last executing test programs: 4.612269708s ago: executing program 2 (id=3): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0xe, &(0x7f0000002040)=ANY=[@ANYBLOB="b702000000000000bfa30000000000001403000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000007c000000b700000001000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac66ad029d1c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a7c31de7910d1ed4065a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db3503680e5e5971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dacfeb47479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3de8726c2a61ec45c19f97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9bdce38c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4af05c28308241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5490f6589880ed6eea7b9c670012be05e7de0940313c5870786554df2623d58f5ace92d028f2c71a6ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77962a2cd8a104e16b77d5f7f13b1640d43e11801140caf1a8b1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b905fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf34117a82a96b2ced73abb8e4bb718d6ee7aebf9ef40662d7836d252c566f5ee938a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7eee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000001762e5f5a3a0bc33fdbe28a5ffc83f2f08544eb2794e7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f85d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d801002653c4d9818708e27c89b552d3fcd11ebce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff2a8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4000000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b850580994484305d7a1759782ae57773e0d8b0ab900edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0bd91e328b6a6f732a91f0e2e9120be61e58c79d497247d278888901d44bf77ff246605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c2d0836395fe39f0e11c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc71300000000000021000000b12f0ec0412268860027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b50f3ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861ddb54684cb73e7aeefae47fa09fd88e6043bd52ae84c1bb0c8a6b769f952283a1f4e3842edb3d42c68a2102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e81163bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4c4b51b1f922a44ec675203bf8d1548e49262727c3de6daab3b4ed15aa99802e45d0620617e839b5237ddfcf103c91e61d174e3be6c9fd47398797e3b814e751ff31ecb42de6dd9d6b88121aaa680c236a303914e00150e1ec3f144ebc28287d5b51cfb8cabb844d12b140767d0fc24425590024b2e431722392489e3d43b3e31438a0138988083c47c61384d54e9a40fba01cac6e59ec82edc764840fe551c1d57442970cd8e59b9f41094e158c0a1ee855d8515599685486c2a21fa1c107531a0db8306441e8408b34aa90e9736e672d74cb8e78f8bdb93a23d024fc200796836ab396911a56231e953efad6cd83db32ffc595d970108e9547ea0000002730d5d1b70fe8b458ac1651135037b6cb9c8053299f77ab84c5b9fd2f764c3caa9c69377c397d310ddc7bc4bfa165def7b49e28ef196ae263b6829a8419d8860f56c86c288964ac4bc19839d96ff24b981c3a4fd6f93a000000ea9d6b06dafae4c91177", @ANYBLOB="1d139ea82bf95c2a5474d4a0d51d574c1e80c08468a1d0ffcaa5beda1d1e735401cddf133954ac1858a89458dfcc08fd460fd4095d862fefdd7b67249f863619a16200c3158d5c0f1d41e7e236a48ed97a83105f991550cd52d04afc5d4236e333c523630f55e3335db9f3008ffba8c0caf3b9cea8aa798e4b36b3cd801c9bb3c666bd5a41ea3c09e7583961eb53a6c5948b47502e0d4b2959fb217a2ea66fd7e4f5eaa78c31c69a1c9d5f"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000400), 0x5d, 0x10, &(0x7f0000000040), 0x10}, 0x4b) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$peekuser(0x3, r0, 0x114) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r1, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="18020000000080000000000000000000850000006100000085000000a000000095"], &(0x7f0000000000)='syzkaller\x00', 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r4, 0x0, 0xe, 0x0, &(0x7f0000000040)="7a7fa22c2a1a89df53ef2a2d86dd", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r5, 0x0, 0x0}, 0x10) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'erspan0\x00'}) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRDELBR(r7, 0x89a2, &(0x7f0000000200)='bridge0\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) 3.927069067s ago: executing program 0 (id=6): unshare(0x8020000) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_open_dev$dvb_frontend(&(0x7f00000004c0), 0x0, 0x413f) r0 = semget$private(0x0, 0x4000, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) r2 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000240)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x458, 0x5013, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x7, 0x50, 0x0, "", [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x3, 0x1, 0x2, 0x89, {0x9, 0x21, 0xfff, 0xa, 0x1, {0x22, 0x116}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x1, 0x0, 0x20}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x63, 0x6, 0x40}}]}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x110, 0x3, 0x7, 0x3, 0x8, 0x3}, 0xf, &(0x7f0000000380)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x2, 0xf4, 0x7}]}, 0x2, [{0xc2, &(0x7f0000000500)=@string={0xc2, 0x3, "ae3301b42821b79898c1ebec9548f7749db2c2d65060b1940f62bc3605f09fd4b122680963424f1e7c9b0862ca0a506534f42083d72a38fcaf7a403faf849a86695cd851f6fd111134c1937d43205a5520905b9df4cd24eb8260e0a623799f9954ac1cffd5cfdb72bce236451698e1513e2507ca0ab47d003557862cfeea1994d75a2879ea9e97aeee1bd8d2817d37ebf958d74f40d1bf00071bc9c01fc55500934ea1029e7606e25b586869571d67036d3cf1dbc85f18d5c12b5a138e83b83c"}}, {0x93, &(0x7f0000000700)=@string={0x93, 0x3, "1fd341be0e6d59c6ef5db63005494b5e0f469ed2ea01bc3e5ae4816113aa1ac8b24c920cdddd803de709177a4f74034104e31099be0c92f640557e9fd6690c0b0284aa9a4b4194d7b7334fe5188af9fa8593cae7fe3c62ce0881dae6c79e253b7b44cb31cf66cd7226c478283e58fb72a824e51921ced0d9b618c8d36eb388eb693817007d6dd18e1424d32f573563d1ec"}}]}) syz_usb_control_io$hid(r2, &(0x7f00000009c0)={0x14, &(0x7f0000000800)={0x40, 0xdbbbc3cdba78a8b7, 0xf2, {0xf2, 0x22, "e2170ad15841f6fd7ad12c109a0350d1ccc8690c89084d89d6ecec8f3b9818e28afe62ba7a8dc1705a41ae1eff7ed0459f47913886b81567f7a9f08389e76456c0b329e8d2422f7fdabb4773d31079925b7eb7c6bc8881f3877685743dc83da826d32fb467fa1c1e4b78d5e1c171f53477664b54148ad548dfceaf92c41a02d4e1e9495d05292714c61e52db57da8cd3404450fe71538af9f21a87c418ff1599e5147835b8f1217f7904e14d40de749af4d3ffab98505d46d5ad3878834dbc92585ac14c5fb0d545eab94854fe527362b1ddaccb022ddce7c003ac8f96efe91ab814cd9d59cb276c651bdf78e1fb5cf2"}}, &(0x7f0000000900)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x307b}}, &(0x7f0000000940)={0x0, 0x22, 0xe, {[@global=@item_012={0x0, 0x1, 0x2}, @main=@item_4={0x3, 0x0, 0x9, "9fef4964"}, @local=@item_4={0x3, 0x2, 0x1, "1213c250"}, @main=@item_012={0x2, 0x0, 0x5, "e157"}]}}, &(0x7f0000000980)={0x0, 0x21, 0x9, {0x9, 0x21, 0x0, 0x2, 0x1, {0x22, 0x762}}}}, &(0x7f0000000bc0)={0x18, &(0x7f0000000a00)={0x20, 0x6, 0x5c, "c59b8d3e477cbaa95b2bb5e065e536b323d2fd5aab108ce26681232795080d33d82687e204ecc2d5e804121d24ee7d155a6df3def65193b59c9cb968c871f1fc5f5779a0e15e2d6fa740d3494674d9bc1a5d23ea5fb1b65902405971"}, &(0x7f0000000a80)={0x0, 0xa, 0x1, 0xf}, &(0x7f0000000ac0)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000b00)={0x20, 0x1, 0x54, "b99456a7fd63621cb09e056f8fba2c08ea37f3621078b0d19bd2fab377215f949921a50c3b84eb83e480068d2beb483c6cf4601ce10d5c537020be8b0259206e16b34e820907519bd5ae098b815847382f23abbe"}, &(0x7f0000000b80)={0x20, 0x3, 0x1, 0x8}}) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/cgroup', 0x0, 0x0) getdents(r3, &(0x7f00000000c0)=""/170, 0xaa) getdents64(r3, 0x0, 0x0) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r4, 0x1, &(0x7f0000000340)=[&(0x7f0000000180)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)="5400ffff0000", 0x6, 0x0, 0x0, 0x2}]) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000600)=""/203) 3.360968606s ago: executing program 2 (id=9): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=@newtaction={0x910, 0x30, 0x1, 0x0, 0x0, {}, [{0x8fc, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x6aa, 0x11e41e7a, 0x6, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_police={0x8b4, 0xb, 0x0, 0x0, {{0xb}, {0x868, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x40, 0x10000000, 0x7, 0xfffff000, 0x0, {0x8, 0x1, 0x1, 0x6, 0x39}, {0x5, 0x0, 0xc7c, 0xffff, 0x4523, 0x1}, 0x8, 0x800, 0x6}}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x4}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x6, 0x7, 0x5, 0xf, 0x5, 0xfff, 0x2d, 0x1, 0x6, 0x8001, 0xf9, 0x8, 0x8, 0x308f, 0x3ff, 0x5, 0x2, 0x80000001, 0xff, 0x17930d92, 0x0, 0x5, 0x19, 0x6b4, 0x9, 0xf, 0x4, 0xb, 0x80000000, 0x2, 0x1, 0x33, 0xe4, 0x3ef, 0xa6d, 0xfff, 0x7f, 0xe131, 0x401, 0xb9a, 0x9e4, 0x428, 0x0, 0xffff8001, 0x0, 0x5, 0x7d87, 0x6, 0x100, 0x7, 0x9a, 0xa0a, 0x8, 0x101, 0x4, 0x1243, 0xc, 0x0, 0x2, 0x2, 0x0, 0x24, 0x8e5c, 0x1, 0xbcf, 0x0, 0x21, 0xffffffff, 0x7, 0x6, 0x9, 0x9, 0x4010, 0xc, 0xbe9, 0x8001, 0xd, 0x1, 0x8, 0x7, 0x800, 0x3, 0x8, 0x8, 0x1, 0xb73c, 0x8, 0x100, 0x0, 0x7, 0x5, 0x7, 0x2, 0x8000, 0x1, 0x7f, 0x0, 0x7f, 0x7, 0x7, 0x8, 0x5, 0x1, 0x7, 0x0, 0x3773, 0x1, 0x47, 0x7, 0x753b, 0x92, 0x1, 0x3, 0x9, 0x7, 0x8, 0x8, 0x6, 0x8, 0x2, 0x4, 0x7fffffff, 0x4, 0xfffffffb, 0x0, 0x70000, 0x8, 0x4, 0x0, 0x8, 0x7fff, 0x5, 0x4, 0x8001, 0x7ff, 0x58cd, 0x2, 0x0, 0x23, 0x2, 0x1, 0x482b7586, 0xfffffff1, 0xb, 0x5, 0x7, 0x3, 0x9, 0x1, 0x0, 0x9, 0x1, 0x8, 0x1, 0x5, 0xb, 0x80000000, 0x7, 0x728f, 0x7, 0x1ff, 0x2, 0x2, 0x1, 0x7, 0x4, 0x6f, 0x5, 0x10000, 0x60, 0xf, 0x1, 0x7, 0xb36c, 0x3, 0x7ff, 0x7, 0x7, 0xea8d, 0x80000000, 0x8, 0x0, 0xcbf, 0x8, 0x3ff, 0xfffffffc, 0x4, 0x10001, 0x7, 0x8d6, 0x4, 0x0, 0x2, 0xfaf, 0xfffffffb, 0x2, 0x9, 0x8ec7, 0x101, 0xc37, 0x9, 0x2, 0x5, 0x5, 0x9, 0x400, 0x2, 0xa6c, 0x1ff, 0x2bdf, 0xb, 0x40, 0xcc02, 0x10, 0xffff, 0x2, 0xfff, 0x4, 0x6, 0x1000, 0x8, 0xfee8, 0xf2, 0x10, 0x3, 0x8000, 0x5, 0xe, 0x20000000, 0xa38e, 0xce, 0xb, 0x0, 0xb5abc4d, 0x5, 0x82, 0x8000, 0x1, 0x1, 0x3, 0x48, 0x3, 0x2, 0x7fff, 0x8, 0x7, 0x6, 0x3800000, 0x7, 0x4, 0x5, 0x8, 0x0, 0x3, 0xc, 0x6]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xe0000000}, @TCA_POLICE_RATE={0x404, 0x2, [0x23, 0x3, 0xfffffff8, 0xb99, 0xd14, 0x6, 0x2, 0x1, 0x6, 0x254b, 0x818, 0x4, 0x1, 0x4, 0x1, 0x7, 0x5, 0x4, 0x3, 0x1, 0x8000, 0x400, 0x3, 0x40400, 0xffffffff, 0xff, 0x3, 0xffff, 0x7fffffff, 0x8, 0x10, 0xffffffff, 0x10001, 0x3, 0x200, 0x8f1, 0x65, 0x10000, 0xfffffff8, 0xfffff000, 0x8e5, 0x2, 0x40, 0x73, 0x200, 0xffff31e2, 0xffff, 0x7, 0xffffffff, 0x47, 0x5, 0x7, 0x426, 0x10, 0xa3, 0xb, 0x100, 0x2, 0x5, 0x3, 0x5, 0x40, 0x4, 0xf, 0x2, 0x1, 0xd9bd, 0xfff, 0x7f, 0xa09, 0xc8c, 0x8ec, 0x1, 0xeae7, 0x8001, 0xe, 0x8, 0xfb, 0x9, 0x3, 0x8, 0x6, 0xa, 0x3, 0x9, 0x2, 0xb23, 0x8001, 0xd, 0x7, 0x8, 0x400, 0x0, 0xffffff13, 0xd, 0x3, 0x800, 0x3, 0x3, 0x4, 0x3, 0xfffffff8, 0xff, 0x7, 0xfa, 0x200, 0x9, 0xfffffff8, 0x9, 0x7fff, 0xfffffffd, 0x3, 0x1, 0x7, 0x0, 0x1, 0x2, 0x7, 0x0, 0x9, 0x7ff, 0x82, 0x401, 0xfff, 0xf7e, 0x4, 0xffffff01, 0x8, 0x81, 0x5, 0x7, 0xa337, 0x1ff, 0xfffffffc, 0x5, 0x6844, 0x1, 0x0, 0x7, 0x9, 0x6b6, 0x9, 0x0, 0x3, 0x9, 0x4, 0xfffffff2, 0x6, 0x200, 0x5, 0xe, 0x2, 0x5d, 0x9, 0x40, 0x4, 0x5, 0x8, 0x0, 0xadb7, 0x7fffffff, 0x0, 0x2, 0x28dd, 0x81, 0x7, 0x0, 0xb55d, 0x4, 0x32fd36cb, 0x5, 0x8f, 0xffff1b25, 0x1, 0xfffffffe, 0x5, 0x1, 0xf, 0x4, 0xa291, 0xf8, 0x8, 0xc, 0x3, 0x7, 0x5, 0x8001, 0x1, 0x7, 0x6, 0xff, 0xfffffffc, 0x100, 0x3b95, 0x0, 0x3, 0x7, 0x200, 0x7, 0x7ff, 0x81, 0x10001, 0x7, 0x7f, 0x400, 0x8, 0x1, 0x101, 0x200, 0x4, 0x4, 0x7, 0x8, 0x9, 0x4, 0x94, 0x9, 0xe, 0x3, 0x200, 0x1, 0xd, 0x0, 0x9, 0x8, 0x1, 0x9, 0x1, 0xfffffffe, 0x400, 0x5, 0x9, 0x30a4e409, 0x0, 0x3, 0xffff6b3e, 0xdc, 0x9e, 0xfffffffe, 0x2, 0x4, 0x6, 0x5c4, 0xec, 0xc, 0xf49a, 0x8, 0x3, 0x7ff, 0xf45d, 0x7, 0x9, 0x8, 0x2, 0x8, 0x8001]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0xff0}]]}, {0x23, 0x6, "a9286b86d425b565c29c7bb9b995195ee2557f89a3dbfe0a878554dcc52ff6"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x910}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) setgroups(0x0, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x438, 0x30c, 0xa, 0x148, 0x0, 0x60, 0x3a4, 0x2a8, 0x2a8, 0x3a4, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0xffffffff, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2a0, 0x30c, 0x0, {0x200003ae, 0x7f00}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x6c, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x494) r7 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r5, 0x0, {0x2}, 0xfd}, 0x18) r8 = socket$kcm(0x11, 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x103401) close(r8) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4}) socket$netlink(0x10, 0x3, 0x15) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x6, 0x1e, &(0x7f0000000300)=""/30, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000c00)={0x4, 0xb, 0x902c}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x94) r9 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r9, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) dup(r9) 3.280429455s ago: executing program 0 (id=10): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x80000) ppoll(&(0x7f00000000c0)=[{r0, 0x200}, {r0, 0x10}], 0x2, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000001c0)=@req={0x20, &(0x7f0000000180)={'gretap0\x00', @ifru_map={0x4, 0x10, 0x2, 0x4, 0x0, 0x2}}}) unshare(0x6020400) pipe(&(0x7f0000000080)) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0) write$sndseq(r1, &(0x7f0000000100)=[{0x12, 0x4, 0x7, 0xd, @time={0x9, 0x62}, {0x68, 0xb}, {0x9, 0xff}, @queue={0x2, {0x0, 0x3ff}}}, {0xa0, 0xa, 0x2, 0x8, @tick=0x3, {0xa2, 0x76}, {0x3, 0xbd}, @queue={0x1, {0x101, 0xfff}}}, {0xc, 0x6, 0x5, 0x2, @tick=0x3, {0x10, 0x2}, {0x5, 0x1}, @ext={0x0, 0x0}}, {0x18, 0xc, 0x6, 0x9, @tick=0xa656, {0xb, 0xb}, {0x9, 0x1}, @control={0x0, 0x40, 0xd3}}], 0x70) 3.100227909s ago: executing program 1 (id=11): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mlockall(0x2) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) mlockall(0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) r3 = socket$nl_generic(0x10, 0x3, 0x10) preadv(0xffffffffffffffff, &(0x7f0000004ec0)=[{&(0x7f0000004bc0)=""/60, 0x3c}], 0x1, 0x8000, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(0xffffffffffffffff, 0xc0745645, &(0x7f0000000400)={0xd7, [0x4, 0xfff8, 0x1, 0x78, 0x364, 0xa58, 0x3f, 0x0, 0x10, 0xff, 0x5, 0xc, 0x40, 0x4, 0x79a1, 0x4fd0, 0xfffc, 0x81, 0x101, 0x3, 0x401, 0x8, 0x7, 0x8, 0x3ff, 0xe, 0x6, 0x4, 0x7, 0x3ff, 0xff, 0x7, 0x5, 0x400, 0x5, 0x5, 0x200, 0x6, 0x8, 0x2, 0x86, 0x0, 0x0, 0xb, 0xefd, 0x2, 0x0, 0x7], 0x4}) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x14}}, 0x0) syz_io_uring_setup(0x151, 0x0, &(0x7f0000000340)=0x0, &(0x7f0000000000)) landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4) 2.396051035s ago: executing program 0 (id=12): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_open_dev$vim2m(&(0x7f0000000500), 0x0, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x27) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff15, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) shmat(0x0, &(0x7f0000ff7000/0x3000)=nil, 0x400c) syz_init_net_socket$llc(0x1a, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x0, 0x0) shutdown(r1, 0x0) socket(0x10, 0x3, 0x1000) getsockopt(0xffffffffffffffff, 0x400000000000003a, 0x5, 0x0, 0x0) 1.479270363s ago: executing program 1 (id=13): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) preadv2(r2, 0x0, 0x0, 0x5, 0x1, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0x707b, 0x400, 0x2, 0x40288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x200000e, 0x6c2f2, 0xffffffffffffffff, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r8, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket(0x18, 0x2, 0xfffffffc) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r12 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f00000002c0)={'vlan0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000002c00128009000100766c616e000000001c0002800600010004000000100003800c000100070000000100000008000500", @ANYRES32=r13, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r11], 0x5c}, 0x1, 0x0, 0x0, 0x600}, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r3, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000120, 0x4aa52520f215cfe4, {0x2}}) socket$nl_netfilter(0x10, 0x3, 0xc) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) 1.477965333s ago: executing program 0 (id=22): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010028bd7000fcdbdf251400000008000300", @ANYBLOB="db27319bcffb0034ad8d1ff4819c44ea185eb0edf17723a19d9af9d92ae7974c1ace3b93d4c9c5f38cf3992e635fa6e021c6fa9b5a784cada2fdacbe75659d28d2d6526f56fa8380dcbcbb9f17d589d73ba93d1329f28a625f30c3b80f54dc0a3a6359139ff1472db61a5b8a", @ANYRES64=r2], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x48814) 921.673574ms ago: executing program 2 (id=14): userfaultfd(0x801) gettid() openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x40, 0x10, 0x401, 0x800000, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, 0x132f}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x74c920689c38ea7e) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x0) sendmsg$netlink(r1, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x7a, 0x601, 0x4000000, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) pipe2$watch_queue(&(0x7f00000000c0), 0x80) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000015c0)=@raw={'raw\x00', 0x8, 0x3, 0x1d8, 0x90, 0x11, 0x148, 0x90, 0x0, 0x1174, 0x2a8, 0x2a8, 0x1174, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x94, 0xb4, 0x0, {}, [@common=@ttl={{0x24}, {0x2, 0x40}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x234) 919.952177ms ago: executing program 0 (id=24): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='\x00]\xfbo\x92\xec\x8e\x1d', 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000003ec0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)=""/177, 0xb1}, {&(0x7f0000000500)=""/179, 0xb3}], 0x2, &(0x7f0000000600)=""/124, 0x7c}, 0xfffffffc}, {{&(0x7f0000000680)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000700)=""/253, 0xfd}], 0x1, &(0x7f0000000a00)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000000840)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000001a00)=""/4096, 0x1000}, {&(0x7f0000002a00)=""/4096, 0x1000}, {&(0x7f0000003a00)=""/143, 0x8f}, {&(0x7f00000008c0)=""/59, 0x3b}], 0x4}, 0x38}, {{&(0x7f0000003ac0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000003c40)=[{&(0x7f0000003b40)=""/224, 0xe0}], 0x1, &(0x7f0000003c80)=""/184, 0xb8}, 0x2}, {{0x0, 0x0, &(0x7f0000003e80)=[{&(0x7f0000003d40)=""/31, 0x1f}, {&(0x7f0000003d80)=""/241, 0xf1}], 0x2}, 0x2}], 0x5, 0x40002102, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1, 0xffff}, 0x20) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) mmap(&(0x7f0000a0c000/0x2000)=nil, 0x2000, 0x3000003, 0x110, r3, 0x26f36000) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10) listen(r5, 0x0) r6 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r6, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x4) close(r6) accept4(r5, &(0x7f0000000280)=@xdp, &(0x7f00000001c0)=0x80, 0x80800) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mount$9p_virtio(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x108c, 0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 788.811094ms ago: executing program 3 (id=15): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = socket(0x2b, 0x1, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x48, 0x30, 0x1, 0x0, 0x0, {}, [{0x34, 0x1, [@m_mpls={0x30, 0x11, 0x0, 0x0, {{0x9}, {0x4}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x2004c851}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r2) sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x30, r4, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x9b76}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140063957d7996343b2d001f000b76f63a800000000800000072884e0bb94e0000000000001f5b5d339f270723f309fd76548f93d9000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x48010}, 0x4000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010026bd7000000000003f00000008000300", @ANYRES32=r6, @ANYBLOB="30005e800800"], 0x4c}}, 0x80) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r8, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900038073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x25}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14}}, 0x6c}}, 0x10) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x1, 0x4}, {}, {0xe, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x893}, 0x20040084) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) r10 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000000)={0x0, 0xea60}, 0x10) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x100006, @remote}, 0x1c) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 651.72159ms ago: executing program 3 (id=16): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00') read$FUSE(r0, &(0x7f0000004100)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000004100)={0x2020}, 0x2020) accept4$x25(r0, &(0x7f0000000100), &(0x7f0000000140)=0x12, 0x0) socket(0x10, 0x3, 0x0) (async) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r3 = io_uring_setup(0x2c06, &(0x7f0000000240)={0x0, 0x290e, 0x40}) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r3, 0xc, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x30, 0x24, 0x3fe3aa0262d8c583, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0xc083}, 0x2004c998) openat$tcp_mem(0xffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) (async) openat$tcp_mem(0xffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) 516.119188ms ago: executing program 3 (id=18): mkdir(&(0x7f0000000000)='./file0\x00', 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x10, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) link(&(0x7f0000000140)='./file1\x00', &(0x7f00000001c0)='./bus\x00') chmod(&(0x7f0000000180)='./bus\x00', 0x0) (fail_nth: 4) 449.663823ms ago: executing program 1 (id=19): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$tipc(0x1e, 0x2, 0x0) fanotify_init(0x200, 0x0) pselect6(0x40, &(0x7f0000000680)={0x8, 0x7, 0x0, 0xfffffffffffffff9, 0x916, 0xae3, 0x7, 0x8}, 0x0, 0x0, &(0x7f0000000740), 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r9 = socket$unix(0x1, 0x5, 0x0) ppoll(&(0x7f0000000e40)=[{r9, 0x101}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x0, 0x4}, {}, {0x8, 0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x7cff, 0xbd, 0x1, 0x6, 0x1ff}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) fsopen(&(0x7f00000000c0)='ocfs2\x00', 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r10, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000000)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x8}], 0x2}, 0x5) 339.963524ms ago: executing program 3 (id=20): r0 = openat$dlm_plock(0xffffff9c, &(0x7f0000000380), 0x24402, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r1, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x40}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x8001) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) r3 = syz_open_dev$vcsu(&(0x7f0000000200), 0x6, 0x20480) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000280)) listen(r2, 0xfffffffc) shutdown(r0, 0x0) r4 = socket(0x10, 0x803, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xe}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0xffffffffffffff1f, 0x2, {0x1, 0x1000}}}]}, 0x38}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r7) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000030feffff720af0fff8ffffff61a4f0ff000000002d040000000000003d400300000000006504000001ed000079130000000000006c440000000000007a0ab0fe000000007b13000000000000b5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e94af05000000f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a715bc5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128c4e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e655400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d0800af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d390dd65be2467b373eafd9aa58f2077184b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c5da18ec0ae564162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b93d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6ffc3a15d96c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7cd86975023cb08cc7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c5538a294270a1ad10c80fef7c24c87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca571380d7b4ead35a655e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f05beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba5823a34a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b728fe26e37037f27f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d0a874c74b777df005c55fc30511d00000000c85265b2bd83d64a532869d708000000000000007baa5b6a682b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a9037d2283c42efc54fa84323a56edbd287eba77f35c35d91f3c62a0ca74836a640224de85f2b4a5fee500bbc584328a6a7a4628c4378c9b71dff64075b74a6520adb187b40d2cccbcb08c0634ee74658d3e23bf511c8b0bf1b69d2b3782b3f481c314e7bd4615dbbf24c06ac95bd639e68d0e6aa7f0d07bf69a93365f803f0144af37236ea133c2255b0613bf8ba1d538e06c2411e8d70053b712084fd0e313de9bb19266e49a3a2190cb039c6f89610acd896319b9c8d1b8aac2eaa5a4f8be7419a09e3fb5be3be2fcdadd2299839cc40e684e6e2b4e1385fde7a0babcb0be672110268a34dad364fddee69e564119cebb6940c6356ff83ca527c573d700000000000000c6299263e6d9097f225de969485bce3d7dc471c0669bb6a467cf0de54dfcc1857048fe22a19dbb1b3cb9babaa839f1f6e817a62d95a5b971ff96a5c66c338c6f2a2da4644519f40761402e9c81013d76c7152c95ba5efa24ce1930f23a2277f057ffb6b0144f3b434a2adc456ef4d2fbdf7c6238c2bb00ffcf2d23d68cb9b027f3b225ec4e09b089f7956b66c5692b46ea03abb6a404c8ccceaa4ba4161409fcb54b86eaca26b2a0c4b81f7b71cbfcef"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x4}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x3c) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2000c0d0) sched_setscheduler(0x0, 0x2, 0x0) r9 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r9, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r10 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) connect$unix(r10, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r8, 0x7, 0x60, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x4040) r11 = socket(0x10, 0x803, 0x0) r12 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r13, {0x0, 0xfff6}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$GTP_CMD_GETPDP(r7, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000054ecc9c4520f581522c7ce7d26ef610e7dbd7fa07352930f0820b73059064ae6864e3f1d70df174bdc594817e361d8706303e317ede9d5251c7af57a5fbb0ecfb420415498ffe3c53e", @ANYRES16=0x0, @ANYBLOB="010025bd7000fddbdf2502000000080002000100000014000b00fe88000000000000000000000000010108000100", @ANYRES32=r13, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0) 169.358685ms ago: executing program 1 (id=21): unshare(0x8020000) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_open_dev$dvb_frontend(&(0x7f00000004c0), 0x0, 0x413f) 169.197909ms ago: executing program 3 (id=23): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010028bd7000fcdbdf251400000008000300", @ANYRES32=r2, @ANYBLOB="0a0006"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x48814) (fail_nth: 4) 120.782473ms ago: executing program 1 (id=25): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140)="ed", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) recvfrom(r0, 0x0, 0x0, 0x103, 0x0, 0x0) 120.629338ms ago: executing program 1 (id=26): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110c2dbd7000fedbdf256800000008000300", @ANYRES32=r2], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x8000) 323.191µs ago: executing program 3 (id=27): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000009, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000) setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, 0x0, 0x0) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x4e1f, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1, {[0x9, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x10000]}}, 0x5c) 0s ago: executing program 0 (id=28): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x8000) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0) getpid() capset(0x0, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r3, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'}) r5 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000000)=0x4) ioctl$PPPIOCSACTIVE(r5, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000062c0)) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) write$sndseq(r6, 0x0, 0x0) openat$random(0xffffff9c, 0x0, 0x280000, 0x0) signalfd(r4, &(0x7f0000000100)={[0x2, 0x1]}, 0x8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4000800) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:14438' (ED25519) to the list of known hosts. [ 48.151143][ T5917] cgroup: Unknown subsys name 'net' [ 48.292434][ T5917] cgroup: Unknown subsys name 'cpuset' [ 48.296280][ T5917] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.211033][ T5917] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.817132][ T5293] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.830828][ T5947] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.834661][ T5947] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.838661][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.841944][ T5947] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.845769][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.846047][ T5948] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.846174][ T5946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.846910][ T5946] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.847732][ T5946] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.848255][ T5946] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.849786][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.856410][ T5948] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.857412][ T5947] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.860876][ T5948] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.863769][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.864599][ T5949] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.868351][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.873984][ T5948] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.877572][ T5947] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.137778][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 53.202522][ T5932] chnl_net:caif_netlink_parms(): no params data found [ 53.226146][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 53.331751][ T5937] chnl_net:caif_netlink_parms(): no params data found [ 53.388483][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.391540][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.394084][ T5939] bridge_slave_0: entered allmulticast mode [ 53.397011][ T5939] bridge_slave_0: entered promiscuous mode [ 53.402474][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.405735][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.409009][ T5939] bridge_slave_1: entered allmulticast mode [ 53.413934][ T5939] bridge_slave_1: entered promiscuous mode [ 53.495183][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.541641][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.561748][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.564997][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.568169][ T5935] bridge_slave_0: entered allmulticast mode [ 53.572427][ T5935] bridge_slave_0: entered promiscuous mode [ 53.593781][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.596491][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.598930][ T5937] bridge_slave_0: entered allmulticast mode [ 53.601974][ T5937] bridge_slave_0: entered promiscuous mode [ 53.605631][ T5932] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.608032][ T5932] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.610595][ T5932] bridge_slave_0: entered allmulticast mode [ 53.613345][ T5932] bridge_slave_0: entered promiscuous mode [ 53.616349][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.619678][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.622750][ T5935] bridge_slave_1: entered allmulticast mode [ 53.626619][ T5935] bridge_slave_1: entered promiscuous mode [ 53.631400][ T5939] team0: Port device team_slave_0 added [ 53.633330][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.635616][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.637947][ T5937] bridge_slave_1: entered allmulticast mode [ 53.640898][ T5937] bridge_slave_1: entered promiscuous mode [ 53.653464][ T5932] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.656664][ T5932] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.660010][ T5932] bridge_slave_1: entered allmulticast mode [ 53.664175][ T5932] bridge_slave_1: entered promiscuous mode [ 53.692873][ T5939] team0: Port device team_slave_1 added [ 53.698449][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.705308][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.720936][ T5932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.726271][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.760372][ T5932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.765416][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.788223][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.791704][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.803291][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.817871][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.820554][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.829261][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.834341][ T5937] team0: Port device team_slave_0 added [ 53.847434][ T5937] team0: Port device team_slave_1 added [ 53.864306][ T5935] team0: Port device team_slave_0 added [ 53.874300][ T5932] team0: Port device team_slave_0 added [ 53.879807][ T5935] team0: Port device team_slave_1 added [ 53.897598][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.900102][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.909226][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.914459][ T5932] team0: Port device team_slave_1 added [ 53.947735][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.950328][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.958694][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.975723][ T5939] hsr_slave_0: entered promiscuous mode [ 53.978061][ T5939] hsr_slave_1: entered promiscuous mode [ 53.981364][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.983591][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.992236][ T5932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.999629][ T5932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.001919][ T5932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.010233][ T5932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.014316][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.017371][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.028670][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.036398][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.039717][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 54.051374][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.144507][ T5937] hsr_slave_0: entered promiscuous mode [ 54.147734][ T5937] hsr_slave_1: entered promiscuous mode [ 54.151003][ T5937] debugfs: 'hsr0' already exists in 'hsr' [ 54.153659][ T5937] Cannot create hsr debugfs directory [ 54.165281][ T5935] hsr_slave_0: entered promiscuous mode [ 54.168582][ T5935] hsr_slave_1: entered promiscuous mode [ 54.171585][ T5935] debugfs: 'hsr0' already exists in 'hsr' [ 54.174008][ T5935] Cannot create hsr debugfs directory [ 54.200647][ T5932] hsr_slave_0: entered promiscuous mode [ 54.203019][ T5932] hsr_slave_1: entered promiscuous mode [ 54.205210][ T5932] debugfs: 'hsr0' already exists in 'hsr' [ 54.207099][ T5932] Cannot create hsr debugfs directory [ 54.435625][ T5939] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.453905][ T5939] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.459466][ T5939] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.468259][ T5939] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.500842][ T5935] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.509943][ T5935] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.520010][ T5935] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.526528][ T5935] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.573729][ T5937] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.587164][ T5937] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.593256][ T5937] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.607241][ T5937] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.680858][ T5932] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.686235][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.690994][ T5932] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.695134][ T5932] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.700379][ T5932] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.732811][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.749579][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.754250][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.757225][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.771060][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.774121][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.794757][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.806709][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.809156][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.816037][ T1175] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.818849][ T1175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.832054][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.860482][ T5934] Bluetooth: hci0: command tx timeout [ 54.891747][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.902190][ T5932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.912227][ T470] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.914829][ T470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.928043][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.931538][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.940114][ T5934] Bluetooth: hci3: command tx timeout [ 54.940382][ T5293] Bluetooth: hci2: command tx timeout [ 54.942201][ T5941] Bluetooth: hci1: command tx timeout [ 54.945232][ T5932] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.962968][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.965732][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.984499][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.986965][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.024117][ T5932] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.027857][ T5932] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.063843][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.074659][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.103887][ T5939] veth0_vlan: entered promiscuous mode [ 55.117924][ T5939] veth1_vlan: entered promiscuous mode [ 55.126185][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.129483][ T5935] veth0_vlan: entered promiscuous mode [ 55.136123][ T5935] veth1_vlan: entered promiscuous mode [ 55.165432][ T5939] veth0_macvtap: entered promiscuous mode [ 55.180664][ T5937] veth0_vlan: entered promiscuous mode [ 55.187154][ T5937] veth1_vlan: entered promiscuous mode [ 55.194245][ T5932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.201390][ T5939] veth1_macvtap: entered promiscuous mode [ 55.215894][ T5935] veth0_macvtap: entered promiscuous mode [ 55.223602][ T5935] veth1_macvtap: entered promiscuous mode [ 55.234140][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.248969][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.253028][ T5937] veth0_macvtap: entered promiscuous mode [ 55.261227][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.272279][ T470] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.277527][ T5937] veth1_macvtap: entered promiscuous mode [ 55.284216][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.288383][ T470] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.293923][ T470] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.303229][ T470] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.312419][ T5932] veth0_vlan: entered promiscuous mode [ 55.320199][ T470] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.328529][ T470] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.332123][ T470] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.336019][ T5932] veth1_vlan: entered promiscuous mode [ 55.339210][ T470] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.344267][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.362892][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.393665][ T5932] veth0_macvtap: entered promiscuous mode [ 55.397535][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.403331][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.407516][ T46] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.422084][ T46] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.425001][ T46] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.430129][ T5932] veth1_macvtap: entered promiscuous mode [ 55.437530][ T46] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.453632][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.456333][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.468895][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.471887][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.486204][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.492135][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.495106][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.500686][ T5932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.513119][ T80] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.520066][ T5939] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.527214][ T80] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.530890][ T80] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.533832][ T80] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.544154][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.547038][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.622158][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.626104][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.629761][ T0] NOHZ tick-stop error: local softirq work is pending, handler #212!!! [ 55.657518][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.671807][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.694824][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.707347][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.898108][ T6031] Bluetooth: MGMT ver 1.23 [ 55.913269][ T6026] can0: slcan on ttyS3. [ 56.144500][ T6034] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.147342][ T6034] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.165510][ T6035] bridge0: port 3(erspan0) entered blocking state [ 56.167977][ T6035] bridge0: port 3(erspan0) entered disabled state [ 56.170755][ T6035] erspan0: entered allmulticast mode [ 56.180360][ T6026] can0 (unregistered): slcan off ttyS3. [ 56.180690][ T6035] erspan0: entered promiscuous mode [ 56.187140][ T6035] bridge0: port 3(erspan0) entered blocking state [ 56.189489][ T6035] bridge0: port 3(erspan0) entered forwarding state [ 56.329550][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 56.729947][ T9] usb 8-1: new low-speed USB device number 2 using dummy_hcd [ 56.901427][ T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 56.904838][ T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 56.908175][ T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 56.915010][ T9] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 56.918074][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.927144][ T6050] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 56.932815][ T9] hub 8-1:1.0: bad descriptor, ignoring hub [ 56.939406][ T5934] Bluetooth: hci0: command tx timeout [ 56.946431][ T6055] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.949821][ T6055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.952823][ T9] hub 8-1:1.0: probe with driver hub failed with error -5 [ 56.956027][ T9] cdc_wdm 8-1:1.0: skipping garbage [ 56.957833][ T9] cdc_wdm 8-1:1.0: skipping garbage [ 56.962230][ T9] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 56.964821][ T9] cdc_wdm 8-1:1.0: Unknown control protocol [ 57.019531][ T5934] Bluetooth: hci3: command tx timeout [ 57.019555][ T5941] Bluetooth: hci2: command tx timeout [ 57.021483][ T5934] Bluetooth: hci1: command tx timeout [ 57.175824][ T6063] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 57.178723][ T6063] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 57.182248][ T6063] vhci_hcd vhci_hcd.0: Device attached [ 57.469634][ T5986] usb 42-1: SetAddress Request (2) to port 0 [ 57.472614][ T5986] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 57.704549][ T6050] cdc_wdm 8-1:1.0: Error autopm - -16 [ 57.740042][ T9] usb 8-1: USB disconnect, device number 2 [ 57.798153][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.801648][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.804640][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.808483][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 57.811572][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 57.842339][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.842607][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 57.932432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 58.077492][ T9] usb 8-1: new full-speed USB device number 3 using dummy_hcd [ 58.529442][ T9] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 58.555806][ T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 58.559245][ T9] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 58.569430][ T9] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 58.579463][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.620705][ T6067] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 58.626030][ T9] hub 8-1:1.0: bad descriptor, ignoring hub [ 58.628313][ T9] hub 8-1:1.0: probe with driver hub failed with error -5 [ 58.638372][ T9] cdc_wdm 8-1:1.0: skipping garbage [ 58.646663][ T9] cdc_wdm 8-1:1.0: skipping garbage [ 58.650309][ T9] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 58.659422][ T9] cdc_wdm 8-1:1.0: Unknown control protocol [ 58.693583][ T6065] vhci_hcd: connection reset by peer [ 58.707137][ T13] vhci_hcd vhci_hcd.2: stop threads [ 58.709220][ T13] vhci_hcd vhci_hcd.2: release socket [ 58.711705][ T13] vhci_hcd vhci_hcd.2: disconnect device [ 58.748990][ T6077] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22'. [ 58.939952][ T50] usb 8-1: USB disconnect, device number 3 [ 58.985801][ T6082] netlink: 'syz.1.13': attribute type 1 has an invalid length. [ 58.998935][ T6082] vlan2: entered allmulticast mode [ 59.001050][ T6082] vlan0: entered allmulticast mode [ 59.002810][ T6082] veth0_vlan: entered allmulticast mode [ 59.019489][ T5934] Bluetooth: hci0: command tx timeout [ 59.099744][ T5934] Bluetooth: hci2: command tx timeout [ 59.100233][ T5293] Bluetooth: hci3: command tx timeout [ 59.102271][ T5934] Bluetooth: hci1: command tx timeout [ 59.433331][ T6092] netlink: 'syz.3.15': attribute type 2 has an invalid length. [ 59.438409][ T6092] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15'. [ 59.445613][ T6092] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.15'. [ 59.712224][ T6098] FAULT_INJECTION: forcing a failure. [ 59.712224][ T6098] name failslab, interval 1, probability 0, space 0, times 1 [ 59.716791][ T6098] CPU: 1 UID: 0 PID: 6098 Comm: syz.3.18 Not tainted syzkaller #0 PREEMPT(full) [ 59.716806][ T6098] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 59.716813][ T6098] Call Trace: [ 59.716817][ T6098] [ 59.716822][ T6098] dump_stack_lvl+0x100/0x190 [ 59.716842][ T6098] should_fail_ex.cold+0x5/0xa [ 59.716855][ T6098] should_failslab+0xc2/0x120 [ 59.716871][ T6098] __kmalloc_node_noprof+0xe6/0x850 [ 59.716888][ T6098] ? alloc_slab_obj_exts+0x4e/0x190 [ 59.716900][ T6098] ? find_held_lock+0x2b/0x80 [ 59.716913][ T6098] alloc_slab_obj_exts+0x4e/0x190 [ 59.716927][ T6098] __memcg_slab_post_alloc_hook+0x24a/0x9a0 [ 59.716941][ T6098] ? kasan_save_track+0x14/0x30 [ 59.716959][ T6098] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 59.716974][ T6098] ? __d_alloc+0x34/0xa80 [ 59.716988][ T6098] __d_alloc+0x34/0xa80 [ 59.717001][ T6098] d_alloc_parallel+0x111/0x14e0 [ 59.717018][ T6098] ? privileged_wrt_inode_uidgid+0xc1/0x1d0 [ 59.717032][ T6098] ? __pfx_d_alloc_parallel+0x10/0x10 [ 59.717048][ T6098] ? lockdep_init_map_type+0x5c/0x250 [ 59.717061][ T6098] ? lockdep_init_map_type+0x5c/0x250 [ 59.717077][ T6098] __lookup_slow+0x193/0x460 [ 59.717090][ T6098] ? __pfx___lookup_slow+0x10/0x10 [ 59.717115][ T6098] lookup_slow+0x50/0x70 [ 59.717127][ T6098] path_lookupat+0x5e8/0xc40 [ 59.717145][ T6098] filename_lookup+0x202/0x590 [ 59.717162][ T6098] ? __pfx_filename_lookup+0x10/0x10 [ 59.717188][ T6098] ? strncpy_from_user+0x19d/0x2d0 [ 59.717209][ T6098] do_fchmodat+0xea/0x1b0 [ 59.717220][ T6098] ? __pfx_do_fchmodat+0x10/0x10 [ 59.717232][ T6098] ? __pfx_ksys_write+0x10/0x10 [ 59.717244][ T6098] __ia32_sys_chmod+0x5c/0x80 [ 59.717256][ T6098] __do_fast_syscall_32+0xe3/0x8c0 [ 59.717272][ T6098] do_fast_syscall_32+0x32/0x70 [ 59.717285][ T6098] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 59.717298][ T6098] RIP: 0023:0xf70bef6c [ 59.717307][ T6098] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 59.717316][ T6098] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 000000000000000f [ 59.717327][ T6098] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 0000000000000000 [ 59.717333][ T6098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 59.717339][ T6098] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 59.717344][ T6098] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 59.717350][ T6098] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 59.717363][ T6098] [ 59.717726][ T6098] evm: overlay not supported [ 59.742109][ T6100] syzkaller0: entered promiscuous mode [ 59.820838][ T6100] syzkaller0: entered allmulticast mode [ 59.876630][ T6103] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20'. [ 60.051460][ T6110] FAULT_INJECTION: forcing a failure. [ 60.051460][ T6110] name failslab, interval 1, probability 0, space 0, times 0 [ 60.069397][ T6110] CPU: 0 UID: 0 PID: 6110 Comm: syz.3.23 Not tainted syzkaller #0 PREEMPT(full) [ 60.069412][ T6110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.069418][ T6110] Call Trace: [ 60.069422][ T6110] [ 60.069427][ T6110] dump_stack_lvl+0x100/0x190 [ 60.069448][ T6110] should_fail_ex.cold+0x5/0xa [ 60.069460][ T6110] should_failslab+0xc2/0x120 [ 60.069472][ T6110] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 60.069488][ T6110] ? skb_clone+0x190/0x400 [ 60.069504][ T6110] skb_clone+0x190/0x400 [ 60.069516][ T6110] netlink_deliver_tap+0xaed/0xcc0 [ 60.069533][ T6110] netlink_unicast+0x650/0x870 [ 60.069548][ T6110] ? __pfx_netlink_unicast+0x10/0x10 [ 60.069566][ T6110] netlink_sendmsg+0x8b0/0xda0 [ 60.069582][ T6110] ? __pfx_netlink_sendmsg+0x10/0x10 [ 60.069597][ T6110] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 60.069615][ T6110] ____sys_sendmsg+0x9e1/0xb70 [ 60.069629][ T6110] ? __pfx_netlink_sendmsg+0x10/0x10 [ 60.069644][ T6110] ? __pfx_____sys_sendmsg+0x10/0x10 [ 60.069665][ T6110] ___sys_sendmsg+0x190/0x1e0 [ 60.069681][ T6110] ? __pfx____sys_sendmsg+0x10/0x10 [ 60.069713][ T6110] __sys_sendmsg+0x170/0x220 [ 60.069726][ T6110] ? __pfx___sys_sendmsg+0x10/0x10 [ 60.069742][ T6110] ? __pfx_ksys_write+0x10/0x10 [ 60.069755][ T6110] __do_fast_syscall_32+0xe3/0x8c0 [ 60.069771][ T6110] do_fast_syscall_32+0x32/0x70 [ 60.069784][ T6110] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 60.069797][ T6110] RIP: 0023:0xf70bef6c [ 60.069806][ T6110] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 60.069816][ T6110] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 60.069827][ T6110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000580 [ 60.069833][ T6110] RDX: 0000000000048814 RSI: 0000000000000000 RDI: 0000000000000000 [ 60.069839][ T6110] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 60.069844][ T6110] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 60.069850][ T6110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 60.069863][ T6110] [ 60.251560][ T6088] ================================================================== [ 60.251883][ T6118] netlink: 20 bytes leftover after parsing attributes in process `syz.1.26'. [ 60.255281][ T6088] BUG: KASAN: slab-use-after-free in dvb_frontend_release+0x4f3/0x5d0 [ 60.262004][ T6088] Read of size 4 at addr ffff888000100c3c by task syz.2.14/6088 [ 60.267346][ T6088] [ 60.268508][ T6088] CPU: 1 UID: 0 PID: 6088 Comm: syz.2.14 Not tainted syzkaller #0 PREEMPT(full) [ 60.268530][ T6088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.268541][ T6088] Call Trace: [ 60.268548][ T6088] [ 60.268555][ T6088] dump_stack_lvl+0x100/0x190 [ 60.268587][ T6088] print_report+0x156/0x4c9 [ 60.268616][ T6088] ? __virt_addr_valid+0x81/0x620 [ 60.268639][ T6088] ? __phys_addr+0xe8/0x180 [ 60.268661][ T6088] ? dvb_frontend_release+0x4f3/0x5d0 [ 60.268707][ T6088] kasan_report+0xdf/0x1e0 [ 60.268727][ T6088] ? dvb_frontend_release+0x4f3/0x5d0 [ 60.268751][ T6088] dvb_frontend_release+0x4f3/0x5d0 [ 60.268772][ T6088] ? __pfx_dvb_frontend_release+0x10/0x10 [ 60.268795][ T6088] __fput+0x3ff/0xb40 [ 60.268818][ T6088] task_work_run+0x150/0x240 [ 60.268845][ T6088] ? __pfx_task_work_run+0x10/0x10 [ 60.268874][ T6088] ? tomoyo_path_number_perm+0x188/0x580 [ 60.268905][ T6088] get_signal+0x1bd/0x21e0 [ 60.268925][ T6088] ? poll_select_finish+0x36e/0x670 [ 60.268952][ T6088] ? __pfx_poll_select_finish+0x10/0x10 [ 60.268980][ T6088] ? __pfx_get_signal+0x10/0x10 [ 60.268997][ T6088] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 60.269027][ T6088] arch_do_signal_or_restart+0x91/0x770 [ 60.269049][ T6088] ? do_compat_pselect+0x1cf/0x2b0 [ 60.269076][ T6088] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 60.269104][ T6088] exit_to_user_mode_loop+0x86/0x4a0 [ 60.269129][ T6088] __do_fast_syscall_32+0x578/0x8c0 [ 60.269153][ T6088] do_fast_syscall_32+0x32/0x70 [ 60.269175][ T6088] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 60.269197][ T6088] RIP: 0023:0xf707ef6c [ 60.269211][ T6088] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 60.269228][ T6088] RSP: 002b:00000000f544c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000134 [ 60.269246][ T6088] RAX: 0000000000000007 RBX: 0000000000000040 RCX: 00000000800001c0 [ 60.269257][ T6088] RDX: 0000000000000000 RSI: 00000000800002c0 RDI: 0000000000000000 [ 60.269268][ T6088] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 60.269278][ T6088] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 60.269288][ T6088] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 60.269305][ T6088] [ 60.269311][ T6088] [ 60.358514][ T6088] Allocated by task 1: [ 60.359936][ T6088] kasan_save_stack+0x30/0x50 [ 60.361609][ T6088] kasan_save_track+0x14/0x30 [ 60.363240][ T6088] __kasan_kmalloc+0xaa/0xb0 [ 60.364886][ T6088] dvb_register_device+0x1d6/0x1e20 [ 60.366680][ T6088] dvb_register_frontend+0x5a8/0x8a0 [ 60.368961][ T6088] vidtv_bridge_probe+0x44b/0xa30 [ 60.371119][ T6088] platform_probe+0x106/0x1d0 [ 60.373209][ T6088] really_probe+0x241/0xa60 [ 60.375306][ T6088] __driver_probe_device+0x1de/0x400 [ 60.377760][ T6088] driver_probe_device+0x4c/0x1b0 [ 60.380086][ T6088] __driver_attach+0x2f4/0x6a0 [ 60.382351][ T6088] bus_for_each_dev+0x13e/0x1d0 [ 60.384588][ T6088] bus_add_driver+0x305/0x5b0 [ 60.386720][ T6088] driver_register+0x1e2/0x360 [ 60.388942][ T6088] vidtv_bridge_init+0x38/0x70 [ 60.391137][ T6088] do_one_initcall+0x11d/0x760 [ 60.393342][ T6088] kernel_init_freeable+0x6e5/0x7a0 [ 60.395737][ T6088] kernel_init+0x1f/0x1e0 [ 60.397769][ T6088] ret_from_fork+0x754/0xd80 [ 60.399929][ T6088] ret_from_fork_asm+0x1a/0x30 [ 60.402140][ T6088] [ 60.403160][ T6088] Freed by task 6088: [ 60.404737][ T6088] kasan_save_stack+0x30/0x50 [ 60.406339][ T6088] kasan_save_track+0x14/0x30 [ 60.407962][ T6088] kasan_save_free_info+0x3b/0x70 [ 60.409673][ T6088] __kasan_slab_free+0x5f/0x80 [ 60.411340][ T6088] kfree+0x1f6/0x6b0 [ 60.412689][ T6088] dvb_device_put.part.0+0x57/0x90 [ 60.414499][ T6088] dvb_generic_release+0xe2/0x160 [ 60.416176][ T6088] dvb_frontend_release+0x13d/0x5d0 [ 60.417959][ T6088] __fput+0x3ff/0xb40 [ 60.419324][ T6088] task_work_run+0x150/0x240 [ 60.420908][ T6088] get_signal+0x1bd/0x21e0 [ 60.422459][ T6088] arch_do_signal_or_restart+0x91/0x770 [ 60.424384][ T6088] exit_to_user_mode_loop+0x86/0x4a0 [ 60.426186][ T6088] __do_fast_syscall_32+0x578/0x8c0 [ 60.427961][ T6088] do_fast_syscall_32+0x32/0x70 [ 60.429604][ T6088] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 60.431710][ T6088] [ 60.432529][ T6088] The buggy address belongs to the object at ffff888000100c00 [ 60.432529][ T6088] which belongs to the cache kmalloc-256 of size 256 [ 60.438197][ T6088] The buggy address is located 60 bytes inside of [ 60.438197][ T6088] freed 256-byte region [ffff888000100c00, ffff888000100d00) [ 60.443396][ T6088] [ 60.444474][ T6088] The buggy address belongs to the physical page: [ 60.447541][ T6088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100 [ 60.451539][ T6088] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 60.455409][ T6088] flags: 0x7ff00000000040(head|node=0|zone=0|lastcpupid=0x7ff) [ 60.458893][ T6088] page_type: f5(slab) [ 60.460826][ T6088] raw: 007ff00000000040 ffff88801b842b40 dead000000000100 dead000000000122 [ 60.464750][ T6088] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 60.468647][ T6088] head: 007ff00000000040 ffff88801b842b40 dead000000000100 dead000000000122 [ 60.472542][ T6088] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 60.476384][ T6088] head: 007ff00000000001 ffffea0000004001 00000000ffffffff 00000000ffffffff [ 60.480395][ T6088] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 60.484313][ T6088] page dumped because: kasan: bad access detected [ 60.487301][ T6088] page_owner tracks the page as allocated [ 60.489904][ T6088] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18324750902, free_ts 0 [ 60.498639][ T6088] post_alloc_hook+0x153/0x170 [ 60.500706][ T6088] get_page_from_freelist+0x111d/0x3140 [ 60.503229][ T6088] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 60.505958][ T6088] new_slab+0xa6/0x6d0 [ 60.507852][ T6088] refill_objects+0x26b/0x400 [ 60.510054][ T6088] __pcs_replace_empty_main+0x19f/0x600 [ 60.512603][ T6088] __kmalloc_cache_noprof+0x493/0x6f0 [ 60.515050][ T6088] dvb_register_device+0x1d6/0x1e20 [ 60.517399][ T6088] dvb_register_frontend+0x5a8/0x8a0 [ 60.519826][ T6088] vidtv_bridge_probe+0x44b/0xa30 [ 60.521966][ T6088] platform_probe+0x106/0x1d0 [ 60.523583][ T6088] really_probe+0x241/0xa60 [ 60.525151][ T6088] __driver_probe_device+0x1de/0x400 [ 60.526974][ T6088] driver_probe_device+0x4c/0x1b0 [ 60.528663][ T6088] __driver_attach+0x2f4/0x6a0 [ 60.530281][ T6088] bus_for_each_dev+0x13e/0x1d0 [ 60.531881][ T6088] page_owner free stack trace missing [ 60.533654][ T6088] [ 60.534479][ T6088] Memory state around the buggy address: [ 60.536389][ T6088] ffff888000100b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.539024][ T6088] ffff888000100b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.541700][ T6088] >ffff888000100c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.544357][ T6088] ^ [ 60.546364][ T6088] ffff888000100c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.549007][ T6088] ffff888000100d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.551628][ T6088] ================================================================== [ 60.562101][ T6088] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.565357][ T6088] CPU: 0 UID: 0 PID: 6088 Comm: syz.2.14 Not tainted syzkaller #0 PREEMPT(full) [ 60.569170][ T6088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 60.573554][ T6088] Call Trace: [ 60.575042][ T6088] [ 60.576367][ T6088] dump_stack_lvl+0x100/0x190 [ 60.578399][ T6088] vpanic+0x552/0x970 [ 60.580106][ T6088] ? __pfx_vpanic+0x10/0x10 [ 60.582051][ T6088] ? dvb_frontend_release+0x4f3/0x5d0 [ 60.584318][ T6088] panic+0xd1/0xe0 [ 60.585933][ T6088] ? __pfx_panic+0x10/0x10 [ 60.587864][ T6088] ? dvb_frontend_release+0x4f3/0x5d0 [ 60.590207][ T6088] ? preempt_schedule_common+0x42/0xc0 [ 60.592521][ T6088] check_panic_on_warn.cold+0x19/0x34 [ 60.594768][ T6088] end_report.part.0+0x3a/0x90 [ 60.596830][ T6088] kasan_report.cold+0xe/0x18 [ 60.598825][ T6088] ? dvb_frontend_release+0x4f3/0x5d0 [ 60.601159][ T6088] dvb_frontend_release+0x4f3/0x5d0 [ 60.603432][ T6088] ? __pfx_dvb_frontend_release+0x10/0x10 [ 60.605973][ T6088] __fput+0x3ff/0xb40 [ 60.607778][ T6088] task_work_run+0x150/0x240 [ 60.609771][ T6088] ? __pfx_task_work_run+0x10/0x10 [ 60.611931][ T6088] ? tomoyo_path_number_perm+0x188/0x580 [ 60.614421][ T6088] get_signal+0x1bd/0x21e0 [ 60.616387][ T6088] ? poll_select_finish+0x36e/0x670 [ 60.618682][ T6088] ? __pfx_poll_select_finish+0x10/0x10 [ 60.621097][ T6088] ? __pfx_get_signal+0x10/0x10 [ 60.623225][ T6088] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 60.625850][ T6088] arch_do_signal_or_restart+0x91/0x770 [ 60.628301][ T6088] ? do_compat_pselect+0x1cf/0x2b0 [ 60.630563][ T6088] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 60.633243][ T6088] exit_to_user_mode_loop+0x86/0x4a0 [ 60.635567][ T6088] __do_fast_syscall_32+0x578/0x8c0 [ 60.637876][ T6088] do_fast_syscall_32+0x32/0x70 [ 60.640011][ T6088] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 60.642757][ T6088] RIP: 0023:0xf707ef6c [ 60.644565][ T6088] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad [ 60.652845][ T6088] RSP: 002b:00000000f544c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000134 [ 60.656474][ T6088] RAX: 0000000000000007 RBX: 0000000000000040 RCX: 00000000800001c0 [ 60.659888][ T6088] RDX: 0000000000000000 RSI: 00000000800002c0 RDI: 0000000000000000 [ 60.663277][ T6088] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 60.666703][ T6088] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 60.670162][ T6088] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 60.673645][ T6088] [ 60.675804][ T6088] Kernel Offset: disabled [ 60.677589][ T6088] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:58:18 Registers: info registers vcpu 0 CPU#0 RAX=00000000000da3ff RBX=ffffffff8e4975c0 RCX=ffffffff8b8cdc75 RDX=0000000000000000 RSI=ffffffff8de7be29 RDI=ffffffff8c1af7a0 RBP=0000000000000000 RSP=ffffffff8e407e00 R8 =0000000000000001 R9 =ffffed1005646795 R10=ffff88802b233cab R11=0000000000000000 R12=fffffbfff1c92eb8 R13=0000000000000000 R14=ffffffff90d9b710 R15=0000000000000000 RIP=ffffffff8b8cc5df RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809714d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000f73d89e4 CR3=000000004cabe000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85772195 RDI=ffffffff9b48b080 RBP=ffffffff9b48b040 RSP=ffffc90006767560 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000066 R14=0000000000000010 R15=ffffffff85772130 RIP=ffffffff857721bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809724d000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73917e8 CR3=000000006c7be000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=07fffffffff2b402 RCX=ffffffff8256be40 RDX=0000000000000000 RSI=0000000000000000 RDI=ffff8880277824c0 RBP=0000000000000000 RSP=ffffc900041d74b8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000001 R13=ffff88804e26dd98 R14=00000000f73f2000 R15=dffffc0000000000 RIP=ffffffff820808bb RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809734d000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f555b8 CR3=000000004c79f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000011800000000 0000000500000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000062605 RBX=ffff88801c3da4c0 RCX=ffffffff8b8cdc75 RDX=0000000000000000 RSI=ffffffff8de7be29 RDI=ffffffff8c1af7a0 RBP=0000000000000003 RSP=ffffc9000048fdf0 R8 =0000000000000001 R9 =ffffed10056a6795 R10=ffff88802b533cab R11=0000000000000000 R12=ffffed100387b498 R13=0000000000000003 R14=ffffffff90d9b710 R15=0000000000000000 RIP=ffffffff8b8cc5df RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809744d000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3aeafd CR3=000000004d9c1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000f400c100 Opmask01=0000000000000000 Opmask02=000000007ffeffff Opmask03=0000000000000000 Opmask04=00000000fffff7ff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005634a0fabe40 00005634a0fabe40 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005634a0f3d8e0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005634a0f293b0 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d4eff1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff0000ff000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d4ef52c80 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6568007365747962 20756c3825202020 20202020203a657a 697320656c696600 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 404d005640515c47 0550491d00050505 05050505051f405f 4c560540494c4300 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c6c6174735f7563 725f78616d006c74 6373797300313d65 6c62616e65000033 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e2e65726f632e74 656e2e6c74637379 73203034313d6873 657268745f676f64 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e617020343d7372 6f6e696d5f796361 67656c5f6d756e5f 6964656d6f632e69 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64656d6f63203233 3d78616d5f736462 6e2032333d706f6f 6c5f78616d203233 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d756e2e646368 5f796d6d75642030 34313d736365735f 74756f656d69745f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000