syzkaller login: [ 243.106285][ T1834] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 243.141111][ T1834] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 243.179678][ T1834] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:62515' (ECDSA) to the list of known hosts. 1970/01/01 00:04:42 fuzzer started 1970/01/01 00:04:53 dialing manager at localhost:45575 [ 299.147838][ T2001] cgroup: Unknown subsys name 'net' [ 300.198969][ T2001] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:04:59 syscalls: 2796 1970/01/01 00:04:59 code coverage: enabled 1970/01/01 00:04:59 comparison tracing: enabled 1970/01/01 00:04:59 extra coverage: enabled 1970/01/01 00:04:59 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:04:59 setuid sandbox: enabled 1970/01/01 00:04:59 namespace sandbox: enabled 1970/01/01 00:04:59 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:04:59 fault injection: enabled 1970/01/01 00:04:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:04:59 net packet injection: enabled 1970/01/01 00:04:59 net device setup: enabled 1970/01/01 00:04:59 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:04:59 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:04:59 USB emulation: enabled 1970/01/01 00:04:59 hci packet injection: /dev/vhci does not exist 1970/01/01 00:04:59 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:04:59 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:00 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:05 fetching corpus: 50, signal 36037/39553 (executing program) 1970/01/01 00:05:08 fetching corpus: 100, signal 47922/52911 (executing program) 1970/01/01 00:05:12 fetching corpus: 150, signal 57006/63390 (executing program) 1970/01/01 00:05:14 fetching corpus: 199, signal 64871/72565 (executing program) 1970/01/01 00:05:16 fetching corpus: 248, signal 72588/81530 (executing program) 1970/01/01 00:05:17 fetching corpus: 298, signal 76157/86425 (executing program) 1970/01/01 00:05:20 fetching corpus: 348, signal 81096/92566 (executing program) 1970/01/01 00:05:22 fetching corpus: 398, signal 84652/97369 (executing program) 1970/01/01 00:05:24 fetching corpus: 448, signal 88173/102042 (executing program) 1970/01/01 00:05:27 fetching corpus: 498, signal 91542/106492 (executing program) 1970/01/01 00:05:31 fetching corpus: 547, signal 94673/110698 (executing program) 1970/01/01 00:05:33 fetching corpus: 596, signal 97456/114599 (executing program) 1970/01/01 00:05:37 fetching corpus: 645, signal 101016/119138 (executing program) 1970/01/01 00:05:39 fetching corpus: 692, signal 103227/122383 (executing program) 1970/01/01 00:05:41 fetching corpus: 741, signal 105307/125474 (executing program) 1970/01/01 00:05:44 fetching corpus: 791, signal 108399/129466 (executing program) 1970/01/01 00:05:46 fetching corpus: 841, signal 110270/132373 (executing program) 1970/01/01 00:05:48 fetching corpus: 890, signal 112867/135860 (executing program) 1970/01/01 00:05:50 fetching corpus: 940, signal 115953/139730 (executing program) 1970/01/01 00:05:52 fetching corpus: 990, signal 117589/142331 (executing program) 1970/01/01 00:05:54 fetching corpus: 1040, signal 118758/144497 (executing program) 1970/01/01 00:05:56 fetching corpus: 1090, signal 120388/146992 (executing program) 1970/01/01 00:05:58 fetching corpus: 1139, signal 122225/149682 (executing program) 1970/01/01 00:06:00 fetching corpus: 1189, signal 123838/152132 (executing program) 1970/01/01 00:06:02 fetching corpus: 1239, signal 125951/154955 (executing program) 1970/01/01 00:06:04 fetching corpus: 1289, signal 127379/157256 (executing program) 1970/01/01 00:06:06 fetching corpus: 1339, signal 129092/159688 (executing program) 1970/01/01 00:06:08 fetching corpus: 1389, signal 130710/162068 (executing program) 1970/01/01 00:06:11 fetching corpus: 1439, signal 132212/164349 (executing program) 1970/01/01 00:06:14 fetching corpus: 1487, signal 133575/166506 (executing program) 1970/01/01 00:06:17 fetching corpus: 1537, signal 134517/168283 (executing program) 1970/01/01 00:06:19 fetching corpus: 1587, signal 136099/170555 (executing program) 1970/01/01 00:06:21 fetching corpus: 1637, signal 136940/172291 (executing program) 1970/01/01 00:06:22 fetching corpus: 1686, signal 138404/174436 (executing program) 1970/01/01 00:06:24 fetching corpus: 1736, signal 139313/176126 (executing program) 1970/01/01 00:06:26 fetching corpus: 1784, signal 140691/178205 (executing program) 1970/01/01 00:06:28 fetching corpus: 1834, signal 141625/179877 (executing program) 1970/01/01 00:06:31 fetching corpus: 1884, signal 143051/181936 (executing program) 1970/01/01 00:06:34 fetching corpus: 1934, signal 144331/183863 (executing program) 1970/01/01 00:06:36 fetching corpus: 1983, signal 145596/185730 (executing program) 1970/01/01 00:06:37 fetching corpus: 2033, signal 146631/187441 (executing program) 1970/01/01 00:06:39 fetching corpus: 2083, signal 147809/189253 (executing program) 1970/01/01 00:06:41 fetching corpus: 2132, signal 148693/190786 (executing program) 1970/01/01 00:06:44 fetching corpus: 2182, signal 149773/192476 (executing program) 1970/01/01 00:06:46 fetching corpus: 2232, signal 150977/194258 (executing program) 1970/01/01 00:06:49 fetching corpus: 2282, signal 152714/196406 (executing program) 1970/01/01 00:06:51 fetching corpus: 2332, signal 153866/198094 (executing program) 1970/01/01 00:06:53 fetching corpus: 2381, signal 155069/199780 (executing program) 1970/01/01 00:06:55 fetching corpus: 2430, signal 156450/201616 (executing program) 1970/01/01 00:06:57 fetching corpus: 2480, signal 157292/203074 (executing program) 1970/01/01 00:07:00 fetching corpus: 2529, signal 158443/204649 (executing program) 1970/01/01 00:07:02 fetching corpus: 2579, signal 159739/206416 (executing program) 1970/01/01 00:07:04 fetching corpus: 2628, signal 160728/207950 (executing program) 1970/01/01 00:07:06 fetching corpus: 2678, signal 161967/209595 (executing program) 1970/01/01 00:07:08 fetching corpus: 2727, signal 162815/211001 (executing program) 1970/01/01 00:07:11 fetching corpus: 2777, signal 163715/212395 (executing program) 1970/01/01 00:07:16 fetching corpus: 2827, signal 164681/213850 (executing program) 1970/01/01 00:07:19 fetching corpus: 2877, signal 165639/215258 (executing program) 1970/01/01 00:07:21 fetching corpus: 2927, signal 166482/216583 (executing program) 1970/01/01 00:07:23 fetching corpus: 2975, signal 167955/218276 (executing program) 1970/01/01 00:07:27 fetching corpus: 3025, signal 168735/219567 (executing program) 1970/01/01 00:07:30 fetching corpus: 3074, signal 169546/220913 (executing program) 1970/01/01 00:07:32 fetching corpus: 3123, signal 170915/222494 (executing program) 1970/01/01 00:07:34 fetching corpus: 3173, signal 171714/223715 (executing program) 1970/01/01 00:07:36 fetching corpus: 3221, signal 172446/224889 (executing program) 1970/01/01 00:07:39 fetching corpus: 3271, signal 173308/226113 (executing program) 1970/01/01 00:07:41 fetching corpus: 3321, signal 174383/227462 (executing program) 1970/01/01 00:07:44 fetching corpus: 3369, signal 175024/228577 (executing program) 1970/01/01 00:07:47 fetching corpus: 3419, signal 175758/229716 (executing program) 1970/01/01 00:07:50 fetching corpus: 3468, signal 176700/230922 (executing program) 1970/01/01 00:07:52 fetching corpus: 3518, signal 177531/232120 (executing program) 1970/01/01 00:07:54 fetching corpus: 3566, signal 178422/233297 (executing program) 1970/01/01 00:07:56 fetching corpus: 3614, signal 179077/234365 (executing program) 1970/01/01 00:07:59 fetching corpus: 3662, signal 179692/235397 (executing program) 1970/01/01 00:08:01 fetching corpus: 3712, signal 180306/236413 (executing program) 1970/01/01 00:08:03 fetching corpus: 3762, signal 181029/237472 (executing program) 1970/01/01 00:08:06 fetching corpus: 3812, signal 181893/238638 (executing program) 1970/01/01 00:08:09 fetching corpus: 3861, signal 182863/239820 (executing program) 1970/01/01 00:08:11 fetching corpus: 3911, signal 183787/240955 (executing program) 1970/01/01 00:08:14 fetching corpus: 3960, signal 184686/242061 (executing program) 1970/01/01 00:08:16 fetching corpus: 4009, signal 185380/243043 (executing program) 1970/01/01 00:08:18 fetching corpus: 4059, signal 186195/244076 (executing program) 1970/01/01 00:08:21 fetching corpus: 4108, signal 187718/245361 (executing program) 1970/01/01 00:08:24 fetching corpus: 4157, signal 188328/246331 (executing program) 1970/01/01 00:08:26 fetching corpus: 4207, signal 188975/247303 (executing program) 1970/01/01 00:08:28 fetching corpus: 4257, signal 189888/248308 (executing program) 1970/01/01 00:08:31 fetching corpus: 4307, signal 190590/249243 (executing program) 1970/01/01 00:08:32 fetching corpus: 4357, signal 191526/250304 (executing program) 1970/01/01 00:08:34 fetching corpus: 4407, signal 192295/251273 (executing program) 1970/01/01 00:08:36 fetching corpus: 4456, signal 192951/252198 (executing program) 1970/01/01 00:08:39 fetching corpus: 4505, signal 193702/253114 (executing program) 1970/01/01 00:08:41 fetching corpus: 4554, signal 194212/253942 (executing program) 1970/01/01 00:08:43 fetching corpus: 4604, signal 195013/254880 (executing program) 1970/01/01 00:08:45 fetching corpus: 4652, signal 195445/255682 (executing program) 1970/01/01 00:08:47 fetching corpus: 4702, signal 196152/256582 (executing program) 1970/01/01 00:08:50 fetching corpus: 4751, signal 196931/257437 (executing program) 1970/01/01 00:08:52 fetching corpus: 4801, signal 197525/258272 (executing program) 1970/01/01 00:08:54 fetching corpus: 4850, signal 198188/259104 (executing program) 1970/01/01 00:08:56 fetching corpus: 4900, signal 198880/259951 (executing program) 1970/01/01 00:08:58 fetching corpus: 4950, signal 199499/260766 (executing program) 1970/01/01 00:09:01 fetching corpus: 5000, signal 200255/261582 (executing program) 1970/01/01 00:09:03 fetching corpus: 5050, signal 200917/262380 (executing program) 1970/01/01 00:09:04 fetching corpus: 5098, signal 201377/263132 (executing program) 1970/01/01 00:09:07 fetching corpus: 5148, signal 201962/263876 (executing program) 1970/01/01 00:09:10 fetching corpus: 5198, signal 202629/264687 (executing program) 1970/01/01 00:09:14 fetching corpus: 5248, signal 203117/265384 (executing program) 1970/01/01 00:09:16 fetching corpus: 5298, signal 203459/266049 (executing program) 1970/01/01 00:09:18 fetching corpus: 5347, signal 204160/266790 (executing program) 1970/01/01 00:09:19 fetching corpus: 5396, signal 204925/267541 (executing program) 1970/01/01 00:09:21 fetching corpus: 5446, signal 205770/268323 (executing program) 1970/01/01 00:09:24 fetching corpus: 5493, signal 206357/269043 (executing program) 1970/01/01 00:09:27 fetching corpus: 5543, signal 206915/269699 (executing program) 1970/01/01 00:09:29 fetching corpus: 5593, signal 207535/270388 (executing program) 1970/01/01 00:09:31 fetching corpus: 5643, signal 208232/271078 (executing program) 1970/01/01 00:09:32 fetching corpus: 5691, signal 208722/271745 (executing program) 1970/01/01 00:09:34 fetching corpus: 5739, signal 209207/272398 (executing program) 1970/01/01 00:09:38 fetching corpus: 5788, signal 210432/273159 (executing program) 1970/01/01 00:09:41 fetching corpus: 5837, signal 210932/273843 (executing program) 1970/01/01 00:09:42 fetching corpus: 5885, signal 211306/274412 (executing program) 1970/01/01 00:09:44 fetching corpus: 5935, signal 211921/275058 (executing program) 1970/01/01 00:09:46 fetching corpus: 5985, signal 212443/275634 (executing program) 1970/01/01 00:09:49 fetching corpus: 6035, signal 213004/276241 (executing program) 1970/01/01 00:09:54 fetching corpus: 6084, signal 213744/276890 (executing program) 1970/01/01 00:09:57 fetching corpus: 6134, signal 214198/277442 (executing program) 1970/01/01 00:10:00 fetching corpus: 6183, signal 214484/277980 (executing program) 1970/01/01 00:10:03 fetching corpus: 6233, signal 215011/278537 (executing program) 1970/01/01 00:10:06 fetching corpus: 6281, signal 215526/279135 (executing program) 1970/01/01 00:10:09 fetching corpus: 6329, signal 216020/279680 (executing program) 1970/01/01 00:10:11 fetching corpus: 6379, signal 216904/280264 (executing program) 1970/01/01 00:10:13 fetching corpus: 6427, signal 217400/280802 (executing program) 1970/01/01 00:10:16 fetching corpus: 6476, signal 218004/281325 (executing program) 1970/01/01 00:10:17 fetching corpus: 6525, signal 218620/281828 (executing program) 1970/01/01 00:10:20 fetching corpus: 6574, signal 219003/282318 (executing program) 1970/01/01 00:10:23 fetching corpus: 6624, signal 219424/282824 (executing program) 1970/01/01 00:10:25 fetching corpus: 6674, signal 219985/283280 (executing program) 1970/01/01 00:10:28 fetching corpus: 6724, signal 220430/283798 (executing program) 1970/01/01 00:10:57 fetching corpus: 6773, signal 220905/284278 (executing program) 1970/01/01 00:11:00 fetching corpus: 6818, signal 221381/284776 (executing program) 1970/01/01 00:11:03 fetching corpus: 6868, signal 221834/285259 (executing program) 1970/01/01 00:11:06 fetching corpus: 6916, signal 222292/285693 (executing program) 1970/01/01 00:11:08 fetching corpus: 6965, signal 222916/286119 (executing program) 1970/01/01 00:11:10 fetching corpus: 7015, signal 223383/286572 (executing program) 1970/01/01 00:11:12 fetching corpus: 7064, signal 223698/286718 (executing program) 1970/01/01 00:11:14 fetching corpus: 7113, signal 224089/286723 (executing program) 1970/01/01 00:11:16 fetching corpus: 7163, signal 224532/286723 (executing program) 1970/01/01 00:11:19 fetching corpus: 7213, signal 225213/286723 (executing program) 1970/01/01 00:11:21 fetching corpus: 7260, signal 225615/286723 (executing program) 1970/01/01 00:11:24 fetching corpus: 7308, signal 226061/286723 (executing program) 1970/01/01 00:11:26 fetching corpus: 7356, signal 226653/286723 (executing program) 1970/01/01 00:11:28 fetching corpus: 7404, signal 227209/286723 (executing program) 1970/01/01 00:11:31 fetching corpus: 7454, signal 227894/286746 (executing program) 1970/01/01 00:11:33 fetching corpus: 7500, signal 228437/286747 (executing program) 1970/01/01 00:11:36 fetching corpus: 7549, signal 228876/286747 (executing program) 1970/01/01 00:11:39 fetching corpus: 7598, signal 229538/286753 (executing program) 1970/01/01 00:11:41 fetching corpus: 7648, signal 229959/286753 (executing program) 1970/01/01 00:11:43 fetching corpus: 7697, signal 230263/286753 (executing program) 1970/01/01 00:11:45 fetching corpus: 7746, signal 230734/286753 (executing program) 1970/01/01 00:11:48 fetching corpus: 7795, signal 231259/286754 (executing program) 1970/01/01 00:11:49 fetching corpus: 7844, signal 231576/286759 (executing program) 1970/01/01 00:11:52 fetching corpus: 7893, signal 231920/286761 (executing program) 1970/01/01 00:11:56 fetching corpus: 7943, signal 232328/286761 (executing program) 1970/01/01 00:11:58 fetching corpus: 7992, signal 232844/286796 (executing program) 1970/01/01 00:12:00 fetching corpus: 8042, signal 233152/286797 (executing program) 1970/01/01 00:12:03 fetching corpus: 8091, signal 233536/286797 (executing program) 1970/01/01 00:12:05 fetching corpus: 8140, signal 234010/286799 (executing program) 1970/01/01 00:12:07 fetching corpus: 8190, signal 234426/286799 (executing program) 1970/01/01 00:12:10 fetching corpus: 8239, signal 234846/286799 (executing program) 1970/01/01 00:12:14 fetching corpus: 8286, signal 235166/286800 (executing program) 1970/01/01 00:12:16 fetching corpus: 8335, signal 235627/286807 (executing program) 1970/01/01 00:12:18 fetching corpus: 8385, signal 235971/286807 (executing program) 1970/01/01 00:12:20 fetching corpus: 8432, signal 236437/286811 (executing program) 1970/01/01 00:12:22 fetching corpus: 8481, signal 236819/286815 (executing program) 1970/01/01 00:12:24 fetching corpus: 8530, signal 237232/286827 (executing program) 1970/01/01 00:12:27 fetching corpus: 8580, signal 237733/286834 (executing program) 1970/01/01 00:12:29 fetching corpus: 8629, signal 238065/286834 (executing program) 1970/01/01 00:12:32 fetching corpus: 8679, signal 238382/286840 (executing program) 1970/01/01 00:12:34 fetching corpus: 8728, signal 238818/286846 (executing program) 1970/01/01 00:12:36 fetching corpus: 8777, signal 239339/286846 (executing program) 1970/01/01 00:12:38 fetching corpus: 8826, signal 239716/286846 (executing program) 1970/01/01 00:12:40 fetching corpus: 8876, signal 240140/286848 (executing program) 1970/01/01 00:12:42 fetching corpus: 8925, signal 240582/286848 (executing program) 1970/01/01 00:12:44 fetching corpus: 8975, signal 240935/286848 (executing program) 1970/01/01 00:12:47 fetching corpus: 9024, signal 241231/286848 (executing program) 1970/01/01 00:12:50 fetching corpus: 9071, signal 241506/286849 (executing program) 1970/01/01 00:12:52 fetching corpus: 9119, signal 241968/286849 (executing program) 1970/01/01 00:12:54 fetching corpus: 9169, signal 242471/286852 (executing program) 1970/01/01 00:12:55 fetching corpus: 9219, signal 242905/286852 (executing program) 1970/01/01 00:12:58 fetching corpus: 9264, signal 243253/286857 (executing program) 1970/01/01 00:13:00 fetching corpus: 9314, signal 243611/286861 (executing program) 1970/01/01 00:13:02 fetching corpus: 9363, signal 244027/286862 (executing program) 1970/01/01 00:13:05 fetching corpus: 9412, signal 244382/286862 (executing program) 1970/01/01 00:13:08 fetching corpus: 9459, signal 244740/286866 (executing program) 1970/01/01 00:13:10 fetching corpus: 9507, signal 245410/286866 (executing program) 1970/01/01 00:13:12 fetching corpus: 9557, signal 245668/286883 (executing program) 1970/01/01 00:13:14 fetching corpus: 9607, signal 245975/286883 (executing program) 1970/01/01 00:13:16 fetching corpus: 9656, signal 246257/286891 (executing program) 1970/01/01 00:13:18 fetching corpus: 9705, signal 246700/286894 (executing program) 1970/01/01 00:13:20 fetching corpus: 9753, signal 247093/286894 (executing program) 1970/01/01 00:13:24 fetching corpus: 9803, signal 247418/286894 (executing program) 1970/01/01 00:13:26 fetching corpus: 9851, signal 247731/286894 (executing program) 1970/01/01 00:13:28 fetching corpus: 9896, signal 248023/286896 (executing program) 1970/01/01 00:13:30 fetching corpus: 9944, signal 248462/286902 (executing program) 1970/01/01 00:13:32 fetching corpus: 9994, signal 248782/286904 (executing program) 1970/01/01 00:13:35 fetching corpus: 10042, signal 249396/286904 (executing program) 1970/01/01 00:13:37 fetching corpus: 10091, signal 249815/286904 (executing program) 1970/01/01 00:13:39 fetching corpus: 10141, signal 250249/286906 (executing program) 1970/01/01 00:13:43 fetching corpus: 10190, signal 250552/286906 (executing program) 1970/01/01 00:13:45 fetching corpus: 10240, signal 250854/286918 (executing program) 1970/01/01 00:13:47 fetching corpus: 10287, signal 251199/286919 (executing program) 1970/01/01 00:13:50 fetching corpus: 10335, signal 251606/286919 (executing program) 1970/01/01 00:13:52 fetching corpus: 10385, signal 251980/286921 (executing program) 1970/01/01 00:13:54 fetching corpus: 10434, signal 252396/286921 (executing program) 1970/01/01 00:13:56 fetching corpus: 10482, signal 252770/286928 (executing program) 1970/01/01 00:13:59 fetching corpus: 10531, signal 253137/286928 (executing program) 1970/01/01 00:14:03 fetching corpus: 10581, signal 253490/286928 (executing program) 1970/01/01 00:14:06 fetching corpus: 10631, signal 253853/286930 (executing program) 1970/01/01 00:14:08 fetching corpus: 10681, signal 254209/286930 (executing program) 1970/01/01 00:14:11 fetching corpus: 10729, signal 254526/286932 (executing program) 1970/01/01 00:14:13 fetching corpus: 10776, signal 254843/286932 (executing program) 1970/01/01 00:14:15 fetching corpus: 10824, signal 255160/286932 (executing program) 1970/01/01 00:14:17 fetching corpus: 10873, signal 255392/286933 (executing program) 1970/01/01 00:14:19 fetching corpus: 10921, signal 255944/286933 (executing program) 1970/01/01 00:14:21 fetching corpus: 10971, signal 256189/286943 (executing program) 1970/01/01 00:14:26 fetching corpus: 11019, signal 256561/286943 (executing program) 1970/01/01 00:14:29 fetching corpus: 11067, signal 256892/286946 (executing program) 1970/01/01 00:14:32 fetching corpus: 11116, signal 257123/286957 (executing program) 1970/01/01 00:14:35 fetching corpus: 11165, signal 257457/286963 (executing program) 1970/01/01 00:14:37 fetching corpus: 11212, signal 257712/286964 (executing program) 1970/01/01 00:14:40 fetching corpus: 11262, signal 258041/286964 (executing program) 1970/01/01 00:14:42 fetching corpus: 11311, signal 258400/286966 (executing program) 1970/01/01 00:14:44 fetching corpus: 11357, signal 258786/286966 (executing program) 1970/01/01 00:14:46 fetching corpus: 11406, signal 259091/286966 (executing program) 1970/01/01 00:14:49 fetching corpus: 11454, signal 259432/286966 (executing program) 1970/01/01 00:14:52 fetching corpus: 11503, signal 259720/286967 (executing program) 1970/01/01 00:14:55 fetching corpus: 11553, signal 260088/286967 (executing program) 1970/01/01 00:14:57 fetching corpus: 11602, signal 260348/286969 (executing program) 1970/01/01 00:15:00 fetching corpus: 11650, signal 260607/286970 (executing program) 1970/01/01 00:15:02 fetching corpus: 11700, signal 260965/286977 (executing program) 1970/01/01 00:15:04 fetching corpus: 11748, signal 261235/286978 (executing program) 1970/01/01 00:15:06 fetching corpus: 11798, signal 261471/286978 (executing program) 1970/01/01 00:15:08 fetching corpus: 11847, signal 261787/286978 (executing program) 1970/01/01 00:15:10 fetching corpus: 11895, signal 262070/286978 (executing program) 1970/01/01 00:15:13 fetching corpus: 11945, signal 262275/286978 (executing program) 1970/01/01 00:15:15 fetching corpus: 11994, signal 262585/286978 (executing program) 1970/01/01 00:15:18 fetching corpus: 12043, signal 262901/286981 (executing program) 1970/01/01 00:15:19 fetching corpus: 12092, signal 263230/286981 (executing program) 1970/01/01 00:15:22 fetching corpus: 12142, signal 263583/286990 (executing program) 1970/01/01 00:15:25 fetching corpus: 12190, signal 263925/286990 (executing program) 1970/01/01 00:15:27 fetching corpus: 12240, signal 264300/286990 (executing program) 1970/01/01 00:15:29 fetching corpus: 12288, signal 264586/286990 (executing program) 1970/01/01 00:15:32 fetching corpus: 12338, signal 265150/286997 (executing program) 1970/01/01 00:15:36 fetching corpus: 12384, signal 265453/286999 (executing program) 1970/01/01 00:15:38 fetching corpus: 12433, signal 265684/286999 (executing program) 1970/01/01 00:15:40 fetching corpus: 12482, signal 265901/286999 (executing program) 1970/01/01 00:15:42 fetching corpus: 12531, signal 266249/287002 (executing program) 1970/01/01 00:15:44 fetching corpus: 12580, signal 266540/287004 (executing program) 1970/01/01 00:15:46 fetching corpus: 12630, signal 266765/287004 (executing program) 1970/01/01 00:15:49 fetching corpus: 12679, signal 267085/287007 (executing program) 1970/01/01 00:15:51 fetching corpus: 12727, signal 267363/287026 (executing program) 1970/01/01 00:15:53 fetching corpus: 12775, signal 267691/287026 (executing program) 1970/01/01 00:15:55 fetching corpus: 12822, signal 267960/287026 (executing program) 1970/01/01 00:15:57 fetching corpus: 12871, signal 268428/287026 (executing program) 1970/01/01 00:16:00 fetching corpus: 12920, signal 268758/287026 (executing program) 1970/01/01 00:16:02 fetching corpus: 12969, signal 269103/287028 (executing program) 1970/01/01 00:16:04 fetching corpus: 13017, signal 269389/287028 (executing program) 1970/01/01 00:16:06 fetching corpus: 13067, signal 269630/287032 (executing program) 1970/01/01 00:16:09 fetching corpus: 13114, signal 269922/287032 (executing program) 1970/01/01 00:16:10 fetching corpus: 13164, signal 270145/287032 (executing program) 1970/01/01 00:16:13 fetching corpus: 13212, signal 270439/287034 (executing program) 1970/01/01 00:16:15 fetching corpus: 13262, signal 270685/287034 (executing program) 1970/01/01 00:16:17 fetching corpus: 13310, signal 270927/287037 (executing program) 1970/01/01 00:16:22 fetching corpus: 13359, signal 271211/287056 (executing program) 1970/01/01 00:16:24 fetching corpus: 13408, signal 271476/287060 (executing program) 1970/01/01 00:16:27 fetching corpus: 13457, signal 271812/287063 (executing program) 1970/01/01 00:16:29 fetching corpus: 13505, signal 272045/287065 (executing program) 1970/01/01 00:16:31 fetching corpus: 13555, signal 272333/287065 (executing program) 1970/01/01 00:16:33 fetching corpus: 13604, signal 272594/287065 (executing program) 1970/01/01 00:16:36 fetching corpus: 13653, signal 272834/287070 (executing program) 1970/01/01 00:16:39 fetching corpus: 13702, signal 273229/287070 (executing program) 1970/01/01 00:16:41 fetching corpus: 13750, signal 273638/287070 (executing program) 1970/01/01 00:16:46 fetching corpus: 13799, signal 273900/287073 (executing program) 1970/01/01 00:16:54 fetching corpus: 13847, signal 274114/287075 (executing program) 1970/01/01 00:16:57 fetching corpus: 13893, signal 274352/287101 (executing program) 1970/01/01 00:17:01 fetching corpus: 13940, signal 274554/287101 (executing program) 1970/01/01 00:17:03 fetching corpus: 13988, signal 274916/287111 (executing program) 1970/01/01 00:17:07 fetching corpus: 14034, signal 275177/287111 (executing program) 1970/01/01 00:17:09 fetching corpus: 14079, signal 275413/287111 (executing program) 1970/01/01 00:17:12 fetching corpus: 14127, signal 275703/287111 (executing program) 1970/01/01 00:17:14 fetching corpus: 14177, signal 275958/287111 (executing program) 1970/01/01 00:17:17 fetching corpus: 14227, signal 276222/287113 (executing program) 1970/01/01 00:17:21 fetching corpus: 14272, signal 276546/287121 (executing program) 1970/01/01 00:17:24 fetching corpus: 14322, signal 276857/287122 (executing program) 1970/01/01 00:17:26 fetching corpus: 14371, signal 277097/287122 (executing program) 1970/01/01 00:17:28 fetching corpus: 14419, signal 277337/287123 (executing program) 1970/01/01 00:17:31 fetching corpus: 14469, signal 277684/287123 (executing program) 1970/01/01 00:17:32 fetching corpus: 14518, signal 277913/287123 (executing program) 1970/01/01 00:17:34 fetching corpus: 14565, signal 278230/287124 (executing program) 1970/01/01 00:17:36 fetching corpus: 14613, signal 278463/287124 (executing program) 1970/01/01 00:17:38 fetching corpus: 14663, signal 278754/287135 (executing program) 1970/01/01 00:17:40 fetching corpus: 14710, signal 279016/287135 (executing program) 1970/01/01 00:17:42 fetching corpus: 14760, signal 279296/287137 (executing program) 1970/01/01 00:17:44 fetching corpus: 14810, signal 279694/287137 (executing program) 1970/01/01 00:17:46 fetching corpus: 14859, signal 279942/287138 (executing program) 1970/01/01 00:17:50 fetching corpus: 14909, signal 280255/287139 (executing program) 1970/01/01 00:17:53 fetching corpus: 14957, signal 280504/287141 (executing program) 1970/01/01 00:17:55 fetching corpus: 15005, signal 280765/287162 (executing program) 1970/01/01 00:17:58 fetching corpus: 15054, signal 281083/287167 (executing program) 1970/01/01 00:18:00 fetching corpus: 15103, signal 281348/287171 (executing program) 1970/01/01 00:18:02 fetching corpus: 15151, signal 281526/287171 (executing program) 1970/01/01 00:18:05 fetching corpus: 15199, signal 281765/287171 (executing program) 1970/01/01 00:18:07 fetching corpus: 15247, signal 281979/287171 (executing program) 1970/01/01 00:18:08 fetching corpus: 15295, signal 282294/287171 (executing program) 1970/01/01 00:18:10 fetching corpus: 15344, signal 282510/287171 (executing program) 1970/01/01 00:18:12 fetching corpus: 15392, signal 282766/287171 (executing program) 1970/01/01 00:18:15 fetching corpus: 15440, signal 283023/287171 (executing program) 1970/01/01 00:18:19 fetching corpus: 15488, signal 283258/287200 (executing program) 1970/01/01 00:18:21 fetching corpus: 15535, signal 283504/287200 (executing program) 1970/01/01 00:18:23 fetching corpus: 15582, signal 283781/287200 (executing program) 1970/01/01 00:18:25 fetching corpus: 15630, signal 284011/287200 (executing program) 1970/01/01 00:18:26 fetching corpus: 15679, signal 284221/287202 (executing program) 1970/01/01 00:18:28 fetching corpus: 15727, signal 284489/287202 (executing program) 1970/01/01 00:18:30 fetching corpus: 15777, signal 284755/287223 (executing program) 1970/01/01 00:18:32 fetching corpus: 15826, signal 284978/287225 (executing program) 1970/01/01 00:18:34 fetching corpus: 15856, signal 285205/287225 (executing program) 1970/01/01 00:18:34 fetching corpus: 15856, signal 285208/287226 (executing program) 1970/01/01 00:18:35 fetching corpus: 15856, signal 285208/287226 (executing program) 1970/01/01 00:20:29 starting 2 fuzzer processes 00:20:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$get_persistent(0x13, 0xee01, 0x0) 00:20:29 executing program 1: getpriority(0x1, 0xffffffffffffffff) [ 1262.145372][ T2018] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1262.255657][ T2018] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1265.376382][ T2022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1265.450468][ T2022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1273.178793][ T2018] device hsr_slave_0 entered promiscuous mode [ 1273.220782][ T2018] device hsr_slave_1 entered promiscuous mode [ 1278.495274][ T2022] device hsr_slave_0 entered promiscuous mode [ 1278.545222][ T2022] device hsr_slave_1 entered promiscuous mode [ 1278.569473][ T2022] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1278.580282][ T2022] Cannot create hsr debugfs directory [ 1281.510228][ T2018] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1281.776724][ T2018] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1282.007441][ T2018] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1282.544461][ T2018] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1285.631235][ T2022] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1285.909386][ T2022] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1286.294541][ T2022] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1286.526729][ T2022] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1301.510568][ T2018] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1302.755344][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1302.839761][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1305.595577][ T2022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1306.806246][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1306.924109][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1314.705615][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1314.794005][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1315.121383][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1315.258394][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1315.718229][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1316.078151][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1317.569148][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1317.648152][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1318.111120][ T2120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1318.223563][ T2120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1318.618213][ T2018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1320.105846][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1320.135012][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1321.372861][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1321.450382][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1322.057249][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1322.110697][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1322.817342][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1323.191210][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1323.886927][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1323.974468][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1324.307196][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1324.387114][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1324.848352][ T2022] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1326.149959][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1326.177370][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1341.697804][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1341.757555][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1346.093046][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1346.130239][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1347.793248][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1347.863714][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1348.335727][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1348.371060][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1348.464863][ T2018] device veth0_vlan entered promiscuous mode [ 1349.049688][ T2018] device veth1_vlan entered promiscuous mode [ 1350.292871][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1350.324760][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1350.565209][ T2018] device veth0_macvtap entered promiscuous mode [ 1350.900222][ T2018] device veth1_macvtap entered promiscuous mode [ 1352.004057][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1352.049402][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1352.505713][ T2018] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.508807][ T2018] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.510171][ T2018] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.511392][ T2018] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.826093][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1352.841020][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1354.693492][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1354.734593][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1354.793743][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1354.827726][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1355.100800][ T2022] device veth0_vlan entered promiscuous mode [ 1355.739750][ T2022] device veth1_vlan entered promiscuous mode [ 1356.555172][ T2018] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 1357.700830][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1357.758929][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1358.117014][ T2022] device veth0_macvtap entered promiscuous mode [ 1358.659093][ T2022] device veth1_macvtap entered promiscuous mode [ 1358.767755][ T2173] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1359.866956][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1359.987681][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1360.257457][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1360.318660][ T2242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1360.828700][ T2022] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1360.850239][ T2022] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1360.856311][ T2022] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1360.858330][ T2022] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:22:43 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$get_persistent(0x13, 0xee01, 0x0) 00:22:46 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r1, 0x1}, 0x14}}, 0x0) 00:22:48 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$get_persistent(0x13, 0xee01, 0x0) 00:22:51 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000180)={{0x0}, 0x0}, 0x20) 00:22:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) keyctl$get_persistent(0x13, 0xee01, 0x0) 00:22:55 executing program 1: inotify_init1(0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0) pselect6(0x42, &(0x7f0000000180)={0x5}, 0x0, &(0x7f0000000200)={0x1f}, 0x0, 0x0) 00:23:01 executing program 1: inotify_init1(0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0) pselect6(0x42, &(0x7f0000000180)={0x5}, 0x0, &(0x7f0000000200)={0x1f}, 0x0, 0x0) 00:23:01 executing program 0: syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000180)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative', @void}}}]}) [ 1383.560757][ T2717] tmpfs: Bad value for 'mpol' 00:23:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_delrule={0x30, 0x21, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x30}}, 0x0) 00:23:06 executing program 1: inotify_init1(0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0) pselect6(0x42, &(0x7f0000000180)={0x5}, 0x0, &(0x7f0000000200)={0x1f}, 0x0, 0x0) 00:23:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_delrule={0x30, 0x21, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x30}}, 0x0) 00:23:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_delrule={0x30, 0x21, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x30}}, 0x0) 00:23:12 executing program 1: inotify_init1(0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0) pselect6(0x42, &(0x7f0000000180)={0x5}, 0x0, &(0x7f0000000200)={0x1f}, 0x0, 0x0) 00:23:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_delrule={0x30, 0x21, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x30}}, 0x0) 00:23:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000029c0)={0x2c, r1, 0x601, 0x0, 0x0, {0x3}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}]}]}, 0x2c}}, 0x0) 00:23:19 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000080)=0x7, 0x4) readv(r0, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/229, 0xe5}], 0x1) syz_genetlink_get_family_id$mptcp(&(0x7f0000000580), r0) [ 1403.739132][ T2736] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 00:23:22 executing program 1: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000100)={0x3, 0x0, 0x0, 0x0, 0x7fffffff}) 00:23:25 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x800026, &(0x7f0000000080)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}]}) 00:23:26 executing program 1: timer_create(0xfffffffc, 0x0, &(0x7f00000002c0)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0) 00:23:29 executing program 1: ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x20, 0x7ff, 0x298}) mmap$usbfs(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x700000b, 0x1010, r0, 0xfffffffffffff44f) r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8) ioctl$SNDCTL_DSP_GETFMTS(r2, 0x8004500b, &(0x7f0000000500)=0x7ff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000580)=0x38, 0x0) [ 1410.446887][ T2741] EXT4-fs (vda): re-mounted. Opts: debug_want_extra_isize=0x0000000000000080,,errors=continue. Quota mode: none. 00:23:30 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x800026, &(0x7f0000000080)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}]}) 00:23:36 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCXONC(r1, 0x540f, 0xea007) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) sendto$inet6(r0, &(0x7f0000000000)="220dba48", 0x4, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev}, 0x1c) [ 1418.470559][ T2749] EXT4-fs (vda): re-mounted. Opts: debug_want_extra_isize=0x0000000000000080,,errors=continue. Quota mode: none. 00:23:40 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x800026, &(0x7f0000000080)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}]}) 00:23:44 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCXONC(r1, 0x540f, 0xea007) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) sendto$inet6(r0, &(0x7f0000000000)="220dba48", 0x4, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev}, 0x1c) [ 1427.035882][ T2755] EXT4-fs (vda): re-mounted. Opts: debug_want_extra_isize=0x0000000000000080,,errors=continue. Quota mode: none. 00:23:46 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1000, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x800026, &(0x7f0000000080)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}]}) 00:23:49 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCXONC(r1, 0x540f, 0xea007) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) sendto$inet6(r0, &(0x7f0000000000)="220dba48", 0x4, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev}, 0x1c) [ 1430.835709][ T2760] EXT4-fs (vda): re-mounted. Opts: debug_want_extra_isize=0x0000000000000080,,errors=continue. Quota mode: none. 00:23:52 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000001580)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @private1}, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x48) 00:23:53 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCXONC(r1, 0x540f, 0xea007) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) sendto$inet6(r0, &(0x7f0000000000)="220dba48", 0x4, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev}, 0x1c) 00:23:54 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000001580)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @private1}, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x48) 00:23:59 executing program 1: r0 = perf_event_open(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpid() pidfd_open(r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 00:23:59 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000001580)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @private1}, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x48) 00:24:01 executing program 1: r0 = perf_event_open(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpid() pidfd_open(r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 00:24:02 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000001580)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @private1}, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x48) 00:24:05 executing program 1: r0 = perf_event_open(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpid() pidfd_open(r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 00:24:07 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x2a, &(0x7f0000000040), 0x4) 00:24:09 executing program 1: r0 = perf_event_open(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpid() pidfd_open(r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 00:24:09 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, '\x00', 0x0, 0xffb4}) 00:24:13 executing program 1: mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ff9000/0x4000)=nil) 00:24:14 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, '\x00', 0x0, 0xffb4}) 00:24:16 executing program 1: mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ff9000/0x4000)=nil) 00:24:18 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, '\x00', 0x0, 0xffb4}) 00:24:20 executing program 1: mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ff9000/0x4000)=nil) 00:24:21 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, '\x00', 0x0, 0xffb4}) 00:24:24 executing program 1: mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ff9000/0x4000)=nil) 00:24:26 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000001580)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000080)={0xb, 0x10, 0xfa00, {0x0, r1}}, 0x18) 00:24:28 executing program 1: r0 = syz_io_uring_setup(0x7b51, &(0x7f00000000c0), &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040), &(0x7f0000000140)) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0xfe) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000080)={0x7, 0x0, &(0x7f0000000000)=[0xffffffffffffffff]}, 0x1) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000003d80)={0x0, 0x0, &(0x7f0000003d40)=[0xffffffffffffffff]}, 0x1) 00:24:30 executing program 0: r0 = syz_io_uring_setup(0x1, &(0x7f0000000000)={0x0, 0x0, 0x1}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_EPOLL_CTL=@del, 0x0) io_uring_enter(r0, 0x1, 0x0, 0x0, 0x0, 0x0) 00:24:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlinkprop={0x34, 0x6c, 0x1, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'ip6_vti0\x00'}]}, 0x34}}, 0x0) 00:24:34 executing program 0: r0 = epoll_create1(0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000080)={0x2000000c}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000)={0x300}) 00:24:36 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000740)=[{}], 0x4000) 00:24:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r1, &(0x7f0000007680)=[{{&(0x7f0000000400)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c, 0x0}}, {{&(0x7f0000001a80)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c, 0x0}}], 0x2, 0x0) 00:24:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x16, 0x0, 0x0) 00:24:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r1, &(0x7f0000007680)=[{{&(0x7f0000000400)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c, 0x0}}, {{&(0x7f0000001a80)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c, 0x0}}], 0x2, 0x0) 00:24:43 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(r0, &(0x7f0000001800)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001740)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000016c0)=[{&(0x7f0000001440)=""/18, 0x12}], 0x300}}], 0x48}, 0x0) 00:24:46 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) setsockopt$inet_tcp_int(r0, 0x6, 0x10, &(0x7f0000000040), 0x4) 00:24:46 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r1, &(0x7f0000007680)=[{{&(0x7f0000000400)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c, 0x0}}, {{&(0x7f0000001a80)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c, 0x0}}], 0x2, 0x0) 00:24:48 executing program 1: setreuid(0x0, 0xee01) acct(0x0) 00:24:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r0, 0x540f, 0xea007) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r1, &(0x7f0000007680)=[{{&(0x7f0000000400)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c, 0x0}}, {{&(0x7f0000001a80)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c, 0x0}}], 0x2, 0x0) 00:24:51 executing program 1: setreuid(0x0, 0xee01) acct(0x0) 00:24:54 executing program 1: setreuid(0x0, 0xee01) acct(0x0) 00:24:56 executing program 0: clock_adjtime(0x0, &(0x7f0000000500)={0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}) 00:24:57 executing program 1: setreuid(0x0, 0xee01) acct(0x0) 00:24:57 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ip6erspan0\x00'}) dup3(r0, r1, 0x0) 00:25:00 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x0, 0x0, 0x8, 0x926, 0x3333, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\t'], 0x0, 0x0, 0x0}, 0x0) 00:25:02 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ip6erspan0\x00'}) dup3(r0, r1, 0x0) [ 1505.026670][ T20] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1505.455433][ T20] usb 2-1: Using ep0 maxpacket: 8 [ 1505.806842][ T20] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1505.809614][ T20] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1505.810809][ T20] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1506.042463][ T20] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1506.044270][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1506.045718][ T20] usb 2-1: Product: syz [ 1506.046775][ T20] usb 2-1: Manufacturer: syz [ 1506.047840][ T20] usb 2-1: SerialNumber: syz [ 1506.835669][ T20] hub 2-1:1.0: USB hub found [ 1507.106092][ T20] hub 2-1:1.0: config failed, hub doesn't have any ports! (err -19) [ 1507.389849][ T20] usbhid 2-1:1.0: can't add hid device: -22 [ 1507.426194][ T20] usbhid: probe of 2-1:1.0 failed with error -22 [ 1507.700160][ T20] usb 2-1: USB disconnect, device number 2 00:25:09 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x0, 0x0, 0x8, 0x926, 0x3333, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\t'], 0x0, 0x0, 0x0}, 0x0) 00:25:09 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ip6erspan0\x00'}) dup3(r0, r1, 0x0) [ 1513.106129][ T890] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1513.435147][ T890] usb 2-1: Using ep0 maxpacket: 8 [ 1513.606260][ T890] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1513.608692][ T890] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1513.633716][ T890] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1513.906673][ T890] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1513.908681][ T890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1513.910234][ T890] usb 2-1: Product: syz [ 1513.911367][ T890] usb 2-1: Manufacturer: syz [ 1513.917790][ T890] usb 2-1: SerialNumber: syz [ 1514.370663][ T890] hub 2-1:1.0: USB hub found [ 1514.976551][ T890] hub 2-1:1.0: config failed, hub doesn't have any ports! (err -19) [ 1515.279609][ T890] usbhid 2-1:1.0: can't add hid device: -22 [ 1515.305060][ T890] usbhid: probe of 2-1:1.0 failed with error -22 [ 1515.525553][ T890] usb 2-1: USB disconnect, device number 3 00:25:17 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$incfs(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'ip6erspan0\x00'}) dup3(r0, r1, 0x0) 00:25:18 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x0, 0x0, 0x8, 0x926, 0x3333, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\t'], 0x0, 0x0, 0x0}, 0x0) [ 1522.715546][ T890] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1523.036196][ T890] usb 2-1: Using ep0 maxpacket: 8 [ 1523.395618][ T890] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1523.397715][ T890] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1523.399352][ T890] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1523.698234][ T890] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1523.700011][ T890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1523.705104][ T890] usb 2-1: Product: syz [ 1523.706305][ T890] usb 2-1: Manufacturer: syz [ 1523.707403][ T890] usb 2-1: SerialNumber: syz [ 1524.085561][ T890] hub 2-1:1.0: USB hub found [ 1525.043078][ T890] hub 2-1:1.0: config failed, hub doesn't have any ports! (err -19) 00:25:24 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x0, 0x0, 0x8, 0x926, 0x3333, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\t'], 0x0, 0x0, 0x0}, 0x0) [ 1525.588566][ T890] usbhid 2-1:1.0: can't add hid device: -22 [ 1525.626831][ T890] usbhid: probe of 2-1:1.0 failed with error -22 [ 1525.769220][ T890] usb 2-1: USB disconnect, device number 4 [ 1527.345340][ T2843] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1527.824101][ T2843] usb 1-1: Using ep0 maxpacket: 8 [ 1528.045603][ T2843] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1528.047684][ T2843] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1528.049236][ T2843] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1528.426225][ T2843] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1528.428528][ T2843] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1528.429932][ T2843] usb 1-1: Product: syz [ 1528.430986][ T2843] usb 1-1: Manufacturer: syz [ 1528.453804][ T2843] usb 1-1: SerialNumber: syz [ 1529.338733][ T2843] hub 1-1:1.0: USB hub found [ 1529.706539][ T2843] hub 1-1:1.0: config failed, hub doesn't have any ports! (err -19) 00:25:28 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x0, 0x0, 0x8, 0x926, 0x3333, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\t'], 0x0, 0x0, 0x0}, 0x0) [ 1529.983204][ C0] raw-gadget gadget: ignoring, device is not running [ 1530.120132][ T2843] usbhid 1-1:1.0: can't add hid device: -22 [ 1530.135114][ T2843] usbhid: probe of 1-1:1.0 failed with error -22 [ 1530.410367][ T2843] usb 1-1: USB disconnect, device number 2 [ 1532.594017][ T890] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1532.904641][ T890] usb 2-1: Using ep0 maxpacket: 8 [ 1533.066155][ T890] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1533.068338][ T890] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1533.070263][ T890] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1533.339275][ T890] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1533.343753][ T890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1533.345444][ T890] usb 2-1: Product: syz [ 1533.347001][ T890] usb 2-1: Manufacturer: syz [ 1533.348328][ T890] usb 2-1: SerialNumber: syz [ 1533.638013][ T890] hub 2-1:1.0: USB hub found 00:25:32 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x0, 0x0, 0x8, 0x926, 0x3333, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\t'], 0x0, 0x0, 0x0}, 0x0) [ 1534.144356][ T890] hub 2-1:1.0: config failed, hub doesn't have any ports! (err -19) [ 1534.448438][ T890] usbhid 2-1:1.0: can't add hid device: -22 [ 1534.469422][ T890] usbhid: probe of 2-1:1.0 failed with error -22 [ 1534.673412][ T890] usb 2-1: USB disconnect, device number 5 [ 1535.959055][ T20] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1536.428155][ T20] usb 1-1: Using ep0 maxpacket: 8 [ 1536.595750][ T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1536.597729][ T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1536.599330][ T20] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1536.826482][ T20] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1536.828293][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1536.829722][ T20] usb 1-1: Product: syz [ 1536.830867][ T20] usb 1-1: Manufacturer: syz [ 1536.845303][ T20] usb 1-1: SerialNumber: syz [ 1537.150681][ T20] hub 1-1:1.0: USB hub found [ 1537.945757][ T20] hub 1-1:1.0: config failed, hub doesn't have any ports! (err -19) [ 1538.668156][ T20] usbhid 1-1:1.0: can't add hid device: -22 [ 1538.693424][ T20] usbhid: probe of 1-1:1.0 failed with error -22 [ 1538.947312][ T20] usb 1-1: USB disconnect, device number 3 00:25:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10, 0x0}}], 0x1, 0x40854) 00:25:42 executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x9, 0x0, 0x0, 0x8, 0x926, 0x3333, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\t'], 0x0, 0x0, 0x0}, 0x0) 00:25:45 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10, 0x0}}], 0x1, 0x40854) [ 1548.024321][ T20] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1548.294306][ T20] usb 1-1: Using ep0 maxpacket: 8 [ 1548.486390][ T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1548.488397][ T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1548.489992][ T20] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1548.796284][ T20] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1548.798495][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1548.799999][ T20] usb 1-1: Product: syz [ 1548.801087][ T20] usb 1-1: Manufacturer: syz [ 1548.825770][ T20] usb 1-1: SerialNumber: syz [ 1549.355587][ T20] hub 1-1:1.0: USB hub found [ 1549.685722][ T20] hub 1-1:1.0: config failed, hub doesn't have any ports! (err -19) [ 1549.978175][ T20] usbhid 1-1:1.0: can't add hid device: -22 [ 1549.981278][ T20] usbhid: probe of 1-1:1.0 failed with error -22 [ 1550.210912][ T20] usb 1-1: USB disconnect, device number 4 00:25:50 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10, 0x0}}], 0x1, 0x40854) 00:25:54 executing program 0: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:25:54 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000000340)=[{{&(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10, 0x0}}], 0x1, 0x40854) 00:25:57 executing program 0: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:25:58 executing program 1: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:00 executing program 0: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:01 executing program 1: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:04 executing program 1: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:04 executing program 0: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:09 executing program 0: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:09 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCXONC(r1, 0x540f, 0xea007) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 00:26:11 executing program 0: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:13 executing program 1: syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x19, 0xc, 0x60, 0x40, 0x16d5, 0x650a, 0xdfde, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, [], [{{0x9, 0x5, 0xa}}, {{0x9, 0x5, 0x4}}, {{0x9, 0x5, 0x2}}]}}]}}]}}, 0x0) 00:26:15 executing program 0: r0 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000380)="55849838776fb64ddc1a6795cf90413de984bb8bc6da91f552455663f62015cdba1c80937637dd694eedbd1cc0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490900000000000000332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d7310570501af5d895ed5f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea380eebf395ee010647d4398c4ef2ce0db7628235143bff707433f7a34db5f1b0312a92cd5275ae6713613b1c997baa3cec205bdc8ebacb927003c4ada1360ff9529f73cc", 0x103, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)="90", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r0, r0}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) [ 1576.835618][ T890] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1577.263524][ T890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1577.265023][ T890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1577.266246][ T890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1577.267646][ T890] usb 2-1: New USB device found, idVendor=16d5, idProduct=650a, bcdDevice=df.de [ 1577.268780][ T890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1577.504859][ T890] usb 2-1: config 0 descriptor?? [ 1577.844484][ T890] qmi_wwan: probe of 2-1:0.0 failed with error -22 [ 1578.062946][ T890] usb 2-1: USB disconnect, device number 6 00:26:20 executing program 1: syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x19, 0xc, 0x60, 0x40, 0x16d5, 0x650a, 0xdfde, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, [], [{{0x9, 0x5, 0xa}}, {{0x9, 0x5, 0x4}}, {{0x9, 0x5, 0x2}}]}}]}}]}}, 0x0) 00:26:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = dup(r0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000012000103000000000000000007"], 0x2c}}, 0x0) 00:26:24 executing program 0: r0 = epoll_create1(0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)) [ 1586.004682][ T2843] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1586.506248][ T2843] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1586.509296][ T2843] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1586.511112][ T2843] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1586.535732][ T2843] usb 2-1: New USB device found, idVendor=16d5, idProduct=650a, bcdDevice=df.de [ 1586.537457][ T2843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1586.709077][ T2843] usb 2-1: config 0 descriptor?? [ 1587.258581][ T2843] qmi_wwan: probe of 2-1:0.0 failed with error -22 [ 1588.144286][ T2694] usb 2-1: USB disconnect, device number 7 [ 1589.890742][ T2991] binder: 2986:2991 ioctl c0306201 20000100 returned -14 00:26:31 executing program 0: r0 = epoll_create1(0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)) 00:26:31 executing program 1: syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x19, 0xc, 0x60, 0x40, 0x16d5, 0x650a, 0xdfde, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, [], [{{0x9, 0x5, 0xa}}, {{0x9, 0x5, 0x4}}, {{0x9, 0x5, 0x2}}]}}]}}]}}, 0x0) [ 1595.249466][ T2996] binder: 2993:2996 ioctl c0306201 20000100 returned -14 [ 1595.625530][ T20] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1595.986898][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1595.989595][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1595.991196][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1596.027371][ T20] usb 2-1: New USB device found, idVendor=16d5, idProduct=650a, bcdDevice=df.de [ 1596.030361][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1596.177248][ T20] usb 2-1: config 0 descriptor?? [ 1596.609731][ T20] qmi_wwan: probe of 2-1:0.0 failed with error -22 00:26:35 executing program 0: r0 = epoll_create1(0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)) [ 1597.585967][ T2694] usb 2-1: USB disconnect, device number 8 [ 1599.425657][ T3007] binder: 3006:3007 ioctl c0306201 20000100 returned -14 00:26:39 executing program 1: syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x19, 0xc, 0x60, 0x40, 0x16d5, 0x650a, 0xdfde, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, [], [{{0x9, 0x5, 0xa}}, {{0x9, 0x5, 0x4}}, {{0x9, 0x5, 0x2}}]}}]}}]}}, 0x0) 00:26:40 executing program 0: r0 = epoll_create1(0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)) [ 1603.354640][ T2699] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1603.765525][ T2699] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1603.767511][ T2699] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1603.769190][ T2699] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1603.771080][ T2699] usb 2-1: New USB device found, idVendor=16d5, idProduct=650a, bcdDevice=df.de [ 1603.780358][ T2699] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1604.005922][ T2699] usb 2-1: config 0 descriptor?? [ 1604.287713][ T2699] qmi_wwan: probe of 2-1:0.0 failed with error -22 [ 1604.400878][ T3012] binder: 3009:3012 ioctl c0306201 20000100 returned -14 [ 1604.839692][ T893] usb 2-1: USB disconnect, device number 9 00:26:45 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:26:51 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="55849838776fb64ddc1a6795cf90413de984bbf62015cdba1c8093f8b0a9d0812557f3c0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490f10cca83bcac3e8332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d731003d1d3f94deb0d77f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea381fb1fca34fb412a62e", 0xc0, 0xffffffffffffffff) r2 = add_key$user(&(0x7f0000000240), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000080)="90e9cd96bb650000000000000f0000000000000000", 0x15, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000300)={r2, r1, r2}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:52 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:26:55 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="55849838776fb64ddc1a6795cf90413de984bbf62015cdba1c8093f8b0a9d0812557f3c0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490f10cca83bcac3e8332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d731003d1d3f94deb0d77f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea381fb1fca34fb412a62e", 0xc0, 0xffffffffffffffff) r2 = add_key$user(&(0x7f0000000240), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000080)="90e9cd96bb650000000000000f0000000000000000", 0x15, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000300)={r2, r1, r2}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:26:58 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:01 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="55849838776fb64ddc1a6795cf90413de984bbf62015cdba1c8093f8b0a9d0812557f3c0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490f10cca83bcac3e8332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d731003d1d3f94deb0d77f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea381fb1fca34fb412a62e", 0xc0, 0xffffffffffffffff) r2 = add_key$user(&(0x7f0000000240), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000080)="90e9cd96bb650000000000000f0000000000000000", 0x15, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000300)={r2, r1, r2}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:27:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:06 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="55849838776fb64ddc1a6795cf90413de984bbf62015cdba1c8093f8b0a9d0812557f3c0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490f10cca83bcac3e8332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d731003d1d3f94deb0d77f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea381fb1fca34fb412a62e", 0xc0, 0xffffffffffffffff) r2 = add_key$user(&(0x7f0000000240), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000080)="90e9cd96bb650000000000000f0000000000000000", 0x15, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000300)={r2, r1, r2}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:27:13 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="55849838776fb64ddc1a6795cf90413de984bbf62015cdba1c8093f8b0a9d0812557f3c0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490f10cca83bcac3e8332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d731003d1d3f94deb0d77f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea381fb1fca34fb412a62e", 0xc0, 0xffffffffffffffff) r2 = add_key$user(&(0x7f0000000240), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000080)="90e9cd96bb650000000000000f0000000000000000", 0x15, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000300)={r2, r1, r2}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:27:14 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:18 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="55849838776fb64ddc1a6795cf90413de984bbf62015cdba1c8093f8b0a9d0812557f3c0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490f10cca83bcac3e8332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d731003d1d3f94deb0d77f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea381fb1fca34fb412a62e", 0xc0, 0xffffffffffffffff) r2 = add_key$user(&(0x7f0000000240), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000080)="90e9cd96bb650000000000000f0000000000000000", 0x15, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000300)={r2, r1, r2}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:27:19 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:22 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="55849838776fb64ddc1a6795cf90413de984bbf62015cdba1c8093f8b0a9d0812557f3c0d6cf041d24d3bdaaaea5e228f1400eb0d12fae8886d56f490f10cca83bcac3e8332e32e3c396103e67baab8ae4ada17098536391b133859e5bb4906185e0ab6e22089d1fbe20ff62c97d731003d1d3f94deb0d77f72bba16ef5d3ed2e9d6af3bbbefdb7d30a06e1cec9919aeb7b6bf8ad5e0f31fc6686666a88abf5976f72b1fdd28c5b3202ced4bd743f57a8bf34c7f07ea381fb1fca34fb412a62e", 0xc0, 0xffffffffffffffff) r2 = add_key$user(&(0x7f0000000240), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000080)="90e9cd96bb650000000000000f0000000000000000", 0x15, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000300)={r2, r1, r2}, &(0x7f0000001840)=""/4108, 0x100c, 0x0) 00:27:23 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:27 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:31 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:34 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:36 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:40 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwritev(r0, &(0x7f00000011c0)=[{&(0x7f0000000100)='}', 0x1}], 0x1, 0x10072, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r1, 0x8008af26, 0xe9002) fallocate(r0, 0x0, 0x0, 0x3) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8000}) close(r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) 00:27:46 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x8, 0x3, 0x340, 0x0, 0xffffffff, 0xffffffff, 0x210, 0xffffffff, 0x2a8, 0xffffffff, 0xffffffff, 0x2a8, 0xffffffff, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, '\x00', 'veth0_to_bridge\x00'}, 0x0, 0x1f0, 0x21d, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private2, [], @ipv4=@local}, {@ipv4=@multicast1, [], @ipv6=@rand_addr=' \x01\x00'}, {@ipv4, [], @ipv6=@private1}, {@ipv6=@mcast1, [], @ipv6=@local}]}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c9) 00:27:50 executing program 1: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x0) 00:27:52 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xc2, 0x0) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) [ 1674.036042][ T3065] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #636: comm syz-executor.1: corrupted xattr entries [ 1674.320955][ T3065] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #636: comm syz-executor.1: corrupted xattr entries [ 1674.444845][ T3065] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #636: comm syz-executor.1: corrupted xattr entries 00:27:55 executing program 1: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x0) 00:27:58 executing program 0: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x0) [ 1681.274599][ T3069] EXT4-fs error (device vda): ext4_xattr_ibody_find:2187: inode #637: comm syz-executor.1: corrupted in-inode xattr [ 1681.389334][ T3069] EXT4-fs error (device vda): ext4_xattr_ibody_find:2187: inode #637: comm syz-executor.1: corrupted in-inode xattr [ 1682.469314][ T3071] EXT4-fs error (device vda): ext4_xattr_ibody_find:2187: inode #645: comm syz-executor.0: corrupted in-inode xattr [ 1682.510634][ T3071] EXT4-fs error (device vda): ext4_xattr_ibody_find:2187: inode #645: comm syz-executor.0: corrupted in-inode xattr 00:28:02 executing program 1: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x0) 00:28:03 executing program 0: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x0) [ 1687.119199][ T3074] EXT4-fs error (device vda): ext4_xattr_ibody_find:2187: inode #644: comm syz-executor.1: corrupted in-inode xattr [ 1687.186470][ T3074] EXT4-fs error (device vda): ext4_xattr_ibody_find:2187: inode #644: comm syz-executor.1: corrupted in-inode xattr [ 1687.624316][ T3075] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #645: comm syz-executor.0: corrupted xattr entries [ 1687.694161][ T3075] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #645: comm syz-executor.0: corrupted xattr entries [ 1687.754909][ T3075] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #645: comm syz-executor.0: corrupted xattr entries 00:28:06 executing program 1: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x0) 00:28:07 executing program 0: syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0), 0x0, 0x0, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x0) [ 1689.868673][ T3077] ================================================================== [ 1689.872147][ T3077] BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x172/0x1ed6 [ 1689.873451][ T3077] Read of size 4 at addr ffffffe00d618004 by task syz-executor.1/3077 [ 1689.874725][ T3077] [ 1689.876699][ T3077] CPU: 1 PID: 3077 Comm: syz-executor.1 Not tainted 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 [ 1689.878297][ T3077] Hardware name: riscv-virtio,qemu (DT) [ 1689.879169][ T3077] Call Trace: [ 1689.880131][ T3077] [] dump_backtrace+0x2e/0x3c [ 1689.881663][ T3077] [ 1689.882455][ T3077] Allocated by task 0: [ 1689.883268][ T3077] (stack is not available) [ 1689.883888][ T3077] [ 1689.884735][ T3077] Freed by task 2699: [ 1689.885447][ T3077] (stack is not available) [ 1689.886520][ T3077] [ 1689.887354][ T3077] The buggy address belongs to the object at ffffffe00d618000 [ 1689.887354][ T3077] which belongs to the cache kmalloc-4k of size 4096 [ 1689.888917][ T3077] The buggy address is located 4 bytes inside of [ 1689.888917][ T3077] 4096-byte region [ffffffe00d618000, ffffffe00d619000) [ 1689.891086][ T3077] The buggy address belongs to the page: [ 1689.892419][ T3077] page:ffffffcf02360600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8d818 [ 1689.894373][ T3077] head:ffffffcf02360600 order:3 compound_mapcount:0 compound_pincount:0 [ 1689.895506][ T3077] flags: 0xffe000000010200(slab|head|node=0|zone=0|lastcpupid=0x7ff) [ 1689.897527][ T3077] raw: 0ffe000000010200 0000000000000000 0000000000000122 ffffffe005602140 [ 1689.898583][ T3077] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 1689.899485][ T3077] page dumped because: kasan: bad access detected [ 1689.900420][ T3077] page_owner tracks the page as allocated [ 1689.901112][ T3077] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2699, ts 1665768872500, free_ts 1661448457500 [ 1689.904377][ T3077] page_owner allocation stack trace missing [ 1689.905516][ T3077] page_owner free stack trace missing [ 1689.906637][ T3077] [ 1689.907164][ T3077] Memory state around the buggy address: [ 1689.908450][ T3077] ffffffe00d617f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1689.909397][ T3077] ffffffe00d617f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1689.910366][ T3077] >ffffffe00d618000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1689.911204][ T3077] ^ [ 1689.912274][ T3077] ffffffe00d618080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1689.913694][ T3077] ffffffe00d618100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1689.915368][ T3077] ================================================================== [ 1689.916737][ T3077] Disabling lock debugging due to kernel taint [ 1690.143601][ T3077] EXT4-fs error (device vda): ext4_xattr_ibody_find:2187: inode #640: comm syz-executor.1: corrupted in-inode xattr [ 1690.172911][ T3077] EXT4-fs error (device vda): ext4_xattr_ibody_find:2187: inode #640: comm syz-executor.1: corrupted in-inode xattr [ 1690.777379][ T3079] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #636: comm syz-executor.0: corrupted xattr entries [ 1690.818229][ T3079] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #636: comm syz-executor.0: corrupted xattr entries [ 1690.867772][ T3079] EXT4-fs error (device vda): ext4_xattr_set_entry:1596: inode #636: comm syz-executor.0: corrupted xattr entries 00:28:09 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4142, 0x0) truncate(&(0x7f00000000c0)='./file1\x00', 0x6) close(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) pwritev(r1, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0) sendfile(r0, r0, 0x0, 0x100bfab) [ 1691.507599][ T2018] ------------[ cut here ]------------ [ 1691.508726][ T2018] virt_to_phys used for non-linear address: 0000000006d0a6d5 (0x40eea020000) [ 1691.511351][ T2018] WARNING: CPU: 0 PID: 2018 at arch/riscv/mm/physaddr.c:16 __virt_to_phys+0xac/0xb8 [ 1691.513231][ T2018] Modules linked in: [ 1691.514455][ T2018] CPU: 0 PID: 2018 Comm: syz-executor.0 Tainted: G B 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 [ 1691.515984][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 1691.516942][ T2018] epc : __virt_to_phys+0xac/0xb8 [ 1691.518037][ T2018] ra : __virt_to_phys+0xac/0xb8 [ 1691.519094][ T2018] epc : ffffffff80012bea ra : ffffffff80012bea sp : ffffffe00cc8fad0 [ 1691.520261][ T2018] gp : ffffffff83f9a558 tp : ffffffe00c8faf80 t0 : ffffffff852b6bd7 [ 1691.521497][ T2018] t1 : ffffffc40b5b9114 t2 : 0000000000000000 s0 : ffffffe00cc8fb00 [ 1691.523577][ T2018] s1 : 0000040eea020000 a0 : 000000000000004a a1 : 00000000000f0000 [ 1691.524752][ T2018] a2 : 0000000000000002 a3 : ffffffff800e5d66 a4 : 44646e2a08b4ca00 [ 1691.526331][ T2018] a5 : 44646e2a08b4ca00 a6 : 0000000000f00000 a7 : ffffffe05adc88a3 [ 1691.528226][ T2018] s2 : 0000042eea020000 s3 : 0000001fffffffff s4 : fffffffffffffffb [ 1691.530314][ T2018] s5 : ffffffff803f25c6 s6 : ffffffe00cc8fb50 s7 : ffffffcf00000000 [ 1691.531668][ T2018] s8 : 0000040eea020000 s9 : 0000000000015b31 s10: 0000000000000001 [ 1691.532914][ T2018] s11: 0000000000000022 t3 : 0000000000000076 t4 : ffffffc40b5b9114 [ 1691.535199][ T2018] t5 : ffffffc40b5b9115 t6 : ffffffe00cc8f7d8 [ 1691.536188][ T2018] status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003 [ 1691.537395][ T2018] [] __virt_to_phys+0xac/0xb8 [ 1691.538651][ T2018] [] qlist_free_all+0x6c/0xac [ 1691.539754][ T2018] [] kasan_quarantine_reduce+0x14c/0x1c8 [ 1691.540889][ T2018] [] __kasan_slab_alloc+0x5c/0x96 [ 1691.543126][ T2018] [] kmem_cache_alloc+0x342/0x3ca [ 1691.544375][ T2018] [] jbd2__journal_start+0x106/0x2fc [ 1691.545561][ T2018] [] __ext4_journal_start_sb+0x1a8/0x3fa [ 1691.546776][ T2018] [] ext4_unlink+0x232/0x800 [ 1691.547884][ T2018] [] vfs_unlink+0x254/0x456 [ 1691.548988][ T2018] [] do_unlinkat+0x292/0x436 [ 1691.550168][ T2018] [] sys_unlinkat+0x6c/0xaa [ 1691.551397][ T2018] [] ret_from_syscall+0x0/0x2 [ 1691.553492][ T2018] irq event stamp: 1163188 [ 1691.554308][ T2018] hardirqs last enabled at (1163187): [] _raw_spin_unlock_irqrestore+0x68/0x98 [ 1691.555909][ T2018] hardirqs last disabled at (1163188): [] __schedule+0x596/0x1048 [ 1691.557363][ T2018] softirqs last enabled at (1162918): [] __do_softirq+0x5f8/0x8dc [ 1691.558740][ T2018] softirqs last disabled at (1162911): [] __irq_exit_rcu+0x142/0x1f8 [ 1691.560196][ T2018] ---[ end trace e3ae8c48a5831065 ]--- [ 1691.589801][ T2018] Unable to handle kernel paging request at virtual address ffffffdf3fa88808 [ 1691.593872][ T2018] Oops [#1] [ 1691.594693][ T2018] Modules linked in: [ 1691.595428][ T2018] CPU: 1 PID: 2018 Comm: syz-executor.0 Tainted: G B W 5.15.0-rc1-syzkaller-00001-g64a19591a293 #0 [ 1691.596768][ T2018] Hardware name: riscv-virtio,qemu (DT) [ 1691.597531][ T2018] epc : qlist_free_all+0x74/0xac [ 1691.598523][ T2018] ra : qlist_free_all+0x6c/0xac [ 1691.599562][ T2018] epc : ffffffff803f2600 ra : ffffffff803f25f8 sp : ffffffe00cc8fb00 [ 1691.601123][ T2018] gp : ffffffff83f9a558 tp : ffffffe00c8faf80 t0 : ffffffff852b6bd7 [ 1691.603397][ T2018] t1 : ffffffc40b5b9114 t2 : 0000000000000000 s0 : ffffffe00cc8fb50 [ 1691.604443][ T2018] s1 : 0000040eea020000 a0 : 0000040fea220000 a1 : 00000000000f0000 [ 1691.605540][ T2018] a2 : 0000000000000002 a3 : ffffffff80012bae a4 : ffffffe00c8fbf80 [ 1691.607632][ T2018] a5 : ffffffdf3fa88800 a6 : 0000000000f00000 a7 : ffffffe05adc88a3 [ 1691.608721][ T2018] s2 : 0000000000000000 s3 : dfffffc800000000 s4 : fffffffffffffffb [ 1691.609788][ T2018] s5 : ffffffff803f25c6 s6 : ffffffe00cc8fb50 s7 : ffffffcf00000000 [ 1691.611900][ T2018] s8 : 0000040eea020000 s9 : 0000000000015b31 s10: 0000000000000001 [ 1691.614059][ T2018] s11: 0000000000000022 t3 : 0000000000000076 t4 : ffffffc40b5b9114 [ 1691.615131][ T2018] t5 : ffffffc40b5b9115 t6 : ffffffe00cc8f7d8 [ 1691.615966][ T2018] status: 0000000000000120 badaddr: ffffffdf3fa88808 cause: 000000000000000d [ 1691.618036][ T2018] [] qlist_free_all+0x74/0xac [ 1691.619314][ T2018] [] kasan_quarantine_reduce+0x14c/0x1c8 [ 1691.620719][ T2018] [] __kasan_slab_alloc+0x5c/0x96 [ 1691.622670][ T2018] [] kmem_cache_alloc+0x342/0x3ca [ 1691.624043][ T2018] [] jbd2__journal_start+0x106/0x2fc [ 1691.625444][ T2018] [] __ext4_journal_start_sb+0x1a8/0x3fa [ 1691.627864][ T2018] [] ext4_unlink+0x232/0x800 [ 1691.629052][ T2018] [] vfs_unlink+0x254/0x456 [ 1691.630285][ T2018] [] do_unlinkat+0x292/0x436 [ 1691.631977][ T2018] [] sys_unlinkat+0x6c/0xaa [ 1691.633142][ T2018] [] ret_from_syscall+0x0/0x2 00:28:10 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$TCXONC(r2, 0x540f, 0xea007) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(r0, &(0x7f0000001800)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001740)=[@rdma_args={0x48, 0x114, 0x3, {{}, {0x0}, 0x0}}], 0x48}, 0x0) [ 1691.703657][ T2018] ---[ end trace e3ae8c48a5831066 ]--- [ 1691.706740][ T2018] Kernel panic - not syncing: Fatal exception [ 1691.707828][ T2018] SMP: stopping secondary CPUs [ 1691.709505][ T2018] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:44:33 Registers: info registers vcpu 0 pc ffffffff800d139c mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff80005050 mepc ffffffff80a07aba sepc 000000000003917e mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff82bd7058 x2/sp ffffffe0058979e0 x3/gp ffffffff83f9a558 x4/tp ffffffe00cec8000 x5/t0 0000000000046000 x6/t1 ffffffc40b5bb321 x7/t2 0000003fe11f61b7 x8/s0 ffffffe0058979f0 x9/s1 0000000000001000 x10/a0 0000000000000020 x11/a1 ffffffffffffffff x12/a2 1ffffffc019d9001 x13/a3 ffffffff80105aaa x14/a4 0000000000010004 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffe05add990b x18/s2 0000000000000000 x19/s3 ffffffff83d2b438 x20/s4 0000000000000000 x21/s5 ffffffff82e27880 x22/s6 ffffffffffffffff x23/s7 0000000000000009 x24/s8 ffffffff85302728 x25/s9 0000000000000000 x26/s10 0000000000000000 x27/s11 ffffffff80127a34 x28/t3 44646e2a08b4ca00 x29/t4 ffffffc40b5bb321 x30/t5 ffffffc40b5bb322 x31/t6 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff801b0a54 mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff80005050 mepc ffffffff80c979dc sepc 000000000003a338 mcause 8000000000000007 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80aedda0 x2/sp ffffffe00cf47250 x3/gp ffffffff83f9a558 x4/tp ffffffe00d07c740 x5/t0 ffffffff83c5ea68 x6/t1 ffffffc4019e8e49 x7/t2 0000000000000000 x8/s0 ffffffe00cf47240 x9/s1 ffffffff852c8f89 x10/a0 0000000000000000 x11/a1 ffffffe00d07c740 x12/a2 ffffffd01160e000 x13/a3 ffff0a00ffffff04 x14/a4 0000000000000000 x15/a5 0000000000005c0d x16/a6 ffffffe00cf472d0 x17/a7 ffffffe00cf472d7 x18/s2 ffffffff836cc612 x19/s3 ffffffe00cf472d0 x20/s4 ffffffff836cc612 x21/s5 ffffffff836cc612 x22/s6 ffffffff852c8fb9 x23/s7 0000000000000001 x24/s8 ffffffff000000ff x25/s9 0000000000ffffff x26/s10 0000000000000061 x27/s11 0000000000000001 x28/t3 44646e2a08b4ca00 x29/t4 ffffffc4019e8e5a x30/t5 ffffffc4019e8e5b x31/t6 ffffffff852c8f8c f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000