260 RSP=ffffc90003fc73d0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6133323038387257 R12=0000000000000000 R13=0000000000000035 R14=ffffffff9aed9260 R15=ffffffff85302d90 RIP=ffffffff85302e1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979fc000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000080dc3018 CR3=000000004c726000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000014800000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000