last executing test programs: 9.317922996s ago: executing program 1 (id=1656): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) syz_open_dev$loop(&(0x7f0000000240), 0x6, 0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x3, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 8.313477392s ago: executing program 1 (id=1657): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(&(0x7f0000000780), 0x0, 0x0, 0x0, 0xffffffffffffffff) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) syz_open_dev$loop(&(0x7f0000000240), 0x6, 0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x3, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 7.306978591s ago: executing program 1 (id=1659): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0x5, 0x1, '\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, 0x0, 0xfffffffffffffffd) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@private0, @in6=@private1={0xfc, 0x1, '\x00', 0x4}}}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@loopback}}, 0xe8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) add_key(&(0x7f0000000000)='asymmetric\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000c40)='encrypted\x00', 0x0, &(0x7f0000000cc0)='[,\v]@+\x00', 0x0) add_key(&(0x7f0000000f80)='encrypted\x00', &(0x7f0000000fc0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) socket(0x10, 0x80002, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x200000000000000}, 0x0) memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r3, 0xee01) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r5 = gettid() syz_pidfd_open(r5, 0x0) 7.2135967s ago: executing program 1 (id=1660): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff2a}, 0x90) pipe(&(0x7f00000009c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$I2C_SLAVE(r1, 0x703, 0xfa) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_process_wait\x00', r2}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$LINK_DETACH(0x22, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_setup(0x4aa0, &(0x7f0000000140)={0x0, 0x62e4, 0x40, 0x0, 0x1a3}) r5 = syz_io_uring_setup(0x0, &(0x7f0000000240)={0x0, 0x0, 0x200, 0xfffffffe, 0x0, 0x0, r4}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x4001, 0x3, 0x2a8, 0x128, 0xb, 0x148, 0x0, 0x148, 0x210, 0x240, 0x240, 0x210, 0x215, 0x3, 0x0, {[{{@ip={@multicast1, @remote, 0x0, 0x0, 'wg0\x00', 'pim6reg0\x00'}, 0x0, 0xc0, 0x128, 0x0, {0xff0f000000000000}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x11, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'veth1\x00', 'bridge0\x00'}, 0xec010000, 0xa0, 0xe8, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x6}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, {0x10140}}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r5, 0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[0xffffffffffffffff]}, 0x1) eventfd2(0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x406, r8) ioctl$USBDEVFS_SETINTERFACE(r4, 0x80085504, &(0x7f0000000980)={0x4, 0x7f}) socket$can_j1939(0x1d, 0x2, 0x7) r9 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl$SIOCAX25CTLCON(r9, 0x89e8, &(0x7f00000001c0)={@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x0, 0x0, 0xfc, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) close(r5) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x30}}, 0x0) r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x42, 0x4, 0x3c0, 0xffffffff, 0x100, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x74000000, 0xb8, 0x100, 0x1ba, {0x46010000, 0x2c000000000000}, [@common=@unspec=@limit={{0x48}, {0x0, 0xc}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x287, 0x100, 0x160, 0x0, {}, [@common=@unspec=@cpu={{0x28}, {0x0, 0x20}}, @common=@unspec=@physdev={{0x68}, {'xfrm0\x00', {}, 'lo\x00'}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x420) 5.47421719s ago: executing program 0 (id=1666): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2e, 0x6, @thr={0x0, &(0x7f0000000400)="389b6edfd2cd9ae37ad59c0dc82d6dddd23fe2c7cd9df5b1cc5fc7bc077daf350509259376cede2004dc6601862fd0c314d53a1a33343d33e495ceb9432345a56265cb24effa0cccbc8195a4fedca6a19d619aed3d86188fac3d3b31079a80f966f827f3dd6bf8667055cea9fc5bfc8df27d0a199d5e34936faf6764caf5f4a3de7cd62de39aafd52f51d722cbf1adda2c93801851fe316a861c0fd0d59f5d6e0ff0e662352e92d22f7394786f9e2db6d3af719cd8cf1cb38a288726b2eacddf72ef01f2175148d3073e98ea1b37206230384ac0c9a868dbba104b3701d1e00bdbc29a750c564ea33259982f3978d6577a76cd8ee8ba28335b66d87f9067dc1904f38a1c939a286235f16d3ffbb6e629d3f1e231518ccb12fd576da19c24f0f9deb881dc6654fc03e4789a1899a67b4ca17e610bdea801b5a5ffeb159a01b890a7981dc308a21ad9026f027128cbaafc9c1af6c1047103463612159584d2dbeca20d8dfd301d0e9cd0f3355710a71570f93e8c1d2db7140bf2027e9952cb6ed5fad7b626043575e78f4bba7d71dfc3ba994e6fd6f0362e79c9c6b3528abf5394ba3b84fe43782794e6cd5b248de0ab63bc9d55850acaa1a8375e574f4d732bd4962f5ff3e91ef0b25775168f4624b4d3260e29a12d6136a67e0dfa94f1f7dcb1cf48d0befe9c062b2f5e8b884947a7de899472b45f74c0c727d9c21e0afc51f88d200761626df8d98bdb062cb864f21e7789ea06f51bf32809c761b35a8734f5365023d24827afda67051dabceac638e0512a7e63b4d9d692972dcffea3bf076634c7a7bc9f01d9153f3314a11ab5ab60e30c8de317fb1df1eb06c00d06b3ae3970afac98e9e557d1bd31fddc2f2b0ad2b84d55b9b26cfdafc97b03cd5bfdc1b7a1fd203ec0cd719e7590305c9228e82ab35f1e95a4168597d5e04fda1b685251f64735fd1fd02eafa5e6bb22e3060f1f65528c2855c07d3d121fe63bf0ed9125ce49133f1023011fd050753aa49011e51a148fc511db15f62bfd9e0843ac79250fc3c0d3bdc3665f7552fc6859fd109454f6021bc2f078d473e2e6128a6b5b7ce6ff6a8e3f146ef3bbb5131bc38b325a8ffbde0317f2083021201b8178643640e797b01583deffb67a2b17ceb7ae9642e8111ec7ab1026aeab23c1e7dafb73f50a088b43c8af1d0c2c2a11577c1926bec31da6336f12479f82b72c2b2edc55eaa994d5c7959e2e7d18cf067b6b7950ed4793c4c555ab153d48974bc01b3ec8f66ad613bb09729b35296b049e2500c7e99db2ab0abeec17c18d36f9e0781b3361ac8f8fa8c751a6bc87fcf2dc84bb32140162677d0d54338fc0ff4ef850a1d02fe845358df93f8d7c707790f0ad57fd350e801beea060e23147c9f5a1f191efcf508c84c32c70541ab1c3c4ac048f460e1bfd32c436a56ff2caba8ba85d9338b44ca4ea499e3c3ee5aa363bc41d40a725424f5007284997e4d930b9ea5e80c4a5407f2a6fe213178f818a148ddcb5a6973371aa8628ee46d086236a273c72cb9adfe3f0f8981dc31c8763b8565258e41d3c355e728fd5118a984e0ac12c9ba1f8cf4933dd02fcbaf54fe582b26a40c3de8949f43776c82ecae323f4aefebadcc5ff74c857404341858f23443686541f2a10e939d894d0153252e969a84d3c770ca1457f4a1c97f146f4a1d804a6137c267e3a729793d54391b3580a098032f4b2c3bdfb51525525e0b1cecb7e235b74986d3dfee7eae6df46f77434fcfe6f0f9f222eceecac11ff57d1881687cad9bca32e7f1228e9b21829fb019dd01456e14c5551ea4294555505e975ed7ebe6ca29e16c8cd300a1b79510590623ca1be66656e557e603a296978455e7b6e8a6065deb9d0343c4b0819337d2f92682a45eaa66af44568599f4dcc33828bc4244d071090d1ffc3f900e2470f7d7642c1bdc5cb1ca6b38d86fec8dd4fab69de4c5ee621e49d4c4bcf1b2cec156b670b169091ab66396f7816768e98e5fae2ac4d950db4d70e4c636776f1fca9411b1f320a4929329c2d0277b1ec415c7440d5c163fb4a1a5788de5c5427740e20ccf6e10c0e25bb43f20835c2426c50b9d37582e1204c46987350fc67827e780d8ee6acec41df7e80f8f86a862c08b20c026a0dc648ad51dd397dc8b3e37c9ecb689e930e3b6922ae17d98a906ea026fdde229b567ae2aecccee796c7e52605387e3e108e8c9ad34c56b67f8797f9c896810f849ee374f58a341ec11c5aa1323af06cf07a3fc65b3ea360acaf22cb0731db96f77053f6a39db87c1db9920876bf2ae9675d0143b58b2b9e0027e68c8d4b41838368d3181a6cadebd72ed3920df995b85f00f436911f0d3e6ee69aae7639e933c0bd27c51d10cf98665d4704bc40222f2f092fdd98c7f6d4813a93795061976d681617756e810eacd7994c849f67356d71636cba934e249bdb1759775980d32747a4da876faf7b78d0548d25805558c2205fa71fb11eefc3a44dfd01a1cc44153acc0662c8a8599dd87fb87ef21bb44fa674c2f9e2c1174615c9fae82e66d01ea21f24a9a39545bbbece3211f820f75e5590093ea0aa1e214cccb8a6e4c0a6a1998526f9d8d23441ad4ede9f6e0d938f7e842e05a3b466e030b0742c2958c2bb36bd1d5e357d678d12c4c92dcc9511effdd8bcb9489dd05cd162cf8b8e542de94619fb281c72bb25a98988ec2cef87e341f9de416d88cce80530a718e079582028b4dfae06d54b4846782a07de08a21389ab5382b962791927a4197a974814467c2629b0bf989befd5638192f6d6a4692b3de1241c220e959b90669c3ff93571bc67855157ef99e3b6f7f36ee2c09be9c7d95040c0df2781ef5efd63207301a6673e147e1dfd72573a963a9642bceb761f73e538fee5bac15fb4b114e332f175b391ceed417baf63aa3d3df908eb6db11ab034dffda5ad7b7df13a82dbdba67a4f75dc5fd723fb1a98cf4b30b473a7439deb64957ad1caaec7c957809b70679145c7218fd2dd322f94143d02f791e765c972263ffc5d56e22d7164f01b9ab7bd3668cb5b7617857724b688c4b40c923e77d2a4ce7463392abd31734182adff1c72256ed3cba1a78e046fe1d953d0e6589a588b3adcaa35f7e769332149a9af9983eda2072071ee86d2c9bc8039c2317ba38d79ef3beb369c17cbf00eee386a37c1fe45fb80ca0de5b46f327485c5b18472a09e2660551df8da41a679a8dc045ca6ff9e7d5180678def3663b9a342a220bf870bad4614d20391ce1f9b07ea1a539c36f953ca0d82926a9c49407c189062d9204c523b66077a8af3b49789ec12a565f547a48f791e7ddffb26bae824add6d9e6959d6eb6e7af5885c0ed0cf898d20fa44e2d4dd46fa32e7048499c4fc01e1618b11440fa2347f98efc5b79c7a09974ee2bc9d5420905b05f836d2112f91d5d4fa76c059448c243ed6d7d855abe2bc39ecc7da0b8b4e6798bc0d14f163d6d90a02b12982291d84e789c1b32169c1d05b7a6b0b8443748bcb096ffc66b899d723096fa9500debff992454ae457ab77859ea58661f710d01590a81cfe762bac31a04fb3845db203165b8822fdede5da49525ea4fbbbad5460f45974825aff8e080a8257dfdaa99f31f8b0faf1c7991e46d947cb45d1f4b76713611661bc4345817d6b1575d8931e32c1387949a19a5cca6e719431c559be727e62a75815d5da8eb6360883b70b0ddccd5e472de9db0504ee54b39ae11e1235932c1399e87ea855f4dd4d0308a5cf57df953b8c8db573afd4f5f28ff06dcd8527880546d788cb49b9ce196f72cd8706eae26f38c78d3893399f7e8ff0aee1818f1e11f13cae4c173834474f6b577cbfc10c6c51b6b77324c2200dffda5225fc7b7b83ad198c559f2be7a31e0f2654ca21b0a29a8e28c0063d9c1d021a77f3767256f9578696134a2a6d29f9ab21ce1188d23abafd82adc190740b552bebb6730834ebf3d4468022c49d3b4f31b394cd9425a31e21f4736baa01a2d9ce617c68ee88eacd33333cabc0c883a67c6e1c7357224f5edbe41543c778ebef73be578d6535ce3efb361cfd5894e1f95fce240018f81b735c727cda2d339788eb34ea4430770199c00a8a9c109baac87ce4afd0452e33fdb44c0aef4f48974a959b006ba12001541ce09ea3fc373168977ae8b149cf01e1598cfeb0816e4d828df09d722d95ca83e69e671f28c6fe35679ff777527c2b0a8a1eade06555722bbf0e75fd081aa8ac11c4cd8bd5e670f813124bb4f8c6f55b5db30143baf5ccf51714d6a45d8ee1b5839b761fada991a15adcbbd0e3efec5405b259b216a80dd2ae81ab59e26a2150e85b134dfcb30c2de7042a2f0f1377029fe14c37d985457f868a60555493fc1ea7cf66b3f29496a3a88e5b0eae397d3268aab8db51572a7ab75c83ad2b6420b57a7815b5837afd499186d4b3158823bc24c57f7f4c0d90ad96b42f28598d7a6662ea7a775c750362228a76e2f53b78c922ee5153d3ebd17ccd244bc3316b9fe04109cd884a64be7feda3cdd1941a79b2ee69ab0d25907906b245ed6723e12727b7341ba4f699e1f48d9bdd5ad064c3a45eeba34573dc61ef4389d59aa3661603893264a2cda2688ac18e665582339726519564a281d8766165e0a7733d0e1dccd418fcbb01c4654fb2ae1bc186bcc7a942cc2eafaf2c2992503c6e4afef5e118f251c981e66df7792a2b417c664ebbd8086b8fe57e0aa2e6801d00a5aa92b0908ef570782f8c935495db448206072e7a3777d5a4400fa6a12b9bf4dd65a790f3d88bf4e3487b40c5ac857e1c8f662f1e381849b6398ed0292547f9dcf7f18bf7f2b4f8440c775cc2512b71c35e0c9b9c6ae6462478ff4ec1d3aee3656bdff8abfc6f8a122c57825dead997a2f580ba6bd4564d95013644322e35313307525964e90b6703920789c8c4e645f65f3f6473aa240e38e88e12dd3977d00dd1e1fe93bee977b3e12ea4dec3f35a2ab8d753ca5f8411b3fb64fcfe15d1ea07859387b416f03960d9b3310ddc4ea1f1324eff6759c2c98e294f46e330402049674130ae47a9eb5776ad51913257b3b0b71a006b37a0322ee76889b677a01859870efadd9cc5f765dbff02b5f8cbc2097c9fee0e4380392b7dec71ba797c8f9210e7ccb215bd87734de1b0f18de77ce8cd420b96a6223e1b8b464dff5747ef5076a0b717795b66366945bcc73d5f6708e06ef41be94eecd1c951f6d34cb170d6674a2b336bd19a48b91fa2f7402ead919ee9126156b54aeb6946d249aa6e86c317264624e3ea1bc11ffe7fd5b8f2f856bb3b0e8e3a687ab30122a5208cf41eaf73c9a5d76e24ab5abdebf04567a05ac5495aab2182004d5b9fc29b61f31fb69b8658c7a4c41d1c5c28b9d4daa1d3a37e21ff46762dc1fd5f0152b9f353c9a5c5e25976a69b6577b0180b43d48f0dab00ae2af59f99faff6f33e89ca51b07e25716cd2d899dac430fd15fe35b34edf5aa8d1e355c630168793e525068a6a04f0f078a6cb227404b3affd32c2458853e064ed8911f7e446d36af7774013dec227bdeae6afdf87fb4247982bf781aa8b445af3278bf82f940e4311c2c3cd43df5119ba0ff831169b71c5e6cb68cbe914386dd95b452ab3175ea586fc0ce8344fc13492fdceaed5b988356ba0c7edf287b062946348e4d2da0454fe02"}}, &(0x7f0000000100)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102376, 0x18fe8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) pipe2$9p(0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) r3 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r3, 0x6b, 0x2, &(0x7f0000000240)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4}, 0x18) pipe(&(0x7f00000000c0)) connect$can_j1939(r3, &(0x7f0000000140)={0x1d, r4}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000013c0)="2eb52f856568103470ade4480a2246bea55b8745efa13bb0cc9c94085d685d152538277188cb1e7feba5d839d9fce04b096673242359271489bb6ab734177be28c76e6b86dbebb67bf16a5161458776c6832fac63b14d5e4c5f49237ed6bf7c951d8c56a145f890c044ebc78dc51e8824960a1890dab96df64ecb578ce5cf65d7c27dce4ecaefbc69a2caee14b1b415991870c1e3b0605a720d3ae50b0129f19fa415cc45cd666def07c08516a071c553e483b061db040725ad7ecd01e1a2ef764f7d23eab5d85eb9dbccdb053", 0xcd}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 4.247870559s ago: executing program 2 (id=1675): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}}) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000140)={0x3, @pix_mp={0x0, 0x0, 0x50565559, 0x0, 0x0, [{}, {}, {0x0, 0x37}]}}) socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020030000b02d25a806f8c6394f90524fc602f1a04000a740100053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd67, 0x0, 0x0, 0x0, 0x2}, 0x90) r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) preadv(r5, &(0x7f0000000380)=[{&(0x7f0000000080)=""/82, 0x52}], 0x1, 0x0, 0x0) close(r5) r6 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r6, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write(r6, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300), 0x0) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @address_request}}}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x1f4, 0xd50, 0x6558, &(0x7f0000000000)="ff", 0x0, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x69) 4.141503446s ago: executing program 1 (id=1676): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x10) r3 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r2) sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000ffff030000005800018044000400200001000a00000000007fffffff000000a0ffffff0000000000000100000000200002000a00000000000000fe8000000000000000000000000000bb000000000d0001007564703a73"], 0x6c}}, 0x0) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x58, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3d, 0x4, {'gcm(aes)\x00', 0x15, "400dd062441eb8abbbb672868d6e8b0fd784ee4a35"}}]}]}, 0x58}}, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae9c, 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000300)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r9, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r9, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae05, &(0x7f0000000740)=""/4096) read$FUSE(r9, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00'}, 0x10) write$FUSE_INIT(r9, &(0x7f0000000040)={0x50, 0x0, r10}, 0x50) syz_usb_connect(0x0, 0x10b, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000b24b4a10e60407007501000005010902240001010000000904000002ccb8280009050b02000000000009058a02"], 0x0) r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x120000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r11, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c000}, 0xc011) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)={0x20, r1, 0x103, 0x0, 0x0, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_REG_RULES={0x4}]}, 0x20}}, 0x0) 3.968108006s ago: executing program 0 (id=1677): bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',w%fdno', @ANYRESHEX=r3, @ANYBLOB=',k']) chdir(&(0x7f0000000040)='./file0\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) recvfrom$unix(r4, 0x0, 0x0, 0x0, &(0x7f0000000000)=@abs, 0x8) shutdown(0xffffffffffffffff, 0x0) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000380)={0xaf4f, 0x7, 0x4, 0x800, 0x2, [{0x5, 0x6, 0x9, '\x00', 0x101}, {0x81, 0x100000001, 0x9, '\x00', 0x3804}]}) setitimer(0x1, &(0x7f0000000300)={{}, {0x0, 0x80}}, &(0x7f0000000340)) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a0000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c0002800800040000000000060006000000"], 0x4c}}, 0x0) unshare(0x42000000) syz_usb_disconnect(0xffffffffffffffff) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x282900, 0x0) r6 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @remote}}) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 3.256351495s ago: executing program 2 (id=1679): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0x3e}, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x3, 0x5, 0x2]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x658}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@multicast2, 0x20000}, {@remote}, {@multicast2, 0x7}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = socket$inet6(0xa, 0x0, 0x0) listen(r0, 0x80080400) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_RADAR_DETECT(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x64, 0x0, 0x800, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x15b8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x209}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000000) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000180000000000000a000000000000000000ca"], 0x1c}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, r7, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}}, 0x0) sendmsg$FOU_CMD_DEL(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r7, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x1c}}, 0x0) listen(r4, 0x0) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@get={0xe0, 0x13, 0x0, 0x0, 0x0, {{'streebog512-generic\x00'}}}, 0xe0}}, 0x0) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x40, 0x0, 0x0, 0x0, 0x0, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x40}}, 0x0) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}, 0x1, 0x0, 0x0, 0x8000}, 0x44040) syz_emit_ethernet(0x52, &(0x7f0000000080)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp_addr={0x44, 0x1c, 0xa, 0x1, 0x0, [{}, {@dev}, {@dev}]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000340), 0x4) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000015c0)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}, 0x1, 0x0, 0x0, 0x60004050}, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r11, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r11, 0x0) r12 = dup(r10) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) 2.727858679s ago: executing program 2 (id=1680): socket$rxrpc(0x21, 0x2, 0xa) r0 = syz_io_uring_setup(0x4a9, &(0x7f0000000080)={0x0, 0x0, 0x2}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x28011, r3, 0x0) syz_clone(0x22803800, 0x0, 0x0, 0x0, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000091c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da20"], 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x40, 0x0) syz_usb_disconnect(r5) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r6, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000ac0)=@raw={'raw\x00', 0x4001, 0x3, 0x2a8, 0x0, 0x0, 0x148, 0x140, 0x148, 0x210, 0x240, 0x240, 0x210, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x21}, 0x0, 0xd8, 0x140, 0x0, {}, [@common=@inet=@dccp={{0x30}}, @common=@unspec=@connbytes={{0x38}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308) r7 = syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2) ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f00000013c0)={0x0, 0x0, 0x0, {0x5, @raw_data="439e73c82bad769c1516d4c77a5c5885be9b70b538ec45e7ba36827b0dcf53cc22c46c7ddae950c8f87629ac052d399516111996f2d568d4314f1a6a19db3bdb291cb1a830152d32b2ad880e24ae29ce49a0ba071236284d59f28276b7b6325b4fb369c2aab53751ce9ef9dea4663ae9ce4c521f2918fad161726fe27dd15cc6520d466d80c07cd248fcf58332bf0ee0e5061d4377b24a0c253e86d27c5edcd2ae36ce31344898571a1a4f7f4af1de4747103ee0bb34830f53b67d1578af4dab6f19403d8c88fd8e"}}) ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000900)={&(0x7f00000008c0), &(0x7f0000003980)=""/186, 0xba}) r8 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r8, &(0x7f0000000640)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c) connect$inet6(r8, &(0x7f0000000240)={0xa, 0x0, 0x0, @remote, 0xffff0001}, 0x1c) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000003c0)={0x0, 0x0}, 0x8) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x28, &(0x7f0000000400)=@ringbuf={{}, {}, {}, [@call={0x85, 0x0, 0x0, 0xc8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @map_val={0x18, 0x3, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x6c7}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000540)='GPL\x00', 0xfc6, 0x1000, &(0x7f0000002980)=""/4096, 0x41000, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000680)=[{0x0, 0x2, 0x4, 0x4}, {0x5, 0x1, 0xf, 0x8}, {0x4, 0x1, 0xa}, {0x1, 0x5, 0x4, 0x9}, {0x3, 0x2, 0x10, 0xc}, {0x3, 0x3, 0x7, 0x2}, {0x2, 0x1, 0x5, 0x9}, {0x0, 0x3, 0x5, 0x7}, {0x1, 0x3, 0x3, 0xa}], 0x10, 0x40}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x20, 0x7, &(0x7f0000000200)=ANY=[@ANYBLOB="0011b78600000000000000", @ANYRES32=r3, @ANYBLOB="0000000086050000851000000700000018000000ef09000000000000070000008520000003000000"], &(0x7f0000000280)='GPL\x00', 0x29a, 0x1000, &(0x7f0000001980)=""/4096, 0x40f00, 0x40, '\x00', 0x0, 0x6, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000340)={0x1, 0xc, 0xfffffffc, 0x7f}, 0x10, r9, r10, 0x2, &(0x7f00000005c0)=[r3, r3, r3, r3], &(0x7f0000000600)=[{0x4, 0x4, 0x9, 0x1}, {0x0, 0x3, 0x10, 0x5}], 0x10, 0x400}, 0x90) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) r11 = accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000140)) bind$phonet(r11, &(0x7f0000000180)={0x23, 0x7, 0x3c, 0x1}, 0x10) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r12, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='f2fs_unlink_enter\x00', r12}, 0x10) 2.648330889s ago: executing program 3 (id=1681): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x6, 0x0) r1 = socket(0x10, 0x2, 0x0) write(r1, &(0x7f0000000280)="2c0000001d005f80004000000000000002000000000000000000080008000100000000ff5b1844ad30c8ac46", 0x2c) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) 2.589278518s ago: executing program 3 (id=1682): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) inotify_init1(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) open(0x0, 0x0, 0x0) unshare(0x22020400) socket$inet6(0xa, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r4) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000180), 0xc) r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000200)={0x5, @pix_mp={0x8008, 0x14, 0x41415270, 0x0, 0x4, [{0x6, 0xffff0000}, {0x0, 0x6}, {0x9, 0x8}, {0x3, 0x689}, {0x114e21d5}, {0x3, 0x3000000}, {0x4, 0xfff}, {0xf6, 0x5}], 0x7, 0x3, 0x2, 0x0, 0x4}}) sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@local, @in=@empty, 0x0, 0x0, 0x0, 0x3fff, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x6c}, 0x0, @in6=@private2}}, 0xe8) sendmmsg$inet6(r0, &(0x7f00000090c0)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c, 0x0}}], 0x1, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) write$UHID_INPUT(r8, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f74f9b36096eff7fc6e5539b9b18098b9b4a1b2552091b080d29428f0e1ac6e7049b3468959b189a242a9b60f3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00300300000000000000b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df34959eaef6572e1e007fa55a2999f596d0673f586749b25f5a448427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441984cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f236c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799ecb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a10010549820a73c8839475f732ae00398e4bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000204b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff9576abc9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf6c9c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 2.576890907s ago: executing program 0 (id=1683): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0x5, 0x1, '\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, 0x0, 0xfffffffffffffffd) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@private0, @in6=@private1={0xfc, 0x1, '\x00', 0x4}}}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@loopback}}, 0xe8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) add_key(&(0x7f0000000000)='asymmetric\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000c40)='encrypted\x00', &(0x7f0000000c80)={'syz', 0x0}, 0x0, 0x0) add_key(&(0x7f0000000f80)='encrypted\x00', &(0x7f0000000fc0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) socket(0x10, 0x80002, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x200000000000000}, 0x0) memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r3, 0xee01) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r5 = gettid() syz_pidfd_open(r5, 0x0) 2.388323655s ago: executing program 0 (id=1684): pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(0x0) symlink(&(0x7f0000000580)='.\x02/file1\x00', &(0x7f00000002c0)='.\x02\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') creat(&(0x7f0000000300)='./bus\x00', 0x0) io_setup(0x800, &(0x7f0000000040)) rt_sigprocmask(0x1, &(0x7f0000000140), &(0x7f0000000180), 0x8) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000000), &(0x7f0000000100)={'U+'}, 0x16, 0x0) splice(r2, 0x0, r1, 0x0, 0x1, 0x0) vmsplice(r1, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000000)=0x1) 2.226107749s ago: executing program 1 (id=1685): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2e, 0x6, @thr={0x0, &(0x7f0000000400)="389b6edfd2cd9ae37ad59c0dc82d6dddd23fe2c7cd9df5b1cc5fc7bc077daf350509259376cede2004dc6601862fd0c314d53a1a33343d33e495ceb9432345a56265cb24effa0cccbc8195a4fedca6a19d619aed3d86188fac3d3b31079a80f966f827f3dd6bf8667055cea9fc5bfc8df27d0a199d5e34936faf6764caf5f4a3de7cd62de39aafd52f51d722cbf1adda2c93801851fe316a861c0fd0d59f5d6e0ff0e662352e92d22f7394786f9e2db6d3af719cd8cf1cb38a288726b2eacddf72ef01f2175148d3073e98ea1b37206230384ac0c9a868dbba104b3701d1e00bdbc29a750c564ea33259982f3978d6577a76cd8ee8ba28335b66d87f9067dc1904f38a1c939a286235f16d3ffbb6e629d3f1e231518ccb12fd576da19c24f0f9deb881dc6654fc03e4789a1899a67b4ca17e610bdea801b5a5ffeb159a01b890a7981dc308a21ad9026f027128cbaafc9c1af6c1047103463612159584d2dbeca20d8dfd301d0e9cd0f3355710a71570f93e8c1d2db7140bf2027e9952cb6ed5fad7b626043575e78f4bba7d71dfc3ba994e6fd6f0362e79c9c6b3528abf5394ba3b84fe43782794e6cd5b248de0ab63bc9d55850acaa1a8375e574f4d732bd4962f5ff3e91ef0b25775168f4624b4d3260e29a12d6136a67e0dfa94f1f7dcb1cf48d0befe9c062b2f5e8b884947a7de899472b45f74c0c727d9c21e0afc51f88d200761626df8d98bdb062cb864f21e7789ea06f51bf32809c761b35a8734f5365023d24827afda67051dabceac638e0512a7e63b4d9d692972dcffea3bf076634c7a7bc9f01d9153f3314a11ab5ab60e30c8de317fb1df1eb06c00d06b3ae3970afac98e9e557d1bd31fddc2f2b0ad2b84d55b9b26cfdafc97b03cd5bfdc1b7a1fd203ec0cd719e7590305c9228e82ab35f1e95a4168597d5e04fda1b685251f64735fd1fd02eafa5e6bb22e3060f1f65528c2855c07d3d121fe63bf0ed9125ce49133f1023011fd050753aa49011e51a148fc511db15f62bfd9e0843ac79250fc3c0d3bdc3665f7552fc6859fd109454f6021bc2f078d473e2e6128a6b5b7ce6ff6a8e3f146ef3bbb5131bc38b325a8ffbde0317f2083021201b8178643640e797b01583deffb67a2b17ceb7ae9642e8111ec7ab1026aeab23c1e7dafb73f50a088b43c8af1d0c2c2a11577c1926bec31da6336f12479f82b72c2b2edc55eaa994d5c7959e2e7d18cf067b6b7950ed4793c4c555ab153d48974bc01b3ec8f66ad613bb09729b35296b049e2500c7e99db2ab0abeec17c18d36f9e0781b3361ac8f8fa8c751a6bc87fcf2dc84bb32140162677d0d54338fc0ff4ef850a1d02fe845358df93f8d7c707790f0ad57fd350e801beea060e23147c9f5a1f191efcf508c84c32c70541ab1c3c4ac048f460e1bfd32c436a56ff2caba8ba85d9338b44ca4ea499e3c3ee5aa363bc41d40a725424f5007284997e4d930b9ea5e80c4a5407f2a6fe213178f818a148ddcb5a6973371aa8628ee46d086236a273c72cb9adfe3f0f8981dc31c8763b8565258e41d3c355e728fd5118a984e0ac12c9ba1f8cf4933dd02fcbaf54fe582b26a40c3de8949f43776c82ecae323f4aefebadcc5ff74c857404341858f23443686541f2a10e939d894d0153252e969a84d3c770ca1457f4a1c97f146f4a1d804a6137c267e3a729793d54391b3580a098032f4b2c3bdfb51525525e0b1cecb7e235b74986d3dfee7eae6df46f77434fcfe6f0f9f222eceecac11ff57d1881687cad9bca32e7f1228e9b21829fb019dd01456e14c5551ea4294555505e975ed7ebe6ca29e16c8cd300a1b79510590623ca1be66656e557e603a296978455e7b6e8a6065deb9d0343c4b0819337d2f92682a45eaa66af44568599f4dcc33828bc4244d071090d1ffc3f900e2470f7d7642c1bdc5cb1ca6b38d86fec8dd4fab69de4c5ee621e49d4c4bcf1b2cec156b670b169091ab66396f7816768e98e5fae2ac4d950db4d70e4c636776f1fca9411b1f320a4929329c2d0277b1ec415c7440d5c163fb4a1a5788de5c5427740e20ccf6e10c0e25bb43f20835c2426c50b9d37582e1204c46987350fc67827e780d8ee6acec41df7e80f8f86a862c08b20c026a0dc648ad51dd397dc8b3e37c9ecb689e930e3b6922ae17d98a906ea026fdde229b567ae2aecccee796c7e52605387e3e108e8c9ad34c56b67f8797f9c896810f849ee374f58a341ec11c5aa1323af06cf07a3fc65b3ea360acaf22cb0731db96f77053f6a39db87c1db9920876bf2ae9675d0143b58b2b9e0027e68c8d4b41838368d3181a6cadebd72ed3920df995b85f00f436911f0d3e6ee69aae7639e933c0bd27c51d10cf98665d4704bc40222f2f092fdd98c7f6d4813a93795061976d681617756e810eacd7994c849f67356d71636cba934e249bdb1759775980d32747a4da876faf7b78d0548d25805558c2205fa71fb11eefc3a44dfd01a1cc44153acc0662c8a8599dd87fb87ef21bb44fa674c2f9e2c1174615c9fae82e66d01ea21f24a9a39545bbbece3211f820f75e5590093ea0aa1e214cccb8a6e4c0a6a1998526f9d8d23441ad4ede9f6e0d938f7e842e05a3b466e030b0742c2958c2bb36bd1d5e357d678d12c4c92dcc9511effdd8bcb9489dd05cd162cf8b8e542de94619fb281c72bb25a98988ec2cef87e341f9de416d88cce80530a718e079582028b4dfae06d54b4846782a07de08a21389ab5382b962791927a4197a974814467c2629b0bf989befd5638192f6d6a4692b3de1241c220e959b90669c3ff93571bc67855157ef99e3b6f7f36ee2c09be9c7d95040c0df2781ef5efd63207301a6673e147e1dfd72573a963a9642bceb761f73e538fee5bac15fb4b114e332f175b391ceed417baf63aa3d3df908eb6db11ab034dffda5ad7b7df13a82dbdba67a4f75dc5fd723fb1a98cf4b30b473a7439deb64957ad1caaec7c957809b70679145c7218fd2dd322f94143d02f791e765c972263ffc5d56e22d7164f01b9ab7bd3668cb5b7617857724b688c4b40c923e77d2a4ce7463392abd31734182adff1c72256ed3cba1a78e046fe1d953d0e6589a588b3adcaa35f7e769332149a9af9983eda2072071ee86d2c9bc8039c2317ba38d79ef3beb369c17cbf00eee386a37c1fe45fb80ca0de5b46f327485c5b18472a09e2660551df8da41a679a8dc045ca6ff9e7d5180678def3663b9a342a220bf870bad4614d20391ce1f9b07ea1a539c36f953ca0d82926a9c49407c189062d9204c523b66077a8af3b49789ec12a565f547a48f791e7ddffb26bae824add6d9e6959d6eb6e7af5885c0ed0cf898d20fa44e2d4dd46fa32e7048499c4fc01e1618b11440fa2347f98efc5b79c7a09974ee2bc9d5420905b05f836d2112f91d5d4fa76c059448c243ed6d7d855abe2bc39ecc7da0b8b4e6798bc0d14f163d6d90a02b12982291d84e789c1b32169c1d05b7a6b0b8443748bcb096ffc66b899d723096fa9500debff992454ae457ab77859ea58661f710d01590a81cfe762bac31a04fb3845db203165b8822fdede5da49525ea4fbbbad5460f45974825aff8e080a8257dfdaa99f31f8b0faf1c7991e46d947cb45d1f4b76713611661bc4345817d6b1575d8931e32c1387949a19a5cca6e719431c559be727e62a75815d5da8eb6360883b70b0ddccd5e472de9db0504ee54b39ae11e1235932c1399e87ea855f4dd4d0308a5cf57df953b8c8db573afd4f5f28ff06dcd8527880546d788cb49b9ce196f72cd8706eae26f38c78d3893399f7e8ff0aee1818f1e11f13cae4c173834474f6b577cbfc10c6c51b6b77324c2200dffda5225fc7b7b83ad198c559f2be7a31e0f2654ca21b0a29a8e28c0063d9c1d021a77f3767256f9578696134a2a6d29f9ab21ce1188d23abafd82adc190740b552bebb6730834ebf3d4468022c49d3b4f31b394cd9425a31e21f4736baa01a2d9ce617c68ee88eacd33333cabc0c883a67c6e1c7357224f5edbe41543c778ebef73be578d6535ce3efb361cfd5894e1f95fce240018f81b735c727cda2d339788eb34ea4430770199c00a8a9c109baac87ce4afd0452e33fdb44c0aef4f48974a959b006ba12001541ce09ea3fc373168977ae8b149cf01e1598cfeb0816e4d828df09d722d95ca83e69e671f28c6fe35679ff777527c2b0a8a1eade06555722bbf0e75fd081aa8ac11c4cd8bd5e670f813124bb4f8c6f55b5db30143baf5ccf51714d6a45d8ee1b5839b761fada991a15adcbbd0e3efec5405b259b216a80dd2ae81ab59e26a2150e85b134dfcb30c2de7042a2f0f1377029fe14c37d985457f868a60555493fc1ea7cf66b3f29496a3a88e5b0eae397d3268aab8db51572a7ab75c83ad2b6420b57a7815b5837afd499186d4b3158823bc24c57f7f4c0d90ad96b42f28598d7a6662ea7a775c750362228a76e2f53b78c922ee5153d3ebd17ccd244bc3316b9fe04109cd884a64be7feda3cdd1941a79b2ee69ab0d25907906b245ed6723e12727b7341ba4f699e1f48d9bdd5ad064c3a45eeba34573dc61ef4389d59aa3661603893264a2cda2688ac18e665582339726519564a281d8766165e0a7733d0e1dccd418fcbb01c4654fb2ae1bc186bcc7a942cc2eafaf2c2992503c6e4afef5e118f251c981e66df7792a2b417c664ebbd8086b8fe57e0aa2e6801d00a5aa92b0908ef570782f8c935495db448206072e7a3777d5a4400fa6a12b9bf4dd65a790f3d88bf4e3487b40c5ac857e1c8f662f1e381849b6398ed0292547f9dcf7f18bf7f2b4f8440c775cc2512b71c35e0c9b9c6ae6462478ff4ec1d3aee3656bdff8abfc6f8a122c57825dead997a2f580ba6bd4564d95013644322e35313307525964e90b6703920789c8c4e645f65f3f6473aa240e38e88e12dd3977d00dd1e1fe93bee977b3e12ea4dec3f35a2ab8d753ca5f8411b3fb64fcfe15d1ea07859387b416f03960d9b3310ddc4ea1f1324eff6759c2c98e294f46e330402049674130ae47a9eb5776ad51913257b3b0b71a006b37a0322ee76889b677a01859870efadd9cc5f765dbff02b5f8cbc2097c9fee0e4380392b7dec71ba797c8f9210e7ccb215bd87734de1b0f18de77ce8cd420b96a6223e1b8b464dff5747ef5076a0b717795b66366945bcc73d5f6708e06ef41be94eecd1c951f6d34cb170d6674a2b336bd19a48b91fa2f7402ead919ee9126156b54aeb6946d249aa6e86c317264624e3ea1bc11ffe7fd5b8f2f856bb3b0e8e3a687ab30122a5208cf41eaf73c9a5d76e24ab5abdebf04567a05ac5495aab2182004d5b9fc29b61f31fb69b8658c7a4c41d1c5c28b9d4daa1d3a37e21ff46762dc1fd5f0152b9f353c9a5c5e25976a69b6577b0180b43d48f0dab00ae2af59f99faff6f33e89ca51b07e25716cd2d899dac430fd15fe35b34edf5aa8d1e355c630168793e525068a6a04f0f078a6cb227404b3affd32c2458853e064ed8911f7e446d36af7774013dec227bdeae6afdf87fb4247982bf781aa8b445af3278bf82f940e4311c2c3cd43df5119ba0ff831169b71c5e6cb68cbe914386dd95b452ab3175ea586fc0ce8344fc13492fdceaed5b988356ba0c7edf287b062946348e4d2da0454fe02"}}, &(0x7f0000000100)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102376, 0x18fe8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) pipe2$9p(0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) r3 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_PROMISC(r3, 0x6b, 0x2, &(0x7f0000000240)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4}, 0x18) pipe(&(0x7f00000000c0)) connect$can_j1939(r3, &(0x7f0000000140)={0x1d, r4}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000013c0)="2eb52f856568103470ade4480a2246bea55b8745efa13bb0cc9c94085d685d152538277188cb1e7feba5d839d9fce04b096673242359271489bb6ab734177be28c76e6b86dbebb67bf16a5161458776c6832fac63b14d5e4c5f49237ed6bf7c951d8c56a145f890c044ebc78dc51e8824960a1890dab96df64ecb578ce5cf65d7c27dce4ecaefbc69a2caee14b1b415991870c1e3b0605a720d3ae50b0129f19fa415cc45cd666def07c08516a071c553e483b061db040725ad7ecd01e1a2ef764f7d23eab5d85eb9dbccdb053", 0xcd}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 2.22533018s ago: executing program 3 (id=1686): r0 = socket$alg(0x26, 0x5, 0x0) r1 = getpid() r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) bind$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc", 0xe) r4 = accept4(r0, 0x0, 0x0, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f0000000180)) write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) getsockopt$ARPT_SO_GET_INFO(r4, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x0, [0x100, 0x2, 0x10]}, &(0x7f0000000240)=0x44) ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0) sendmmsg$inet(r5, &(0x7f0000000a80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000400)="2a947354495ee7d43ad76e0880fbf78e993afbfe90a44de4a12b00484f9f2646cfa901000000b654933bef6ff86be62063eb6a5fd31740d1e8f03b4f94a035855eb2ba64592b85d3a386f199f74474d80039b40f676e4cc9643ce9e8bdb12910ad632ba38746b2a3d52863a530c334df95850ccf3353910df7bfc340c2c5cd0bbe149921557eef18dc7a6820b3e68ef1385ebe3453e0f054f40fdb4759f95e30390fbdd488d081beacbf4d90a221de4b2b5942b738866c999dbf7b48b1970b92d29590593c", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000b00)="4ef9147973bd0daa097ce373d9ebdc8ca4d7c269fd822c94cb42e885278e40ea11080ed01fca0b86d564d9cc7082dd4ad30734f9c0bb43d6394edc1cc3d6e50febd1ed302ad1f3c05203fdbe6608cbe4614bde9f88e811633ee37d751eaf0a9770c974b149666896f645dee19eac07", 0x6f}], 0x1}}], 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x0, 0x8}, 0x48) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0xffffff9e, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000180100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008740000000c0a010300000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e7465720004000280140001800c000100636f756e7465720080040280140000001000010000000000008f00000000000a"], 0xe4}}, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) 1.248250578s ago: executing program 3 (id=1687): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = add_key$user(&(0x7f0000000780), 0x0, 0x0, 0x0, 0xffffffffffffffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000000)={0x0, 0x0, r3}, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_open_dev$loop(&(0x7f0000000240), 0x6, 0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x50}}, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x3, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 1.1638705s ago: executing program 2 (id=1688): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)={0x128, r1, 0x101, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_IE={0x106, 0x2a, [@fast_bss_trans={0x37, 0x100, {0x0, 0x7, "f61627dca75d09bbd0d1a65a6b37889c", "138ce9c3eb8456aa7cf6efd0a20a9c2b77d3f74c6b06772f6f362fa16f13673a", "ea1f2d844af179417bc669be69300b0a10deba6996b25f7495408a0e80296433", [{0x0, 0x28, "d6000004f8a70aa844ef18d19210035bce7af32432ed01b5a561ab5056537da2acf6f23cca575cb0"}, {0x0, 0x5, '2VX0x0}) r10 = syz_open_procfs(r9, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r10, 0xc0506617, &(0x7f0000000280)={@id={0x2, 0x0, @d}, 0x21, 0x0, '\x00', @c}) 314.427029ms ago: executing program 0 (id=1690): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8, @ANYRES8, @ANYRES32=0x0, @ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x100, 0xfffffffd}}, 0x10) (async) bind$tipc(r1, 0x0, 0x0) (async) socket$tipc(0x1e, 0x2, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r2 = socket(0x2a, 0x2, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x100}, 0x24}}, 0x0) r3 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER(r3, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)={0x6c, 0x3ed, 0x400, 0x70bd29, 0x25dfdbfe, "a44cd764703465188909a8117a4223245f47899a622a1b3502903d82b2dc0391a078f8c0778782c86578a14066007c5c415cd4cf1295bd68f1e386f334037f3acd38b3dab107786c9f1e85d4433d371cc2d21bc4f73e5250d878d7", ["", "", ""]}, 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x4058004) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002100)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff3}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8}]}}]}, 0x38}}, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x26}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) (async) readv(0xffffffffffffffff, 0x0, 0x0) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async, rerun: 64) geteuid() (async, rerun: 64) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)}) syz_emit_ethernet(0x10ae, &(0x7f0000001880)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd604b604f107821ff00000000000000000000000000000001fe8000000000000000000000000000bb5e000138670000000401000000000000010500000000000502000601010000003b08040401400600fe8000000000000000000000000000bbfe800000000000000000000000000023ff020000000000000000000000000001ff0100000000000000000000000000014e244e2004019078b035bc8365265e48e3e3fcce4074f23a18bdd583d89247e65622bd048021e3000a70e4e1b3ddd9609e231f568ff511d0a2cfe5ccb27dc72c5317f540fb44ca1d2e639d1bd3464dc22cba2e2f3acdd285a668399a3d1bc2ae959579feac047107a5814bf827fab91b5922553bab0f24f3cb16bea7a47bd3bc985e9ffa96dfd6b8185730ea7bcae989a0a2bbc68e9d282df42b9fe6da125012a6e90e3768926665ad5f903e882f6c0f6a8456c01b4dfd44e70468e1cbd2cf0b2b4ed216c0e290e690a2ddfa7663527c3436207f1f3cb4214dfb7ab1108b6e87c53fb7cd4ac2983f40059218bae96358ec89e94c7556792b5902f333264585672517b24cc956b2a7367adf33b6050b4d47aa7f1365319ae7a925059a493954295bb55e777b5c90c460e222733ce0105fd3593697b7f8f2ed8bfba7548ed59118cdae903fa970322ac2898187ad14e478175f58a167bab30caafca4b3c6ced12f2aeefaa1e05251d89445d4694d99625d3786e2edb67cf9d4873c04ae4cd6e9c4a156ed84bb30aaf83d8b87fc4f728dd1ae67084f6c01a8b202a119dca001611661dba0ec21aa48a4d4dc926d85d94a52a36a61a072b6ce3e96e2a2acc82820a3ef4fa93bad8807a99c4ffd10c9c0001f151a1a20679e51103365b8a7e09c76de861e86bbcd10f715773da569023b621e44e82608079115cde706052a37dc5a2ef9f23450b5cc494a97b56b5f7de1fced22d58128eea24db914da42aa50d78850f023c6da0884adb9a06d5ae0e6e3252f6fbd8d15fbd9a17e3fa5faadabd30e389ebb8db53961ae3fc5d467407a0b7f2f63c1cf76087f6e3e470096a6a182281b93995e6ab079411fbf9c65da70497112fc6dc3240c0bc13012bba31ce6997c455906c657e0f195b6aa0b1597f5332c0b81a6d60f67bc3b1bdc1f3f65d6b010b1f105f6fd603da37898cf5396a4cd55b20ba1d7e4b73fd8ac42efb0d9ba48060581d2a42e72f75d3678301fbe6f77bdb61cedfbadacb52e88f49576f8c9e419237551c529455b6a67cfdb09347a9d34d47e80b5669286284f4661b96f528cdc04d90b76c4313486406dcde1177b4983433d315bc6b71a7aa8dad63e9bcc8d4b8043e2f1ce25328a5222f5a5157a5c03d62306e3a96aee144f979ae3bd3263185c50efddc9c91c279cf8f0b6851b32984ef06b06504e79a1b3d1dd8f50a3d3f80819af3726ef33d871327a27db2c08a83fcee062b41d57b0bbfef2536ae5bd911c910fd2f4bef3b5e636ac04ddfdf7f9509e909d7d4fd3df20b25160a36c874bfaba12e580809ae6fea45da6ec79ba28281149a75eb814494e743d83196575fc7fa00643b73608176cf11659fe721ca53d8c63c05bab6ccce5737dde6c95583b5f0c0a72b6dd57ad6b137c91c56a57b6c88a7da1312bed0e6c09e8b7aa3514b495b01e6dd610da2bfd2cd9cf3f499dde7f6e3aabe87b00731c23107aaa409bec7292e66c094ebec416f7d8e6075bccac619a5d03596d7643bdb8da9c85b1f13a8af5a9c2b1b962048b8d3c04e6f995815c4477f8e45adfe90ea3fe1aed627561924124bbbc1c97c339693d3c0c32a0c11ade9ad725c93decec4b752577b3b459986295bb6b38cb11502959d33a4e0bed01da1f25cdce6072f48b315aafb00c30970b2c45d7defd13a4f51991dbafecb7aebc8a88eeffeed92dfe3a04476fa1d6bcc16fb457d8fa3309eada17f363d788f9ec632a50c3f739292895333f97ef61ff4452baa14c402376f08814d49fc264bd06e31ad9721872898a52e168767b08a8ce817b026ecf66a73c5c7f5c778bc6bf3787022415e8876dedddb289884fa35f5113691ee0d836eb4c42cfe921fd5109608e9419be7d47b8ab6ed0afec75f021b2608748b5d7de1399c10f1623e6c6b90aab105437e2b24bed47ac5773d5995a67ba3b2a19e11f57dc84159637e6b99fc39ceb73d697409e0fa7d809997d2104fdd068fd5853900fe2f08a9fd4b78b7c9f463e265a4d1aa9ea0d17059d67673df1b7e8efeaf6fd6be542b675e2495a2003127c935080b1e481846a35aea8f5d05ef3b17822d8600ba72516305017e1a49d2323d1af88b632fb3e45fdb1f4f41a08bf58e84478de70d62c723037913f0090e2d00a742c60d5c7512c805beabd1fd0ec639a74581717e7313f5a239ea319f275e03316b81ddae4bf76e5d1740a66c57b3f392d2d55798446db25a62d8d2fc3126e148aacbdaa692bae64425d5d5e14d34471716be85a353d343b06a23e7a9f5391b236c343e7fb506b442bd77b76d77781202f62dfde25bd86f5f45155089413a3b62a8cfd4267562f553123594c8630a63a319aad3776f5af34d646dfbc62012ad6749b1148e97f763c900e41802661f7f7885fd9a8e6eef4109a1ec3acb5e99c43ced305a069ff2f19eb44dc9c44bece992b14ba1a21be919cd66fc2d36a36187ab60ec4ab80cc9dcae5a9b04339588f5c9dc0d8df8bcf7893089ef6ce392e8d2649b66d69a131dc233c67294b2cd5b9af0887d055ee592cdb6d139979a958da63894d851552ec79affcf95b6489a6cdb82d4ac108b5fcb2d9bc5a6df7caf0cb023167577d0eb8867315082dd1827eb3ba54ad23ae327dff4e26a61a63412eacb78ae4f573ad16a5aab70e4b0cfc1a5500829c6a80447bade3cff297b3feda9c9709b7d0cdbcd7470e4598b1a61bfd31848f6178498536405153832dbada1a4964b7795359a647a59baac667921cea49dfad52aeaa0af9969a2256c74b2b36b62fda3baac7ef924567e634782b66f014b624ee2be1257f9566ffa4e39f393031a5306bb2cac2fac72a1af774c0a4d33370cd461da79c0b6c718170264f8a777ee9aab76ac3eca3d415fa70dce786221d771c462252ac58a6be6d97872c5da9690a2fb96c52da588fda8362e3f86c5ad1fc3be9592d3b681dc9c7dd9df888ad787c41e37cbd46faf963ceb17576b722d90f7b0fd72eaa81e8bd045409bdb3528828e6b582ebff5ffe5b38e3c5ea4fa5c92110a1fbdca4ed71c8485a283d81dc4d6cb99f774f3fba607f57da595d2e3d13c9c55e30541397fded3cd2c875b98912bb314d0be175349a82aeb0e2418d1f8cbacfa0d48897da82ab3ee84006e6ae9d7fa2f13aaafb753ec1719ecd9fc3ad56e692ba19d08476873ab83c3d0c3e0aa73e422130923854d5c78a58f069d0df6a6340dea329bf712e9d71f9b3d7c1cea9a80cdf8e07261247fd80c3f04cb0826f0748835f50b2e0b46f33be1c91d02365eb4b21e68c52db7291024933cceb2c42951eead48e106bf5654a46364e2e84d5870b0095dafad93302737721d7511709153d1ac3088cbe8e0202c47fafa5444922c6e879795f86a525252da036936d0190b0b70b71452c3b6b6ed15d6f432a08526e95b74ec91e9c6dc2a3bfb2e34e957bb67ba72c4cf2931dd9c5d2234dfa3f44311cdc3e0c9a0a12f56aa44af36c44676954fb3e5f7482c129c814246f3ad6169fc513819e3d8439ba89f43c213cae1f1c0d717e25a8590db40951cb796045609d6287d6a7cb84cdd36ae3580a6f8f36a0bb6bb6c879a5294bb712cb83194321dc93374971650cd963d98ccfc10bad57fabb899800bcac6954480f1c8267b14a42f34b4fe2f8479aa4acea8382e4d98ad976030b0be8427236e5e96dfc1dd17200d1b49688d8960f5dbe07da2262f5a3ce29a731e5674bb47399c6ab4ecf01b3cda7deafab61d48972dfab06d1c2bb6568e93a25d1064512bdad59fedffd77314a1c09e6cad406bfcd52c9c9c91426433cc7c3f3b7e6e7634b5f9c485f5ccbd75f3339ee27465661ce4f3c8946260aba53084b86c0f5580e67fe27589d7c942b1deb3ffb9e5dd0bba5eeb263c9395be6b89aa2b86f0f06cd94e3c676196fa868be935db0388627b1e80d667f088d2a0abecdb79b6da5b9c1a09bdf9ce21d2bc083ac9de0eb63fb53d92df9a0ea0fd413c1b01cce23f3104ac1a4df727d5e8a50483565840e3e7e1e0722e8d2cad94d43045cc3d0c56a3300d6e1b8288e29231cab0a083c60e1afcccb264fb94c67801250a4fb7408b77607091095c8a9cc0a02825d31ce432c64cb7764e5772ebed64a372df890905fd107478f707c2937ae06874f758c004497475bf179452a2192961b1faa1952bf3a510503a0f84e9f9c3243d2a1bdcceae85ada6c36ed5f687108f1233bc6adb54858254efee1ce8f48d0a3cc82aa0d651b7d3c0834bbc69e0d44e2285d8427d9c93f8c025df68dd2aac5aeea5fe366c0a9a2cca40176bb31b47948d25b279b0cc43677b8ae2b44e5d308278494157feafc556d25241bed5169dac02673d9d532bb0ca72dcbd4b6e100af2c7da75eb9b48b2c684c332759ed61320f39eaa68c326b9b4a37066bb93ac3981d60c3d717c1d1b5050afb84def2d3d290885da588ed6cd91490dae096e057d4562305bd0bf6328bf096b914868068dedf08193e837cda89d8fa75b33112f26103c1887c8b5b817443b6cd2d445e7662fc949368d0b533f2e8cf970f0ddec35a43426a5beb038724179e5cf4a11885bd611c3fb0cfd3e627813fbb38d154cfa489f5b1baddf254b05277d82a960614b83ed05761eb0f27592e98969156cc270ab415c8913f63a051be6ec8280d9cf40690854a921c55e7f0f92d7250b34578da830226647222ccba8e8620ad539d824f9d52a180557a885a2629cb13ce511ba235a7df0e7b8ea1cb1274c1ae9a2cfa7057953c3abb6aec12541935408ed9f6ef5c1af7b75d279f11550bd7a14a561ce0c4dee46f74f7ac35b159e3287d7edce3a7a44a0ec2571160e95f517fc0085eb55fa76b3b238f0471090e9edbfc594a412b230d7502534245bcd9d1566c5aa01c841f6c9285c7bb62241081f47dfdabdde30ee5376344beea68f0d8a8a5d6878f6545c4c78db947b389e316c0d919464493ab536ca8606346f889864ba84d7e0752907d012f6af398489ad2c9a4db31354bd4ec760c0561e7947f9e9a324f1ac6a7e7599a33fd2f8a3a1949355ffafc5c7899776dcde3029d395153c14e9413072354a5f3e61d2f31d50cc228e20e63215ce235caddd9a1622365b6ce70c4dfed2dff234ff7e664ad48dae5154344f1a95ab679a3fa650db9b6558ff17242533ec1b84193c3225d17ca04371c871d5e436558f3635a714d1a5ad575d17ae6589c091b7d1f417e63b98db5330860c1b78b32060525efafbc6cbe3d36f8c95e8c5a7a16ca99a76eef8c7cc3448b9130f3be7c48f78353567cc16c1f945fe650d03b6640b46d25d01dd27a43d16e89fcaaddb26b03cfbebf45374a43f79d4041f7264dace9d7e983e93c406e3db85d9bae81c8da0c085cb1df364e15c817281b3d2dcade3dbc2c3ff84ab62c8eab78f5aa5e081243459eba224729960deb4ee5b75d79b74a4641b40a83dcf48a25161e389dfdd40f83e53acd82a8ae37582ff6c7a1f2b44321d90533cffabaf60c9a98cf9402f69063b29838231c1102f3b1384a822fa54996f8e25506e629a54336eb1dd741e71cb4b590dcec9eeab18bb90a6dfb9607d948dee3cb734326e9432395888d43e929f8ade349752e4f63ce345b310f206f40c18fdcc11086f37ec5d1bf4de97472cd28c1477f449854648fe1ad11b79c60b86b7b008b2d1b504812ddc23378dfb04f77c436300732ccc29277e7b109851ea6265fc2304f46e91ef4f68b83234a5b22eb2a2bc8a61611c5aa13feb833a1356d91d018130346cf0a4515d3f9203caf16a101ea29613a8fd5348100850fa3ccdad0ffe56eac2a4057e7"], 0x0) mkdir(0x0, 0x0) 238.016676ms ago: executing program 2 (id=1691): r0 = socket(0x2b, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x7) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket(0x22, 0x3, 0x5) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000180)="0f08440f20c03506000000440f22c0660f06c74424002b010000c7442402620000000f20d826460f080f22d866450f3821cd66ed66baf80cb8ec2b148fef66bafc0c66b8090066ef9c42f467260f4d3666ba2100", 0x54}], 0x1, 0x2d, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000200), 0x0, 0x2) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000040)={0x0, 0x114000}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$can_j1939(r0, &(0x7f0000000140)={&(0x7f0000000040), 0x18, &(0x7f0000000100)={0x0}}, 0x20000100) 237.646713ms ago: executing program 3 (id=1692): r0 = epoll_create1(0x0) openat$capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) lseek(r1, 0x100, 0x0) getdents64(r1, &(0x7f0000000380)=""/99, 0x63) getdents64(r1, 0xfffffffffffffffe, 0x29) close_range(r0, 0xffffffffffffffff, 0x0) 406.873µs ago: executing program 3 (id=1693): openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bb", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000180)="2e260f009d040000000f3266ba4100ec36650fc75d85b9800000c00f3235000800000f30b805000000b9060000000f01c10f1bde652e0f309a004800006700c4e29d026a05", 0x45}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000380)='net/ip6_mr_cache\x00') read$FUSE(r5, &(0x7f0000006240)={0x2020}, 0x2020) r6 = socket(0x10, 0x803, 0x0) sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x48081) socket$nl_route(0x10, 0x3, 0x0) socket(0x28, 0x4, 0x2) 0s ago: executing program 0 (id=1694): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) inotify_init1(0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) open(0x0, 0x0, 0x0) unshare(0x22020400) socket$inet6(0xa, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r4) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1}, 0x48) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000180), 0xc) r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000200)={0x5, @pix_mp={0x8008, 0x14, 0x41415270, 0x0, 0x4, [{0x6, 0xffff0000}, {0x0, 0x6}, {0x9, 0x8}, {0x3, 0x689}, {0x114e21d5}, {0x3, 0x3000000}, {0x4, 0xfff}, {0xf6, 0x5}], 0x7, 0x3, 0x2, 0x0, 0x4}}) sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@local, @in=@empty, 0x0, 0x0, 0x0, 0x3fff, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@remote, 0x0, 0x6c}, 0x0, @in6=@private2}}, 0xe8) sendmmsg$inet6(r0, &(0x7f00000090c0)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c, 0x0}}], 0x1, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) write$UHID_INPUT(r8, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f74f9b36096eff7fc6e5539b9b18098b9b4a1b2552091b080d29428f0e1ac6e7049b3468959b189a242a9b60f3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00300300000000000000b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df34959eaef6572e1e007fa55a2999f596d0673f586749b25f5a448427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441984cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f236c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799ecb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a10010549820a73c8839475f732ae00398e4bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000204b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff9576abc9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf6c9c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) kernel console output (not intermixed with test programs): ][ T39] audit: type=1400 audit(1722745546.059:1124): avc: denied { remount } for pid=10014 comm="syz.3.1003" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 403.890763][T10019] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 404.189051][T10033] FAULT_INJECTION: forcing a failure. [ 404.189051][T10033] name failslab, interval 1, probability 0, space 0, times 0 [ 404.194572][T10033] CPU: 0 UID: 0 PID: 10033 Comm: syz.0.1006 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 404.199234][T10033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 404.203758][T10033] Call Trace: [ 404.205183][T10033] [ 404.206272][T10033] dump_stack_lvl+0x16c/0x1f0 [ 404.208069][T10033] should_fail_ex+0x497/0x5b0 [ 404.210066][T10033] ? fs_reclaim_acquire+0xae/0x160 [ 404.212314][T10033] should_failslab+0xc2/0x120 [ 404.214369][T10033] kmem_cache_alloc_node_noprof+0x71/0x310 [ 404.216973][T10033] ? __alloc_skb+0x2b1/0x380 [ 404.218977][T10033] __alloc_skb+0x2b1/0x380 [ 404.220913][T10033] ? __pfx___alloc_skb+0x10/0x10 [ 404.222831][T10033] ? hlock_class+0x4e/0x130 [ 404.224843][T10033] ? __lock_acquire+0xbdd/0x3cb0 [ 404.226907][T10033] tcf_action_add+0x242/0x5d0 [ 404.228713][T10033] ? __pfx_tcf_action_add+0x10/0x10 [ 404.230660][T10033] ? __nla_parse+0x40/0x60 [ 404.232272][T10033] tc_ctl_action+0x35d/0x470 [ 404.233933][T10033] ? __pfx_tc_ctl_action+0x10/0x10 [ 404.236093][T10033] ? __pfx_tc_ctl_action+0x10/0x10 [ 404.238311][T10033] rtnetlink_rcv_msg+0x3c7/0xea0 [ 404.240450][T10033] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 404.242657][T10033] netlink_rcv_skb+0x16b/0x440 [ 404.244606][T10033] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 404.246843][T10033] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 404.249176][T10033] ? netlink_deliver_tap+0x1ae/0xd90 [ 404.251600][T10033] netlink_unicast+0x544/0x830 [ 404.253743][T10033] ? __pfx_netlink_unicast+0x10/0x10 [ 404.255945][T10033] netlink_sendmsg+0x8b8/0xd70 [ 404.258020][T10033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 404.260142][T10033] ? __import_iovec+0x1fd/0x6e0 [ 404.262172][T10033] ____sys_sendmsg+0xab5/0xc90 [ 404.264216][T10033] ? copy_msghdr_from_user+0x10b/0x160 [ 404.266520][T10033] ? __pfx_____sys_sendmsg+0x10/0x10 [ 404.268765][T10033] ? find_held_lock+0x2d/0x110 [ 404.270910][T10033] ? __pfx___lock_acquire+0x10/0x10 [ 404.273185][T10033] ___sys_sendmsg+0x135/0x1e0 [ 404.275254][T10033] ? __pfx____sys_sendmsg+0x10/0x10 [ 404.277445][T10033] ? ksys_write+0x21c/0x260 [ 404.279404][T10033] ? __fget_light+0x173/0x210 [ 404.281487][T10033] __sys_sendmsg+0x117/0x1f0 [ 404.283577][T10033] ? __pfx___sys_sendmsg+0x10/0x10 [ 404.285868][T10033] do_syscall_64+0xcd/0x250 [ 404.287628][T10033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.290206][T10033] RIP: 0033:0x7f663e5779f9 [ 404.292238][T10033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.299858][T10033] RSP: 002b:00007f663f315048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 404.303128][T10033] RAX: ffffffffffffffda RBX: 00007f663e705f80 RCX: 00007f663e5779f9 [ 404.306388][T10033] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 404.308853][T10033] RBP: 00007f663f3150a0 R08: 0000000000000000 R09: 0000000000000000 [ 404.311459][T10033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 404.314267][T10033] R13: 000000000000000b R14: 00007f663e705f80 R15: 00007ffe2216ff98 [ 404.317362][T10033] [ 405.186724][T10045] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1009'. [ 405.483858][ T39] audit: type=1400 audit(1722745547.739:1125): avc: denied { read } for pid=10054 comm="syz.1.1011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 407.052327][T10081] netlink: 'syz.1.1017': attribute type 4 has an invalid length. [ 407.055947][T10081] netlink: 64220 bytes leftover after parsing attributes in process `syz.1.1017'. [ 407.107652][T10083] FAULT_INJECTION: forcing a failure. [ 407.107652][T10083] name failslab, interval 1, probability 0, space 0, times 0 [ 407.126674][T10083] CPU: 0 UID: 0 PID: 10083 Comm: syz.0.1018 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 407.131875][T10083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 407.135916][T10083] Call Trace: [ 407.137093][T10083] [ 407.138288][T10083] dump_stack_lvl+0x16c/0x1f0 [ 407.140164][T10083] should_fail_ex+0x497/0x5b0 [ 407.142053][T10083] ? fs_reclaim_acquire+0xae/0x160 [ 407.144299][T10083] should_failslab+0xc2/0x120 [ 407.146384][T10083] __kmalloc_node_track_caller_noprof+0xcf/0x430 [ 407.149133][T10083] ? __pfx_rcu_is_watching+0x1/0x10 [ 407.151205][T10083] ? ovl_parse_param+0x51a/0x1e10 [ 407.153683][T10083] kstrdup+0x3c/0x70 [ 407.155288][T10083] ovl_parse_param+0x51a/0x1e10 [ 407.157339][T10083] ? __pfx_ovl_parse_param+0x10/0x10 [ 407.159712][T10083] ? trace_kmalloc+0x2d/0xe0 [ 407.161824][T10083] ? __pfx_ovl_parse_param+0x10/0x10 [ 407.164197][T10083] vfs_parse_fs_param+0x208/0x3c0 [ 407.166400][T10083] vfs_parse_fs_string+0xea/0x150 [ 407.168678][T10083] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 407.171249][T10083] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 407.174420][T10083] ? ovl_next_opt+0x143/0x1c0 [ 407.176768][T10083] ? __pfx_ovl_next_opt+0x10/0x10 [ 407.179061][T10083] vfs_parse_monolithic_sep+0x175/0x1f0 [ 407.181551][T10083] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 407.184284][T10083] ? alloc_fs_context+0x59b/0x9c0 [ 407.186433][T10083] path_mount+0x149f/0x1f20 [ 407.188467][T10083] ? __pfx_path_mount+0x10/0x10 [ 407.190824][T10083] ? putname+0x12e/0x170 [ 407.192784][T10083] ? putname+0x12e/0x170 [ 407.194710][T10083] __x64_sys_mount+0x294/0x320 [ 407.196855][T10083] ? __pfx___x64_sys_mount+0x10/0x10 [ 407.199362][T10083] do_syscall_64+0xcd/0x250 [ 407.201340][T10083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.203977][T10083] RIP: 0033:0x7f663e5779f9 [ 407.205986][T10083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.213278][T10083] RSP: 002b:00007f663f315048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 407.216672][T10083] RAX: ffffffffffffffda RBX: 00007f663e705f80 RCX: 00007f663e5779f9 [ 407.220159][T10083] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 407.223362][T10083] RBP: 00007f663f3150a0 R08: 0000000020000500 R09: 0000000000000000 [ 407.226713][T10083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 407.230828][T10083] R13: 000000000000000b R14: 00007f663e705f80 R15: 00007ffe2216ff98 [ 407.234222][T10083] [ 407.913197][T10094] FAULT_INJECTION: forcing a failure. [ 407.913197][T10094] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 407.922185][T10094] CPU: 0 UID: 0 PID: 10094 Comm: syz.0.1021 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 407.926830][T10094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 407.931244][T10094] Call Trace: [ 407.932369][T10094] [ 407.933382][T10094] dump_stack_lvl+0x16c/0x1f0 [ 407.935006][T10094] should_fail_ex+0x497/0x5b0 [ 407.936603][T10094] ? fs_reclaim_acquire+0xae/0x160 [ 407.938321][T10094] should_fail_alloc_page+0xe7/0x130 [ 407.940143][T10094] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 407.942208][T10094] __alloc_pages_noprof+0x194/0x2460 [ 407.943965][T10094] ? __pfx_mark_lock+0x10/0x10 [ 407.945582][T10094] ? lock_acquire+0x1b1/0x560 [ 407.947427][T10094] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 407.949810][T10094] ? hlock_class+0x4e/0x130 [ 407.951783][T10094] ? __lock_acquire+0x1620/0x3cb0 [ 407.953520][T10094] ? __lock_acquire+0xbdd/0x3cb0 [ 407.955172][T10094] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 407.957266][T10094] ? policy_nodemask+0xea/0x4e0 [ 407.958988][T10094] alloc_pages_mpol_noprof+0x275/0x610 [ 407.961146][T10094] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 407.963711][T10094] ? find_held_lock+0x2d/0x110 [ 407.965808][T10094] folio_alloc_mpol_noprof+0x36/0xd0 [ 407.967863][T10094] shmem_alloc_folio+0x135/0x160 [ 407.969901][T10094] shmem_alloc_and_add_folio+0x198/0xcd0 [ 407.972151][T10094] ? filemap_get_entry+0x1b2/0x3c0 [ 407.973904][T10094] ? __pfx_filemap_get_entry+0x10/0x10 [ 407.975705][T10094] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 407.977881][T10094] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 407.980327][T10094] ? __shmem_is_huge+0x213/0x300 [ 407.982408][T10094] shmem_get_folio_gfp+0xa62/0x15e0 [ 407.984604][T10094] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 407.986920][T10094] ? copy_page_from_iter_atomic+0x329/0x1170 [ 407.988997][T10094] shmem_write_begin+0x15a/0x360 [ 407.991134][T10094] ? __pfx_shmem_write_begin+0x10/0x10 [ 407.993465][T10094] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 407.996269][T10094] generic_perform_write+0x312/0xaa0 [ 407.998062][T10094] ? __pfx_generic_perform_write+0x10/0x10 [ 408.000398][T10094] ? __mark_inode_dirty+0x71d/0xe70 [ 408.002707][T10094] ? preempt_count_add+0x76/0x150 [ 408.004553][T10094] ? mnt_put_write_access_file+0xc1/0xf0 [ 408.006616][T10094] shmem_file_write_iter+0x114/0x140 [ 408.008565][T10094] iter_file_splice_write+0x906/0x10b0 [ 408.010831][T10094] ? __pfx_iter_file_splice_write+0x10/0x10 [ 408.013367][T10094] ? __pfx_lock_acquire+0x10/0x10 [ 408.015548][T10094] ? __pfx_iter_file_splice_write+0x10/0x10 [ 408.018319][T10094] do_splice+0x148c/0x1f90 [ 408.020303][T10094] ? find_held_lock+0x2d/0x110 [ 408.022425][T10094] ? __pfx_do_splice+0x10/0x10 [ 408.024579][T10094] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 408.026973][T10094] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 408.029539][T10094] __do_splice+0x327/0x360 [ 408.031472][T10094] ? __pfx___do_splice+0x10/0x10 [ 408.033603][T10094] __x64_sys_splice+0x1d2/0x260 [ 408.035670][T10094] do_syscall_64+0xcd/0x250 [ 408.037653][T10094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.040243][T10094] RIP: 0033:0x7f663e5779f9 [ 408.042142][T10094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.050124][T10094] RSP: 002b:00007f663f2f4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 408.053555][T10094] RAX: ffffffffffffffda RBX: 00007f663e706058 RCX: 00007f663e5779f9 [ 408.056762][T10094] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000006 [ 408.059739][T10094] RBP: 00007f663f2f40a0 R08: 00000000000408cd R09: 0000000000000000 [ 408.062853][T10094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 408.066493][T10094] R13: 000000000000006e R14: 00007f663e706058 R15: 00007ffe2216ff98 [ 408.069992][T10094] [ 408.754485][T10113] netlink: 'syz.1.1026': attribute type 4 has an invalid length. [ 408.763977][T10113] netlink: 72736 bytes leftover after parsing attributes in process `syz.1.1026'. [ 408.870340][T10114] netlink: 'syz.0.1025': attribute type 4 has an invalid length. [ 408.873700][T10114] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.1025'. [ 410.215892][ T9783] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 410.354857][ T39] audit: type=1400 audit(1722745552.609:1126): avc: denied { map } for pid=10148 comm="syz.2.1035" path="/dev/usbmon0" dev="devtmpfs" ino=723 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 410.395952][ T9783] usb 5-1: Using ep0 maxpacket: 32 [ 410.401907][ T9783] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 410.409057][ T9783] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 410.424624][ T9783] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 410.428999][ T9783] usb 5-1: config 1 has no interface number 0 [ 410.432880][ T9783] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 410.448988][ T9783] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 410.465431][ T9783] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 410.470213][ T9783] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.503506][ T9783] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 411.057742][ T39] audit: type=1326 audit(1722745553.319:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10161 comm="syz.2.1039" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c3f3779f9 code=0x0 [ 411.101289][ T9783] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 411.600878][ T39] audit: type=1400 audit(1722745553.849:1128): avc: denied { ioctl } for pid=10186 comm="syz.1.1047" path="socket:[37487]" dev="sockfs" ino=37487 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 411.622190][ T39] audit: type=1400 audit(1722745553.879:1129): avc: denied { read } for pid=10186 comm="syz.1.1047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 412.110458][ T9783] usb 5-1: USB disconnect, device number 15 [ 412.114686][ T9783] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 412.254807][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1052'. [ 412.947799][T10231] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1060'. [ 413.136770][T10229] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 413.333878][T10236] overlay: filesystem on ./bus not supported as upperdir [ 413.336583][T10229] vivid-000: ================= START STATUS ================= [ 413.345768][T10229] vivid-000: Test Pattern: 75% Colorbar [ 413.348385][T10240] overlay: filesystem on ./bus not supported as upperdir [ 413.348689][T10229] vivid-000: Fill Percentage of Frame: 100 [ 413.366782][T10229] vivid-000: Horizontal Movement: No Movement [ 413.374578][T10229] vivid-000: Vertical Movement: No Movement [ 413.384586][T10229] vivid-000: OSD Text Mode: All [ 413.392168][T10229] vivid-000: Show Border: false [ 413.412470][T10229] vivid-000: Show Square: false [ 413.432762][T10229] vivid-000: Sensor Flipped Horizontally: false [ 413.467379][T10229] vivid-000: Sensor Flipped Vertically: false [ 413.498508][T10229] vivid-000: Insert SAV Code in Image: false [ 413.532158][T10229] vivid-000: Insert EAV Code in Image: false [ 413.538476][T10229] vivid-000: Insert Video Guard Band: false [ 413.544747][T10229] vivid-000: Reduced Framerate: false [ 413.550580][T10229] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 413.565285][T10229] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 413.572590][T10229] vivid-000: Enable Capture Cropping: true [ 413.591285][T10229] vivid-000: Enable Capture Composing: true [ 413.602475][T10229] vivid-000: Enable Capture Scaler: true [ 413.608670][T10229] vivid-000: Timestamp Source: End of Frame [ 413.631309][T10229] vivid-000: Colorspace: sRGB [ 413.634891][T10229] vivid-000: Transfer Function: Default [ 413.671588][T10229] vivid-000: Y'CbCr Encoding: Default [ 413.691642][ T39] audit: type=1400 audit(1722745555.949:1130): avc: denied { bind } for pid=10245 comm="syz.3.1063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 413.750744][T10229] vivid-000: HSV Encoding: Hue 0-179 [ 413.807550][T10229] vivid-000: Quantization: Default [ 413.855849][T10229] vivid-000: Apply Alpha To Red Only: false [ 413.884979][T10229] vivid-000: Standard Aspect Ratio: 4x3 [ 413.919147][T10229] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 413.933635][T10229] vivid-000: DV Timings: 640x480p59 inactive [ 413.974985][T10229] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 413.981385][T10229] vivid-000: Maximum EDID Blocks: 2 [ 413.983764][T10229] vivid-000: Limited RGB Range (16-235): false [ 414.006549][T10258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1064'. [ 414.015845][T10229] vivid-000: Rx RGB Quantization Range: Automatic [ 414.021419][T10257] mac80211_hwsim hwsim36 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 414.024574][T10229] vivid-000: Power Present: 0x00000001 [ 414.035769][T10229] tpg source WxH: 320x180 (Y'CbCr) [ 414.038536][T10229] tpg field: 1 [ 414.050108][T10229] tpg crop: 320x180@0x0 [ 414.068884][T10229] tpg compose: 320x180@0x0 [ 414.094743][T10229] tpg colorspace: 8 [ 414.125840][T10229] tpg transfer function: 0/2 [ 414.171177][T10229] tpg Y'CbCr encoding: 0/1 [ 414.215765][T10229] tpg quantization: 0/2 [ 414.225935][T10229] tpg RGB range: 0/2 [ 414.238693][T10229] vivid-000: ================== END STATUS ================== [ 415.210709][T10292] overlay: filesystem on ./bus not supported as upperdir [ 415.372293][ T39] audit: type=1400 audit(1722745557.629:1131): avc: denied { getopt } for pid=10294 comm="syz.3.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 416.186045][T10312] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 416.213099][ T39] audit: type=1400 audit(1722745558.469:1132): avc: denied { bind } for pid=10307 comm="syz.3.1080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 416.531917][ T1105] wlan0: Trigger new scan to find an IBSS to join [ 416.805862][ T39] audit: type=1326 audit(1722745559.059:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10314 comm="syz.0.1082" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x0 [ 416.962312][T10319] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1081'. [ 418.317917][T10355] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1091'. [ 418.361238][T10335] overlay: filesystem on ./bus not supported as upperdir [ 419.145214][T10379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1098'. [ 419.495997][ T1105] wlan0: Trigger new scan to find an IBSS to join [ 420.203998][T10411] FAULT_INJECTION: forcing a failure. [ 420.203998][T10411] name failslab, interval 1, probability 0, space 0, times 0 [ 420.221298][T10411] CPU: 0 UID: 0 PID: 10411 Comm: syz.0.1106 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 420.225489][T10411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 420.229393][T10411] Call Trace: [ 420.230623][T10411] [ 420.231868][T10411] dump_stack_lvl+0x16c/0x1f0 [ 420.233820][T10411] should_fail_ex+0x497/0x5b0 [ 420.235655][T10411] ? fs_reclaim_acquire+0xae/0x160 [ 420.237800][T10411] should_failslab+0xc2/0x120 [ 420.239740][T10411] __kmalloc_cache_noprof+0x6b/0x300 [ 420.241776][T10411] ? sctp_auth_shkey_create+0x87/0x1f0 [ 420.243709][T10411] sctp_auth_shkey_create+0x87/0x1f0 [ 420.245829][T10411] sctp_auth_asoc_copy_shkeys+0x1f4/0x360 [ 420.248034][T10411] sctp_association_new+0x1973/0x2ad0 [ 420.250212][T10411] sctp_connect_new_asoc+0x1b7/0x790 [ 420.252621][T10411] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 420.255126][T10411] ? selinux_sctp_bind_connect+0x112/0x2c0 [ 420.257484][T10411] sctp_sendmsg+0x1610/0x1eb0 [ 420.259417][T10411] ? __pfx_sctp_sendmsg+0x10/0x10 [ 420.261405][T10411] ? sock_has_perm+0x25a/0x2f0 [ 420.263265][T10411] ? __import_iovec+0x1fd/0x6e0 [ 420.265167][T10411] ? __pfx_sctp_sendmsg+0x10/0x10 [ 420.267087][T10411] inet_sendmsg+0x119/0x140 [ 420.268866][T10411] ____sys_sendmsg+0x992/0xc90 [ 420.270746][T10411] ? copy_msghdr_from_user+0x10b/0x160 [ 420.272847][T10411] ? __pfx_____sys_sendmsg+0x10/0x10 [ 420.274928][T10411] ? __pfx___lock_acquire+0x10/0x10 [ 420.276926][T10411] ? trace_contention_end.constprop.0+0x106/0x170 [ 420.279580][T10411] ___sys_sendmsg+0x135/0x1e0 [ 420.281416][T10411] ? __pfx____sys_sendmsg+0x10/0x10 [ 420.283556][T10411] ? __schedule+0x3a2c/0x5490 [ 420.285428][T10411] ? __fget_light+0x173/0x210 [ 420.287288][T10411] __sys_sendmmsg+0x1a1/0x450 [ 420.289119][T10411] ? __pfx___sys_sendmmsg+0x10/0x10 [ 420.291224][T10411] __x64_sys_sendmmsg+0x9c/0x100 [ 420.293263][T10411] ? lockdep_hardirqs_on+0x7c/0x110 [ 420.295237][T10411] do_syscall_64+0xcd/0x250 [ 420.296865][T10411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.298952][T10411] RIP: 0033:0x7f663e5779f9 [ 420.300621][T10411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.308122][T10411] RSP: 002b:00007f663f2d3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 420.311248][T10411] RAX: ffffffffffffffda RBX: 00007f663e706130 RCX: 00007f663e5779f9 [ 420.314546][T10411] RDX: 0000000000000001 RSI: 000000002000cf00 RDI: 0000000000000003 [ 420.317749][T10411] RBP: 00007f663f2d30a0 R08: 0000000000000000 R09: 0000000000000000 [ 420.321096][T10411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 420.324392][T10411] R13: 000000000000006e R14: 00007f663e706130 R15: 00007ffe2216ff98 [ 420.327358][T10411] [ 421.201821][T10419] FAULT_INJECTION: forcing a failure. [ 421.201821][T10419] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 421.222917][T10419] CPU: 0 UID: 0 PID: 10419 Comm: syz.1.1109 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 421.227837][T10419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 421.232532][T10419] Call Trace: [ 421.233811][T10419] [ 421.234936][T10419] dump_stack_lvl+0x16c/0x1f0 [ 421.236712][T10419] should_fail_ex+0x497/0x5b0 [ 421.238740][T10419] _copy_from_user+0x30/0xf0 [ 421.240331][T10419] copy_msghdr_from_user+0x99/0x160 [ 421.242526][T10419] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 421.245005][T10419] ? find_held_lock+0x2d/0x110 [ 421.247024][T10419] ___sys_recvmsg+0xdc/0x1a0 [ 421.249258][T10419] ? __pfx____sys_recvmsg+0x10/0x10 [ 421.251596][T10419] ? __fget_light+0x173/0x210 [ 421.253585][T10419] do_recvmmsg+0x2ba/0x750 [ 421.255427][T10419] ? __pfx_do_recvmmsg+0x10/0x10 [ 421.257511][T10419] ? vfs_write+0x14d/0x1140 [ 421.259453][T10419] ? __mutex_unlock_slowpath+0x164/0x650 [ 421.261852][T10419] __x64_sys_recvmmsg+0x239/0x290 [ 421.263944][T10419] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 421.266115][T10419] do_syscall_64+0xcd/0x250 [ 421.268037][T10419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.270694][T10419] RIP: 0033:0x7f0ce35779f9 [ 421.272500][T10419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.280623][T10419] RSP: 002b:00007f0ce43b9048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 421.284083][T10419] RAX: ffffffffffffffda RBX: 00007f0ce3706130 RCX: 00007f0ce35779f9 [ 421.287378][T10419] RDX: 0000000000000414 RSI: 0000000020000840 RDI: 0000000000000007 [ 421.290732][T10419] RBP: 00007f0ce43b90a0 R08: 0000000000000000 R09: 0000000000000000 [ 421.294152][T10419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.297118][T10419] R13: 000000000000006e R14: 00007f0ce3706130 R15: 00007ffdf16684e8 [ 421.300124][T10419] [ 421.906448][T10433] tmpfs: Bad value for 'huge' [ 422.365952][ T5349] Bluetooth: hci4: command 0x0406 tx timeout [ 422.462889][ T39] audit: type=1400 audit(1722745564.719:1134): avc: denied { getopt } for pid=10440 comm="syz.3.1116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 422.484312][ T39] audit: type=1400 audit(1722745564.729:1135): avc: denied { read } for pid=10440 comm="syz.3.1116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 422.527996][ T3227] wlan0: Trigger new scan to find an IBSS to join [ 423.505883][ T1141] wlan0: Creating new IBSS network, BSSID 8e:97:94:aa:d0:cc [ 423.826423][ T9] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 424.056062][ T9] usb 5-1: Invalid ep0 maxpacket: 64 [ 424.075972][ T59] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 424.215912][ T9] usb 5-1: new low-speed USB device number 17 using dummy_hcd [ 424.255821][ T59] usb 8-1: Using ep0 maxpacket: 8 [ 424.260926][ T59] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 424.264319][ T59] usb 8-1: config 0 has no interface number 0 [ 424.267688][ T59] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 424.272728][ T59] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 424.278107][ T59] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.284620][ T59] usb 8-1: config 0 descriptor?? [ 424.301247][ T59] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 424.416082][ T9] usb 5-1: Invalid ep0 maxpacket: 64 [ 424.423742][ T9] usb usb5-port1: attempt power cycle [ 424.554000][ T39] audit: type=1400 audit(1722745566.809:1136): avc: denied { nlmsg_read } for pid=10457 comm="syz.3.1122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 424.554031][T10458] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1122'. [ 424.845767][ T9] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 424.902178][ T9] usb 5-1: Invalid ep0 maxpacket: 64 [ 425.075809][ T9] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 425.096472][ T9] usb 5-1: Invalid ep0 maxpacket: 64 [ 425.100217][ T9] usb usb5-port1: unable to enumerate USB device [ 425.216034][ T9] usb 8-1: USB disconnect, device number 13 [ 425.218212][ T9] iowarrior 8-1:0.1: I/O-Warror #0 now disconnected [ 426.166459][T10484] fuse: Unknown parameter 'ìV¤0x0000000000000004' [ 426.173486][T10483] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 426.177937][T10483] overlayfs: missing 'lowerdir' [ 426.236062][ T39] audit: type=1400 audit(1722745568.499:1137): avc: denied { bind } for pid=10476 comm="syz.1.1127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 426.570934][ T39] audit: type=1400 audit(1722745568.829:1138): avc: denied { accept } for pid=10490 comm="syz.2.1130" lport=44616 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 426.628034][T10493] sctp: [Deprecated]: syz.2.1130 (pid 10493) Use of int in max_burst socket option deprecated. [ 426.628034][T10493] Use struct sctp_assoc_value instead [ 427.006320][T10483] orangefs_mount: mount request failed with -4 [ 427.339391][T10506] ebtables: ebtables: counters copy to user failed while replacing table [ 427.471275][ T39] audit: type=1400 audit(1722745569.729:1139): avc: denied { execute } for pid=10520 comm="syz.2.1140" path="/dev/audio1" dev="devtmpfs" ino=1133 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 427.562208][T10526] syzkaller1: entered promiscuous mode [ 427.564858][T10526] syzkaller1: entered allmulticast mode [ 427.585547][T10526] FAULT_INJECTION: forcing a failure. [ 427.585547][T10526] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.599129][T10526] CPU: 1 UID: 0 PID: 10526 Comm: syz.2.1141 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 427.603882][T10526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 427.608374][T10526] Call Trace: [ 427.609871][T10526] [ 427.611314][T10526] dump_stack_lvl+0x16c/0x1f0 [ 427.613384][T10526] should_fail_ex+0x497/0x5b0 [ 427.615427][T10526] _copy_from_iter+0x2a1/0x1150 [ 427.617736][T10526] ? _copy_from_iter+0x15e/0x1150 [ 427.619901][T10526] ? __pfx__copy_from_iter+0x10/0x10 [ 427.622286][T10526] ? sock_alloc_send_pskb+0x750/0x980 [ 427.624570][T10526] ? __pfx__copy_from_iter+0x10/0x10 [ 427.626826][T10526] copy_page_from_iter+0xa5/0x120 [ 427.628916][T10526] skb_copy_datagram_from_iter+0x41d/0x6c0 [ 427.631417][T10526] tun_get_user+0x199b/0x3c30 [ 427.633413][T10526] ? __pfx_tun_get_user+0x10/0x10 [ 427.635686][T10526] ? find_held_lock+0x2d/0x110 [ 427.637789][T10526] ? __pfx_lock_release+0x10/0x10 [ 427.639788][T10526] tun_chr_write_iter+0xe8/0x210 [ 427.641803][T10526] vfs_write+0x6b6/0x1140 [ 427.643806][T10526] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 427.646265][T10526] ? __pfx_vfs_write+0x10/0x10 [ 427.648333][T10526] ? __fget_files+0x256/0x400 [ 427.650676][T10526] ? __fget_light+0x173/0x210 [ 427.652722][T10526] ksys_write+0x12f/0x260 [ 427.654613][T10526] ? __pfx_ksys_write+0x10/0x10 [ 427.656686][T10526] do_syscall_64+0xcd/0x250 [ 427.658649][T10526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.661359][T10526] RIP: 0033:0x7f2c3f3779f9 [ 427.663321][T10526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.671889][T10526] RSP: 002b:00007f2c4017f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 427.675835][T10526] RAX: ffffffffffffffda RBX: 00007f2c3f505f80 RCX: 00007f2c3f3779f9 [ 427.679418][T10526] RDX: 000000000000fdef RSI: 0000000020000080 RDI: 0000000000000004 [ 427.680575][T10531] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1139'. [ 427.682792][T10526] RBP: 00007f2c4017f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 427.682809][T10526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 427.682820][T10526] R13: 000000000000000b R14: 00007f2c3f505f80 R15: 00007fff1a361088 [ 427.682834][T10526] [ 427.897584][ T57] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 427.949218][T10533] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 427.953149][T10533] overlayfs: missing 'lowerdir' [ 428.080238][ T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 428.084634][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 428.088293][ T57] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 428.097465][ T57] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 428.101378][ T57] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.104393][ T57] usb 6-1: Product: syz [ 428.111649][ T57] usb 6-1: Manufacturer: syz [ 428.113756][ T57] usb 6-1: SerialNumber: syz [ 428.120707][ T57] usb 6-1: config 0 descriptor?? [ 428.123757][T10530] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 428.136530][ T57] dm9601 6-1:0.0: probe with driver dm9601 failed with error -22 [ 428.313358][ T39] audit: type=1400 audit(1722745570.569:1140): avc: denied { create } for pid=10536 comm="syz.3.1146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 428.776955][T10533] orangefs_mount: mount request failed with -4 [ 428.857710][T10529] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 428.871838][ T59] usb 6-1: USB disconnect, device number 14 [ 429.176073][ T5399] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 429.372787][ T5399] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 429.379066][ T5399] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 429.383405][ T5399] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 429.390613][ T5399] usb 7-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 429.394628][ T5399] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.404746][ T5399] usb 7-1: Product: syz [ 429.414387][ T5399] usb 7-1: Manufacturer: syz [ 429.417818][ T5399] usb 7-1: SerialNumber: syz [ 429.426906][ T5399] usb 7-1: config 0 descriptor?? [ 429.429682][T10549] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 429.437432][ T5399] dm9601 7-1:0.0: probe with driver dm9601 failed with error -22 [ 430.058676][ T4762] Bluetooth: hci4: SCO packet for unknown connection handle 200 [ 430.172854][ T39] audit: type=1326 audit(1722745572.429:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10569 comm="syz.1.1153" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ce35779f9 code=0x0 [ 431.094875][T10581] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 431.098981][T10581] overlayfs: missing 'lowerdir' [ 431.876283][ T57] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 431.914662][T10581] orangefs_mount: mount request failed with -4 [ 432.065363][ T57] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 432.072593][ T57] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 432.077873][ T57] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 432.081923][ T57] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.098481][T10587] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 432.114480][ T57] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 432.283428][ T39] audit: type=1400 audit(1722745574.539:1142): avc: denied { link } for pid=10589 comm="syz.1.1160" name="file1" dev="tmpfs" ino=385 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 432.328875][ T39] audit: type=1400 audit(1722745574.539:1143): avc: denied { setattr } for pid=10589 comm="syz.1.1160" name="#3b" dev="tmpfs" ino=386 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 432.436513][ T39] audit: type=1400 audit(1722745574.539:1144): avc: denied { rename } for pid=10589 comm="syz.1.1160" name="#3b" dev="tmpfs" ino=386 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 432.456695][ T834] usb 8-1: USB disconnect, device number 14 [ 432.742711][T10587] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1159'. [ 432.950494][T10549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 432.957211][ T59] usb 7-1: USB disconnect, device number 15 [ 433.017541][T10604] netlink: 'syz.1.1162': attribute type 4 has an invalid length. [ 433.022141][T10604] netlink: 85884 bytes leftover after parsing attributes in process `syz.1.1162'. [ 433.306012][T10612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1164'. [ 433.442092][ T39] audit: type=1326 audit(1722745575.699:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10613 comm="syz.1.1165" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ce35779f9 code=0x0 [ 433.569449][T10618] netlink: 'syz.3.1167': attribute type 1 has an invalid length. [ 433.573000][T10618] netlink: 157116 bytes leftover after parsing attributes in process `syz.3.1167'. [ 433.614266][T10618] Process accounting resumed [ 433.678658][T10618] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1167'. [ 433.682585][T10618] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1167'. [ 433.691428][T10618] gtp0: entered promiscuous mode [ 433.693687][T10618] gtp0: entered allmulticast mode [ 433.784433][T10622] overlayfs: failed to resolve './file0': -2 [ 433.983188][T10624] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 434.001115][T10624] overlayfs: missing 'lowerdir' [ 434.681830][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.685174][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.695085][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.700030][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.703631][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.705437][T10659] netlink: 'syz.2.1177': attribute type 4 has an invalid length. [ 434.706873][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.710277][T10659] netlink: 87420 bytes leftover after parsing attributes in process `syz.2.1177'. [ 434.713283][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.713300][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.713319][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.713337][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.713355][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.734069][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.737568][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.740752][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.744253][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.752541][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.755839][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.759263][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.762316][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.765476][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.768920][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.772279][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.775500][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.786364][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.790570][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.793911][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.798464][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.801891][T10624] orangefs_mount: mount request failed with -4 [ 434.802403][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.808655][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.811924][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.815223][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.834432][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.837369][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.840270][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.843199][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.851613][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.854420][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.868961][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.873503][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.876559][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.879383][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.882088][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.889983][ T8886] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 434.899390][ T8886] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz0] on syz0 [ 434.949435][T10658] FAULT_INJECTION: forcing a failure. [ 434.949435][T10658] name failslab, interval 1, probability 0, space 0, times 0 [ 434.955323][T10658] CPU: 2 UID: 0 PID: 10658 Comm: syz.1.1178 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 434.959932][T10658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 434.964475][T10658] Call Trace: [ 434.966058][T10658] [ 434.967509][T10658] dump_stack_lvl+0x16c/0x1f0 [ 434.969507][T10658] should_fail_ex+0x497/0x5b0 [ 434.971529][T10658] ? fs_reclaim_acquire+0xae/0x160 [ 434.973703][T10658] should_failslab+0xc2/0x120 [ 434.975726][T10658] __kmalloc_noprof+0xcb/0x400 [ 434.977837][T10658] kobject_get_path+0xd9/0x2b0 [ 434.979846][T10658] kobject_uevent_env+0x289/0x1860 [ 434.981723][T10658] ? __pfx_dev_uevent_name+0x10/0x10 [ 434.983819][T10658] ? bus_to_subsys+0x12d/0x160 [ 434.985783][T10658] device_del+0x623/0x9f0 [ 434.987607][T10658] ? __pfx_device_del+0x10/0x10 [ 434.989691][T10658] device_unregister+0x1d/0xc0 [ 434.991704][T10658] device_destroy+0x9a/0xe0 [ 434.993598][T10658] ? __pfx_device_destroy+0x10/0x10 [ 434.995702][T10658] ? __pfx_down_write+0x10/0x10 [ 434.997485][T10658] drop_ref+0xd8/0x390 [ 434.998917][T10658] hidraw_disconnect+0x4b/0x60 [ 435.000345][T10658] hid_disconnect+0x13e/0x1b0 [ 435.002031][T10658] hid_device_remove+0x1a8/0x260 [ 435.003731][T10658] ? __pfx_hid_device_remove+0x10/0x10 [ 435.005905][T10658] device_remove+0xc8/0x170 [ 435.007682][T10658] device_release_driver_internal+0x44a/0x610 [ 435.009836][T10658] bus_remove_device+0x22f/0x420 [ 435.012068][T10658] device_del+0x396/0x9f0 [ 435.014021][T10658] ? __pfx_enable_work+0x10/0x10 [ 435.016145][T10658] ? __pfx_device_del+0x10/0x10 [ 435.018369][T10658] ? mark_held_locks+0x9f/0xe0 [ 435.020135][T10658] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 435.022248][T10658] hid_destroy_device+0xe5/0x150 [ 435.024380][T10658] uhid_char_write+0xc32/0x10c0 [ 435.026762][T10658] ? rw_verify_area+0xd0/0x6c0 [ 435.028728][T10658] ? __pfx_uhid_char_write+0x10/0x10 [ 435.031093][T10658] vfs_write+0x29a/0x1140 [ 435.033045][T10658] ? __pfx_vfs_write+0x10/0x10 [ 435.035347][T10658] ? __fget_files+0x256/0x400 [ 435.037293][T10658] ? __fget_light+0x173/0x210 [ 435.039356][T10658] ksys_write+0x1f8/0x260 [ 435.041235][T10658] ? __pfx_ksys_write+0x10/0x10 [ 435.043086][T10658] do_syscall_64+0xcd/0x250 [ 435.044845][T10658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.047115][T10658] RIP: 0033:0x7f0ce35779f9 [ 435.048845][T10658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.057142][T10658] RSP: 002b:00007f0ce43fb048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 435.060898][T10658] RAX: ffffffffffffffda RBX: 00007f0ce3705f80 RCX: 00007f0ce35779f9 [ 435.064398][T10658] RDX: 0000000000000004 RSI: 0000000020000c40 RDI: 0000000000000003 [ 435.067994][T10658] RBP: 00007f0ce43fb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 435.071381][T10658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 435.074745][T10658] R13: 000000000000000b R14: 00007f0ce3705f80 R15: 00007ffdf16684e8 [ 435.077977][T10658] [ 435.804913][T10673] overlayfs: failed to resolve './file0': -2 [ 436.333484][ T39] audit: type=1400 audit(1722745578.589:1146): avc: denied { setopt } for pid=10676 comm="syz.0.1183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 439.175237][T10735] syz.2.1198: attempt to access beyond end of device [ 439.175237][T10735] loop2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 439.187528][T10735] gfs2: error -5 reading superblock [ 439.465833][ T833] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 439.660806][ T833] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 439.675787][ T833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 439.680061][ T833] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 439.702065][ T833] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 439.705993][ T833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.717079][ T833] usb 5-1: Product: syz [ 439.718821][ T833] usb 5-1: Manufacturer: syz [ 439.721024][ T833] usb 5-1: SerialNumber: syz [ 439.735737][ T833] usb 5-1: config 0 descriptor?? [ 439.739044][T10737] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 439.744000][ T833] dm9601 5-1:0.0: probe with driver dm9601 failed with error -22 [ 440.362553][T10736] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 440.379217][ T833] usb 5-1: USB disconnect, device number 20 [ 441.650904][ T39] audit: type=1400 audit(1722745583.909:1147): avc: denied { unmount } for pid=9655 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 441.783996][T10771] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 442.813858][T10778] netlink: 'syz.0.1210': attribute type 4 has an invalid length. [ 442.824128][T10778] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.1210'. [ 443.114480][T10788] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 443.118591][T10788] overlayfs: missing 'lowerdir' [ 443.943452][T10788] orangefs_mount: mount request failed with -4 [ 444.188366][T10805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1217'. [ 444.826291][ T5349] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 444.831212][ T5349] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 444.835352][ T5349] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 444.845292][ T5349] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 444.849312][ T5349] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 444.852665][ T5349] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 444.993615][T10815] overlayfs: failed to resolve './file1': -2 [ 445.001072][T10809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1218'. [ 445.074581][T10810] chnl_net:caif_netlink_parms(): no params data found [ 445.295847][T10810] bridge0: port 1(bridge_slave_0) entered blocking state [ 445.295931][T10810] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.296203][T10810] bridge_slave_0: entered allmulticast mode [ 445.297491][T10810] bridge_slave_0: entered promiscuous mode [ 445.299676][T10810] bridge0: port 2(bridge_slave_1) entered blocking state [ 445.299752][T10810] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.299854][T10810] bridge_slave_1: entered allmulticast mode [ 445.300682][T10810] bridge_slave_1: entered promiscuous mode [ 445.479390][T10810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 445.498625][T10810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 445.545257][T10829] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 445.551607][T10829] overlayfs: missing 'lowerdir' [ 445.681783][T10810] team0: Port device team_slave_0 added [ 445.689810][T10810] team0: Port device team_slave_1 added [ 445.779595][T10810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 445.782699][T10810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 445.801910][T10810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 445.808989][T10810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 445.812047][T10810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 445.828351][T10810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 445.889795][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.892295][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.910201][T10810] hsr_slave_0: entered promiscuous mode [ 445.927475][T10810] hsr_slave_1: entered promiscuous mode [ 445.931005][T10810] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 445.934292][T10810] Cannot create hsr debugfs directory [ 446.371721][T10830] orangefs_mount: mount request failed with -4 [ 446.512893][ T1105] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.597232][ T1105] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.677045][ T1105] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.764976][ T1105] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.830164][T10846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1227'. [ 446.874076][T10839] orangefs_mount: mount request failed with -4 [ 446.925985][ T5349] Bluetooth: hci0: command tx timeout [ 447.007082][ T1105] bridge_slave_1: left allmulticast mode [ 447.009330][ T1105] bridge_slave_1: left promiscuous mode [ 447.011636][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.076665][ T1105] bridge_slave_0: left allmulticast mode [ 447.082468][ T1105] bridge_slave_0: left promiscuous mode [ 447.084903][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.903047][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 447.958561][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 447.981563][ T1105] bond0 (unregistering): Released all slaves [ 448.606556][ T1105] hsr_slave_0: left promiscuous mode [ 448.624891][ T1105] hsr_slave_1: left promiscuous mode [ 448.629710][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 448.632980][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 448.643549][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 448.647070][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 448.707270][ T1105] veth1_macvtap: left promiscuous mode [ 448.709631][ T1105] veth0_macvtap: left promiscuous mode [ 448.712168][ T1105] veth1_vlan: left promiscuous mode [ 448.714670][ T1105] veth0_vlan: left promiscuous mode [ 448.772037][T10863] overlay: filesystem on ./bus not supported as upperdir [ 448.842592][ T39] audit: type=1400 audit(1722745591.099:1148): avc: denied { connect } for pid=10879 comm="syz.1.1233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 449.007544][ T5349] Bluetooth: hci0: command tx timeout [ 449.225147][ T39] audit: type=1400 audit(1722745591.479:1149): avc: denied { sqpoll } for pid=10888 comm="syz.0.1234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 449.565836][ T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 449.775991][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 449.794514][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 449.810842][ T9] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 449.819927][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.833445][ T9] usb 5-1: Product: syz [ 449.835364][ T9] usb 5-1: Manufacturer: syz [ 449.837801][ T9] usb 5-1: SerialNumber: syz [ 449.847255][ T9] usb 5-1: config 0 descriptor?? [ 449.857532][T10889] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 449.867548][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 449.870413][ T9] hub 5-1:0.0: probe with driver hub failed with error -5 [ 449.926835][ T9] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input10 [ 450.041754][ T1105] team0 (unregistering): Port device team_slave_1 removed [ 450.135989][ T9] usb 5-1: USB disconnect, device number 21 [ 450.138747][ C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 450.173827][ T1105] team0 (unregistering): Port device team_slave_0 removed [ 451.086012][ T5349] Bluetooth: hci0: command tx timeout [ 451.207389][T10810] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 451.258862][T10810] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 451.267300][T10810] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 451.326541][T10810] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 451.482722][T10810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.503290][T10810] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.518789][ T5399] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.518891][ T5399] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.520669][ T5399] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.520790][ T5399] bridge0: port 2(bridge_slave_1) entered forwarding state [ 451.655390][T10901] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1236'. [ 451.811844][T10810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 451.854908][T10810] veth0_vlan: entered promiscuous mode [ 451.873492][T10810] veth1_vlan: entered promiscuous mode [ 451.902203][T10810] veth0_macvtap: entered promiscuous mode [ 451.914102][T10810] veth1_macvtap: entered promiscuous mode [ 451.950381][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 451.954912][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.964096][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 451.968559][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.972530][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 451.979000][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 451.983405][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 451.995803][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.001337][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 452.006337][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.014383][T10810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 452.025283][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.030890][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.035644][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.040532][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.045056][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.050631][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.055648][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.061015][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.067005][T10810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.072404][T10810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.079022][T10810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 452.089736][T10810] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.094331][T10810] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.098817][T10810] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.102611][T10810] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.197463][ T1240] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.200990][ T1240] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.232613][ T1240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.236644][ T1240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.503471][T10916] overlayfs: missing 'lowerdir' [ 452.591229][T10917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'. [ 452.875588][ T39] audit: type=1326 audit(1722745595.129:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10923 comm="syz.1.1240" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ce35779f9 code=0x0 [ 453.166084][ T5349] Bluetooth: hci0: command tx timeout [ 453.392788][T10932] overlayfs: failed to resolve './file1': -2 [ 453.677562][T10934] overlay: filesystem on ./bus not supported as upperdir [ 453.758367][T10936] netlink: 'syz.1.1244': attribute type 4 has an invalid length. [ 453.761428][T10936] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.1244'. [ 455.158120][T10968] kvm: kvm [10967]: vcpu0, guest rIP: 0x1b4 Unhandled WRMSR(0x186) = 0x36ec00bffffffc18 [ 455.163113][T10968] kvm: kvm [10967]: vcpu0, guest rIP: 0x1b4 Unhandled WRMSR(0x187) = 0x36ec00c1fffffc18 [ 455.449003][T10975] kvm: kvm [10974]: vcpu0, guest rIP: 0x1b4 Unhandled WRMSR(0x11e) = 0x36ec0067fffffc18 [ 455.997737][T11000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1258'. [ 457.341780][ T39] audit: type=1326 audit(1722745599.599:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11032 comm="syz.0.1271" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x0 [ 458.375464][ T39] audit: type=1400 audit(1722745600.629:1152): avc: denied { connect } for pid=11051 comm="syz.0.1276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 458.397199][ T39] audit: type=1400 audit(1722745600.639:1153): avc: denied { write } for pid=11051 comm="syz.0.1276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 458.606620][T11058] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1278'. [ 459.475194][ T39] audit: type=1326 audit(1722745601.729:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11081 comm="syz.1.1283" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ce35779f9 code=0x0 [ 461.689101][ T39] audit: type=1326 audit(1722745603.949:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11100 comm="syz.0.1290" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x7ffc0000 [ 461.699319][ T39] audit: type=1326 audit(1722745603.949:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11100 comm="syz.0.1290" exe="/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f663e5779f9 code=0x7ffc0000 [ 461.709056][ T39] audit: type=1326 audit(1722745603.949:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11100 comm="syz.0.1290" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x7ffc0000 [ 461.718951][ T39] audit: type=1326 audit(1722745603.949:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11100 comm="syz.0.1290" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x7ffc0000 [ 461.729630][ T39] audit: type=1326 audit(1722745603.959:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11100 comm="syz.0.1290" exe="/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f663e5779f9 code=0x7ffc0000 [ 461.739903][ T39] audit: type=1326 audit(1722745603.959:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11100 comm="syz.0.1290" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x7ffc0000 [ 464.192646][ T39] kauditd_printk_skb: 9 callbacks suppressed [ 464.192662][ T39] audit: type=1326 audit(1722745606.449:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11122 comm="syz.0.1295" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x0 [ 465.521916][T11135] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.525881][T11135] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.530671][T11135] bridge0: entered allmulticast mode [ 465.545368][ T39] audit: type=1400 audit(1722745607.799:1171): avc: denied { name_bind } for pid=11134 comm="syz.3.1299" src=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 465.569854][ T4762] Bluetooth: hci1: sending frame failed (-49) [ 465.574018][ T5349] Bluetooth: hci1: Opcode 0x1003 failed: -49 [ 465.578542][T11135] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.581325][T11135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 465.583932][T11135] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.586935][T11135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 465.590531][T11135] bridge0: entered promiscuous mode [ 465.596559][ T39] audit: type=1326 audit(1722745607.859:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11134 comm="syz.3.1299" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f111ab779f9 code=0x0 [ 465.661618][ T39] audit: type=1400 audit(1722745607.919:1173): avc: denied { ioctl } for pid=11134 comm="syz.3.1299" path="socket:[42137]" dev="sockfs" ino=42137 ioctlcmd=0x89eb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 466.632157][T11145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1301'. [ 466.723941][T11148] netlink: set zone limit has 4 unknown bytes [ 467.630527][ T39] audit: type=1326 audit(1722745609.889:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11160 comm="syz.2.1305" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c3f3779f9 code=0x0 [ 467.830274][T11159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1304'. [ 468.305564][T11167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1306'. [ 469.035871][ T9023] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 469.215843][ T9023] usb 7-1: Using ep0 maxpacket: 8 [ 469.219699][ T9023] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 469.223170][ T9023] usb 7-1: config 179 has no interface number 0 [ 469.225452][ T9023] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10 [ 469.230546][ T9023] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 469.234810][ T9023] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 469.239116][ T9023] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 469.243525][ T9023] usb 7-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 469.249436][ T9023] usb 7-1: config 179 interface 65 has no altsetting 0 [ 469.251961][ T9023] usb 7-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 469.256127][ T9023] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.262504][T11176] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 469.275465][ T9023] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:179.65/input/input11 [ 469.561528][ T9023] usb 7-1: USB disconnect, device number 16 [ 469.564324][ C3] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 469.580237][ T9023] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 469.719453][T11178] ERROR: device name not specified. [ 469.760037][T11180] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1310'. [ 470.992893][T11197] netlink: 'syz.0.1314': attribute type 4 has an invalid length. [ 471.002321][T11197] netlink: 96856 bytes leftover after parsing attributes in process `syz.0.1314'. [ 471.302918][ T39] audit: type=1326 audit(1722745613.559:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11199 comm="syz.3.1315" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f111ab779f9 code=0x0 [ 472.130180][T11209] netlink: 'syz.0.1317': attribute type 4 has an invalid length. [ 472.155402][T11209] netlink: 107180 bytes leftover after parsing attributes in process `syz.0.1317'. [ 473.313412][T11223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1319'. [ 474.143318][T11238] REISERFS warning (device nullb0): sh-2021 reiserfs_fill_super: can not find reiserfs on nullb0 [ 474.553515][T11244] netlink: 'syz.1.1326': attribute type 4 has an invalid length. [ 474.559463][T11244] netlink: 78512 bytes leftover after parsing attributes in process `syz.1.1326'. [ 475.472873][ T39] audit: type=1400 audit(1722745617.729:1176): avc: denied { setopt } for pid=11256 comm="syz.1.1331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 475.520500][T11257] pim6reg1: entered promiscuous mode [ 475.522937][T11257] pim6reg1: entered allmulticast mode [ 475.814847][T11264] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1330'. [ 476.082298][T11278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1332'. [ 476.570701][ T39] audit: type=1326 audit(1722745618.829:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11288 comm="syz.2.1341" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2c3f3779f9 code=0x0 [ 477.026117][T11291] kvm: kvm [11290]: vcpu0, guest rIP: 0x1b4 Unhandled WRMSR(0x186) = 0x36ec00fbfffffc18 [ 477.031726][T11291] kvm: kvm [11290]: vcpu0, guest rIP: 0x1b4 Unhandled WRMSR(0x187) = 0x36ec00fdfffffc18 [ 478.505017][T11343] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1352'. [ 478.719800][T11344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1356'. [ 479.567536][T11352] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1358'. [ 480.237036][T11364] nbd2: detected capacity change from 0 to 22 [ 480.240497][T11368] block nbd2: shutting down sockets [ 480.242055][ T9348] blk_print_req_error: 60 callbacks suppressed [ 480.242068][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.252581][ T9348] buffer_io_error: 60 callbacks suppressed [ 480.252593][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.273956][ T71] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.278652][ T71] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.287005][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.290603][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.293957][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.320075][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.338372][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.345852][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.349345][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.356696][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.360520][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.364741][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.369579][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.373678][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.378461][ T9348] ldm_validate_partition_table(): Disk read failed. [ 480.381469][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.390788][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.395032][ T9348] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 480.400210][ T9348] Buffer I/O error on dev nbd2, logical block 0, async page read [ 480.405050][ T9348] Dev nbd2: unable to read RDB block 0 [ 480.412975][ T9348] nbd2: unable to read partition table [ 480.415511][ T9348] nbd2: partition table beyond EOD, truncated [ 480.424431][ T9348] ldm_validate_partition_table(): Disk read failed. [ 480.430053][ T9348] Dev nbd2: unable to read RDB block 0 [ 480.433221][ T9348] nbd2: unable to read partition table [ 480.436357][ T9348] nbd2: partition table beyond EOD, truncated [ 480.761122][T11381] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1369'. [ 480.837753][T11389] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1370'. [ 481.052084][T11392] netlink: 'syz.2.1371': attribute type 4 has an invalid length. [ 481.055485][T11392] netlink: 62836 bytes leftover after parsing attributes in process `syz.2.1371'. [ 481.815398][T11400] netlink: 'syz.1.1374': attribute type 4 has an invalid length. [ 481.819046][T11400] netlink: 97044 bytes leftover after parsing attributes in process `syz.1.1374'. [ 482.033822][T11404] can0: slcan on pts0. [ 482.117269][T11404] can0 (unregistered): slcan off pts0. [ 483.254412][ T5349] Bluetooth: hci5: ISO packet for unknown connection handle 0 [ 483.345985][ T39] audit: type=1400 audit(1722745625.599:1178): avc: denied { setopt } for pid=11432 comm="syz.2.1381" lport=42666 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 483.355080][ T39] audit: type=1400 audit(1722745625.599:1179): avc: denied { read } for pid=11432 comm="syz.2.1381" lport=42666 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 484.241328][T11441] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1380'. [ 485.245979][ T5349] Bluetooth: hci5: command tx timeout [ 485.295500][T11464] netlink: 'syz.0.1386': attribute type 4 has an invalid length. [ 485.306701][T11464] netlink: 69060 bytes leftover after parsing attributes in process `syz.0.1386'. [ 486.142371][T11466] orangefs_mount: mount request failed with -4 [ 486.185879][T11472] cgroup: release_agent respecified [ 486.234039][T11470] sg_write: data in/out 196608/1 bytes for SCSI command 0xf2-- guessing data in; [ 486.234039][T11470] program syz.0.1388 not setting count and/or reply_len properly [ 486.314195][T11478] netlink: 'syz.2.1390': attribute type 21 has an invalid length. [ 486.317701][ T39] audit: type=1400 audit(1722745628.569:1180): avc: denied { audit_write } for pid=11469 comm="syz.0.1388" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 486.828548][T11492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1393'. [ 487.435287][T11501] netlink: 'syz.2.1396': attribute type 4 has an invalid length. [ 487.439017][T11501] netlink: 41152 bytes leftover after parsing attributes in process `syz.2.1396'. [ 487.679233][T11504] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 487.709026][T11504] fuse: Unknown parameter '18446744073709551615' [ 488.248507][ T39] audit: type=1400 audit(1722745630.509:1181): avc: denied { read } for pid=11512 comm="syz.2.1401" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 488.262188][ T39] audit: type=1400 audit(1722745630.509:1182): avc: denied { open } for pid=11512 comm="syz.2.1401" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 488.278654][ T39] audit: type=1400 audit(1722745630.539:1183): avc: denied { setattr } for pid=11512 comm="syz.2.1401" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 488.679000][T11520] xt_socket: unknown flags 0x50 [ 489.373591][T11531] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1405'. [ 490.418297][T11557] fuse: Bad value for 'fd' [ 490.616941][T11566] overlayfs: failed to resolve './file1': -2 [ 491.942978][T11581] overlayfs: failed to decode file handle (len=0, type=251, flags=0, err=-22) [ 492.152896][T11584] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1416'. [ 492.192496][T11590] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1419'. [ 492.803503][T11600] cgroup: noprefix used incorrectly [ 492.908675][ T5349] Bluetooth: hci4: unexpected event for opcode 0x2016 [ 492.933337][ T39] audit: type=1400 audit(1722745635.189:1184): avc: denied { connect } for pid=11606 comm="syz.2.1426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 493.915864][T11612] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 494.375876][ T8886] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 494.558374][ T8886] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 494.562141][ T8886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.567593][ T8886] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 494.570810][ T8886] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 494.574019][ T8886] usb 6-1: Manufacturer: syz [ 494.577279][ T8886] usb 6-1: config 0 descriptor?? [ 494.646186][ T8886] rc_core: IR keymap rc-hauppauge not found [ 494.648423][ T8886] Registered IR keymap rc-empty [ 494.651704][ T8886] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0 [ 494.658280][ T8886] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/rc/rc0/input12 [ 494.955807][ T5349] Bluetooth: hci4: command 0x0406 tx timeout [ 495.016418][T11631] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1435'. [ 495.059282][T11647] overlayfs: failed to resolve './file0': -2 [ 495.179757][ T8886] usb 6-1: USB disconnect, device number 15 [ 495.645415][T11659] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1442'. [ 496.103398][T11676] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1448'. [ 496.197698][T11674] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 496.301002][ T5349] Bluetooth: hci4: Malformed HCI Event: 0x22 [ 496.397577][T11689] Cannot find add_set index 0 as target [ 496.500129][T11691] ipip0: entered promiscuous mode [ 497.391531][T11714] netlink: 'syz.0.1459': attribute type 4 has an invalid length. [ 497.394904][T11714] netlink: 113420 bytes leftover after parsing attributes in process `syz.0.1459'. [ 498.381372][ T5349] Bluetooth: hci4: command 0x0406 tx timeout [ 498.418379][T11724] netlink: 'syz.0.1462': attribute type 12 has an invalid length. [ 498.498339][T11726] FAULT_INJECTION: forcing a failure. [ 498.498339][T11726] name failslab, interval 1, probability 0, space 0, times 0 [ 498.503863][T11726] CPU: 2 UID: 0 PID: 11726 Comm: syz.1.1463 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 498.508822][T11726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 498.513508][T11726] Call Trace: [ 498.514979][T11726] [ 498.516330][T11726] dump_stack_lvl+0x16c/0x1f0 [ 498.518432][T11726] should_fail_ex+0x497/0x5b0 [ 498.520595][T11726] ? fs_reclaim_acquire+0xae/0x160 [ 498.522853][T11726] should_failslab+0xc2/0x120 [ 498.524945][T11726] __kmalloc_cache_noprof+0x6b/0x300 [ 498.527273][T11726] ? bpf_prog_alloc_no_stats+0x58/0x440 [ 498.529716][T11726] ? bpf_prog_alloc_no_stats+0x109/0x440 [ 498.532158][T11726] ? __vmalloc_noprof+0x6d/0x90 [ 498.534305][T11726] bpf_prog_alloc_no_stats+0x109/0x440 [ 498.536731][T11726] bpf_prog_alloc+0x3b/0x240 [ 498.538774][T11726] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 498.541395][T11726] bpf_prog_load+0x1b32/0x2660 [ 498.543227][T11726] ? __pfx_bpf_prog_load+0x10/0x10 [ 498.545032][T11726] ? avc_has_perm+0x11b/0x1c0 [ 498.547135][T11726] ? selinux_bpf+0xde/0x130 [ 498.549095][T11726] ? security_bpf+0x8c/0xc0 [ 498.551169][T11726] __sys_bpf+0x8e9/0x4a20 [ 498.553170][T11726] ? ksys_write+0x21c/0x260 [ 498.555251][T11726] ? reacquire_held_locks+0x3f0/0x4c0 [ 498.557587][T11726] ? __pfx___sys_bpf+0x10/0x10 [ 498.559424][T11726] ? vfs_write+0x14d/0x1140 [ 498.561389][T11726] ? __mutex_unlock_slowpath+0x164/0x650 [ 498.564427][T11726] ? fput+0x32/0x390 [ 498.566139][T11726] ? ksys_write+0x1ab/0x260 [ 498.567931][T11726] ? __pfx_ksys_write+0x10/0x10 [ 498.569782][T11726] __x64_sys_bpf+0x78/0xc0 [ 498.571496][T11726] ? lockdep_hardirqs_on+0x7c/0x110 [ 498.573519][T11726] do_syscall_64+0xcd/0x250 [ 498.575234][T11726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.577747][T11726] RIP: 0033:0x7f0ce35779f9 [ 498.579680][T11726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 498.587741][T11726] RSP: 002b:00007f0ce43fb048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 498.591471][T11726] RAX: ffffffffffffffda RBX: 00007f0ce3705f80 RCX: 00007f0ce35779f9 [ 498.594871][T11726] RDX: 0000000000000090 RSI: 0000000020000440 RDI: 0000000000000005 [ 498.598249][T11726] RBP: 00007f0ce43fb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 498.601575][T11726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 498.604930][T11726] R13: 000000000000000b R14: 00007f0ce3705f80 R15: 00007ffdf16684e8 [ 498.608046][T11726] [ 499.165902][ T5349] Bluetooth: hci5: command 0x0406 tx timeout [ 501.547415][T11788] input: syz0 as /devices/virtual/input/input14 [ 503.381608][T11818] FAULT_INJECTION: forcing a failure. [ 503.381608][T11818] name failslab, interval 1, probability 0, space 0, times 0 [ 503.387193][T11818] CPU: 2 UID: 0 PID: 11818 Comm: syz.1.1487 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 503.391802][T11818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 503.396274][T11818] Call Trace: [ 503.397655][T11818] [ 503.398913][T11818] dump_stack_lvl+0x16c/0x1f0 [ 503.400956][T11818] should_fail_ex+0x497/0x5b0 [ 503.402968][T11818] should_failslab+0xc2/0x120 [ 503.405047][T11818] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 503.407292][T11818] ? skb_clone+0x190/0x3f0 [ 503.409316][T11818] skb_clone+0x190/0x3f0 [ 503.411250][T11818] netlink_deliver_tap+0xab3/0xd90 [ 503.413527][T11818] netlink_unicast+0x606/0x830 [ 503.415639][T11818] ? __pfx_netlink_unicast+0x10/0x10 [ 503.417912][T11818] netlink_sendmsg+0x8b8/0xd70 [ 503.420043][T11818] ? __pfx_netlink_sendmsg+0x10/0x10 [ 503.422409][T11818] ? __import_iovec+0x1fd/0x6e0 [ 503.424589][T11818] ____sys_sendmsg+0xab5/0xc90 [ 503.426734][T11818] ? copy_msghdr_from_user+0x10b/0x160 [ 503.429165][T11818] ? __pfx_____sys_sendmsg+0x10/0x10 [ 503.431488][T11818] ? find_held_lock+0x2d/0x110 [ 503.433633][T11818] ? __pfx___lock_acquire+0x10/0x10 [ 503.435919][T11818] ___sys_sendmsg+0x135/0x1e0 [ 503.438104][T11818] ? __pfx____sys_sendmsg+0x10/0x10 [ 503.441402][T11818] ? ksys_write+0x21c/0x260 [ 503.443432][T11818] ? __fget_light+0x173/0x210 [ 503.445679][T11818] __sys_sendmsg+0x117/0x1f0 [ 503.447778][T11818] ? __pfx___sys_sendmsg+0x10/0x10 [ 503.450052][T11818] do_syscall_64+0xcd/0x250 [ 503.452053][T11818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.454674][T11818] RIP: 0033:0x7f0ce35779f9 [ 503.456641][T11818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.464999][T11818] RSP: 002b:00007f0ce43fb048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 503.468619][T11818] RAX: ffffffffffffffda RBX: 00007f0ce3705f80 RCX: 00007f0ce35779f9 [ 503.472237][T11818] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 503.475233][T11818] RBP: 00007f0ce43fb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 503.478257][T11818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 503.481199][T11818] R13: 000000000000000b R14: 00007f0ce3705f80 R15: 00007ffdf16684e8 [ 503.484519][T11818] [ 504.285878][ T4762] Bluetooth: hci6: command tx timeout [ 504.616051][ T5399] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 504.815915][ T5399] usb 6-1: Using ep0 maxpacket: 8 [ 504.821723][ T5399] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 504.821769][ T5399] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 504.821789][ T5399] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 504.821809][ T5399] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 504.821830][ T5399] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 504.821865][ T5399] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 504.821886][ T5399] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.036396][ T5399] usb 6-1: GET_CAPABILITIES returned 0 [ 505.038914][ T5399] usbtmc 6-1:16.0: can't read capabilities [ 505.338186][ T5399] usb 6-1: USB disconnect, device number 16 [ 507.605867][ T1375] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.608437][ T1375] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.432493][T11895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1503'. [ 508.780111][T11907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1506'. [ 508.852620][T11904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1505'. [ 509.557492][ T39] audit: type=1400 audit(1722745907.811:1185): avc: denied { getopt } for pid=11922 comm="syz.2.1511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 509.783891][ T39] audit: type=1400 audit(1722745908.031:1186): avc: denied { unmount } for pid=9655 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 509.975867][ T6115] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 510.160251][ T6115] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 510.175971][ T6115] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 510.180381][ T6115] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 510.200049][ T6115] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 510.203679][ T6115] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.209952][ T6115] usb 6-1: Product: syz [ 510.211910][ T6115] usb 6-1: Manufacturer: syz [ 510.214164][ T6115] usb 6-1: SerialNumber: syz [ 510.225519][ T6115] usb 6-1: config 0 descriptor?? [ 510.231083][T11928] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 510.240877][ T6115] dm9601 6-1:0.0: probe with driver dm9601 failed with error -22 [ 510.398377][ T39] audit: type=1326 audit(1722745908.651:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11950 comm="syz.0.1518" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x0 [ 510.564215][T11927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.576149][ T6115] usb 6-1: USB disconnect, device number 17 [ 511.763764][ T39] audit: type=1326 audit(1722745910.011:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11968 comm="syz.0.1523" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f663e5779f9 code=0x0 [ 512.626827][ T5399] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 512.807983][ T5399] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 512.812149][ T5399] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 512.817196][ T5399] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 512.824489][ T5399] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 512.828746][ T5399] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.832105][ T5399] usb 6-1: Product: syz [ 512.833889][ T5399] usb 6-1: Manufacturer: syz [ 512.836066][ T5399] usb 6-1: SerialNumber: syz [ 512.839454][ T5399] usb 6-1: config 0 descriptor?? [ 512.841687][T11981] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 512.846338][ T5399] dm9601 6-1:0.0: probe with driver dm9601 failed with error -22 [ 513.046992][T11986] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 513.197033][T11980] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 513.201228][ T5399] usb 6-1: USB disconnect, device number 18 [ 514.025009][T11992] input: syz1 as /devices/virtual/input/input15 [ 514.889235][T12010] vivid-000: disconnect [ 514.892528][T12010] vivid-000: reconnect [ 515.306845][ T39] audit: type=1326 audit(1722745913.571:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12014 comm="syz.1.1536" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ce35779f9 code=0x0 [ 518.816564][ T5349] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 518.826023][ T5349] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 518.830934][ T5349] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 518.834652][ T5349] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 518.839009][ T5349] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 518.842304][ T5349] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 518.980723][T12045] chnl_net:caif_netlink_parms(): no params data found [ 519.532811][T12045] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.535957][T12045] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.539272][T12045] bridge_slave_0: entered allmulticast mode [ 519.543020][T12045] bridge_slave_0: entered promiscuous mode [ 519.547855][T12045] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.550589][T12045] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.553591][T12045] bridge_slave_1: entered allmulticast mode [ 519.558317][T12045] bridge_slave_1: entered promiscuous mode [ 519.650151][T12045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 519.656526][T12045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 519.722783][T12045] team0: Port device team_slave_0 added [ 519.732145][T12045] team0: Port device team_slave_1 added [ 519.796294][T12045] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 519.799465][T12045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.811609][T12045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 519.818003][T12045] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 519.820945][T12045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.831440][T12045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 519.914715][T12045] hsr_slave_0: entered promiscuous mode [ 519.931767][T12045] hsr_slave_1: entered promiscuous mode [ 519.956327][T12045] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 519.959490][T12045] Cannot create hsr debugfs directory [ 520.275661][T12045] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.429488][T12045] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.572130][ T4762] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 520.578153][ T4762] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 520.582334][ T4762] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 520.587068][ T4762] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 520.591219][ T4762] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 520.594791][ T4762] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 520.638240][T12045] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.921835][T12045] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.927259][ T4762] Bluetooth: hci1: command tx timeout [ 521.108378][ T3227] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.134925][T12061] chnl_net:caif_netlink_parms(): no params data found [ 521.294900][T12062] kvm: kvm [12060]: vcpu0, guest rIP: 0x1b4 Unhandled WRMSR(0x11e) = 0x36ec0060fffffc18 [ 521.376495][ T3227] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.571931][ T3227] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.716816][ T3227] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.780497][T12045] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 521.792647][T12061] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.795915][T12061] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.799151][T12061] bridge_slave_0: entered allmulticast mode [ 521.803010][T12061] bridge_slave_0: entered promiscuous mode [ 521.813942][T12061] bridge0: port 2(bridge_slave_1) entered blocking state [ 521.819244][T12061] bridge0: port 2(bridge_slave_1) entered disabled state [ 521.822417][T12061] bridge_slave_1: entered allmulticast mode [ 521.825483][T12061] bridge_slave_1: entered promiscuous mode [ 521.834038][T12045] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 521.928660][T12045] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 521.941386][T12045] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 521.950309][T12061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 521.959041][T12061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 522.143032][T12061] team0: Port device team_slave_0 added [ 522.180272][T12061] team0: Port device team_slave_1 added [ 522.314246][ T3227] bridge_slave_0: left allmulticast mode [ 522.316889][ T3227] bridge_slave_0: left promiscuous mode [ 522.319500][ T3227] bridge0: port 1(bridge_slave_0) entered disabled state [ 522.688842][ T4762] Bluetooth: hci5: command tx timeout [ 523.002993][ T3227] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 523.015868][ T4762] Bluetooth: hci1: command tx timeout [ 523.019796][ T3227] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 523.033910][ T3227] bond0 (unregistering): Released all slaves [ 523.056799][T12061] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 523.059746][T12061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 523.078196][T12061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 523.114518][T12061] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 523.117853][T12061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 523.129369][T12061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 523.377292][T12061] hsr_slave_0: entered promiscuous mode [ 523.393689][T12061] hsr_slave_1: entered promiscuous mode [ 523.403895][T12061] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 523.411363][T12061] Cannot create hsr debugfs directory [ 523.911677][ T3227] hsr_slave_0: left promiscuous mode [ 523.916783][ T3227] hsr_slave_1: left promiscuous mode [ 523.919973][ T3227] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 523.920043][ T3227] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 523.922140][ T3227] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 523.922164][ T3227] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 523.990530][ T3227] veth1_macvtap: left promiscuous mode [ 523.990604][ T3227] veth0_macvtap: left promiscuous mode [ 523.990694][ T3227] veth1_vlan: left promiscuous mode [ 523.990759][ T3227] veth0_vlan: left promiscuous mode [ 524.771287][ T4762] Bluetooth: hci5: command tx timeout [ 525.156892][ T4762] Bluetooth: hci1: command tx timeout [ 526.078076][ T3227] team0 (unregistering): Port device team_slave_1 removed [ 526.307031][ T3227] team0 (unregistering): Port device team_slave_0 removed [ 526.856182][ T4762] Bluetooth: hci5: command tx timeout [ 527.166521][ T4762] Bluetooth: hci1: command tx timeout [ 527.632659][T12045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 527.986345][T12045] 8021q: adding VLAN 0 to HW filter on device team0 [ 528.031085][ T5375] bridge0: port 1(bridge_slave_0) entered blocking state [ 528.034096][ T5375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 528.074579][ T5375] bridge0: port 2(bridge_slave_1) entered blocking state [ 528.078099][ T5375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 528.753090][T12061] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 528.810309][T12061] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 528.825832][T12061] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 528.840735][T12061] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 528.923906][T12045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 528.947103][ T4762] Bluetooth: hci5: command tx timeout [ 529.051266][T12061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 529.088901][T12061] 8021q: adding VLAN 0 to HW filter on device team0 [ 529.151647][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state [ 529.154864][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 529.171636][T12045] veth0_vlan: entered promiscuous mode [ 529.227220][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 529.230533][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 529.242053][T12045] veth1_vlan: entered promiscuous mode [ 529.426654][T12045] veth0_macvtap: entered promiscuous mode [ 529.469824][T12045] veth1_macvtap: entered promiscuous mode [ 529.491577][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.517075][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.521497][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.525795][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.531801][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.536458][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.541120][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.545761][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.557554][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 529.565793][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.582736][T12045] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 529.597995][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.602636][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.617838][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.627162][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.631776][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.661168][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.675962][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.701386][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.705952][T12045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 529.712906][T12045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 529.734181][T12045] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 529.783398][T12045] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.795898][T12045] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.800379][T12045] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.804530][T12045] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 529.819318][T12061] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 530.053431][ T3227] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 530.081067][ T3227] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.094554][T12061] veth0_vlan: entered promiscuous mode [ 530.140362][T12061] veth1_vlan: entered promiscuous mode [ 530.161943][ T1240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 530.173799][ T1240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.260360][T12061] veth0_macvtap: entered promiscuous mode [ 530.278423][T12061] veth1_macvtap: entered promiscuous mode [ 530.319813][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 530.319827][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.319833][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 530.319840][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.319845][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 530.319852][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.319858][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 530.319868][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.319877][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 530.319888][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.319897][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 530.319908][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.321515][T12061] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 530.363758][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.425880][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.425899][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.425913][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.425933][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.425945][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.425961][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.425973][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.425988][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.425999][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.426015][T12061] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 530.426027][T12061] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 530.427534][T12061] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 530.430927][T12061] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.430960][T12061] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.430985][T12061] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.431009][T12061] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.507316][ T39] audit: type=1400 audit(1722745928.761:1190): avc: denied { bind } for pid=12178 comm="syz.3.1544" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 530.617889][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 530.677251][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.722238][ T1240] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 530.725653][ T1240] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 530.964561][ T39] audit: type=1326 audit(1722745929.211:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12183 comm="syz.2.1546" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10e35779f9 code=0x0 [ 531.323468][T12196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1564'. [ 531.915028][T12210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1568'. [ 531.991482][ T6115] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 532.185204][ T6115] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 532.189935][ T6115] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 532.194220][ T6115] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 532.235611][ T6115] usb 7-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 532.239940][ T6115] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.243771][ T6115] usb 7-1: Product: syz [ 532.246228][ T6115] usb 7-1: Manufacturer: syz [ 532.248455][ T6115] usb 7-1: SerialNumber: syz [ 532.252995][ T6115] usb 7-1: config 0 descriptor?? [ 532.256462][T12209] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 532.264050][ T6115] dm9601 7-1:0.0: probe with driver dm9601 failed with error -22 [ 532.646976][T12216] input: syz0 as /devices/virtual/input/input17 [ 533.895290][T12208] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 533.915118][ T6115] usb 7-1: USB disconnect, device number 17 [ 534.885450][T12269] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1582'. [ 535.824822][T12291] netlink: 'syz.2.1590': attribute type 3 has an invalid length. [ 535.873795][T12294] FAULT_INJECTION: forcing a failure. [ 535.873795][T12294] name failslab, interval 1, probability 0, space 0, times 0 [ 535.879102][T12294] CPU: 2 UID: 0 PID: 12294 Comm: syz.2.1591 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 535.883619][T12294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 535.888195][T12294] Call Trace: [ 535.889508][T12294] [ 535.890600][T12294] dump_stack_lvl+0x16c/0x1f0 [ 535.892388][T12294] should_fail_ex+0x497/0x5b0 [ 535.894377][T12294] ? fs_reclaim_acquire+0xae/0x160 [ 535.896466][T12294] should_failslab+0xc2/0x120 [ 535.898535][T12294] __kmalloc_noprof+0xcb/0x400 [ 535.900400][T12294] ? __pfx_lock_acquire+0x10/0x10 [ 535.902309][T12294] tomoyo_realpath_from_path+0xb9/0x720 [ 535.904655][T12294] ? tomoyo_profile+0x47/0x60 [ 535.906663][T12294] tomoyo_path_number_perm+0x245/0x590 [ 535.908939][T12294] ? tomoyo_path_number_perm+0x232/0x590 [ 535.911271][T12294] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 535.913835][T12294] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 535.916417][T12294] ? __fget_files+0x256/0x400 [ 535.918434][T12294] security_file_ioctl+0x75/0xc0 [ 535.920412][T12294] __x64_sys_ioctl+0xbb/0x220 [ 535.922408][T12294] do_syscall_64+0xcd/0x250 [ 535.924363][T12294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.926829][T12294] RIP: 0033:0x7f10e35779f9 [ 535.928785][T12294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 535.937112][T12294] RSP: 002b:00007f10e430e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 535.940699][T12294] RAX: ffffffffffffffda RBX: 00007f10e3705f80 RCX: 00007f10e35779f9 [ 535.944085][T12294] RDX: 0001000000000000 RSI: 0000000080044dfe RDI: 0000000000000003 [ 535.947413][T12294] RBP: 00007f10e430e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 535.950617][T12294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 535.953824][T12294] R13: 000000000000000b R14: 00007f10e3705f80 R15: 00007fff8f799d88 [ 535.957209][T12294] [ 535.959772][ T5404] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 535.967000][T12294] ERROR: Out of memory at tomoyo_realpath_from_path. [ 536.148198][ T5404] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 536.151811][ T5404] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 536.155575][ T5404] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 536.167919][ T5404] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 536.171556][ T5404] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.176423][ T5404] usb 6-1: Product: syz [ 536.178258][ T5404] usb 6-1: Manufacturer: syz [ 536.180172][ T5404] usb 6-1: SerialNumber: syz [ 536.184869][ T5404] usb 6-1: config 0 descriptor?? [ 536.196753][T12283] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 536.201827][ T5404] dm9601 6-1:0.0: probe with driver dm9601 failed with error -22 [ 537.670624][T12281] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 537.677395][ T6115] usb 6-1: USB disconnect, device number 19 [ 538.055391][T12323] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12323 comm=syz.2.1600 [ 538.063008][T12323] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54 sclass=netlink_route_socket pid=12323 comm=syz.2.1600 [ 538.071116][T12323] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=36 sclass=netlink_audit_socket pid=12323 comm=syz.2.1600 [ 538.079001][T12323] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=44 sclass=netlink_audit_socket pid=12323 comm=syz.2.1600 [ 538.084482][T12323] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=54 sclass=netlink_audit_socket pid=12323 comm=syz.2.1600 [ 538.336133][ T5143] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 538.540417][ T5143] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 538.549805][ T5143] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 538.558718][ T5143] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 538.569167][ T5143] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 538.578290][ T5143] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.588842][ T5143] usb 5-1: config 0 descriptor?? [ 539.022338][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.025430][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.065859][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.068906][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.071876][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.074817][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.096814][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.100038][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.114033][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.118651][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.121858][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.124985][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.146121][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.150095][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.153371][ T5143] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 539.179294][ T5143] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 539.211350][ T5143] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 539.416992][T12336] loop0: detected capacity change from 0 to 7 [ 539.420771][T12336] Dev loop0: unable to read RDB block 7 [ 539.423504][T12336] loop0: unable to read partition table [ 539.433670][T12336] loop0: partition table beyond EOD, truncated [ 539.436742][T12336] loop_reread_partitions: partition scan of loop0 (þ被YüŸÑø) failed (rc=-5) [ 540.416563][T12321] usb 5-1: string descriptor 0 read error: -71 [ 540.576081][ T39] audit: type=1400 audit(1722745938.821:1192): avc: denied { getopt } for pid=12345 comm="syz.1.1606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 540.639785][T12352] input: syz0 as /devices/virtual/input/input19 [ 540.646316][T12352] input: failed to attach handler leds to device input19, error: -6 [ 541.334386][ T833] usb 5-1: USB disconnect, device number 22 [ 542.061430][ T5404] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 542.195682][T12366] netlink: 'syz.1.1612': attribute type 4 has an invalid length. [ 542.199845][T12366] netlink: 50220 bytes leftover after parsing attributes in process `syz.1.1612'. [ 542.262393][ T5404] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 542.268194][ T5404] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 542.274373][ T5404] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 542.287262][ T5404] usb 8-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 542.294690][ T5404] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.307120][ T5404] usb 8-1: Product: syz [ 542.310329][ T5404] usb 8-1: Manufacturer: syz [ 542.312774][ T5404] usb 8-1: SerialNumber: syz [ 542.319702][ T5404] usb 8-1: config 0 descriptor?? [ 542.325090][T12359] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 542.332580][ T5404] dm9601 8-1:0.0: probe with driver dm9601 failed with error -22 [ 543.694305][ T39] audit: type=1326 audit(1722745941.941:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12377 comm="syz.1.1616" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ce35779f9 code=0x0 [ 543.846097][T12358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 543.855212][ T5404] usb 8-1: USB disconnect, device number 15 [ 544.256021][T12381] FAULT_INJECTION: forcing a failure. [ 544.256021][T12381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 544.262251][T12381] CPU: 0 UID: 0 PID: 12381 Comm: syz.0.1617 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 544.266840][T12381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 544.271549][T12381] Call Trace: [ 544.272923][T12381] [ 544.274105][T12381] dump_stack_lvl+0x16c/0x1f0 [ 544.276090][T12381] should_fail_ex+0x497/0x5b0 [ 544.278183][T12381] _copy_from_user+0x30/0xf0 [ 544.280246][T12381] snd_pcm_oss_write2+0x1c6/0x3f0 [ 544.282505][T12381] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 544.284838][T12381] ? snd_pcm_kernel_ioctl+0x257/0x2d0 [ 544.286911][T12381] ? snd_pcm_oss_prepare+0x11e/0x220 [ 544.288998][T12381] snd_pcm_oss_write+0x733/0xa10 [ 544.290883][T12381] ? rw_verify_area+0xd0/0x6c0 [ 544.292978][T12381] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 544.295335][T12381] vfs_write+0x29a/0x1140 [ 544.297234][T12381] ? __pfx_vfs_write+0x10/0x10 [ 544.299302][T12381] ? __fget_files+0x256/0x400 [ 544.301371][T12381] ? __fget_light+0x173/0x210 [ 544.303429][T12381] ksys_write+0x12f/0x260 [ 544.305339][T12381] ? __pfx_ksys_write+0x10/0x10 [ 544.307515][T12381] do_syscall_64+0xcd/0x250 [ 544.309593][T12381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.312229][T12381] RIP: 0033:0x7f663e5779f9 [ 544.314211][T12381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.322290][T12381] RSP: 002b:00007f663f315048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 544.325869][T12381] RAX: ffffffffffffffda RBX: 00007f663e705f80 RCX: 00007f663e5779f9 [ 544.329378][T12381] RDX: 0000000000004000 RSI: 00000000200012c0 RDI: 0000000000000004 [ 544.332750][T12381] RBP: 00007f663f3150a0 R08: 0000000000000000 R09: 0000000000000000 [ 544.335838][T12381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.338586][T12381] R13: 000000000000000b R14: 00007f663e705f80 R15: 00007ffe2216ff98 [ 544.341556][T12381] [ 544.410881][T12383] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 545.477126][ T59] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 545.635889][ T59] usb 7-1: device descriptor read/64, error -71 [ 545.920070][ T59] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 546.075905][ T59] usb 7-1: device descriptor read/64, error -71 [ 546.196162][ T59] usb usb7-port1: attempt power cycle [ 546.636021][ T59] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 546.667085][ T59] usb 7-1: device descriptor read/8, error -71 [ 546.936099][ T59] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 546.976987][ T59] usb 7-1: device descriptor read/8, error -71 [ 547.106438][ T59] usb usb7-port1: unable to enumerate USB device [ 548.315863][ T5396] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 548.525101][ T5396] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 548.525129][ T5396] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 548.525149][ T5396] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 548.536959][ T5396] usb 8-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 548.537036][ T5396] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.537054][ T5396] usb 8-1: Product: syz [ 548.537068][ T5396] usb 8-1: Manufacturer: syz [ 548.553369][ T5396] usb 8-1: SerialNumber: syz [ 548.558092][ T5396] usb 8-1: config 0 descriptor?? [ 548.559184][T12408] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 548.560816][ T5396] dm9601 8-1:0.0: probe with driver dm9601 failed with error -22 [ 550.668309][T12407] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 550.677277][ T59] usb 8-1: USB disconnect, device number 16 [ 552.805875][ T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 552.945869][ T59] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 553.005774][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 553.012105][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 553.042785][ T9] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 553.046906][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.050381][ T9] usb 5-1: Product: syz [ 553.056057][ T9] usb 5-1: Manufacturer: syz [ 553.062760][ T9] usb 5-1: SerialNumber: syz [ 553.077027][ T9] usb 5-1: config 0 descriptor?? [ 553.081072][T12475] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 553.085516][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 553.096008][ T9] hub 5-1:0.0: probe with driver hub failed with error -5 [ 553.116152][ T9] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input20 [ 553.135785][ T59] usb 7-1: Using ep0 maxpacket: 32 [ 553.154442][ T59] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 553.163000][ T59] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 553.167402][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.183044][ T59] usb 7-1: Product: syz [ 553.184885][ T59] usb 7-1: Manufacturer: syz [ 553.187750][ T59] usb 7-1: SerialNumber: syz [ 553.200900][ T59] usb 7-1: config 0 descriptor?? [ 553.218571][T12478] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 553.222623][ T59] hub 7-1:0.0: bad descriptor, ignoring hub [ 553.225040][ T59] hub 7-1:0.0: probe with driver hub failed with error -5 [ 553.230861][ T59] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input21 [ 553.319144][ T9] usb 5-1: USB disconnect, device number 23 [ 553.321843][ C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 553.473650][ T5404] usb 7-1: USB disconnect, device number 22 [ 553.473677][ C3] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 553.777151][ T4762] Bluetooth: hci6: Malformed Event: 0x2f [ 553.780239][T12486] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1644'. [ 554.337503][T12496] binder: 12490:12496 ioctl c0306201 0 returned -14 [ 554.739456][T12501] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.743721][T12501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 554.751304][T12501] FAULT_INJECTION: forcing a failure. [ 554.751304][T12501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 554.758413][T12501] CPU: 3 UID: 0 PID: 12501 Comm: syz.2.1647 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 554.763429][T12501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 554.767935][T12501] Call Trace: [ 554.769192][T12501] [ 554.770451][T12501] dump_stack_lvl+0x16c/0x1f0 [ 554.772441][T12501] should_fail_ex+0x497/0x5b0 [ 554.774631][T12501] _copy_from_user+0x30/0xf0 [ 554.776748][T12501] kstrtouint_from_user+0xd7/0x1c0 [ 554.780427][T12501] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 554.782781][T12501] ? __pfx_lock_acquire+0x10/0x10 [ 554.784930][T12501] proc_fail_nth_write+0x84/0x270 [ 554.787122][T12501] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 554.789702][T12501] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 554.792133][T12501] vfs_write+0x29a/0x1140 [ 554.794120][T12501] ? __fdget_pos+0xeb/0x180 [ 554.796056][T12501] ? __pfx_vfs_write+0x10/0x10 [ 554.804660][T12501] ? __pfx___mutex_lock+0x10/0x10 [ 554.807267][T12501] ? __fget_files+0x256/0x400 [ 554.809573][T12501] ksys_write+0x12f/0x260 [ 554.811640][T12501] ? __pfx_ksys_write+0x10/0x10 [ 554.813823][T12501] do_syscall_64+0xcd/0x250 [ 554.816160][T12501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.818857][T12501] RIP: 0033:0x7f10e35764df [ 554.820875][T12501] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48 [ 554.829489][T12501] RSP: 002b:00007f10e42ed040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 554.833163][T12501] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f10e35764df [ 554.836696][T12501] RDX: 0000000000000001 RSI: 00007f10e42ed0b0 RDI: 0000000000000007 [ 554.839915][T12501] RBP: 00007f10e42ed0a0 R08: 0000000000000000 R09: 0000000000000000 [ 554.843611][T12501] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 554.847203][T12501] R13: 000000000000006e R14: 00007f10e3706058 R15: 00007fff8f799d88 [ 554.850778][T12501] [ 554.912058][T12503] overlayfs: missing 'lowerdir' [ 555.354788][T12509] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1650'. [ 556.801834][T12527] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 556.831226][T12527] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 560.979512][ T39] audit: type=1400 audit(1722745959.231:1194): avc: denied { remount } for pid=12570 comm="syz.3.1665" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 560.979527][T12571] hugetlbfs: Invalid gid '0x00000000ffffffff' [ 561.165883][T12571] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 561.207320][T12571] qnx6: wrong signature (magic) in superblock #1. [ 561.214110][T12571] qnx6: unable to read the first superblock [ 561.621762][T12587] kvm: kvm [12586]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x0 [ 561.887675][T12593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12593 comm=syz.3.1670 [ 562.014164][ T39] audit: type=1400 audit(1722745960.261:1195): avc: denied { getopt } for pid=12597 comm="syz.2.1672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 562.082322][T12601] bridge0: port 1(bridge_slave_0) entered blocking state [ 562.085762][T12601] bridge0: port 1(bridge_slave_0) entered forwarding state [ 562.445516][T12609] tipc: Started in network mode [ 562.448023][T12609] tipc: Node identity ffff000000a0ffffff00000000000001, cluster identity 4711 [ 562.454335][T12609] tipc: Enabling of bearer rejected, failed to enable media [ 562.554128][T12613] 9pnet_fd: Insufficient options for proto=fd [ 562.946624][ T57] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 563.136138][ T57] usb 6-1: Using ep0 maxpacket: 16 [ 563.143340][ T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 563.150490][ T57] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 563.154135][ T57] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 563.173288][ T57] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0 [ 563.179582][ T57] usb 6-1: New USB device found, idVendor=04e6, idProduct=0007, bcdDevice= 1.75 [ 563.183591][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=5 [ 563.195817][ T57] usb 6-1: SerialNumber: syz [ 563.217677][ T57] usb-storage 6-1:1.0: USB Mass Storage device detected [ 563.236921][ T57] usb-storage 6-1:1.0: Quirks match for vid 04e6 pid 0007: 1 [ 563.261807][ T57] scsi host6: usb-storage 6-1:1.0 [ 563.447942][ T5375] usb 6-1: USB disconnect, device number 20 [ 564.085849][ T59] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 564.277452][ T59] usb 7-1: Using ep0 maxpacket: 32 [ 564.281057][ T59] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 564.291841][ T59] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 564.301029][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.304160][ T59] usb 7-1: Product: syz [ 564.307612][ T59] usb 7-1: Manufacturer: syz [ 564.309623][ T59] usb 7-1: SerialNumber: syz [ 564.313437][ T59] usb 7-1: config 0 descriptor?? [ 564.320732][T12633] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 564.326470][ T59] hub 7-1:0.0: bad descriptor, ignoring hub [ 564.329048][ T59] hub 7-1:0.0: probe with driver hub failed with error -5 [ 564.343012][ T59] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input22 [ 564.489472][T12652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1686'. [ 564.550670][ T6115] usb 7-1: USB disconnect, device number 23 [ 564.550759][ C3] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 564.833689][T12645] overlay: filesystem on ./bus not supported as upperdir [ 566.438970][ T39] audit: type=1400 audit(1722745964.691:1196): avc: denied { unmount } for pid=12045 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 566.563743][T12669] jump_label: Fatal kernel bug, unexpected op at preempt_notifier_register+0xd/0xf0 [ffffffff815967ed] (eb 12 90 48 c7 != 66 90 0f 1f 00)) size:2 type:1 [ 566.575855][T12669] ------------[ cut here ]------------ [ 566.578257][T12669] kernel BUG at arch/x86/kernel/jump_label.c:73! [ 566.581038][T12669] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 566.585166][T12669] CPU: 2 UID: 0 PID: 12669 Comm: syz.2.1691 Not tainted 6.11.0-rc1-syzkaller-00283-gd3426a6ed9d8 #0 [ 566.591298][T12669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 566.596686][T12669] RIP: 0010:__jump_label_patch+0x378/0x400 [ 566.599760][T12669] Code: 48 c7 c3 60 40 24 93 e8 c6 7c 59 00 45 89 e1 49 89 d8 4c 89 f1 41 55 4c 89 f2 4c 89 f6 48 c7 c7 20 38 46 8b e8 f9 ef 39 00 90 <0f> 0b e8 a1 7c 59 00 90 0f 0b e8 99 7c 59 00 90 0f 0b 48 c7 c7 30 [ 566.608865][T12669] RSP: 0018:ffffc900036cfc38 EFLAGS: 00010286 [ 566.611223][T12669] RAX: 0000000000000096 RBX: ffffffff8b466ea1 RCX: ffffffff816b0039 [ 566.614276][T12669] RDX: 0000000000000000 RSI: ffffffff816b9416 RDI: 0000000000000005 [ 566.617407][T12669] RBP: ffffc900036cfc80 R08: 0000000000000005 R09: 0000000000000000 [ 566.620621][T12669] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000002 [ 566.623995][T12669] R13: 0000000000000001 R14: ffffffff815967ed R15: 0000000000000085 [ 566.627309][T12669] FS: 000055555d7f5500(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000 [ 566.631147][T12669] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 566.633924][T12669] CR2: 00000000202dd000 CR3: 00000000234b2000 CR4: 0000000000352ef0 [ 566.637447][T12669] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 566.641107][T12669] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 566.644843][T12669] Call Trace: [ 566.646498][T12669] [ 566.648228][T12669] ? show_regs+0x8c/0xa0 [ 566.650966][T12669] ? die+0x36/0xa0 [ 566.652717][T12669] ? do_trap+0x232/0x430 [ 566.654880][T12669] ? __jump_label_patch+0x378/0x400 [ 566.657241][T12669] ? __jump_label_patch+0x378/0x400 [ 566.659487][T12669] ? do_error_trap+0xf4/0x230 [ 566.662135][T12669] ? __jump_label_patch+0x378/0x400 [ 566.673138][T12669] ? handle_invalid_op+0x34/0x40 [ 566.675264][T12669] ? __jump_label_patch+0x378/0x400 [ 566.678225][T12669] ? exc_invalid_op+0x2e/0x50 [ 566.680338][T12669] ? asm_exc_invalid_op+0x1a/0x20 [ 566.682095][T12669] ? preempt_notifier_register+0xd/0xf0 [ 566.684314][T12669] ? __wake_up_klogd.part.0+0x99/0xf0 [ 566.686758][T12669] ? vprintk+0x86/0xa0 [ 566.688511][T12669] ? __jump_label_patch+0x378/0x400 [ 566.690298][T12669] ? __jump_label_patch+0x377/0x400 [ 566.692268][T12669] arch_jump_label_transform_queue+0x7e/0x120 [ 566.695033][T12669] __jump_label_update+0x125/0x420 [ 566.697454][T12669] jump_label_update+0x1d7/0x400 [ 566.699553][T12669] __static_key_slow_dec_cpuslocked.part.0+0x4e/0x90 [ 566.702571][T12669] static_key_slow_dec+0x7c/0xc0 [ 566.704704][T12669] kvm_put_kvm+0x8f8/0xb80 [ 566.706894][T12669] ? __pfx_kvm_vm_release+0x10/0x10 [ 566.709298][T12669] kvm_vm_release+0x42/0x60 [ 566.711216][T12669] __fput+0x408/0xbb0 [ 566.713019][T12669] task_work_run+0x14e/0x250 [ 566.715046][T12669] ? __pfx_task_work_run+0x10/0x10 [ 566.717935][T12669] ? xfd_validate_state+0x5d/0x180 [ 566.720684][T12669] syscall_exit_to_user_mode+0x27b/0x2a0 [ 566.724145][T12669] do_syscall_64+0xda/0x250 [ 566.726433][T12669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.729012][T12669] RIP: 0033:0x7f10e35779f9 [ 566.730954][T12669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.738964][T12669] RSP: 002b:00007fff8f799ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 566.742633][T12669] RAX: 0000000000000000 RBX: 00007f10e3707a80 RCX: 00007f10e35779f9 [ 566.745972][T12669] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 566.748888][T12669] RBP: 00007f10e3707a80 R08: 0000000000000006 R09: 00007fff8f79a1cf [ 566.751960][T12669] R10: 00000000003ffcc4 R11: 0000000000000246 R12: 000000000008a684 [ 566.755461][T12669] R13: 00007fff8f799fe0 R14: 00007fff8f79a000 R15: ffffffffffffffff [ 566.759045][T12669] [ 566.760362][T12669] Modules linked in: [ 566.774792][T12669] ---[ end trace 0000000000000000 ]--- [ 566.777397][T12669] RIP: 0010:__jump_label_patch+0x378/0x400 [ 566.780143][T12669] Code: 48 c7 c3 60 40 24 93 e8 c6 7c 59 00 45 89 e1 49 89 d8 4c 89 f1 41 55 4c 89 f2 4c 89 f6 48 c7 c7 20 38 46 8b e8 f9 ef 39 00 90 <0f> 0b e8 a1 7c 59 00 90 0f 0b e8 99 7c 59 00 90 0f 0b 48 c7 c7 30 [ 566.790389][T12669] RSP: 0018:ffffc900036cfc38 EFLAGS: 00010286 [ 566.794533][T12669] RAX: 0000000000000096 RBX: ffffffff8b466ea1 RCX: ffffffff816b0039 [ 566.798537][T12669] RDX: 0000000000000000 RSI: ffffffff816b9416 RDI: 0000000000000005 [ 566.802653][T12669] RBP: ffffc900036cfc80 R08: 0000000000000005 R09: 0000000000000000 [ 566.806423][T12669] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000002 [ 566.810820][T12669] R13: 0000000000000001 R14: ffffffff815967ed R15: 0000000000000085 [ 566.814452][T12669] FS: 000055555d7f5500(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000 [ 566.818335][T12669] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 566.821288][T12669] CR2: 00000000202dd000 CR3: 00000000234b2000 CR4: 0000000000352ef0 [ 566.825300][T12669] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 566.828916][T12669] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 566.832322][T12669] Kernel panic - not syncing: Fatal exception [ 566.835775][T12669] Kernel Offset: disabled [ 566.837637][T12669] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:28:29 Registers: info registers vcpu 0 CPU#0 RAX=0000000000a9db64 RBX=0000000000000000 RCX=ffffffff8b11c619 RDX=ffffed100d606fda RSI=ffffffff8bb08480 RDI=ffffffff816260ac RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20 R8 =0000000000000000 R9 =ffffed100d606fd9 R10=ffff88806b037ecb R11=0000000000000001 R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff9012ba58 R15=0000000000000000 RIP=ffffffff8b11da0f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c32068d CR3=000000002c7f0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000100001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe22170320 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f663e5e66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f663e5e66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f663e5e66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f663e5e66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f663e5e6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f663e5e6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=fffff52000657e2b RBX=fffff52000657e35 RCX=ffffffff813d02e6 RDX=fffff52000657e35 RSI=0000000000000060 RDI=ffffc900032bf148 RBP=fffff52000657e29 RSP=ffffc900032bf0a8 R8 =0000000000000001 R9 =fffff52000657e34 R10=ffffc900032bf1a7 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffc900032bf170 R15=ffff88802290a440 RIP=ffffffff81e79c0e RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffec2fded60 CR3=000000000db7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=00000000000000ff Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f23baed66a3 00007f23baed66a3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffec2fe0f60 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555590d133b4 0000555590d133b0 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555590d0c498 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555590d18560 0000555590d183f0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000037313335 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000880030010000c 80040100000c0806 060131fa0008000c e0030010000cd003 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0104080008100050 100006013ea40008 0006100020100006 013efe2482821000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0180040100000c08 0606013894208008 0001e00300100001 d00300100001c003 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 02100001b0030190 1000100311800400 03000401a0030008 0001900303ffffff ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff04018003088004 0480040100000c08 0606010582140800 0880030010000c80 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9 RSI=ffffffff84fe2865 RDI=ffffffff9519d720 RBP=ffffffff9519d6e0 RSP=ffffc900036cf5a8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=7973203a6d6d6f43 R12=0000000000000000 R13=0000000000000000 R14=ffffffff9519d730 R15=0000000000000079 RIP=ffffffff84fe288f RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 000055555d7f5500 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000202dd000 CR3=00000000234b2000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff8f79a110 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f10e35e66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f10e35e66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f10e35e66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f10e35e66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f10e35e6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f10e35e6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000005d01fb RBX=0000000000000003 RCX=ffffffff8b11c619 RDX=0000000000000000 RSI=ffffffff8b4cc500 RDI=ffffffff8bb08500 RBP=ffffed10030d3488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d666fd9 R10=ffff88806b337ecb R11=0000000000000000 R12=0000000000000003 R13=ffff88801869a440 R14=ffffffff9012ba58 R15=0000000000000000 RIP=ffffffff8b11da0f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f23b7a3ff60 CR3=000000000db7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000044000001 Opmask01=0000000001ee0000 Opmask02=0000000001ffffff Opmask03=2040000404420020 Opmask04=00000000fffff7ff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff156d0a70 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffff0000 ffffffffffffffff ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 220c58bb4e8a6395 73732578a0a5e96b ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73737373737372a2 7373737373737373 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6d25203a7325206b 6e696c6d79732065 7461657263206f74 2064656c69614600 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4800051f5600054e 4b4c49485c560540 5144405746054a51 054140494c444600 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000d1 0000000000000000 30706f6f6c2f6b63 6f6c622f6c617574 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 517f2bc83df910e6 0000000560eb3470 0000000000000021 0000560eb300302e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000560bd3d6c9e9 0000000000000041 0000003177617264 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3e676b78263a4c26 3849263b49263a49 264c48264f48264e 4826494826484826 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 544f47202c006500 0000006c655f5f6d 6c205f616d61205f 6f656b2200000a4f ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 494e47202c004500 00000049000a0020 20000a006461205f 64656b000000004d ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020