last executing test programs: 10.170102873s ago: executing program 3 (id=3189): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0), &(0x7f0000000040)=0x8) unshare(0xc040400) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000001c0), 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r9], 0x24}}, 0x0) splice(r4, 0x0, r6, 0x0, 0x39000, 0x0) r10 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f00000000c0)=0x0) timer_gettime(r11, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r12 = socket$tipc(0x1e, 0x5, 0x0) r13 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r13, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r13, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r12, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d) setsockopt$TIPC_GROUP_JOIN(r12, 0x10f, 0x87, &(0x7f0000000400)={0x42, 0x1, 0x3, 0x3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) mmap(&(0x7f000049e000/0x4000)=nil, 0x4000, 0xa, 0x30, r12, 0x1000) 9.325327598s ago: executing program 3 (id=3196): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e4001020303090224002af623"], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) write$char_usb(0xffffffffffffffff, &(0x7f0000000000), 0x0) syz_emit_vhci(&(0x7f0000000600)=ANY=[@ANYBLOB="040e04005b0c07134fde7697cd908150e83ed0474c9278c29c716c2d7867c54ad6ecc42f4b2ee76cf4bc095f0b80cb226cf8b0d46ef323d57d633bc309eb56c2c6ace3ae34c0c067c8aab4f509b16fdc60ddb6648cc6eac6b041467d49904234b7b70799ae2f96d32e65018d7825f39c0248463be11db76edc9ce7ba2cd9650e281c641ceb7427298f55f90ec8a8bb4831119168f476e1d5923da6cc92d2ea"], 0x7) 7.827856611s ago: executing program 1 (id=3202): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000006840)={0x2020}, 0xff23) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() timer_create(0x4, &(0x7f0000000040)={0x0, 0x1e, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000050000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000000)={{}, 0x80000000, 0x6, 0x100}) openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xe, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r4, 0x402, 0x80000007) fcntl$setsig(r4, 0xa, 0x21) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) readv(r5, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/44, 0x2c}], 0x11) 6.800490953s ago: executing program 1 (id=3204): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0), &(0x7f0000000040)=0x8) unshare(0xc040400) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000001c0), 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r9], 0x24}}, 0x0) splice(r4, 0x0, r6, 0x0, 0x39000, 0x0) r10 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f00000000c0)=0x0) timer_gettime(r11, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r12 = socket$tipc(0x1e, 0x5, 0x0) r13 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r13, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r13, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r12, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d) setsockopt$TIPC_GROUP_JOIN(r12, 0x10f, 0x87, &(0x7f0000000400)={0x42, 0x1, 0x3, 0x3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) mmap(&(0x7f000049e000/0x4000)=nil, 0x4000, 0xa, 0x30, r12, 0x1000) 6.237949056s ago: executing program 3 (id=3206): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, r5, 0x0, 0x0, 0x0, 0x7fc, {0x4, 0x1, 0x3, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fe1dff010000000000000000000caa000000091600000000000004b427180010"}}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) syz_usb_connect(0x0, 0xdf0, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000bb9d3140a8171300a68e010203010902de0d040000000009044c080dd890490008240600014c352105240008000d240f01ed000000000009000706241a00001004240202152412ff03a317a88b045e4f01a607c0ffcb7e392a09050c101000040945ca23c564da1719759a29a61dbc150dee67401978c3d487fadb01e86bb960b9abdae885655d1f0a3987e8ab80844c898af48ae4a1dc734c6f1ac92197166706200f3f846794a14529d411aa643ebc2c178af7e658687ed74319c9ecd18b138716e2d5d315f539c0e02bc70a1c6c20f9cf086112931185ffbc9f694e80aa88e3b2cfb6fe7e74eec71f7499f504b45a4865a95033669c07087facaf8ac4f31b04b77f719c05b32879ae5d0d2345cd230249d2a81931d5b2cd4926d14e453f00930c1f6eab4a52d70a168db209050b08080006050509050e03200074077f6f012eb6f6fa6e8097158a29b2b59f66885d24de987395bcfe57c098f9f152403879d2184522b55a1ffa66c66472b9db75b365340b7ca77e19d136ee9b6d4f8582a50176d416ba0bc77e01f89eecdb032b7f918c7686d52a8a352bf3ee9327907d7bd508bd917fb205cf679b2040bf09050a1020000104080905010140008f038007250182080400090580080002f9800209050210ff030f09ff072501800205009f040c3a28fce72749ce8348f09ddc83df10d064eecdfb654f6cce460f6a1c8e713c4990e55522dc79b96fda18bd6d7f17308d8cbebc90a4fd42cb4e8de2db10b862752cd19c4ea184753c6aa3aeeec7758d029165e68f69773d599b8a34c4bb2a79469c5d08b9d77887278c4c82cdca59a07ad1cdc4abd75071e40ddaefc87f85ad235feb18b2c0e946135b774035d84e7f070ab6f04b1ae80bbfc9c8892c0905011020000c00050905031008000cff8107250100040900072501000805000905080108007f0703d207b78b979985980c55387603537e47dd2f2e8edf4a9531f79606d639345059e4a0f89675999bfa05df87ba75b38a137ddae0d9b69591af1eebd350b034c1374173942b3ba8df1ab6c67c637e2cb11ed25c53015099377406eff9019213367ef7a0f9c33b1e3a1ade2220d24498c1925c39630ed38db55a89d8a2f1778f399513d149866a2fc9ffdefc82dfbeaedd999a118e3064a96c39126ffe33da17e7573cb5e24c6d4aa6e976b8c75dbdc8d4b6e4b902d50016f603bee417b0e1b87c6a088ca806c8489ab97a4453b99789f580b51b9523a13e5f827e5fa667c39e956b4fb4371ceb844c15377d79294b1703d9bdeb28bc84cdc4e78f3c2751fcc9595bdd7e44148917ea122786a88e8dfb6d1245bd4b44516cb9ad6dc5d954fa5894ea1d5b0b9d344da7342d25037686dfbbef579b7c55785bbc96b59c5a9cb11b36069092bc5913cf38d77e90ba89643107bf87f0ea1ab4495fe37b1eed186bbe1dde0a73be96d44e2309050c031000720509ad31d27e74f77531a457026f62696f28251af2359bc3f51fd3e680aecc06edb18f6f7fc901651a38a3476348868b089518469bf194f19e7f9ca4261ed03062a2a2c37e6303e83ca09619c184fa4304b17100407ee3fb262ff391cc28efca2884bccb60027e00141eda5c4fff696a072d2b9bf81b4c218ab749604e6499801aa68b8bfd61c0cd27249458b23da4b2178ed44d856b0186f37807a0540ba0926d2059d1df13e5f6574dc33a48b692ff09b718b7742b28b2920454e0d4cc2e6231dbfe2d009fb7c8bb68893f2d352a7215fccb8c5794462391b89dde2a584e1ba64b08b310010ac56d0e8273c77190e6672f50ccb63b4a2f26558fedfc14de3d837ddb7b936403a3075a740050552266a9b09f544c5b1d7ed3e0952146f8764637ec5c2c94dad57aaf5f1a23308610798c3d8355528169831aca24ca27747ffeff677e54da257cc90f47c09b37b694c7e96d1706a075164464b8f1e14b0c12ceaf48a593690600cb5bcae110dbf980424eeb4bbb075114175c2733dce31054faf14c3881bb084566147b3996119318a6688815c1de0f9c05f63b3b0c0f8a68f866b61bc7cd323ff64a0014eb7fff09050908400008860009050501080001050909043f000657a707fa0a240102000502010209240302000306040808240802020002a9052405040607240502feaadc1124060404050600070007000100020081052406000005240005000d240f0103000000090003005908241cfffe06db0c072414d5f60b0009050202000410060450074efd4c41c53e61fa16b19fae792afc6bbfdc8217923fcb88fa6157d23257e68e05e2b4e89ccededb94d390e523c7dec3c011b8b8e36b57e883"], 0x0) syz_usb_connect$cdc_ecm(0x1, 0x143, &(0x7f0000000700)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x131, 0x1, 0x1, 0x6, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0xf9, {{0x9, 0x24, 0x6, 0x0, 0x0, "a875d650"}, {0x5, 0x24, 0x0, 0xe47e}, {0xd, 0x24, 0xf, 0x1, 0xdd, 0x4, 0x4, 0x16}, [@call_mgmt={0x5, 0x24, 0x1, 0x0, 0x3}, @acm={0x4, 0x24, 0x2, 0x9}, @mdlm={0x15, 0x24, 0x12, 0x7}, @country_functional={0xc, 0x24, 0x7, 0xc1, 0x5, [0x1000, 0x64, 0xff]}, @mdlm_detail={0xbb, 0x24, 0x13, 0xf9, "d3b0ea68b477e3a96692126f57cef22674e41d4eeee54db697fd13d628627367d4197c366a400f443e042b931f0b64e8029fe317a232096b654a67e930c74f403975392c9ba79e19e652b7e1979560c3d3acd8b8a8563aa74679c98ba9b930d494e6c06a8594ca279257c5ff889e4e84802419b80a053c06f84ac5c1bb39d2d5794c48cf3df2425d55b178a4b70bed91d3adadc568272a17dc461a3b762b3c56fc793df24f3d5d239fbafdcaa1fdf9740fdccf3144fc7b"}, @acm={0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x5, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x9, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x9, 0x2}}}}}]}}]}}, &(0x7f0000000d40)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x300, 0x4, 0x9, 0x0, 0x8, 0xd}, 0x194, &(0x7f00000008c0)={0x5, 0xf, 0x194, 0x6, [@generic={0xe7, 0x10, 0x2, "6b15bf01a9d13400e32d17ea61ff3c908c7e131de15417a70ca95c169da7dd0403b370af88e4f989e8028357c8bb22c108bc9ac96bffe908c00aa0e5422c2bbf31634db3a657241fb4083cb5d343e0bfe15a611d6a304992282e559320d1774eca89f60213b2a5fdb60cee5273edb4c68b27c36f88cc8d09a52de18060be0f059cf51949da3b2bfc0554822fc9a14f6517d3cc62d50b058078d8f03f078c140a6bf99cc99298144e39d1c5235aab7daba5ae11c6bc5117b44621d66da3723b0509c3ec0814158c1c35cc68daaa508b03ceafe85ae6d2a8cd5e3b01e7227e7f3d85f4f0ee"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x2, 0xe, 0x2}, @ssp_cap={0xc, 0x10, 0xa, 0x7f, 0x0, 0x3, 0xf00, 0x3}, @generic={0x77, 0x10, 0xb, "bcd26de9cd33abdf3dcc5c6600999f69973df173516da390351abbb26ec07c32056a6f4fac39c3cedb2f34efbe3330127876c9616189ceba97878921b9eb3e84f0041f5f8cb0893cad7a2ace39aac30481ba30d35eeb4379f53eef82287e0f9553e0717a7a511f62edcd79daba38091449ace36e"}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "42994e351a8caa2a91615ea95304f9fc"}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x1, 0x6, 0x5}]}, 0x6, [{0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x814}}, {0x30, &(0x7f0000000b00)=@string={0x30, 0x3, "8de8266d69e52588d0a1426d17d118667bfb521135e186a115c3eaf553e1bf6d359e3755a2603369699a5af21340"}}, {0xfe, &(0x7f0000000b40)=@string={0xfe, 0x3, "22d917202931d45a55cd19eeb873a45129efe899738ead92637dd0f1980ac75d1b330c0e31d50ce67f2519e34f94184417cd035fe04f7368c5e3970aea038c3fa58cce292dcf4513097d4d0c54967e8e35cb0b32bdcf9dc59f7383b928ce116f173c41e1c7314957d7416be088c807352ae05b43e5cd62f7c1474ae3a0d09d107a3be67a3a2822f86d5e1ce763c946adfa96143af9a3aa650e4e0f867a0e1775edc795c2abf0d1825a8d1ddb6f605dda07665614304b88f3130590fba85e29e8cc6ae856f87d0233279930414210365b362fe4426f88461ef6610f461c5ea5bcf2d03ff12a08497932ac1f5e2c70e6f4efdbc7799af04f94b019ae8d"}}, {0x1c, &(0x7f0000000c40)=@string={0x1c, 0x3, "1c5eb14b1eb0bc315fb7b275efab88ac2aee2dad4667a0c33077"}}, {0x91, &(0x7f0000000c80)=@string={0x91, 0x3, "3a83d5ba4141ede8944b9f4f71d590bc4d0a35449ee283c9a5798cc35327a272723433c57d3105bb058bd9d2ea1273ee6688eca281ed90bb22110781aa333bd7da4842b2513aee4ba5526615f1e5a17e58e570edc105fea5bed8da0a4a1f05f9a97b4dffd41be81ea92f07c716a63b0d5f2675a949165757e82c924df9dc3f0f0e5b20e3f4902a3386c83a4d0a6b12"}}]}) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x94, 0x7e, 0xac, 0x0, 0x8ca, 0x111, 0x6dc8, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x89, 0x26, 0x3c}}]}}]}}, 0x0) syz_open_dev$dmmidi(&(0x7f0000002e40), 0x48000, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(0xffffffffffffffff, 0xc0245720, &(0x7f0000000080)={0x1}) 3.878587518s ago: executing program 1 (id=3207): r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000440)=[{&(0x7f0000000340)=""/96, 0x7ffff000}, {&(0x7f0000000280)}, {&(0x7f0000000600)=""/252}, {&(0x7f0000000400)=""/34}], 0x50, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) io_setup(0x4, &(0x7f0000000140)=0x0) io_pgetevents(r2, 0x1, 0x0, &(0x7f0000001080), 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r3}, 0x38) r4 = socket$packet(0x11, 0x3, 0x300) epoll_create1(0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffe4, 0xfffffffffffffda0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x4) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x8, 0x1}, 0x48) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x34, 0x5, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}}, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r5, &(0x7f0000000580), &(0x7f0000001740)=""/248}, 0x20) r7 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001200)=ANY=[@ANYBLOB="9803eb19c9e4e1fefd54a72189da49b895800000", @ANYRES16=r8, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r9, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) socket$key(0xf, 0x3, 0x2) io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 3.878156303s ago: executing program 2 (id=3208): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) write$P9_RGETLOCK(r0, &(0x7f0000000540)=ANY=[], 0x25) 3.78880803s ago: executing program 2 (id=3210): iopl(0x3) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000006800010000000000000000000a0000000000000008000500", @ANYRES32=0x0, @ANYBLOB="b8658007eaec589e282f7562fb56b687926204db6f9720bae5f0421b349dbce7b1d175bd1bf100000000504b08c8b92fbedd5ce93a15a8a5381bb83ff096e696fda0445664b72c54c83cb52e168f4d19ac401bb10f7ba0a710330724bc23db49c8324112c62ab272b7fcadf226fc9209338b970684ef8859aebf6c8354b75c4ae2cef9eb64352a34e014cab0ac00000000af4517eead09863d45cd89b11fb15d6d68656d7f3343fb678900"/186], 0x20}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x48001) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000013c0)=0xc) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000040000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffcdd}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r6, 0xc00464c9, &(0x7f00000004c0)) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}, {0x2, 0x0, @private}, 0x7e}) fcntl$F_GET_FILE_RW_HINT(r3, 0x40d, &(0x7f0000000140)) syz_open_dev$ptys(0xc, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, 0x0, 0x0, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000044}, 0x844) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000140)) ioctl$PTP_SYS_OFFSET_PRECISE(0xffffffffffffffff, 0xc0403d08, &(0x7f0000000500)) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r9}, 0x10) socketpair(0x23, 0x5, 0x0, &(0x7f0000000040)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0) 3.639135693s ago: executing program 2 (id=3211): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$NFC_CMD_GET_TARGET(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) syz_io_uring_setup(0x6291, &(0x7f0000000340)={0x0, 0x722f, 0x0, 0x0, 0x2ac}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x11c, &(0x7f00000002c0)=0x4, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) syz_emit_ethernet(0xfdef, &(0x7f00000003c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x168, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, [{}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x9, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a"}, {0x21, 0x7, "b8a3e100908f61640000006f00fec0ffff00000000000000ff0bc0fe000000000000000002000002d9a0274500040000000013eaf40000"}, {0x0, 0x13, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf"}, {0x0, 0x4, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bc"}]}}}}}}, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r3, 0x11, 0x68, &(0x7f0000003a80)=0x2, 0x4) setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f00000000c0)=0x4, 0x4) r4 = socket(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x2}}}}]}, 0x78}}, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) write$binfmt_elf64(r2, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) r7 = socket(0x0, 0x80002, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newtaction={0x14, 0x13, 0x53b}, 0x14}}, 0x0) bind$netrom(r7, 0x0, 0x0) r8 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f00000000c0)={0x0, 0x1, 0x1}) 3.178226574s ago: executing program 3 (id=3212): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000000a140309000000000000000008000100000000000800030001"], 0x20}}, 0x0) (fail_nth: 3) 3.099870401s ago: executing program 1 (id=3213): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x2}, 0x48) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c8000c0008000500070800227cca1eb327c95af1d1bccd21c35f16000700"], 0x11) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ff"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x44d02) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0x0, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_NON_HH_WEIGHT={0x8, 0x7, 0x5}]}}]}, 0x38}}, 0x0) bind$unix(r2, 0x0, 0x0) r6 = socket$unix(0x1, 0x2, 0x0) sendmmsg(r6, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) sendmsg$nl_route(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000003e00f14500007000fedbdf210a000000342801"], 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x80) r9 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r9, 0x8933, &(0x7f00000001c0)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000010000100"/20, @ANYRES32=r10, @ANYBLOB="1619020000000000"], 0x20}}, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000140), 0x1) process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) 3.03999662s ago: executing program 3 (id=3214): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e4001020303090224002af623"], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) write$char_usb(0xffffffffffffffff, &(0x7f0000000000)='9', 0x1) syz_emit_vhci(0x0, 0x7) 2.611966891s ago: executing program 2 (id=3216): syz_io_uring_setup(0x7ffa, &(0x7f0000000400)={0x0, 0xf785, 0x3f, 0x2, 0x2ac}, &(0x7f00000000c0)=0x0, &(0x7f0000000140)=0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$PROG_LOAD(0x6, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$clear(0x11, 0xfffffffffffffffd) socketpair$unix(0x1, 0x5, 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r6, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0xfe}, @raw32}], 0x1c) r7 = dup(r4) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000012000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000300)="b9800000c00f3235000800000f300fe095a6520000b8010000000f01d9c402d53b9e0700000026f047ff4d14f30fc775ddb9c5090000b86c000000ba000000000f1d0f08450f01cb4a0fc72b", 0x4c}], 0x1, 0x0, 0x0, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="270000000104010a00000000000000000000000306000644dfff0002"], 0x1c}}, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) setsockopt$inet6_int(r2, 0x29, 0xf, &(0x7f0000000100)=0x8, 0x4) syz_io_uring_submit(r0, r1, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x80, &(0x7f0000000280)=@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}}) io_uring_enter(0xffffffffffffffff, 0x7c76, 0x0, 0x2, 0x0, 0x0) 2.127938953s ago: executing program 1 (id=3217): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000006840)={0x2020}, 0xff23) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() timer_create(0x4, &(0x7f0000000040)={0x0, 0x1e, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) socket$nl_route(0x10, 0x3, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f0000000000)={{}, 0x80000000, 0x6, 0x100}) openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xe, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @empty}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r4, 0x402, 0x80000007) fcntl$setsig(r4, 0xa, 0x21) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) readv(r5, &(0x7f00000004c0)=[{&(0x7f00000000c0)=""/44, 0x2c}], 0x11) 1.978366818s ago: executing program 0 (id=3218): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) munmap(&(0x7f0000000000/0x2000)=nil, 0x2000) write$P9_RGETLOCK(r0, &(0x7f0000000540)=ANY=[], 0x25) 1.909033986s ago: executing program 0 (id=3219): r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000000440)=[{&(0x7f0000000340)=""/96, 0x7ffff000}, {&(0x7f0000000280)}, {&(0x7f0000000600)=""/252}, {&(0x7f0000000400)=""/34}], 0x50, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) io_setup(0x4, &(0x7f0000000140)=0x0) io_pgetevents(r2, 0x1, 0x0, &(0x7f0000001080), 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r3}, 0x38) socket$packet(0x11, 0x3, 0x300) epoll_create1(0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffe4, 0xfffffffffffffda0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x4) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x8, 0x1}, 0x48) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x34, 0x5, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x34}}, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000003c0)={r4, &(0x7f0000000580), &(0x7f0000001740)=""/248}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0}]) 1.198018669s ago: executing program 1 (id=3220): syz_emit_vhci(0x0, 0x22) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c244aba277d101b5ac305"], 0xd) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04090003c800000000f8ffffffffffffff000002"], 0x14) write$binfmt_script(r0, &(0x7f00000005c0)={'#! ', '', [], 0xa, "7d7c463361f6a11cf6e5600f11c68f16539afb331bf63eafc7d3db6c273b843c92f868b7cc99fa92b898e4549d93a274a6a8221cfc2df04da760a707a57f2adeb124ab580975ab10518f9bd924533d504e2e0ec6102ec2eb8edd51e1a830a1028233bc005b9f4d13d28de3ce256afec2ff9236b1e39e3abe273604600768506123efa4b0b307444e2006626c1d3eb5135703f45052bc0001000000000000188c8512800999ad9b6593e218ecbe90ebeac4a55ec153bfddc40ed83e41f33748255a9e5b5ce9eb2d9b57fff72265af29b0df2834f3ce69dbefc2e13b86d7c512f2681270188b4bc990559ecd6731c4f49221b19637ebd2a29fc7bdad307dc31612572d1d418761927a3db07111d852a7236397c65cd77992ad68ae5a935ccc452e00f844b7e8496448f98b0b25eef918790ad22c40c1e04c8eb13c726a820000000000000000000000000000e637b17224c491e98d9ced41ebba4469fe727d8b4db8fb7c00ba25a4fd567373563584222edd922f31d1cd9e588bbc6c984cb09f0066c6a9ca5139a3d926ec1157b52f107132b4f5f1c2cb6bf3939fe42c70bb8f70d3eb86632b968606e0dc5c08fa47a48be36984c90b60071bfd600170c90ab999b9fa20aaa3c86312fdfb2abaa9d0f30c262088891ea4e0310836cf6ea1b3b5ae7c71be2aa70748ca234c44405490a741b6adcbe47d33b768bc5db83e4456fc085192da9728a81ba420b4b0c12a513463fcc5d70c80a9fa36b9acb7032d4171085f2cc6650500a9bd0814ae8552596850e2a107ca0e4b275c19f283b94533"}, 0x242) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x100000, @loopback, 0x2}, 0x1c) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) getsockopt$inet_int(r3, 0x10d, 0x3, &(0x7f0000000000), &(0x7f0000000200)=0x4) r4 = socket(0x1, 0x2, 0x1) syz_io_uring_setup(0x3ccf, &(0x7f0000000340)={0x0, 0x2ce8, 0x0, 0xffffffff, 0x319, 0x0, r1}, 0x0, 0x0) syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2) readv(r3, &(0x7f0000000100)=[{&(0x7f0000000500)=""/126, 0x7e}], 0x1) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x33}}) socket$xdp(0x2c, 0x3, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000f80)={0x2c, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x0) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r5, 0x40505330, &(0x7f0000000700)) 1.008010324s ago: executing program 0 (id=3221): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="540100001000130700000000000000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1914aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000d00000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ccd700000000001c000400070000000000000000000000000000000000000000000000e7662d7b88fed7249af44effb0603567d6e23ea3c2029caaeaa6bd9d19ef13c97951b17eba9d83573373ae652af51796b8a5f4a516763f46724d6bd30f6617168522052e1426e73091bad271c5f78e474d0dd6eff879f6d14623a389e799c64b34546bb7e7966305a5e737b7f7d68640199fb29e51e9b0bc25ea676d850f82ffec51"], 0x154}}, 0x0) r2 = syz_usbip_server_init(0x3) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) connect$llc(r3, &(0x7f00000000c0)={0x1a, 0x309, 0x0, 0x5, 0x0, 0x0, @remote}, 0x10) write$usbip_server(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="000000030000000300000000000000010000000100010000000000c50000010700000017000000020000000000000000d9ea674cb745f1030ee2135d07ef8da5916b1a3650a15dec672c3b254efc6809b973784cc31f4486f8331acde30b7866643ed73955b6949f82a02182fd6ce9b5b9f27eb889dfd6de034c7862365a46a75c199e680c6b32929cfb93a21f710354bd1dd8124f4660d6179a4dce7cce2c7ab7ad3451e852ac0747da2c25508c0db13eefa3d6da1f42a44bbdaaec8841151e5af587790101e3a77a9a60b0417788e765f42a8652406f6174bd9a076e9f0c973006406aff127de33767fae5ff2d4eb580847ee4fc000000040000000200000001000001ff00000007000000050000000000000000000000010000ffff0000000800000003000000c000000fff00000002000007ff000017ccffffffc1000000060000000100004dab0000000100000a3d000000490000800000000008000000070000005c0001000100000020000000bd00000100000090c900000001000052c700000fff000000090000000000000002000000200000ffff0000000100000000fffffff90000000900000fff00000009000000090000000800000009000001cf000000060000050500000004000101000001000000000fff000000d70000004000000f140000e8d7000000200000000000000009000000040000d46d0000001c0000000800000fff0000000800000000000000800000001000fffffffc000000010000036100000006fffffffd00000007000000020000000100000000000000090000000400000101000000070000089c142c220d0000000500"/613], 0x265) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000011c0)={0x18, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffdfffff}) pwrite64(0xffffffffffffffff, &(0x7f00000001c0)="14", 0x1, 0xe090c3a) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_tcp_int(r5, 0x6, 0x1e, 0x0, &(0x7f0000000140)) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000600)=ANY=[@ANYRES32=r1, @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r6, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r6, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9474a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x801}}}, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r6, &(0x7f0000000340)={0x50, 0x0, r7}, 0x50) r8 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0) ioctl$FIBMAP(r8, 0x5319, 0x0) socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') 915.933588ms ago: executing program 2 (id=3222): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r3, 0x0, 0x0, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20024094, &(0x7f0000000040)={0x2, 0x0, @dev}, 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4004743d, 0x2000000b) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0xf, 0xa, 0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa) sendmsg$nl_route_sched(r5, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000002640)=@newtaction={0x1458, 0x30, 0x1, 0x0, 0x25dfdbff, {0x0, 0x0, 0x6a00}, [{0x1444, 0x1, [@m_mirred={0x50, 0x3, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x5}, 0x3, r7}}]}, {0x4, 0xa}, {0xc}, {0xc}}}, @m_skbmod={0x104, 0x11, 0x0, 0x0, {{0xb}, {0x54, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x3ff}, @TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xfffffff9, 0x7fff, 0x8, 0x443, 0x5}}}]}, {0x88, 0x6, "79579338f0fce072706b55e05360a3477353cbdcc664f43e8faebdee8daebd8b5c14652a7c61ae37eb7c2079b95cfab259fdf47a8a630186b305eccb462ec45a372a93afb958d319cf1ccc7f08c4b391a97f0e86ed07e1d09ef74ee347533d2b87a4e006e85ba60b7defcb8e692d30f5d12271b9692f61643bc4c4da8a8f00db89079233"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_simple={0x104, 0x15, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x9, 0x3, '({!.\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x800, 0x6, 0x7fff, 0x2}}, @TCA_DEF_DATA={0xc, 0x3, 'b\x01\xf5\xff\xff\xff0\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x7, 0x6, 0x0, 0x200, 0x125b}}]}, {0x8d, 0x6, "c00609ccbcac5024f2630ee3126fb24ab468fde89fc6e054bc9834fd848f2cc45bbf15c99c3a1b7d4adc0436cd09d3531040ecb3042bbcc7e5c06bc608f1cd4145c60490f31874b2df795519c59adbe8d15af574e46e20e4bedfe79f54bb175c321d0a201f5716b41493129088a8bd4051740a3a82c621a6c09c545a20a9668b0383d7d8ae5df87142"}, {0xc}, {0xc, 0x8, {0x2}}}}, @m_gact={0x108c, 0xe, 0x0, 0x0, {{0x9}, {0xa0, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x7, 0xd2f, 0x4, 0x7fffffff, 0xddac}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1660, 0x3}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x2434, 0x10000000}}, @TCA_GACT_PROB={0xc, 0x3, {0xd4fa916a4ecb4084, 0x1e85, 0x7}}, @TCA_GACT_PARMS={0x18, 0x2, {0xfffffff5, 0x1, 0x8, 0x1, 0xd58}}, @TCA_GACT_PARMS={0x18, 0x2, {0x401, 0x81, 0x3, 0x0, 0x5}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x6ab, 0x1}}, @TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x10000000, 0x2, 0x1000}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1e02, 0x20000000}}]}, {0xfc3, 0x6, "f62edb70361eaef0cd3970a8d667fca2f48df770b1dd18ce8b2e7e1b50caf0ad4342f8882537530d5e55352c8ad4b81cb50f161d0ae132e79efb9f2d3b93d190bf6ffd2fa9884121b7a45d9d7d050c3a19a62851cad0b7d05e7d34c9bd9d39282b6249d441081d6eb61044510aeda964ab95d66ab1f3bbfe185649a8be84f15313252250631e0cba4508402c271efa2ddfae3dd154e25ae1a8c74f3089a268baf6bbfd505a660a8dd8514705f765ddc6f08b9c2921462b4d92688aeebcd92f13eccd8c85f063f9d0713e8fd59634d529b6412dbe862f62da7376b033dd1216b0df022f1a9d8b78e9868c6a61fc2ae3dd10d6bdaed3cd49d1f83ebbfd3e8c91942b343042bfcb87e25a37a09e68f96b3c51900ac342901423d53c5a5467b64f9cf7b0a554a2cfe839ede2453230e3dd8135ecff38d999418e902477dcec2728133d5e76a1208db80b95fbf4116fc1a1a4c624282c120cec4e626aa9a228669069d0251c41a5bed2564e9d44f72737158d44e3d3e7ad824eea9a98c03fa38ef8e4b242425940510237fe32091803bbd8661ca93735045c7fd1d8ef4709211af570d8025dbb1c4e20589a20f38f0788213b340d1449bccb90419a78bdd5036982a48dfad7ae0ea9c00090768993594677253b1fce7069ced16b69b172d37d5640ac6fce3291545e50751dd474aea49bb108ef58bec83d0f433929734cff36da3ed810bd51016d39ee8ae6a1b1eb18ef29c4bf27648d32c28019210bdb7264ae9d3db7c561d1283464c4f4b45dd4361911c19f4cf170b6c1b83988d1949311d726aa6a90af8c95f78d548dc57c4303bb4a6a763fd87b2471f4d63781847428924d97d2a1945e4bc0fdba88d213800a250985f7c895cd1fbe8c5e84ccb994c218e459cf3c6bf81e0190ac40cfc54b135cabaef4c95f4c3a7339a1339e5f44abd44c97d61ad9e1bd467d3775358cc40f2d550f160053278cd31f7ed5cfe9b02d41b14d9e7ee15652d93a4751dfcac8c2adcd2d39646488a2c9a8d857da1e48174a9a8a4a5e6f328e76881773aade9af178831f5aac9f8674af3ff83c6c04fe500c56a7c4eda8182e489d1c8a7178446513a02f64ace77247998681f371906ec4480315914bad55f02b92f257b1e172a63ad7537fe583e8018a0fd83aa5e83ae64dcaf1c3cf668ffb2eaa3fc6f33391bef4b53780273f835adfc9869249c3bacf9550759ea6829747ab544f0dd81fed6e93cf9f28dc64d6ef5fe3d2f6e2277b3659c100359c1c389c07f87a41cafee978a0991946cf754592608f20d1b7acb2723c6fe90c6a6a7fdaf27fcf9d27b0cf064d7912bcfe46ebedaa94e0a21fd8b52ba09725343241f9e55e2a6d1c1ac711e742cef53072658fd8a0c4d4e0111e6d57bb91806f7cbda5d9a501a60b61f32103f0b1b6348293748e0e476106bbb4ffb4e7e85b21b868bbd59407da1830fc0c8772488ab5d93765e3bf89389448467cade7b82e293b5bf61c079a17f77c04e9b43c6d3f355fbc1623c297fca3ca845ec8e7e74722b177d84651002cacae538dd69855b9498197a49f3f67d4b213f2696bfdccc6f4d229adbc4869af274434dbaaf859109d0233b55ac8c4765ae84a849b0bd187648aae8d0b5323d88753b65e95471a614d270dd2fa5541814bd55e0fc19f4b04aaf55b0a3c1fb41de54efbaf6ebca6e529e5e68ff1cec9b650229bd86253e54bb3505c91abea641cb2b69fe2da35258eedca0060b872bcaf39d5ae8a29cc9b9e329c6b8490684d04a4a55c32c902698649cfc9f819124634456ba59ef64f8887d00d6351bb0c45bc969380c32d09f6ff5b75dff48ff413dda902e0294d38c0e608972f893e1e06da175f1009297b15f1928dc3fdc0c4e0f1f215c51c344ec6b89da4914b8dabd90aa7826476d64b0641f4c137eb8785493d98b1aca4992c4019a7f29ac6ed3c5cf2452b57587d0c2c3073dc44704742c95c20b8b2f924ad0eea5b4b5824e1edba1c273b5af1bf735e506ce872af181a2b5d7d6f8d9dab5f39de30b4b70901a59407747e661c0476d6cb2bea78b6e905a54766a808ca44be32458cab7d2d3b451dd68e700f096c32f30d2818274cf18fbd5affda31d53b9b355b2b0a039d68b0ecfe7937bf272ac3e5e16da7e2fde420881fbc5058cf6e39ec76f1b44ea3eb98e1e45cf53bacec6f62448617f851fb4fece8dc6e48ab63c52f2b329c6ec553ba6130f77113c86c1c2ef1586e26072a03f2e6ec35cc67c4bbfb856d50329ca3c16bec52e537c90de505fa3b31191f59d40ce0c65b82195dbea627fa5c7d0d808e5f626d95bd3317e2b6f6f2de577e857774f03a8ca7043f353a556ccfd26178e15ac0d925a2673592ec434918617be678ea5ee6ab9a22d8a6ba8002e3c0b8001846d80cd0fc633600198260c85956496879461b67e8d219d13dcb9e559835fe53b5cd8b9b84b3c39dcecf48c061d7f6ffbb78bfd8f5ab153db95897d7a5339f156744adb638c61d56fd838338dcfdf2aa3238d3d74780c675c78fd7c9b21e1d993d6e6db700c68b151f155bd7433f72b54e3206f8cd9d00d1bb1595e3a9a43b5f6c9f9e7b5122e089541df532fd273710699b05a5fb3d9408ba608ec4f2b76f7807968c4968966a2d42445436494baee9f6b057f8842d19966dd6089f82d42c9f91a373461faf2354bd019cd9510d01936b09654dbe0b6cd7c8bf8e2168969c8b528b4f4a95d17f5527cde32fcc922558d24dd69f42d6b6fc4b8ae8db63ef26bf8391e04a22706edee8ae423acf483e4a55df89b9749690771ac074fa8e4692a55abe7272bf65df4602b1a7e2c5df78c8b0d5853e94a960d1872a1aa0e442c5b11be3b41ac9b41e738e26400a86be4dcb73e4b43b54e32556352d373a41dea287b2a7b63af44bf69c41f37a507f9c24c3e0a31776824485be5aabc1d8057e85908cdda2160239d0f3dee32ebd2f9a34f9b96c79d0518cbe16e47f27f9cf66d7230ee2d2c4cc25007ae9280870c1d7d7f897c3e7e518d6d056a333f8a3da34e490ce52a692a4709c7bdaf3ed00f07d2418876d12bcf18274527fef9e0b9fa4c763c3637a79162a279ac8212db52993998f723ec11cb15a8d7adb941d15cb7053904525320d684fbcbbf686bb01fbbcc333a049ed63637f2f1406e20bc0474fd79eadc27446ed8b79466d0d9fcb7913bd0695954a1a76ff9b199b6e8079433ec0d2898afb27a5ca3c4d15d1427c1bcabaaf10028e4e3da15ad9f4900a01c287d694a380b5b19f8ae43fd996f590908b461ccdcd0f9f0d0e1c3467df4812857ef0d9906c3e9b2945e2538da26b22b0fb7e41094bb597c11777894b76bad4f0ceb09c3d6722b2966fe3bb9967b804f6c1100a5ce2ba1a45939bc70ac1f1bb8edf701466057be7aba4ecef6cff0a3ce34de932c2d44b7330a442579170d697a52cdc90b726e863dfd20bc97075229c32d6b430fec90875b6ab32e2fa56e51f6c990ca026ff8829b31b87cfbf2fcb67617a5a4a419c1db73a81e52992fe263dd5275c54d6138f0c1286d3ed16a3bc5ccd48e342a71210335159624205fb2f0761159f0f92e5dfe0ebf655c2e77e9d4d0c699793205f293dfe5cc687d7fdada56b428a3e40f14cb1bfab80428737cad94a01d22c732c3929482f01ffff4d9184d72330a1da403fcf05ec541ee50fc20df1fd47a0af16aad3458a176a7ea743506576ad9a24bd657f4be08b06af8c8041923d9a2381f1a27696bcc618e9d1a2fae29949c2b1121cae653c2fdcba84127157b2a251b87d7bfd2c3062469a2ed810bb69dd750f64ea4dad0098203bbf2d0531d92595fc31f63aef9ee9f048976ef1020afac213d18ed59bb6261c0b03c6a7f64491a3640de4a00083722b03b7d3a69b460a289de72fc228d7fdc01d80ff16baf940e4c2e8d0818f87d953ddb5ae5b0095aca7a5218b275e79f42b6333b1599bfaa5124e5302913a79713057059468bd60fadcb8536d918cba18bd0e92fea9622f752a872d54b030eebf862593f71129219f7feee87327b5c1766f0d9f190a989429c636255ab6cea006f08c6588064cb1d0d02baa3e509d81d72c3cc1245f1a1f25bd9cb30ca221a6ba7f96b98e43c968d13da336a341007afb9fafdf62338529b6178fc0b229bc827097bc029697f0488b32bdf719a4430e84f0e90650890c39aae7c1c5fcac64258ae397f6931dd4e27662fc1ee48ca9d3598358009c65b3121456a4cdebd369367e30defdbe55866758f8a9dff59045ec73df2a0ef3b6f38578ccfce85b5f676a2e8e30f317a542968af80aab4baf549b5049c8ff51e031b5c5aa70ae9742d2915cef8249521df2a79bcb12d67db6adc2493060236cf6e317aa3c78d60aa71372e4aabc35d0d4d1bf834b3e163a673704dcd629e1efc55a0c644692ff1cc58118037c6b3da67a2037a4bbac160645ac2463ed6e2ab2946fe344f03054e73cad6409ae29e9668fa1a45e66aee964cb4ea1e942b66193d8449b94456add60eb71027afbec40633956b5cb9157cf8fb71611a056a67e10889537e93a4968ca5e2f5a7802972d56b5ffb9d4cfa42744478def2b39701838255a6e05f7549f957a496fec4355fbfb7efffcd5c669c17c510f981338b5f06e160829b8117624dd21c0a8330d0d031eae1fd1fb8831e7350960ff8b694d5df9487e682c872a00e53b4d3d8b99e137f154eb2c77d97bff8432f8f8ae67f248f14961844bffd9f7777e3a20ed4ce733c9083ced3f4723a798327e1132012abb4b8ace11a346340e98c9ee1057b98bd73cef5a07b409681e267a3e754367af1c964275c54af20faea740bf1d54baf203926ff469bffd439de674f7c52118412893c9be16cfe593029995ba0d270ed5ae73bcf9e31b832ddd0415ace771879a054afbcd807c01b6b1855e581c012dbb2f855c39660714e587b968e00686b4c3bc8c71d524767183b0ca65ee476ec2f3ff5c018e2caca92df7e196f4450e9b22b72e80a8b51365861beb39d38030d03b4b885e5e945b75088fc9202f44981d145e8c2ae8cab8bd4d2d94992eeae32360e17acd2bf4ca29a50e8d8e0fa7c1e49a7e9da566ff831ca767d3ed6976298c64b19e77b1ba7df4dfce87bd6aadff185bdbeabd8db5ba3c307f07009dad9f62f441608e215809adf180beec643f5a20b9ddb86ea420b125b80060f80c9b64c5b0023988e911905cc98c655402084db4de5efa76879fa537d34e45fae7db70dd4d11fd648842620dfcce69d09a96e451efc473cec95d2aae824aa2852db063dcc441806a33723c2818bcf73182bb0970576ec4f43f7e563769cdc466cceab5b09e2a4b2d16338a255be87c1807d789252486d7a09d237116868de352986f40fbdb86f0843673466b3416d3014a74d6d64f4bd31e9548cfa5ded3eef87aa847304a6b138be4bd9a5de4927521895923533b9806d53c30ec1fc93b88d7fefbeb16df95fd9ca23cc6ecdd23b8e3867dafde7dd3c7a6a069cbf318bcf047659ebb0c1b79890a8e893deb23658868ff2917edc0ee8adff64edf34aed6bc0c29f0d93c58ab31a49a1cf92d243d3259f1ba02570ea14b9b0d34106a53400a9f75f05535e7a7663764c6e7c9df6c81c30b1add9a99999ccb752b88971c949758e1f25070292bb4cdd57e6792cca9c4e1fb711712f85a83f6307d644bd6c0fdb64fd675fb73"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_gact={0x60, 0x16, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1213, 0x7}}, @TCA_GACT_PARMS={0x18, 0x2, {0x5, 0x6, 0x7, 0x9}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x21f4, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_xt={0xfc, 0x1a, 0x0, 0x0, {{0x7}, {0x48, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x39, 0x6, {0x3, 'security\x00', 0x9, 0x2836, "ecf7e627bbfa00cac8e88cdbd5c581"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x8e, 0x6, "c8ff3bf21d409d2a3837b874ff61a7fafd6aec5d087194bd924c189821d662dccaa6013a8c9c37fe24c76e09a1bda772da57c8d42f053a7e33882f6fa42b1d8ed988117637870fd511f8e6c0e040c1ca1364c79f01b409b791f2d46a0a16c44ddbb11a80f9c53ad053ba66227e41ad282263140781252a9adcf47d2a0a277cd24f6c4788983dc066d91d"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x1458}}, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r9, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d00000000000500240000000000050016"], 0x68}}, 0x0) 288.696068ms ago: executing program 0 (id=3223): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001a80)=[{{0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f0000000680)="2e1ee21c43ebceb21f85fca5a5f1ba4ecb1ebd23dec5d75d5ce39b3a7b894143d9c950ac060763b4addf09d9b6661c0dfc3ea08cb5714d38a2278f5a9c1364469d52d7855251cebed099a4f173531de78315c71dd74c20da84c17b180814739133301f191ab9c5aa9c78148756224c0a827142ba15d03d4f5caa33e0e8185e65da7387f200bfdee3af3b00d16e3dfca490961aeac0c137d17dfdbbaee48fd979a97f9e3b0ea46bc923a0dc93fc0b805ffda352c619e438bddfc7429d3d5d0a4437c5c21dc8dde0b836bb7f5aaebce28ff74293f389f79aadf88a486dac5e4baaefa34868913faa60f5581992d0ce32f38b4f234f206e363b811a6227f500bd3b685e6f983b16118c26d8d5849ac3c18915e4adef3851212db2800257a1feae2e7051e5a974c6a068f9d5e4375884791766d38ce9a6fc268fb741bfa57fd62aede6505bff77b28e6c1ffb244b0d6588589fa6812266ce97e5e3e1f85dba00d71c87d2f34cc670936a3aa2e0acaf71e8dae8ad737625080a9ce06c2bf1b02bcc11d5", 0x181}], 0x1, 0x0, 0x120}}], 0x1, 0x0) sendmsg$nl_xfrm(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="44010000100001000000000000000000ac1414aa000000000000000000000000ac141400"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff020000000000000000000000000001000000006c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000c001c00", @ANYRES32=0x0, @ANYBLOB="0000000048000300"], 0x144}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x8000) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8}, @NFTA_RANGE_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) pread64(r5, &(0x7f0000000580)=""/232, 0xe8, 0x8) getsockopt$packet_int(r2, 0x107, 0x11, 0x0, &(0x7f0000000080)) read$FUSE(r2, &(0x7f0000002780)={0x2020, 0x0, 0x0, 0x0}, 0x2020) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1cc, 0x27, 0x9, 0xfffffffc, 0x0, {0x3}, [@nested={0x12b, 0xf2, 0x0, 0x1, [@typed={0x8, 0xde, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x4e, 0x0, 0x0, @u32=0x2}, @typed={0xc, 0x13c, 0x0, 0x0, @u64=0x5}, @typed={0x6, 0xf8, 0x0, 0x0, @str='\xa3\x00'}, @generic="925fcf966594f2d633735e0f50af882e440eb013cd8a7cfd3dc0011ecf4d4dd692f232374e555c1cdb6c74e7f0d5bbf794d485534d87ef78d273faf0fc369219f3b9560e7d3c5dfa41cddcd6ae8ca37411706dce7387486c74675485f3b8d95b78", @generic="810bc6acfd9a1e7716ba344fcdb807f7f85a2b82b1f88a1990e6a5ce2ddc924e41208eea9042ca141b1ce847b1c08a1f2639e228b3ad494da2befbc1c7eab62aea4cc21d6ba16b23098ce081750c1e36c04e286a", @generic="e75008c4e03601ae5e73004be47266b297a841ae14fdac7d407db85222a5f93b76105a1f28daa8aa1fb55f075db7a13aff214e91d5c2", @typed={0x8, 0x107, 0x0, 0x0, @uid=r6}, @typed={0x8, 0xb8, 0x0, 0x0, @u32=0x800}, @typed={0x8, 0x136, 0x0, 0x0, @ipv4=@private=0xa010100}]}, @generic="0686ab6832a91d351580fe5affa4cc48d6505170f61ccb0e12465799d7592942961c8c0ccb18fcd1570e6371871da578b6b50a47aab94b86b935defff046ca0628851ff7957a64bccabcbfdc05c4050d2a6e94d807c03b16edbf3c7c77abb028d5b576473f15b13222dd5a56a982bf23f80274bc76e9dfcaf12db280435e26271ad378f2ce20f0d5b7"]}, 0x1cc}}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='cpuset.memory_pressure\x00', 0x275a, 0x0) r8 = socket$igmp(0x2, 0x3, 0x2) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) getsockname$packet(r2, &(0x7f00000009c0)={0x11, 0x0, 0x0}, &(0x7f0000000a00)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000a40)={'team0\x00', 0x0}) getsockopt$PNPIPE_IFINDEX(r7, 0x113, 0x2, &(0x7f0000000a80)=0x0, &(0x7f0000000ac0)=0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000b00)={'vxcan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000d00)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000b40)={0x160, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}]}, 0x160}, 0x1, 0x0, 0x0, 0x941d0b021cd4abb}, 0x40814) setsockopt$MRT_ADD_MFC(r8, 0x0, 0xcc, &(0x7f0000000080)={@empty, @empty, 0x0, "662a47efb7108dc9ff50afa8d9fa55bb9d354c74fd391b1d786a74f1aef2669e", 0x0, 0x0, 0x9}, 0x3c) setsockopt$MRT_ADD_MFC(r8, 0x0, 0xcc, &(0x7f0000000280)={@private, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23bd0f4eb500"}, 0x3c) setsockopt$MRT_ADD_MFC_PROXY(r8, 0x0, 0xd2, &(0x7f0000000040)={@remote, @empty, 0x0, "005c2beeb0801bd73c676461644cf36dfc15ea56886fff778a41757aa3ae714d"}, 0x3c) setsockopt$MRT_ADD_MFC_PROXY(r8, 0x0, 0xd2, &(0x7f0000000200)={@dev, @multicast1, 0x0, "05888ee9654ce5db9229e6a1f0a3c9505e2ebbbc3d341ad6ad352965b867e20b"}, 0x3c) setsockopt$MRT_FLUSH(r8, 0x0, 0xd4, &(0x7f0000000240)=0x2, 0x4) r13 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(r13, &(0x7f0000002740)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000002640)=[@sndrcv={0x2c}, @prinfo={0x14}, @sndinfo={0x1c}], 0x5c}], 0x1, 0x0) 219.679691ms ago: executing program 0 (id=3224): r0 = io_uring_setup(0x177f, &(0x7f0000000140)) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0/file0\x00', 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x0) r3 = epoll_create1(0x0) recvmmsg(r2, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/163, 0xa3}], 0x1}}], 0x1, 0x0, 0x0) bind$bt_l2cap(r2, &(0x7f0000000280)={0x1f, 0x4, @any, 0x1, 0x1}, 0xe) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000001080)) sendmsg$inet6(r2, &(0x7f00000025c0)={0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000002300)="e5", 0x1}], 0x1}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x14}, 0x14}}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000002540)) fdatasync(r4) close_range(r0, 0xffffffffffffffff, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="50000000120005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012"], 0x50}}, 0x0) 80.811489ms ago: executing program 2 (id=3225): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd, 0x2}, 0x48) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c8000c0008000500070800227cca1eb327c95af1d1bccd21c35f16000700"], 0x11) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ff"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x44d02) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_NON_HH_WEIGHT={0x8, 0x7, 0x5}]}}]}, 0x38}}, 0x0) bind$unix(r2, 0x0, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) sendmsg$nl_route(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000003e00f14500007000fedbdf210a000000342801"], 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x80) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f00000001c0)={'wg1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000010000100"/20, @ANYRES32=r9, @ANYBLOB="1619020000000000"], 0x20}}, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000140), 0x1) process_vm_readv(0x0, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) 48.754763ms ago: executing program 0 (id=3226): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6c, &(0x7f0000000340)={r2, @in={{0x2, 0x0, @loopback}}}, &(0x7f0000000d00)=0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x7a, &(0x7f00000001c0)={0x0, 0x2, "a293"}, &(0x7f0000000040)=0xa) unshare(0xc040400) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_opts(r3, 0x29, 0x40, 0x0, 0x60) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000001c0), 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000000000005100000008000300", @ANYRES32=r9], 0x24}}, 0x0) splice(r4, 0x0, r6, 0x0, 0x39000, 0x0) r10 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f00000000c0)=0x0) timer_gettime(r11, &(0x7f0000000180)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r12 = socket$tipc(0x1e, 0x5, 0x0) r13 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r13, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r13, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r12, 0x84, 0x1, &(0x7f0000002280)=""/4091, &(0x7f0000001200)=0x87d) setsockopt$TIPC_GROUP_JOIN(r12, 0x10f, 0x87, &(0x7f0000000400)={0x42, 0x1, 0x3, 0x3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) mmap(&(0x7f000049e000/0x4000)=nil, 0x4000, 0xa, 0x30, r12, 0x1000) 0s ago: executing program 3 (id=3227): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = syz_io_uring_setup(0x6905, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000240)) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xa, 0x0, 0x0) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[], 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240), 0x0, 0x0, 0x0) socket(0x0, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000800)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}, 0x45c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc941948"], &(0x7f0000000340)='syzkaller\x00'}, 0x90) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffff, 0x0, "7e12105588e633bbb1df022dace17a32d211ee"}) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0x2) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) dup(r5) r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x200000a, 0x11012, r6, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r8}, 0x10) kernel console output (not intermixed with test programs): usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 464.244357][ T57] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 464.249591][ T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 464.253446][ T57] usb 5-1: config 246 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 464.264447][ T57] usb 5-1: string descriptor 0 read error: -22 [ 464.267036][ T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 464.270961][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.279894][ T57] adutux 5-1:246.0: interrupt endpoints not found [ 464.314267][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.337988][T13110] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.341192][T13110] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.344836][T13110] bridge_slave_0: entered allmulticast mode [ 464.351183][T13110] bridge_slave_0: entered promiscuous mode [ 464.361138][T13110] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.368176][T13110] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.371338][T13110] bridge_slave_1: entered allmulticast mode [ 464.376607][T13110] bridge_slave_1: entered promiscuous mode [ 464.407327][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.559468][ T5258] usb 5-1: USB disconnect, device number 41 [ 464.564502][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.586699][T13110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 464.595049][T13110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 464.674926][T13110] team0: Port device team_slave_0 added [ 464.681343][T13110] team0: Port device team_slave_1 added [ 464.799880][T13110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 464.803075][T13110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.819232][T13110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 464.830938][T13110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 464.833965][T13110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.845198][T13110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 465.190934][ T13] bridge_slave_1: left allmulticast mode [ 465.193555][ T13] bridge_slave_1: left promiscuous mode [ 465.219133][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.264368][ T13] bridge_slave_0: left allmulticast mode [ 465.266771][ T13] bridge_slave_0: left promiscuous mode [ 465.278155][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.859173][ T5228] Bluetooth: hci0: command tx timeout [ 466.339129][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 466.354130][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 466.390192][ T13] bond0 (unregistering): Released all slaves [ 466.574452][T13110] hsr_slave_0: entered promiscuous mode [ 466.603658][T13110] hsr_slave_1: entered promiscuous mode [ 466.610099][T13110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 466.616333][T13110] Cannot create hsr debugfs directory [ 467.153918][ T13] hsr_slave_0: left promiscuous mode [ 467.158148][ T13] hsr_slave_1: left promiscuous mode [ 467.163629][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 467.166883][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 467.173763][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 467.179292][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 467.234113][ T13] veth1_macvtap: left promiscuous mode [ 467.236601][ T13] veth0_macvtap: left promiscuous mode [ 467.238889][ T13] veth1_vlan: left promiscuous mode [ 467.241165][ T13] veth0_vlan: left promiscuous mode [ 467.886027][T13159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2682'. [ 467.918009][ T5228] Bluetooth: hci0: command tx timeout [ 468.795012][ T13] team0 (unregistering): Port device team_slave_1 removed [ 468.915609][ T13] team0 (unregistering): Port device team_slave_0 removed [ 469.998648][ T5228] Bluetooth: hci0: command tx timeout [ 470.267983][ T57] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 470.388496][T13110] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 470.402346][T13110] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 470.409412][T13110] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 470.415854][T13110] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 470.478039][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 470.482834][ T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 470.486678][ T57] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 470.491167][ T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 470.494977][ T57] usb 5-1: config 246 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 470.505277][ T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 470.509005][T13110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 470.509581][ T57] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 470.516474][ T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 470.520821][ T57] usb 5-1: config 246 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 470.527630][T13110] 8021q: adding VLAN 0 to HW filter on device team0 [ 470.527926][ T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 470.535208][ T57] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 470.541385][ T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 470.545351][ T57] usb 5-1: config 246 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 470.554241][ T57] usb 5-1: string descriptor 0 read error: -22 [ 470.557204][ T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 470.561398][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.570055][ T57] adutux 5-1:246.0: interrupt endpoints not found [ 470.595085][ T6600] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.598670][ T6600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 470.604760][ T6600] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.608363][ T6600] bridge0: port 2(bridge_slave_1) entered forwarding state [ 470.664943][T13110] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 470.805461][ T57] usb 5-1: USB disconnect, device number 42 [ 470.861213][T13110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 470.947661][T13110] veth0_vlan: entered promiscuous mode [ 470.957722][T13110] veth1_vlan: entered promiscuous mode [ 471.017990][T13110] veth0_macvtap: entered promiscuous mode [ 471.027104][T13110] veth1_macvtap: entered promiscuous mode [ 471.053880][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 471.058823][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.063716][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 471.068676][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.086492][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 471.098070][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.111298][T13110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 471.122175][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 471.127455][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.137944][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 471.144179][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.149398][T13110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 471.154210][T13110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.160490][T13110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 471.167614][T13110] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.174930][T13110] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.179606][T13110] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.183413][T13110] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.284372][ T104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.287490][ T104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.324394][ T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.331351][ T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.638027][ T10] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 471.834636][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 471.852693][ T10] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 471.869296][ T10] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 471.873003][ T10] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 471.877049][ T10] usb 5-1: config 250 has no interface number 0 [ 471.887873][ T10] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 471.923257][ T10] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 471.932677][ T10] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 471.940688][ T10] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 471.946419][ T10] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 471.958176][ T10] usb 5-1: config 250 interface 228 has no altsetting 0 [ 471.983450][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 471.987361][ T10] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 471.990995][ T10] usb 5-1: Product: syz [ 471.992810][ T10] usb 5-1: SerialNumber: syz [ 472.010007][ T10] hub 5-1:250.228: bad descriptor, ignoring hub [ 472.012508][ T10] hub 5-1:250.228: probe with driver hub failed with error -5 [ 472.078074][ T5224] Bluetooth: hci0: command tx timeout [ 472.238321][ T10] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 43 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 472.608789][ T6600] usb 5-1: USB disconnect, device number 43 [ 472.640048][ T6600] usblp0: removed [ 472.756131][T13198] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 473.608206][ T5228] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 474.158218][ T5228] Bluetooth: hci0: command 0x206a tx timeout [ 474.562825][T13221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 475.644479][T13228] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2700'. [ 476.750212][T13240] wg1: entered promiscuous mode [ 477.100951][T13242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2705'. [ 478.254219][T13256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2709'. [ 478.296364][T13261] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 478.328775][T13262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 479.135201][T13266] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2712'. [ 480.079999][T13277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2716'. [ 480.125403][T13279] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2717'. [ 480.697872][T13289] netlink: 'syz.2.2719': attribute type 1 has an invalid length. [ 480.997723][T13292] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2720'. [ 481.066430][T13296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 481.281805][ T5228] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3 [ 481.889506][T13310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2726'. [ 482.966577][T13322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2729'. [ 483.377629][T13332] netlink: 'syz.3.2731': attribute type 1 has an invalid length. [ 484.139181][T13344] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 484.144526][T13343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2735'. [ 484.242856][T13346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2736'. [ 485.007383][T13349] netlink: 'syz.1.2737': attribute type 1 has an invalid length. [ 485.066586][T13352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2738'. [ 485.108333][T13354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2740'. [ 485.178999][T13358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2741'. [ 485.353162][T13363] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2742'. [ 486.053869][T13368] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2743'. [ 486.135405][T13372] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2745'. [ 486.419624][T13378] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2746'. [ 486.976662][T13381] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2747'. [ 487.055090][T13386] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2749'. [ 487.110472][T13389] netlink: 'syz.1.2750': attribute type 1 has an invalid length. [ 487.347334][T13397] netlink: 4848 bytes leftover after parsing attributes in process `syz.3.2753'. [ 487.369373][T13397] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2753'. [ 487.478406][ T5259] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 487.667909][ T5259] usb 6-1: Using ep0 maxpacket: 8 [ 487.672779][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 487.686640][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 487.692085][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 487.696098][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 487.727066][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 487.732695][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 487.744755][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 487.753004][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 487.762590][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 487.766550][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 487.771821][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 487.776764][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 487.786650][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 487.794602][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 487.801923][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 487.807259][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 487.827955][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 487.847624][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 487.855707][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 487.864856][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 487.872892][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 487.882975][ T5259] usb 6-1: string descriptor 0 read error: -22 [ 487.888157][ T5259] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 487.893426][ T5259] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.904058][ T5259] adutux 6-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 487.979437][T13407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2756'. [ 488.120124][ T57] usb 6-1: USB disconnect, device number 29 [ 488.379720][T13415] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2759'. [ 488.388573][T13413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2758'. [ 489.997896][ T57] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 490.178812][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 490.184618][ T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 490.188886][ T57] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 490.194381][ T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 490.201403][ T57] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 490.207403][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 490.228021][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 490.232512][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 490.243336][ T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 490.247477][ T57] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 490.253797][ T5228] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3 [ 490.254532][ T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 490.267211][ T57] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 490.273546][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 490.279287][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 490.284479][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 490.299982][ T57] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 490.305521][ T57] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 490.311329][ T57] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 490.315096][ T57] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 490.321902][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 490.327733][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 490.347572][ T57] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 490.368084][ T57] usb 5-1: string descriptor 0 read error: -22 [ 490.383326][ T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 490.387592][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.416993][ T57] adutux 5-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 490.655290][ T57] usb 5-1: USB disconnect, device number 44 [ 491.265053][T13455] __nla_validate_parse: 6 callbacks suppressed [ 491.265071][T13455] netlink: 4848 bytes leftover after parsing attributes in process `syz.0.2772'. [ 491.275788][T13455] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2772'. [ 491.402000][T13460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2774'. [ 491.662159][T13464] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2776'. [ 491.765918][T13468] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 491.770771][T13468] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 492.581086][T13475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2778'. [ 493.134325][T13479] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2779'. [ 493.688109][ T825] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 493.902464][ T825] usb 7-1: Using ep0 maxpacket: 8 [ 493.906393][ T825] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 493.910582][ T825] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 493.913620][ T825] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 493.917414][ T825] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 493.923127][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 493.927750][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 493.933709][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 493.944288][ T825] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 493.948388][ T825] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 493.951500][ T825] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 493.955814][ T825] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 493.961267][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 493.965762][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 493.975465][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 493.982951][ T825] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 493.986772][ T825] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 493.995244][ T825] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 493.999861][ T825] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 494.005915][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 494.017853][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 494.022879][ T825] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 494.036895][ T825] usb 7-1: string descriptor 0 read error: -22 [ 494.040135][ T825] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 494.044250][ T825] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.062205][ T825] adutux 7-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 494.167960][T13491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2783'. [ 494.176341][T13492] netlink: 4848 bytes leftover after parsing attributes in process `syz.3.2782'. [ 494.180579][T13492] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2782'. [ 494.275561][ T825] usb 7-1: USB disconnect, device number 25 [ 494.305964][T13494] netlink: 'syz.1.2784': attribute type 1 has an invalid length. [ 494.359519][T13502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2786'. [ 496.279751][T13527] __nla_validate_parse: 1 callbacks suppressed [ 496.279768][T13527] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2793'. [ 496.914739][T13538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2797'. [ 497.024444][T13541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 497.271330][T13544] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 497.689947][T13546] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2799'. [ 498.078156][ T5259] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 498.227034][T13558] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2803'. [ 498.287856][ T5259] usb 6-1: Using ep0 maxpacket: 8 [ 498.292372][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 498.295917][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 498.299126][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 498.303632][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 498.309599][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 498.315037][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 498.320431][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 498.327036][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 498.331802][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 498.334801][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 498.339468][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 498.344875][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 498.351545][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 498.356279][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 498.364575][ T5259] usb 6-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 498.371316][ T5259] usb 6-1: config 246 descriptor has 1 excess byte, ignoring [ 498.374234][ T5259] usb 6-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 498.379038][ T5259] usb 6-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 498.386151][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 498.391996][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 498.396398][ T5259] usb 6-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 498.405951][ T5259] usb 6-1: string descriptor 0 read error: -22 [ 498.408688][ T5259] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 498.412073][ T5259] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.442432][ T5259] adutux 6-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 498.543578][ T5228] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 498.672269][ T5288] usb 6-1: USB disconnect, device number 30 [ 499.155685][T13575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2808'. [ 499.304476][T13582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2810'. [ 500.083301][T13591] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2812'. [ 500.207400][T13594] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2813'. [ 500.562121][T13606] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2816'. [ 501.002649][T13616] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2818'. [ 501.438521][T13623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2820'. [ 501.480038][T13628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 501.493211][T13627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2822'. [ 501.865133][T13634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2824'. [ 502.376898][T13642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2826'. [ 502.407455][ T39] audit: type=1400 audit(1721629163.024:439): avc: denied { bind } for pid=13643 comm="syz.0.2827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 502.422186][T13645] Bluetooth: MGMT ver 1.23 [ 502.505769][T13648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2828'. [ 502.877062][T13654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2830'. [ 503.266438][T13659] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 503.269863][T13659] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 503.343831][T13664] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2833'. [ 503.890534][T13671] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 504.478048][ T5228] Bluetooth: hci0: command 0x206a tx timeout [ 504.581712][T13680] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2838'. [ 504.618317][ T825] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 504.808174][ T825] usb 5-1: Using ep0 maxpacket: 8 [ 504.825794][ T825] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 504.830096][ T825] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 504.833782][ T825] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 504.844376][ T825] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 504.852481][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 504.857726][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 504.863206][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 504.870328][ T825] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 504.874429][ T825] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 504.877765][ T825] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 504.882024][ T825] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 504.887373][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 504.893116][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 504.898510][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 504.904844][ T825] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 504.910177][ T825] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 504.913309][ T825] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 504.916860][ T825] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 504.921897][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 504.926174][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 504.930652][ T825] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 504.941248][ T825] usb 5-1: string descriptor 0 read error: -22 [ 504.945008][ T825] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 504.952459][ T825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.953111][T13683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2839'. [ 504.974763][ T825] adutux 5-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 505.204327][ T824] usb 5-1: USB disconnect, device number 45 [ 505.784174][T13692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2841'. [ 507.211919][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.216351][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.314196][T13715] netlink: 'syz.1.2848': attribute type 1 has an invalid length. [ 507.687896][ T824] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 507.798080][ T35] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 507.837879][ T824] usb 6-1: device descriptor read/64, error -71 [ 507.982776][ T35] usb 5-1: Using ep0 maxpacket: 8 [ 507.986799][ T35] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 507.990671][ T35] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 507.993875][ T35] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 507.998187][ T35] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 508.004272][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 508.009423][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 508.012751][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 508.017624][ T35] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 508.021640][ T35] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 508.025073][ T35] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 508.029584][ T35] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 508.034737][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 508.040032][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 508.045239][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 508.051381][ T35] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 508.055422][ T35] usb 5-1: config 246 descriptor has 1 excess byte, ignoring [ 508.059077][ T35] usb 5-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 508.063202][ T35] usb 5-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 508.068590][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 508.073285][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 508.080647][ T35] usb 5-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 508.093377][ T35] usb 5-1: string descriptor 0 read error: -22 [ 508.096342][ T35] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 508.100304][ T35] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.110579][ T824] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 508.118103][ T35] adutux 5-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 508.135235][T13721] __nla_validate_parse: 2 callbacks suppressed [ 508.135248][T13721] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2850'. [ 508.225809][T13723] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 508.258054][ T824] usb 6-1: device descriptor read/64, error -71 [ 508.319623][ T5279] usb 5-1: USB disconnect, device number 46 [ 508.378337][ T824] usb usb6-port1: attempt power cycle [ 508.802012][ T824] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 508.830500][ T824] usb 6-1: device descriptor read/8, error -71 [ 508.870796][T13727] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2853'. [ 509.119892][ T824] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 509.168840][ T824] usb 6-1: device descriptor read/8, error -71 [ 509.288269][ T824] usb usb6-port1: unable to enumerate USB device [ 509.347259][ T5228] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 510.028995][ T39] audit: type=1400 audit(1721629170.654:440): avc: denied { setattr } for pid=13749 comm="syz.2.2860" name="bus" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 510.315067][T13754] capability: warning: `syz.1.2862' uses 32-bit capabilities (legacy support in use) [ 510.378363][ T35] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 510.395346][T13754] FAULT_INJECTION: forcing a failure. [ 510.395346][T13754] name failslab, interval 1, probability 0, space 0, times 1 [ 510.400407][T13754] CPU: 0 PID: 13754 Comm: syz.1.2862 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 510.404287][T13754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 510.408484][T13754] Call Trace: [ 510.409904][T13754] [ 510.411172][T13754] dump_stack_lvl+0x16c/0x1f0 [ 510.413207][T13754] should_fail_ex+0x497/0x5b0 [ 510.415262][T13754] should_failslab+0x9/0x20 [ 510.417194][T13754] __kmalloc_noprof+0xcb/0x400 [ 510.419257][T13754] ? __pfx_lock_acquire+0x10/0x10 [ 510.421366][T13754] tomoyo_realpath_from_path+0xb9/0x720 [ 510.423742][T13754] ? tomoyo_profile+0x47/0x60 [ 510.425745][T13754] tomoyo_path_number_perm+0x245/0x590 [ 510.428047][T13754] ? tomoyo_path_number_perm+0x232/0x590 [ 510.430439][T13754] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 510.432896][T13754] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 510.435187][T13754] ? __fget_files+0x256/0x400 [ 510.437148][T13754] security_file_ioctl+0x75/0xc0 [ 510.439272][T13754] __x64_sys_ioctl+0xbb/0x220 [ 510.441145][T13754] do_syscall_64+0xcd/0x250 [ 510.443086][T13754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.445551][T13754] RIP: 0033:0x7f908e375b59 [ 510.447450][T13754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.455053][T13754] RSP: 002b:00007f908ddff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 510.457980][T13754] RAX: ffffffffffffffda RBX: 00007f908e505f60 RCX: 00007f908e375b59 [ 510.461335][T13754] RDX: 0000000000000000 RSI: 0000000000003305 RDI: 0000000000000003 [ 510.464570][T13754] RBP: 00007f908ddff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 510.467682][T13754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.470592][T13754] R13: 000000000000000b R14: 00007f908e505f60 R15: 00007ffd353a6898 [ 510.473489][T13754] [ 510.475997][T13754] ERROR: Out of memory at tomoyo_realpath_from_path. [ 510.483110][ T39] audit: type=1400 audit(1721629171.104:441): avc: denied { ioctl } for pid=13753 comm="syz.1.2862" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 510.568859][ T35] usb 7-1: Using ep0 maxpacket: 8 [ 510.576124][ T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 510.581178][ T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 510.584758][ T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 510.589836][ T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 510.596115][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 510.601458][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 510.606711][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 510.613058][ T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 510.621563][ T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 510.624961][ T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 510.631612][ T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 510.636692][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 510.642228][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 510.647587][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 510.653758][ T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 510.664610][ T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 510.664631][ T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 510.664683][ T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 510.677673][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 510.685112][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 510.690985][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 510.701136][ T35] usb 7-1: string descriptor 0 read error: -22 [ 510.703768][ T35] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 510.707242][ T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.722615][ T35] adutux 7-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 510.846250][T13766] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 510.851307][T13766] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 510.929514][ T824] usb 7-1: USB disconnect, device number 26 [ 511.671862][ T39] audit: type=1400 audit(1721629172.284:442): avc: denied { connect } for pid=13777 comm="syz.3.2869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 511.681265][ T39] audit: type=1400 audit(1721629172.284:443): avc: denied { write } for pid=13777 comm="syz.3.2869" laddr=fe80::a lport=1 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 511.733752][T13782] FAULT_INJECTION: forcing a failure. [ 511.733752][T13782] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 511.747701][T13782] CPU: 0 PID: 13782 Comm: syz.3.2871 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 511.749177][T13780] netlink: 'syz.1.2870': attribute type 1 has an invalid length. [ 511.751741][T13782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 511.759543][T13782] Call Trace: [ 511.760965][T13782] [ 511.762232][T13782] dump_stack_lvl+0x16c/0x1f0 [ 511.764206][T13782] should_fail_ex+0x497/0x5b0 [ 511.766027][T13782] ? fs_reclaim_acquire+0xae/0x160 [ 511.768178][T13782] __should_fail_alloc_page+0xe7/0x130 [ 511.770456][T13782] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 511.772996][T13782] ? __pfx_mark_lock+0x10/0x10 [ 511.774810][T13782] __alloc_pages_noprof+0x194/0x2460 [ 511.776787][T13782] ? hlock_class+0x4e/0x130 [ 511.778585][T13782] ? mark_lock+0xb5/0xc60 [ 511.780459][T13782] ? __pfx___lock_acquire+0x10/0x10 [ 511.782662][T13782] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 511.785020][T13782] ? __lock_acquire+0xbdd/0x3cb0 [ 511.787081][T13782] ? __module_address+0x55/0x3c0 [ 511.789191][T13782] ? __pfx___lock_acquire+0x10/0x10 [ 511.791402][T13782] ? mark_lock+0xb5/0xc60 [ 511.793157][T13782] ? hlock_class+0x4e/0x130 [ 511.795088][T13782] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 511.797543][T13782] ? policy_nodemask+0xea/0x4e0 [ 511.799612][T13782] alloc_pages_mpol_noprof+0x275/0x610 [ 511.801886][T13782] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 511.804374][T13782] ? __pfx_lock_release+0x10/0x10 [ 511.806552][T13782] shmem_alloc_folio+0x114/0x150 [ 511.808526][T13782] shmem_alloc_and_add_folio+0x14f/0x790 [ 511.810628][T13782] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 511.812923][T13782] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 511.815108][T13782] ? __shmem_is_huge+0x213/0x300 [ 511.816982][T13782] shmem_get_folio_gfp+0x687/0x13d0 [ 511.819081][T13782] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 511.821485][T13782] ? __pfx_down_write+0x10/0x10 [ 511.823380][T13782] shmem_fallocate+0x7c5/0xfb0 [ 511.825186][T13782] ? __pfx_shmem_fallocate+0x10/0x10 [ 511.827587][T13782] ? ksys_write+0x21c/0x260 [ 511.829431][T13782] ? __pfx___lock_acquire+0x10/0x10 [ 511.831649][T13782] ? __pfx_lock_acquire+0x10/0x10 [ 511.833758][T13782] ? avc_policy_seqno+0x9/0x20 [ 511.835787][T13782] ? selinux_file_permission+0x125/0x590 [ 511.838163][T13782] ? __pfx_shmem_fallocate+0x10/0x10 [ 511.840407][T13782] vfs_fallocate+0x4ca/0xfc0 [ 511.842384][T13782] __x64_sys_fallocate+0xd5/0x140 [ 511.844275][T13782] do_syscall_64+0xcd/0x250 [ 511.846071][T13782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.848616][T13782] RIP: 0033:0x7f2754975b59 [ 511.850537][T13782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 511.857946][T13782] RSP: 002b:00007f2755704048 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 511.861459][T13782] RAX: ffffffffffffffda RBX: 00007f2754b05f60 RCX: 00007f2754975b59 [ 511.864789][T13782] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 511.867863][T13782] RBP: 00007f27557040a0 R08: 0000000000000000 R09: 0000000000000000 [ 511.870913][T13782] R10: 000000000010fff9 R11: 0000000000000246 R12: 0000000000000001 [ 511.873910][T13782] R13: 000000000000000b R14: 00007f2754b05f60 R15: 00007ffd7d591dc8 [ 511.876977][T13782] [ 511.879592][ T39] audit: type=1326 audit(1721629172.504:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000 [ 511.891990][ T39] audit: type=1326 audit(1721629172.504:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000 [ 511.904038][ T39] audit: type=1326 audit(1721629172.504:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000 [ 511.918078][ T39] audit: type=1326 audit(1721629172.514:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000 [ 511.936063][ T39] audit: type=1326 audit(1721629172.514:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000 [ 511.947369][ T39] audit: type=1326 audit(1721629172.514:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13784 comm="syz.2.2872" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc91bf75b59 code=0x7ffc0000 [ 512.534720][T13804] FAULT_INJECTION: forcing a failure. [ 512.534720][T13804] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 512.588191][T13804] CPU: 1 PID: 13804 Comm: syz.1.2878 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 512.593179][T13804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 512.597988][T13804] Call Trace: [ 512.599455][T13804] [ 512.600700][T13804] dump_stack_lvl+0x16c/0x1f0 [ 512.602763][T13804] should_fail_ex+0x497/0x5b0 [ 512.604844][T13804] _copy_from_user+0x30/0xf0 [ 512.606904][T13804] bpf_prog_load+0x1bc1/0x2660 [ 512.608765][T13804] ? __pfx_bpf_prog_load+0x10/0x10 [ 512.611150][T13804] ? avc_has_perm+0x11b/0x1c0 [ 512.613239][T13804] ? selinux_bpf+0xde/0x130 [ 512.615173][T13804] ? security_bpf+0x8c/0xc0 [ 512.617197][T13804] __sys_bpf+0x8e9/0x4a20 [ 512.619227][T13804] ? ksys_write+0x21c/0x260 [ 512.621479][T13804] ? reacquire_held_locks+0x3e0/0x4c0 [ 512.624040][T13804] ? __pfx___sys_bpf+0x10/0x10 [ 512.626247][T13804] ? vfs_write+0x14d/0x1140 [ 512.628223][T13804] ? __mutex_unlock_slowpath+0x164/0x650 [ 512.630598][T13804] ? fput+0x32/0x390 [ 512.632255][T13804] ? ksys_write+0x1ab/0x260 [ 512.634240][T13804] ? __pfx_ksys_write+0x10/0x10 [ 512.636250][T13804] __x64_sys_bpf+0x78/0xc0 [ 512.637924][T13804] ? lockdep_hardirqs_on+0x7c/0x110 [ 512.640298][T13804] do_syscall_64+0xcd/0x250 [ 512.642356][T13804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.644475][T13804] RIP: 0033:0x7f908e375b59 [ 512.646198][T13804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 512.654474][T13804] RSP: 002b:00007f908ddff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 512.662901][T13804] RAX: ffffffffffffffda RBX: 00007f908e505f60 RCX: 00007f908e375b59 [ 512.667595][T13804] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000005 [ 512.671593][T13804] RBP: 00007f908ddff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 512.675323][T13804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.678996][T13804] R13: 000000000000000b R14: 00007f908e505f60 R15: 00007ffd353a6898 [ 512.682853][T13804] [ 513.060520][T13814] overlayfs: failed to resolve './file1': -2 [ 513.067299][T13814] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2882'. [ 513.240428][T13818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2884'. [ 513.782899][T13828] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2887'. [ 513.800734][T13826] netlink: 'syz.1.2886': attribute type 1 has an invalid length. [ 514.088427][ T56] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 514.125128][T13833] FAULT_INJECTION: forcing a failure. [ 514.125128][T13833] name failslab, interval 1, probability 0, space 0, times 0 [ 514.131197][T13833] CPU: 1 PID: 13833 Comm: syz.3.2888 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 514.135691][T13833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 514.140688][T13833] Call Trace: [ 514.142287][T13833] [ 514.143676][T13833] dump_stack_lvl+0x16c/0x1f0 [ 514.145837][T13833] should_fail_ex+0x497/0x5b0 [ 514.148009][T13833] should_failslab+0x9/0x20 [ 514.150039][T13833] __kmalloc_cache_noprof+0x6b/0x300 [ 514.152510][T13833] ? rcu_is_watching+0x12/0xc0 [ 514.154756][T13833] ? call_usermodehelper_setup+0x9a/0x340 [ 514.157364][T13833] ? __pfx_free_modprobe_argv+0x10/0x10 [ 514.159902][T13833] call_usermodehelper_setup+0x9a/0x340 [ 514.162176][T13833] __request_module+0x3d6/0x6c0 [ 514.164090][T13833] ? dev_load+0x221/0x240 [ 514.165910][T13833] ? __pfx___request_module+0x10/0x10 [ 514.168187][T13833] ? find_held_lock+0x2d/0x110 [ 514.170277][T13833] ? __pfx_lock_release+0x10/0x10 [ 514.172540][T13833] ? cap_capable+0x1cf/0x240 [ 514.174518][T13833] ? dev_load+0x1c0/0x240 [ 514.176322][T13833] dev_load+0x221/0x240 [ 514.177819][T13833] dev_ioctl+0x19c/0x10c0 [ 514.179548][T13833] sock_ioctl+0x5bf/0x6c0 [ 514.181413][T13833] ? __pfx_sock_ioctl+0x10/0x10 [ 514.183533][T13833] ? selinux_file_ioctl+0x180/0x270 [ 514.185665][T13833] ? selinux_file_ioctl+0xb4/0x270 [ 514.187885][T13833] ? __pfx_sock_ioctl+0x10/0x10 [ 514.189659][T13833] __x64_sys_ioctl+0x193/0x220 [ 514.191744][T13833] do_syscall_64+0xcd/0x250 [ 514.193737][T13833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.196245][T13833] RIP: 0033:0x7f2754975b59 [ 514.198143][T13833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 514.206097][T13833] RSP: 002b:00007f2755704048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 514.209466][T13833] RAX: ffffffffffffffda RBX: 00007f2754b05f60 RCX: 00007f2754975b59 [ 514.212102][T13833] RDX: 0000000020000100 RSI: 00000000000089f2 RDI: 0000000000000004 [ 514.214787][T13833] RBP: 00007f27557040a0 R08: 0000000000000000 R09: 0000000000000000 [ 514.217629][T13833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 514.221435][T13833] R13: 000000000000000b R14: 00007f2754b05f60 R15: 00007ffd7d591dc8 [ 514.225213][T13833] [ 514.303307][T13836] warning: `syz.3.2889' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 514.328145][ T56] usb 6-1: Using ep0 maxpacket: 8 [ 514.332823][ T56] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 514.341473][ T56] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 514.356217][ T56] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.580259][ T56] usb 6-1: USB disconnect, device number 36 [ 514.634492][T13844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 514.747401][T13847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 515.127175][ T39] kauditd_printk_skb: 143 callbacks suppressed [ 515.127192][ T39] audit: type=1400 audit(1721629175.744:593): avc: denied { getopt } for pid=13848 comm="syz.1.2893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 515.448892][T13856] FAULT_INJECTION: forcing a failure. [ 515.448892][T13856] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 515.454920][T13856] CPU: 3 PID: 13856 Comm: syz.2.2896 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 515.459134][T13856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 515.463476][T13856] Call Trace: [ 515.464971][T13856] [ 515.466108][T13856] dump_stack_lvl+0x16c/0x1f0 [ 515.467939][T13856] should_fail_ex+0x497/0x5b0 [ 515.469892][T13856] _copy_from_user+0x30/0xf0 [ 515.472042][T13856] con_set_cmap+0x9a/0x840 [ 515.474126][T13856] ? __pfx_con_set_cmap+0x10/0x10 [ 515.476342][T13856] ? security_capable+0x98/0xd0 [ 515.478266][T13856] vt_ioctl+0x8f3/0x2f80 [ 515.479883][T13856] ? __pfx_vt_ioctl+0x10/0x10 [ 515.481854][T13856] ? kfree+0x12a/0x3b0 [ 515.483704][T13856] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 515.486333][T13856] ? do_vfs_ioctl+0x515/0x1ad0 [ 515.488542][T13856] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 515.490931][T13856] ? tty_jobctrl_ioctl+0x152/0xe00 [ 515.493215][T13856] ? __pfx_vt_ioctl+0x10/0x10 [ 515.495342][T13856] tty_ioctl+0x65d/0x15f0 [ 515.497068][T13856] ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x470 [ 515.499710][T13856] ? __pfx_tty_ioctl+0x10/0x10 [ 515.501688][T13856] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 515.504686][T13856] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 515.507326][T13856] ? selinux_file_ioctl+0x180/0x270 [ 515.509205][T13856] ? selinux_file_ioctl+0xb4/0x270 [ 515.511390][T13856] ? __pfx_tty_ioctl+0x10/0x10 [ 515.513477][T13856] __x64_sys_ioctl+0x193/0x220 [ 515.515574][T13856] do_syscall_64+0xcd/0x250 [ 515.518067][T13856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.520772][T13856] RIP: 0033:0x7fc91bf75b59 [ 515.523052][T13856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 515.532586][T13856] RSP: 002b:00007fc91cd63048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 515.537033][T13856] RAX: ffffffffffffffda RBX: 00007fc91c105f60 RCX: 00007fc91bf75b59 [ 515.541394][T13856] RDX: 0000000020000440 RSI: 0000000000004b71 RDI: 0000000000000003 [ 515.544911][T13856] RBP: 00007fc91cd630a0 R08: 0000000000000000 R09: 0000000000000000 [ 515.548637][T13856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 515.551932][T13856] R13: 000000000000000b R14: 00007fc91c105f60 R15: 00007ffe901a7938 [ 515.555704][T13856] [ 515.624411][T13861] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2898'. [ 515.706906][T13867] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2901'. [ 515.953913][ T35] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 516.148321][ T35] usb 7-1: Using ep0 maxpacket: 8 [ 516.152076][ T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 516.166048][ T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 516.187016][ T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 516.196623][ T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 516.213770][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 516.247345][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 516.253135][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 516.259522][ T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 516.265539][ T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 516.271280][ T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 516.275386][ T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 516.280833][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 516.285324][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 516.294341][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 516.305067][ T35] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 516.314962][ T35] usb 7-1: config 246 descriptor has 1 excess byte, ignoring [ 516.319696][ T35] usb 7-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 516.323782][ T35] usb 7-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 516.348001][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 516.355978][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 516.374582][ T35] usb 7-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 516.382396][ T35] usb 7-1: string descriptor 0 read error: -22 [ 516.385273][ T35] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 516.389296][ T35] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.403041][ T35] adutux 7-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 516.610441][T12921] usb 7-1: USB disconnect, device number 27 [ 517.109695][T13879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.039503][T13893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 518.286261][T13898] input: syz0 as /devices/virtual/input/input17 [ 519.009641][ T39] audit: type=1400 audit(1721629179.614:594): avc: denied { read } for pid=13905 comm="syz.0.2912" path="socket:[50351]" dev="sockfs" ino=50351 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 519.029124][ T39] audit: type=1400 audit(1721629179.634:595): avc: denied { create } for pid=13904 comm="syz.1.2914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 519.056382][T13911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2915'. [ 519.534703][T13939] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2918'. [ 520.068670][T13955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 520.408125][T13959] evm: overlay not supported [ 520.428261][ T39] audit: type=1800 audit(1721629181.044:596): pid=13959 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2921" name="file1" dev="overlay" ino=2182 res=0 errno=0 [ 520.904331][T13976] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2927'. [ 521.436579][T13984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2930'. [ 521.622149][T13988] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2931'. [ 521.842410][T13991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2932'. [ 522.004754][T13997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 522.567980][ T56] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 522.759078][ T56] usb 5-1: Using ep0 maxpacket: 8 [ 522.763753][ T56] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 522.768850][ T56] usb 5-1: config 0 has no interfaces? [ 522.773327][ T56] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 522.777605][ T56] usb 5-1: config 0 has no interfaces? [ 522.781601][ T56] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 522.786571][ T56] usb 5-1: config 0 has no interfaces? [ 522.792795][ T56] usb 5-1: string descriptor 0 read error: -22 [ 522.796137][ T56] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 522.800661][ T56] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.809684][ T56] usb 5-1: config 0 descriptor?? [ 522.849903][T14012] FAULT_INJECTION: forcing a failure. [ 522.849903][T14012] name failslab, interval 1, probability 0, space 0, times 0 [ 522.858889][T14012] CPU: 0 PID: 14012 Comm: syz.2.2939 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 522.863046][T14012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 522.867794][T14012] Call Trace: [ 522.869298][T14012] [ 522.870634][T14012] dump_stack_lvl+0x16c/0x1f0 [ 522.872752][T14012] should_fail_ex+0x497/0x5b0 [ 522.874804][T14012] should_failslab+0x9/0x20 [ 522.876803][T14012] __kmalloc_cache_noprof+0x6b/0x300 [ 522.879066][T14012] ? cma_alloc_port+0x9a/0x5b0 [ 522.881069][T14012] cma_alloc_port+0x9a/0x5b0 [ 522.883086][T14012] rdma_bind_addr_dst+0x1efd/0x2d50 [ 522.885385][T14012] ? __pfx_mark_lock+0x10/0x10 [ 522.887493][T14012] cma_bind_addr+0x2b7/0x300 [ 522.889461][T14012] ? __pfx_cma_bind_addr+0x10/0x10 [ 522.891666][T14012] ? mark_held_locks+0x9f/0xe0 [ 522.893771][T14012] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 522.896376][T14012] rdma_resolve_addr+0x132/0x1fd0 [ 522.898566][T14012] ? trace_contention_end+0xea/0x140 [ 522.900812][T14012] ? __mutex_lock+0x1a6/0x9c0 [ 522.902885][T14012] ? __pfx_rdma_resolve_addr+0x10/0x10 [ 522.905267][T14012] ? do_raw_spin_unlock+0x172/0x230 [ 522.907520][T14012] ? __pfx_ucma_get_ctx+0x10/0x10 [ 522.909651][T14012] ? ucma_resolve_addr+0x1ab/0x270 [ 522.911887][T14012] ucma_resolve_addr+0x1ab/0x270 [ 522.914069][T14012] ? __might_fault+0x13b/0x190 [ 522.916351][T14012] ? __pfx_ucma_resolve_addr+0x10/0x10 [ 522.918758][T14012] ? __might_fault+0xe3/0x190 [ 522.920859][T14012] ? __pfx_ucma_resolve_addr+0x10/0x10 [ 522.923113][T14012] ucma_write+0x205/0x340 [ 522.924934][T14012] ? __pfx_ucma_write+0x10/0x10 [ 522.926990][T14012] ? security_file_permission+0x98/0xc0 [ 522.929366][T14012] ? __pfx_ucma_write+0x10/0x10 [ 522.931484][T14012] vfs_write+0x29a/0x1140 [ 522.933363][T14012] ? __pfx_vfs_write+0x10/0x10 [ 522.935466][T14012] ? __fget_files+0x256/0x400 [ 522.937487][T14012] ? __fget_light+0x173/0x210 [ 522.939411][T14012] ksys_write+0x1f8/0x260 [ 522.941285][T14012] ? __pfx_ksys_write+0x10/0x10 [ 522.943482][T14012] do_syscall_64+0xcd/0x250 [ 522.945540][T14012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.948193][T14012] RIP: 0033:0x7fc91bf75b59 [ 522.950040][T14012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.958405][T14012] RSP: 002b:00007fc91cd63048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 522.961662][T14012] RAX: ffffffffffffffda RBX: 00007fc91c105f60 RCX: 00007fc91bf75b59 [ 522.965264][T14012] RDX: 0000000000000118 RSI: 0000000020000b00 RDI: 0000000000000003 [ 522.968640][T14012] RBP: 00007fc91cd630a0 R08: 0000000000000000 R09: 0000000000000000 [ 522.972017][T14012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 522.975366][T14012] R13: 000000000000000b R14: 00007fc91c105f60 R15: 00007ffe901a7938 [ 522.978729][T14012] [ 523.021127][ T56] usb 5-1: USB disconnect, device number 47 [ 523.055598][T14016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2941'. [ 524.341237][ T39] audit: type=1400 audit(1721629184.964:597): avc: denied { getopt } for pid=14025 comm="syz.1.2944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 524.417405][T14028] kvm: emulating exchange as write [ 524.634682][T14031] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2945'. [ 525.437955][ T10] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 525.637908][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 525.642227][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 525.647283][ T10] usb 6-1: config 0 has no interfaces? [ 525.654471][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 525.658990][ T10] usb 6-1: config 0 has no interfaces? [ 525.662829][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 525.667539][ T10] usb 6-1: config 0 has no interfaces? [ 525.675588][ T10] usb 6-1: string descriptor 0 read error: -22 [ 525.678713][ T10] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 525.682626][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.693915][ T10] usb 6-1: config 0 descriptor?? [ 525.905809][ T35] usb 6-1: USB disconnect, device number 37 [ 526.464391][T14065] capability: warning: `syz.0.2958' uses deprecated v2 capabilities in a way that may be insecure [ 526.673456][T14069] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2960'. [ 526.758401][ T39] audit: type=1400 audit(1721629187.364:598): avc: denied { bind } for pid=14064 comm="syz.0.2958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 527.570346][T14081] netlink: 'syz.1.2963': attribute type 1 has an invalid length. [ 527.856722][ T6600] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 528.057881][ T6600] usb 6-1: Using ep0 maxpacket: 8 [ 528.062429][ T6600] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 528.066751][ T6600] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 528.072641][ T6600] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 528.076608][ T6600] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 528.085343][ T6600] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 528.091487][ T6600] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.122700][ T6600] usbtmc 6-1:16.0: bulk endpoints not found [ 528.198200][ T5288] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 528.326984][ T5279] usb 6-1: USB disconnect, device number 38 [ 528.401939][ T5288] usb 5-1: Using ep0 maxpacket: 8 [ 528.419003][ T5288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 528.423918][ T5288] usb 5-1: config 0 has no interfaces? [ 528.428294][ T5288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 528.432884][ T5288] usb 5-1: config 0 has no interfaces? [ 528.437478][ T5288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 528.442272][ T5288] usb 5-1: config 0 has no interfaces? [ 528.449771][ T5288] usb 5-1: string descriptor 0 read error: -22 [ 528.453012][ T5288] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 528.456605][ T5288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.460922][ T5288] usb 5-1: config 0 descriptor?? [ 528.677583][ T824] usb 5-1: USB disconnect, device number 48 [ 528.798087][ T5228] Bluetooth: hci0: command 0x206a tx timeout [ 528.821198][ T5224] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 528.924323][ T39] audit: type=1400 audit(1721629189.544:599): avc: denied { ioctl } for pid=14106 comm="syz.3.2974" path="socket:[52229]" dev="sockfs" ino=52229 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 529.059643][T14115] cgroup: No subsys list or none specified [ 529.493823][T14125] FAULT_INJECTION: forcing a failure. [ 529.493823][T14125] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 529.514888][T14125] CPU: 3 PID: 14125 Comm: syz.2.2979 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 529.519595][T14125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 529.524457][T14125] Call Trace: [ 529.525968][T14125] [ 529.527276][T14125] dump_stack_lvl+0x16c/0x1f0 [ 529.529488][T14125] should_fail_ex+0x497/0x5b0 [ 529.531709][T14125] _copy_from_user+0x30/0xf0 [ 529.533818][T14125] bpf_prog_load+0x1bc1/0x2660 [ 529.535971][T14125] ? __pfx_bpf_prog_load+0x10/0x10 [ 529.538055][T14125] ? avc_has_perm+0x11b/0x1c0 [ 529.540141][T14125] ? selinux_bpf+0xde/0x130 [ 529.542166][T14125] ? security_bpf+0x8c/0xc0 [ 529.544164][T14125] __sys_bpf+0x8e9/0x4a20 [ 529.546089][T14125] ? ksys_write+0x21c/0x260 [ 529.548189][T14125] ? reacquire_held_locks+0x3e0/0x4c0 [ 529.551061][T14125] ? __pfx___sys_bpf+0x10/0x10 [ 529.553623][T14125] ? vfs_write+0x14d/0x1140 [ 529.555655][T14125] ? __mutex_unlock_slowpath+0x164/0x650 [ 529.558174][T14125] ? fput+0x32/0x390 [ 529.559936][T14125] ? ksys_write+0x1ab/0x260 [ 529.562018][T14125] ? __pfx_ksys_write+0x10/0x10 [ 529.564182][T14125] __x64_sys_bpf+0x78/0xc0 [ 529.566158][T14125] ? lockdep_hardirqs_on+0x7c/0x110 [ 529.568528][T14125] do_syscall_64+0xcd/0x250 [ 529.570643][T14125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.573288][T14125] RIP: 0033:0x7fc91bf75b59 [ 529.575274][T14125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 529.583595][T14125] RSP: 002b:00007fc91cd63048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 529.587248][T14125] RAX: ffffffffffffffda RBX: 00007fc91c105f60 RCX: 00007fc91bf75b59 [ 529.590488][T14125] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000005 [ 529.593502][T14125] RBP: 00007fc91cd630a0 R08: 0000000000000000 R09: 0000000000000000 [ 529.596990][T14125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 529.600450][T14125] R13: 000000000000000b R14: 00007fc91c105f60 R15: 00007ffe901a7938 [ 529.603873][T14125] [ 529.605413][ C3] vkms_vblank_simulate: vblank timer overrun [ 529.833832][ C3] vkms_vblank_simulate: vblank timer overrun [ 531.576253][T14141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2984'. [ 531.648391][T14142] netlink: 'syz.0.2983': attribute type 1 has an invalid length. [ 531.937985][ T824] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 532.127949][ T824] usb 5-1: Using ep0 maxpacket: 8 [ 532.139643][ T824] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 532.144230][ T824] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 532.149716][ T824] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 532.154312][ T824] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 532.161847][ T824] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 532.166208][ T824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.176178][ T824] usbtmc 5-1:16.0: bulk endpoints not found [ 532.380686][ T5288] usb 5-1: USB disconnect, device number 49 [ 532.504714][T14150] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 532.965748][T14152] netlink: 4848 bytes leftover after parsing attributes in process `syz.0.2987'. [ 532.979849][T14152] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2987'. [ 533.064177][T14154] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2988'. [ 533.934376][T14161] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2990'. [ 534.858135][T14172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2994'. [ 535.228291][T14177] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2995'. [ 535.777381][T14179] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2996'. [ 535.782593][ T39] audit: type=1400 audit(1721629196.404:600): avc: denied { unmount } for pid=8858 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 535.912643][T14183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 536.397933][ T5224] Bluetooth: hci0: command 0x206a tx timeout [ 536.397983][ T5228] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 537.100011][ T5228] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3 [ 537.760218][T14201] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3004'. [ 538.028073][ T10] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 538.219551][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 538.224290][ T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 538.232613][ T10] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 538.237121][ T10] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 538.245032][ T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 538.248840][ T10] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 538.253993][ T10] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 538.262540][ T10] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 538.266658][ T10] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 538.272243][ T10] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 538.280163][ T10] usb 5-1: string descriptor 0 read error: -22 [ 538.285730][ T10] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 538.295329][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.512289][ T10] usb 5-1: USB disconnect, device number 50 [ 539.135665][T14220] Cannot find set identified by id 498 to match [ 539.281951][ T39] audit: type=1400 audit(1721629199.904:601): avc: denied { mount } for pid=14219 comm="syz.0.3009" name="/" dev="ramfs" ino=51376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 539.335473][ T5224] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 539.343350][ T5224] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 539.349420][ T5224] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 539.351850][ T39] audit: type=1400 audit(1721629199.974:602): avc: denied { mount } for pid=14219 comm="syz.0.3009" name="/" dev="autofs" ino=50624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 539.373265][ T5224] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 539.374606][ T39] audit: type=1400 audit(1721629199.974:603): avc: denied { read } for pid=14219 comm="syz.0.3009" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 539.390482][ T5224] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 539.394330][ T5224] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 539.418241][ T39] audit: type=1400 audit(1721629199.974:604): avc: denied { open } for pid=14219 comm="syz.0.3009" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 539.441052][ T39] audit: type=1400 audit(1721629199.984:605): avc: denied { ioctl } for pid=14219 comm="syz.0.3009" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x937c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 539.513780][ T39] audit: type=1400 audit(1721629200.134:606): avc: denied { unmount } for pid=10927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 539.540906][ T39] audit: type=1400 audit(1721629200.154:607): avc: denied { unmount } for pid=10927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 539.665801][ T39] audit: type=1400 audit(1721629200.284:608): avc: denied { module_request } for pid=14222 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 539.706116][ T39] audit: type=1400 audit(1721629200.304:609): avc: denied { listen } for pid=14225 comm="syz.0.3011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 539.714793][T14222] chnl_net:caif_netlink_parms(): no params data found [ 539.784862][T14233] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 539.859234][T14222] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.861978][T14222] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.865442][T14222] bridge_slave_0: entered allmulticast mode [ 539.872357][T14222] bridge_slave_0: entered promiscuous mode [ 539.877737][T14222] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.881101][T14222] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.884516][T14222] bridge_slave_1: entered allmulticast mode [ 539.892574][T14222] bridge_slave_1: entered promiscuous mode [ 539.961035][T14222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.967927][ T35] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 539.972571][T14222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 540.040366][T14222] team0: Port device team_slave_0 added [ 540.047395][T14222] team0: Port device team_slave_1 added [ 540.107235][T14222] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 540.110406][T14222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.122019][T14222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 540.128455][T14222] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 540.131356][T14222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.145290][T14222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.173671][ T35] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 540.179898][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 540.187865][ T35] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 540.192710][ T35] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 540.197764][ T35] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 540.201823][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.212263][ T35] usb 5-1: config 0 descriptor?? [ 540.215247][T14230] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 540.231855][T14222] hsr_slave_0: entered promiscuous mode [ 540.253235][T14222] hsr_slave_1: entered promiscuous mode [ 540.267716][T14222] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 540.273031][T14222] Cannot create hsr debugfs directory [ 540.582908][T14222] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.632914][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.636434][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.640127][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.643457][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.646556][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.650551][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.653827][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.657685][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.661850][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.665211][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.668640][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.673028][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.675919][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.680267][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.683519][ T35] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 540.687456][ T35] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 540.694235][ T35] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 540.701450][T14222] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.810561][T14222] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.898995][T14222] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 540.901821][ T5288] usb 5-1: USB disconnect, device number 51 [ 541.057115][T14222] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 541.064373][T14222] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 541.077030][T14222] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 541.083009][T14222] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 541.203871][T14222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.244069][T14222] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.274047][ T824] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.278325][ T824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.289939][ T824] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.293933][ T824] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.438177][ T5224] Bluetooth: hci5: command tx timeout [ 541.538210][T14245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3015'. [ 541.570396][T14222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 541.630600][T14222] veth0_vlan: entered promiscuous mode [ 541.644016][T14222] veth1_vlan: entered promiscuous mode [ 541.685587][T14222] veth0_macvtap: entered promiscuous mode [ 541.693176][T14222] veth1_macvtap: entered promiscuous mode [ 541.709935][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.714385][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.719541][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.723889][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.727945][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.732468][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.737212][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 541.741695][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.747201][T14222] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 541.756622][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.762219][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.766459][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.778247][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.782655][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.787407][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.791825][T14222] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 541.796090][T14222] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 541.803599][T14222] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 541.810680][T14222] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.814662][T14222] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.818546][T14222] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.822383][T14222] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 541.908708][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.914341][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.940788][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.945034][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.120147][T14253] wg1: entered promiscuous mode [ 542.330672][T14256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3017'. [ 542.368887][T14258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3018'. [ 543.250303][ T5288] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 543.356131][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 543.356146][ T39] audit: type=1400 audit(1721629203.974:612): avc: denied { setopt } for pid=14269 comm="syz.2.3022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 543.367891][T14271] lo: entered allmulticast mode [ 543.396839][T14271] xt_HMARK: proto mask must be zero with L3 mode [ 543.428318][ T5288] usb 6-1: Using ep0 maxpacket: 32 [ 543.432599][ T5288] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 543.436564][ T5288] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 543.453257][ T5288] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 543.464508][ T5288] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 543.471549][ T5288] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 543.475288][ T5288] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 543.482920][ T5288] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 543.486223][ T5288] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.496297][ T5288] usb 6-1: config 0 descriptor?? [ 543.497605][ T39] audit: type=1400 audit(1721629204.114:613): avc: denied { map } for pid=14267 comm="syz.0.3021" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 543.518157][ T5224] Bluetooth: hci5: command tx timeout [ 543.567309][ T39] audit: type=1400 audit(1721629204.114:614): avc: denied { execute } for pid=14267 comm="syz.0.3021" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 543.771431][ T5288] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 39 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 543.786623][ T5288] usb 6-1: USB disconnect, device number 39 [ 543.797123][ T5288] usblp0: removed [ 544.377924][ T5288] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 544.588183][ T5288] usb 6-1: Using ep0 maxpacket: 32 [ 544.595917][ T5288] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 544.608031][ T5288] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 544.612835][ T5288] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 544.628618][ T5288] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 544.633380][ T5288] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 544.637537][ T5288] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 544.648177][ T5288] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 544.655662][ T5288] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.669610][ T5288] usb 6-1: config 0 descriptor?? [ 544.915676][ T5288] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 40 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 544.916743][T14284] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3025'. [ 545.598044][ T5224] Bluetooth: hci5: command tx timeout [ 545.695847][T14291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3028'. [ 545.893418][T14295] raw_sendmsg: syz.2.3029 forgot to set AF_INET. Fix it! [ 546.309928][ T825] usb 6-1: USB disconnect, device number 40 [ 546.316645][ T825] usblp0: removed [ 546.404090][ T39] audit: type=1400 audit(1721629206.994:615): avc: denied { read write } for pid=14299 comm="syz.2.3031" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 546.434845][ T39] audit: type=1400 audit(1721629206.994:616): avc: denied { ioctl open } for pid=14299 comm="syz.2.3031" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 546.536157][ T5224] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3 [ 546.798565][T14312] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 546.807131][T14312] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 547.461210][T14319] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3037'. [ 547.690894][ T5224] Bluetooth: hci5: command tx timeout [ 548.305709][ T5224] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3 [ 548.563257][ T5224] Bluetooth: hci0: command 0x206a tx timeout [ 548.699007][T14350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 550.235999][ T5224] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3 [ 550.241018][T14361] netlink: 'syz.0.3050': attribute type 1 has an invalid length. [ 550.369243][T14368] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 550.370978][T14367] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3052'. [ 550.383118][T14368] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 550.538469][ T825] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 550.738433][ T825] usb 5-1: Using ep0 maxpacket: 8 [ 550.743635][ T825] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 550.758403][ T825] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 550.763007][ T825] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 550.767642][ T825] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 550.773524][ T825] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 550.777485][ T825] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.787719][ T825] usbtmc 5-1:16.0: bulk endpoints not found [ 551.019123][ T825] usb 5-1: USB disconnect, device number 52 [ 551.735515][T14383] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3056'. [ 551.932755][T14389] netlink: 4848 bytes leftover after parsing attributes in process `syz.2.3057'. [ 551.946175][T14389] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3057'. [ 552.238081][ T5224] Bluetooth: hci5: command tx timeout [ 552.417572][T14391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3058'. [ 552.676247][ T5224] Bluetooth: hci5: ACL packet for unknown connection handle 0 [ 552.775066][T14401] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3062'. [ 552.865622][T14406] netlink: 'syz.2.3064': attribute type 1 has an invalid length. [ 553.161901][ T5261] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 553.348235][ T5261] usb 7-1: Using ep0 maxpacket: 8 [ 553.352958][ T5261] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 553.358425][ T5261] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 553.362841][ T5261] usb 7-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 553.367680][ T5261] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 553.404647][ T5261] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 553.408888][ T5261] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.467122][ T5261] usbtmc 7-1:16.0: bulk endpoints not found [ 553.668942][ T5288] usb 7-1: USB disconnect, device number 28 [ 553.779255][T14414] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3066'. [ 553.847531][T14416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3067'. [ 553.879810][ T39] audit: type=1400 audit(1721629214.504:617): avc: denied { create } for pid=14417 comm="syz.1.3068" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 554.287295][T14429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3070'. [ 554.311642][T14431] netlink: 4848 bytes leftover after parsing attributes in process `syz.0.3071'. [ 555.408342][T14456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 556.822360][T14468] netlink: 'syz.2.3080': attribute type 1 has an invalid length. [ 557.128813][ T56] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 557.327861][ T56] usb 7-1: Using ep0 maxpacket: 8 [ 557.339817][ T56] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 557.346901][ T56] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 557.352979][ T56] usb 7-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 557.358942][ T56] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 557.367587][ T56] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 557.371866][ T56] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.390839][ T56] usbtmc 7-1:16.0: bulk endpoints not found [ 557.613791][ T1405] usb 7-1: USB disconnect, device number 29 [ 557.930030][T14476] __nla_validate_parse: 2 callbacks suppressed [ 557.930047][T14476] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3083'. [ 558.144104][T14480] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3084'. [ 561.567381][T14525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3096'. [ 561.928186][ T1405] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 562.114294][ T1405] usb 5-1: Using ep0 maxpacket: 8 [ 562.143443][ T1405] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 562.147543][ T1405] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 562.152289][ T1405] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 562.164207][ T1405] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 562.169479][ T1405] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 562.174113][ T1405] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 562.188335][ T1405] usb 5-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 562.192363][ T1405] usb 5-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 562.196622][ T1405] usb 5-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 562.204408][ T1405] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 562.208555][ T1405] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.212281][ T1405] usb 5-1: Product: syz [ 562.214175][ T1405] usb 5-1: Manufacturer: syz [ 562.216325][ T1405] usb 5-1: SerialNumber: syz [ 562.419300][T14537] netlink: 4848 bytes leftover after parsing attributes in process `syz.2.3101'. [ 562.430399][T14537] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3101'. [ 562.443925][ T1405] usb 5-1: USB disconnect, device number 53 [ 562.615949][ T39] audit: type=1400 audit(1721629223.234:618): avc: denied { unmount } for pid=14222 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 563.122643][T14551] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 563.128987][T14551] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 563.317995][ T39] audit: type=1400 audit(1721629223.944:619): avc: denied { getopt } for pid=14555 comm="syz.2.3107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 563.397520][ T5224] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3 [ 564.570073][ T5224] Bluetooth: hci5: command tx timeout [ 564.806591][T14571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3111'. [ 565.324991][T14579] netlink: 4848 bytes leftover after parsing attributes in process `syz.1.3114'. [ 565.330357][T14579] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3114'. [ 565.381774][T14581] FAULT_INJECTION: forcing a failure. [ 565.381774][T14581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 565.387272][T14581] CPU: 3 PID: 14581 Comm: syz.1.3115 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 565.391286][T14581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 565.395968][T14581] Call Trace: [ 565.397391][T14581] [ 565.398650][T14581] dump_stack_lvl+0x16c/0x1f0 [ 565.400535][T14581] should_fail_ex+0x497/0x5b0 [ 565.402521][T14581] _copy_from_user+0x30/0xf0 [ 565.404471][T14581] __do_sys_landlock_create_ruleset+0x1b3/0x410 [ 565.407172][T14581] ? ksys_write+0x1ab/0x260 [ 565.409148][T14581] ? __pfx___do_sys_landlock_create_ruleset+0x10/0x10 [ 565.412186][T14581] do_syscall_64+0xcd/0x250 [ 565.414217][T14581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.416714][T14581] RIP: 0033:0x7fe7a6b75b59 [ 565.418674][T14581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.426599][T14581] RSP: 002b:00007fe7a79d4048 EFLAGS: 00000246 ORIG_RAX: 00000000000001bc [ 565.430288][T14581] RAX: ffffffffffffffda RBX: 00007fe7a6d05f60 RCX: 00007fe7a6b75b59 [ 565.433737][T14581] RDX: 0000000000000000 RSI: 0000000000000010 RDI: 0000000020000700 [ 565.437168][T14581] RBP: 00007fe7a79d40a0 R08: 0000000000000000 R09: 0000000000000000 [ 565.440604][T14581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.443607][T14581] R13: 000000000000000b R14: 00007fe7a6d05f60 R15: 00007ffce1802c48 [ 565.446951][T14581] [ 565.510591][ T5224] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 565.515024][ T5224] CPU: 2 PID: 5224 Comm: kworker/u33:3 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 565.519120][ T5224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 565.530791][ T5224] Workqueue: hci5 hci_rx_work [ 565.532654][ T5224] Call Trace: [ 565.534009][ T5224] [ 565.535314][ T5224] dump_stack_lvl+0x16c/0x1f0 [ 565.537392][ T5224] sysfs_warn_dup+0x7f/0xa0 [ 565.539287][ T5224] sysfs_create_dir_ns+0x24d/0x2b0 [ 565.541359][ T5224] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 565.543710][ T5224] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 565.545973][ T5224] ? do_raw_spin_unlock+0x172/0x230 [ 565.548122][ T5224] kobject_add_internal+0x2c8/0x990 [ 565.550361][ T5224] kobject_add+0x16f/0x240 [ 565.552283][ T5224] ? __pfx_kobject_add+0x10/0x10 [ 565.554412][ T5224] ? do_raw_spin_unlock+0x172/0x230 [ 565.556600][ T5224] ? kobject_put+0xbe/0x5b0 [ 565.558597][ T5224] device_add+0x289/0x1a70 [ 565.560407][ T5224] ? __pfx_dev_set_name+0x10/0x10 [ 565.562533][ T5224] ? __pfx_device_add+0x10/0x10 [ 565.564516][ T5224] hci_conn_add_sysfs+0x17e/0x230 [ 565.566584][ T5224] hci_conn_complete_evt+0x50e/0x1580 [ 565.568747][ T5224] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 565.571402][ T5224] ? __pfx_hci_conn_complete_evt+0x10/0x10 [ 565.573963][ T5224] ? __asan_memcpy+0x3c/0x60 [ 565.575965][ T5224] ? skb_pull_data+0x166/0x210 [ 565.578092][ T5224] hci_event_packet+0x9eb/0x1180 [ 565.580190][ T5224] ? __pfx_hci_conn_complete_evt+0x10/0x10 [ 565.582675][ T5224] ? __pfx_hci_event_packet+0x10/0x10 [ 565.584986][ T5224] ? mark_held_locks+0x9f/0xe0 [ 565.587089][ T5224] ? kcov_remote_start+0x3d1/0x6e0 [ 565.589267][ T5224] ? lockdep_hardirqs_on+0x7c/0x110 [ 565.591606][ T5224] hci_rx_work+0x2c6/0x1610 [ 565.593552][ T5224] process_one_work+0x9c5/0x1b40 [ 565.595460][ T5224] ? __pfx_lock_acquire+0x10/0x10 [ 565.597384][ T5224] ? __pfx_process_one_work+0x10/0x10 [ 565.599376][ T5224] ? assign_work+0x1a0/0x250 [ 565.601098][ T5224] worker_thread+0x6c8/0xf20 [ 565.602832][ T5224] ? __pfx_worker_thread+0x10/0x10 [ 565.604758][ T5224] kthread+0x2c1/0x3a0 [ 565.606818][ T5224] ? _raw_spin_unlock_irq+0x23/0x50 [ 565.609282][ T5224] ? __pfx_kthread+0x10/0x10 [ 565.611195][ T5224] ret_from_fork+0x45/0x80 [ 565.613037][ T5224] ? __pfx_kthread+0x10/0x10 [ 565.615042][ T5224] ret_from_fork_asm+0x1a/0x30 [ 565.617313][ T5224] [ 565.628864][ T5224] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 565.638016][ T5224] Bluetooth: hci5: failed to register connection device [ 565.906692][T14589] overlayfs: failed to resolve './file1': -2 [ 566.034365][T14592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3120'. [ 566.308119][ T5261] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 566.410854][T14597] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3121'. [ 566.497855][ T5261] usb 7-1: Using ep0 maxpacket: 8 [ 566.501773][ T5261] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 566.505668][ T5261] usb 7-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 566.510592][ T5261] usb 7-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 566.516090][ T5261] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 566.519863][ T5261] usb 7-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 566.524148][ T5261] usb 7-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 566.535037][ T5261] usb 7-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 566.538884][ T5261] usb 7-1: config 246 has an invalid descriptor of length 0, skipping remainder of the config [ 566.542691][ T5261] usb 7-1: config 246 has 0 interfaces, different from the descriptor's value: 42 [ 566.555294][ T5261] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 566.559441][ T5261] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.563353][ T5261] usb 7-1: Product: syz [ 566.565264][ T5261] usb 7-1: Manufacturer: syz [ 566.567462][ T5261] usb 7-1: SerialNumber: syz [ 566.798472][ T5224] Bluetooth: hci0: unexpected event for opcode 0x0c5b [ 566.798770][ T5261] usb 7-1: USB disconnect, device number 30 [ 567.302439][T14604] netlink: 4848 bytes leftover after parsing attributes in process `syz.1.3123'. [ 567.307310][T14604] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3123'. [ 567.688388][ T5224] Bluetooth: hci5: command tx timeout [ 568.090389][T14619] overlayfs: failed to resolve './file1': -2 [ 568.296194][ T5224] Bluetooth: hci0: unexpected event 0x09 length: 17 > 3 [ 568.307244][T14611] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 568.451001][T14626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3131'. [ 568.644972][ T1359] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.649022][ T1359] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.517937][ T5224] Bluetooth: hci0: command 0x206a tx timeout [ 570.045726][T14649] overlayfs: failed to resolve './file1': -2 [ 570.297918][T14652] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 570.305200][T14652] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 570.685775][T14656] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 570.759107][ T5224] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 570.764968][ T5224] CPU: 3 PID: 5224 Comm: kworker/u33:3 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 570.769205][ T5224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 570.773757][ T5224] Workqueue: hci0 hci_rx_work [ 570.775868][ T5224] Call Trace: [ 570.777367][ T5224] [ 570.778825][ T5224] dump_stack_lvl+0x16c/0x1f0 [ 570.781269][ T5224] sysfs_warn_dup+0x7f/0xa0 [ 570.783421][ T5224] sysfs_create_dir_ns+0x24d/0x2b0 [ 570.785752][ T5224] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 570.788409][ T5224] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 570.791056][ T5224] ? do_raw_spin_unlock+0x172/0x230 [ 570.793872][ T5224] kobject_add_internal+0x2c8/0x990 [ 570.796662][ T5224] kobject_add+0x16f/0x240 [ 570.799642][ T5224] ? __pfx_kobject_add+0x10/0x10 [ 570.802185][ T5224] ? do_raw_spin_unlock+0x172/0x230 [ 570.805417][ T5224] ? kobject_put+0xbe/0x5b0 [ 570.807362][ T5224] device_add+0x289/0x1a70 [ 570.809379][ T5224] ? __pfx_dev_set_name+0x10/0x10 [ 570.811593][ T5224] ? __pfx_device_add+0x10/0x10 [ 570.813814][ T5224] hci_conn_add_sysfs+0x17e/0x230 [ 570.815930][ T5224] hci_conn_complete_evt+0x50e/0x1580 [ 570.818610][ T5224] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 570.821282][ T5224] ? __pfx_hci_conn_complete_evt+0x10/0x10 [ 570.824516][ T5224] ? __asan_memcpy+0x3c/0x60 [ 570.826730][ T5224] ? skb_pull_data+0x166/0x210 [ 570.828799][ T5224] hci_event_packet+0x9eb/0x1180 [ 570.831392][ T5224] ? __pfx_hci_conn_complete_evt+0x10/0x10 [ 570.834579][ T5224] ? __pfx_hci_event_packet+0x10/0x10 [ 570.837580][ T5224] ? mark_held_locks+0x9f/0xe0 [ 570.840553][ T5224] ? kcov_remote_start+0x3d1/0x6e0 [ 570.843908][ T5224] ? lockdep_hardirqs_on+0x7c/0x110 [ 570.847487][ T5224] hci_rx_work+0x2c6/0x1610 [ 570.850126][ T5224] process_one_work+0x9c5/0x1b40 [ 570.853090][ T5224] ? __pfx_lock_acquire+0x10/0x10 [ 570.855454][ T5224] ? __pfx_process_one_work+0x10/0x10 [ 570.858183][ T5224] ? assign_work+0x1a0/0x250 [ 570.860625][ T5224] worker_thread+0x6c8/0xf20 [ 570.863057][ T5224] ? __pfx_worker_thread+0x10/0x10 [ 570.865489][ T5224] kthread+0x2c1/0x3a0 [ 570.867477][ T5224] ? _raw_spin_unlock_irq+0x23/0x50 [ 570.869814][ T5224] ? __pfx_kthread+0x10/0x10 [ 570.871880][ T5224] ret_from_fork+0x45/0x80 [ 570.874065][ T5224] ? __pfx_kthread+0x10/0x10 [ 570.876629][ T5224] ret_from_fork_asm+0x1a/0x30 [ 570.879017][ T5224] [ 570.883747][ T5224] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 570.893367][ T5224] Bluetooth: hci0: failed to register connection device [ 570.897415][ T5224] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 570.902456][ T5224] Bluetooth: hci0: Injecting HCI hardware error event [ 570.907262][ T5224] Bluetooth: hci0: hardware error 0x00 [ 571.689868][T14662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3141'. [ 572.579077][ T5228] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3 [ 572.957965][ T5288] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 573.042074][ T5224] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 573.158770][ T5288] usb 5-1: config 0 has an invalid interface number: 76 but max is 3 [ 573.162668][ T5288] usb 5-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 573.166549][ T5288] usb 5-1: config 0 has an invalid interface number: 12 but max is 3 [ 573.176462][ T5288] usb 5-1: config 0 has an invalid interface number: 63 but max is 3 [ 573.181932][ T5288] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 573.190420][ T5288] usb 5-1: config 0 has 3 interfaces, different from the descriptor's value: 4 [ 573.196968][ T5288] usb 5-1: config 0 has no interface number 0 [ 573.206442][ T5288] usb 5-1: config 0 has no interface number 1 [ 573.211225][ T5288] usb 5-1: config 0 has no interface number 2 [ 573.215139][ T5288] usb 5-1: config 0 interface 76 altsetting 8 endpoint 0xE has an invalid bInterval 116, changing to 10 [ 573.222783][ T5288] usb 5-1: config 0 interface 76 altsetting 8 endpoint 0x1 has an invalid bInterval 143, changing to 7 [ 573.234082][ T5288] usb 5-1: config 0 interface 76 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 573.239995][ T5288] usb 5-1: config 0 interface 76 altsetting 8 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 573.244594][ T5288] usb 5-1: config 0 interface 76 altsetting 8 has 7 endpoint descriptors, different from the interface descriptor's value: 13 [ 573.258093][ T5288] usb 5-1: too many endpoints for config 0 interface 12 altsetting 58: 40, using maximum allowed: 30 [ 573.262603][ T5288] usb 5-1: config 0 interface 12 altsetting 58 has a duplicate endpoint with address 0x1, skipping [ 573.270953][ T5288] usb 5-1: config 0 interface 12 altsetting 58 endpoint 0x8 has an invalid bInterval 127, changing to 7 [ 573.286186][ T5288] usb 5-1: config 0 interface 12 altsetting 58 has a duplicate endpoint with address 0xC, skipping [ 573.292857][ T5288] usb 5-1: config 0 interface 12 altsetting 58 has 6 endpoint descriptors, different from the interface descriptor's value: 40 [ 573.307835][ T5288] usb 5-1: config 0 interface 63 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6 [ 573.346434][ T5288] usb 5-1: config 0 interface 76 has no altsetting 0 [ 573.365900][ T5288] usb 5-1: config 0 interface 12 has no altsetting 0 [ 573.372715][ T5288] usb 5-1: Dual-Role OTG device on HNP port [ 573.376434][ T5288] usb 5-1: New USB device found, idVendor=17a8, idProduct=0013, bcdDevice=8e.a6 [ 573.382232][ T5288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.386449][ T5288] usb 5-1: Product: syz [ 573.389316][ T5288] usb 5-1: Manufacturer: syz [ 573.392866][ T5288] usb 5-1: SerialNumber: syz [ 573.449575][ T5288] usb 5-1: config 0 descriptor?? [ 573.460784][ T5288] cp210x 5-1:0.76: cp210x converter detected [ 573.695177][T14682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.701165][T14682] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.710809][T14682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.717048][T14682] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.827940][ T5288] cp210x 5-1:0.76: failed to get vendor val 0x370b size 1: -71 [ 573.831263][ T5288] cp210x 5-1:0.76: querying part number failed [ 573.841760][ T5288] usb 5-1: cp210x converter now attached to ttyUSB0 [ 573.883035][ T5288] cp210x 5-1:0.12: cp210x converter detected [ 573.892967][ T5288] cp210x 5-1:0.12: failed to get vendor val 0x370b size 1: -71 [ 573.915816][ T5288] cp210x 5-1:0.12: querying part number failed [ 573.937934][ T5288] usb 5-1: cp210x converter now attached to ttyUSB1 [ 573.962293][ T5288] cp210x 5-1:0.63: cp210x converter detected [ 573.970780][ T5288] cp210x 5-1:0.63: failed to get vendor val 0x370b size 1: -71 [ 573.987841][ T5288] cp210x 5-1:0.63: querying part number failed [ 573.992843][ T5288] usb 5-1: cp210x converter now attached to ttyUSB2 [ 574.008743][ T5288] usb 5-1: USB disconnect, device number 54 [ 574.018460][ T5288] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 574.022575][ T5288] cp210x 5-1:0.76: device disconnected [ 574.044862][ T5288] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1 [ 574.051508][ T5288] cp210x 5-1:0.12: device disconnected [ 574.059684][ T5288] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2 [ 574.065290][ T5288] cp210x 5-1:0.63: device disconnected [ 574.189187][ T5224] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 574.569166][ T5224] Bluetooth: hci5: ACL packet for unknown connection handle 0 [ 574.972939][ T39] audit: type=1400 audit(1721629235.594:620): avc: denied { unmount } for pid=10927 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 575.091793][T14705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3155'. [ 575.947572][T14715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3159'. [ 577.118059][T14724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 578.305712][T14733] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 578.310270][T14733] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 578.867342][T14743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3167'. [ 579.536406][T14747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3168'. [ 580.393716][T14762] overlayfs: failed to resolve './file0': -2 [ 580.768650][T14767] FAULT_INJECTION: forcing a failure. [ 580.768650][T14767] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 580.776400][T14767] CPU: 0 PID: 14767 Comm: syz.1.3174 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 580.781083][T14767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 580.785642][T14767] Call Trace: [ 580.787136][T14767] [ 580.788488][T14767] dump_stack_lvl+0x16c/0x1f0 [ 580.790892][T14767] should_fail_ex+0x497/0x5b0 [ 580.793324][T14767] _copy_from_user+0x30/0xf0 [ 580.795739][T14767] kstrtouint_from_user+0xd7/0x1c0 [ 580.798449][T14767] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 580.801188][T14767] ? __pfx_lock_acquire+0x10/0x10 [ 580.803476][T14767] proc_fail_nth_write+0x84/0x270 [ 580.805764][T14767] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 580.808114][T14767] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 580.810756][T14767] vfs_write+0x29a/0x1140 [ 580.812629][T14767] ? __fdget_pos+0xeb/0x180 [ 580.814579][T14767] ? __pfx_vfs_write+0x10/0x10 [ 580.816665][T14767] ? __pfx___mutex_lock+0x10/0x10 [ 580.819073][T14767] ? __fget_files+0x256/0x400 [ 580.821177][T14767] ksys_write+0x12f/0x260 [ 580.823267][T14767] ? __pfx_ksys_write+0x10/0x10 [ 580.825470][T14767] do_syscall_64+0xcd/0x250 [ 580.827621][T14767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.830503][T14767] RIP: 0033:0x7fe7a6b746df [ 580.832655][T14767] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 580.842209][T14767] RSP: 002b:00007fe7a7892040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 580.846188][T14767] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe7a6b746df [ 580.849437][T14767] RDX: 0000000000000001 RSI: 00007fe7a78920b0 RDI: 0000000000000007 [ 580.852679][T14767] RBP: 00007fe7a78920a0 R08: 0000000000000000 R09: 0000000000000000 [ 580.855718][T14767] R10: 000000000000019e R11: 0000000000000293 R12: 0000000000000001 [ 580.859232][T14767] R13: 000000000000006e R14: 00007fe7a6d06038 R15: 00007ffce1802c48 [ 580.862999][T14767] [ 580.939262][T14769] syz.2.3175 uses obsolete (PF_INET,SOCK_PACKET) [ 581.298893][T14773] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3178'. [ 581.532938][T14784] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 581.556944][T14784] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 581.626664][ T39] audit: type=1400 audit(1721629242.244:621): avc: denied { setopt } for pid=14778 comm="syz.3.3180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 581.642569][ T39] audit: type=1400 audit(1721629242.244:622): avc: denied { bind } for pid=14778 comm="syz.3.3180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 582.213640][T14788] overlayfs: failed to resolve './file0': -2 [ 582.662269][T14793] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3180'. [ 582.668980][T14793] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3180'. [ 582.673644][T14793] netlink: 652 bytes leftover after parsing attributes in process `syz.3.3180'. [ 582.679577][T14793] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3180'. [ 582.735237][T14795] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3184'. [ 582.848760][T14798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3185'. [ 583.564602][T14811] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3189'. [ 583.624884][T14813] overlayfs: failed to resolve './file0': -2 [ 583.713364][ T5224] Bluetooth: hci5: Ignoring HCI_Connection_Complete for existing connection [ 583.974044][T14820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3192'. [ 584.052490][T14824] Bluetooth: MGMT ver 1.23 [ 584.131932][T14824] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3193'. [ 584.157979][ T39] audit: type=1400 audit(1721629244.784:623): avc: denied { connect } for pid=14822 comm="syz.1.3193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 584.268320][T14826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3194'. [ 584.411965][ T5224] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3 [ 584.755047][T14833] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 584.791988][T14833] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 584.857316][T14837] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3198'. [ 584.934360][ T1093] bridge_slave_1: left allmulticast mode [ 584.939064][ T1093] bridge_slave_1: left promiscuous mode [ 584.944086][ T1093] bridge0: port 2(bridge_slave_1) entered disabled state [ 584.961422][ T1093] bridge_slave_0: left allmulticast mode [ 584.964209][ T1093] bridge_slave_0: left promiscuous mode [ 584.966979][ T1093] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.506451][T14844] overlayfs: failed to resolve './file1': -2 [ 585.596746][ T1093] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 585.604754][ T1093] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 585.640222][ T1093] bond0 (unregistering): Released all slaves [ 586.388512][ T1093] hsr_slave_0: left promiscuous mode [ 586.394417][ T1093] hsr_slave_1: left promiscuous mode [ 586.447557][ T1093] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 586.452104][ T1093] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 586.476456][ T1093] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 586.481860][ T1093] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.488463][ T5224] Bluetooth: hci5: command tx timeout [ 586.563142][ T1093] veth1_macvtap: left promiscuous mode [ 586.565757][ T1093] veth0_macvtap: left promiscuous mode [ 586.568413][ T1093] veth1_vlan: left promiscuous mode [ 586.570504][ T1093] veth0_vlan: left promiscuous mode [ 586.996924][T14860] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3204'. [ 588.636430][ T1093] team0 (unregistering): Port device team_slave_1 removed [ 588.764554][ T1093] team0 (unregistering): Port device team_slave_0 removed [ 589.851985][T14877] overlayfs: failed to resolve './file1': -2 [ 589.925220][T14881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3209'. [ 589.952263][T14882] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14882 comm=syz.2.3210 [ 590.862128][T14900] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3215'. [ 591.281049][ T39] audit: type=1400 audit(1721629251.904:624): avc: denied { view } for pid=14903 comm="syz.2.3216" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 591.781539][T14911] overlayfs: failed to resolve './file1': -2 [ 592.543368][ T5224] Bluetooth: hci5: unexpected event 0x09 length: 17 > 3 [ 592.646953][T14917] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 592.656582][T14917] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 592.793400][T14922] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 592.796440][T14922] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 592.803419][T14922] vhci_hcd vhci_hcd.0: Device attached [ 592.811417][ T39] audit: type=1400 audit(1721629253.434:625): avc: denied { connect } for pid=14919 comm="syz.0.3221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 592.821723][T14923] vhci_hcd: cannot find a urb of seqnum 3 max seqnum 0 [ 592.840030][ T45] vhci_hcd: stop threads [ 592.842182][ T45] vhci_hcd: release socket [ 592.844292][ T45] vhci_hcd: disconnect device [ 592.854545][T14922] tmpfs: Unknown parameter 'usrquotae' [ 592.901315][T14932] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3222'. [ 593.067829][ C2] vkms_vblank_simulate: vblank timer overrun [ 593.643219][T14936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3224'. [ 593.647542][T14936] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3224'. [ 593.771816][T14943] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3226'. [ 593.824815][T14941] [ 593.825938][T14941] ====================================================== [ 593.829010][T14941] WARNING: possible circular locking dependency detected [ 593.832165][T14941] 6.10.0-syzkaller-11323-g7846b618e0a4 #0 Not tainted [ 593.836165][T14941] ------------------------------------------------------ [ 593.840186][T14941] syz.3.3227/14941 is trying to acquire lock: [ 593.842823][T14941] ffff88806b038aa0 (lock#11){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x7f/0x790 [ 593.847328][T14941] [ 593.847328][T14941] but task is already holding lock: [ 593.850429][T14941] ffff88806b03ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 593.854386][T14941] [ 593.854386][T14941] which lock already depends on the new lock. [ 593.854386][T14941] [ 593.858705][T14941] [ 593.858705][T14941] the existing dependency chain (in reverse order) is: [ 593.862260][T14941] [ 593.862260][T14941] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 593.865225][T14941] _raw_spin_lock_nested+0x31/0x40 [ 593.866986][T14941] raw_spin_rq_lock_nested+0x29/0x130 [ 593.869228][T14941] task_fork_fair+0x73/0x250 [ 593.871337][T14941] sched_cgroup_fork+0x3cf/0x510 [ 593.873617][T14941] copy_process+0x43a1/0x8de0 [ 593.875843][T14941] kernel_clone+0xfd/0x980 [ 593.877757][T14941] user_mode_thread+0xb4/0xf0 [ 593.879757][T14941] rest_init+0x23/0x2b0 [ 593.881580][T14941] start_kernel+0x3df/0x4c0 [ 593.883503][T14941] x86_64_start_reservations+0x18/0x30 [ 593.886055][T14941] x86_64_start_kernel+0xb2/0xc0 [ 593.888440][T14941] common_startup_64+0x13e/0x148 [ 593.890770][T14941] [ 593.890770][T14941] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 593.893902][T14941] _raw_spin_lock_irqsave+0x3a/0x60 [ 593.896329][T14941] try_to_wake_up+0x9a/0x13e0 [ 593.898646][T14941] __rcu_read_unlock+0x24c/0x580 [ 593.900981][T14941] __mmap_lock_do_trace_acquire_returned+0x262/0x790 [ 593.904011][T14941] lock_mm_and_find_vma+0xeb/0x6a0 [ 593.906368][T14941] do_user_addr_fault+0x2b5/0x13f0 [ 593.908624][T14941] exc_page_fault+0x5c/0xc0 [ 593.910764][T14941] asm_exc_page_fault+0x26/0x30 [ 593.912938][T14941] _copy_to_iter+0x4cd/0x1140 [ 593.915155][T14941] copy_page_to_iter+0xf1/0x180 [ 593.917901][T14941] process_vm_rw_core.constprop.0+0x5c9/0xa10 [ 593.921015][T14941] process_vm_rw+0x301/0x360 [ 593.923273][T14941] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 593.925956][T14941] do_syscall_64+0xcd/0x250 [ 593.928108][T14941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.930837][T14941] [ 593.930837][T14941] -> #0 (lock#11){+.+.}-{2:2}: [ 593.933739][T14941] __lock_acquire+0x24ed/0x3cb0 [ 593.936048][T14941] lock_acquire+0x1b1/0x560 [ 593.938210][T14941] __mmap_lock_do_trace_acquire_returned+0x97/0x790 [ 593.941205][T14941] stack_map_get_build_id_offset+0x5d9/0x7c0 [ 593.943962][T14941] __bpf_get_stack+0x6bf/0x700 [ 593.946235][T14941] bpf_get_stack_raw_tp+0x124/0x160 [ 593.948660][T14941] ___bpf_prog_run+0x3e51/0xabd0 [ 593.951042][T14941] __bpf_prog_run32+0xc1/0x100 [ 593.953392][T14941] bpf_trace_run2+0x231/0x590 [ 593.955626][T14941] __bpf_trace_tlb_flush+0xd2/0x110 [ 593.957812][T14941] trace_tlb_flush+0xf3/0x170 [ 593.959824][T14941] switch_mm_irqs_off+0x697/0xbb0 [ 593.961959][T14941] __schedule+0xc4d/0x5490 [ 593.963822][T14941] schedule+0xe7/0x350 [ 593.965642][T14941] futex_wait_queue+0xfc/0x1f0 [ 593.967851][T14941] __futex_wait+0x291/0x3c0 [ 593.970131][T14941] futex_wait+0xe9/0x380 [ 593.972835][T14941] do_futex+0x22b/0x350 [ 593.975023][T14941] __x64_sys_futex+0x1e1/0x4c0 [ 593.977331][T14941] do_syscall_64+0xcd/0x250 [ 593.979503][T14941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.982170][T14941] [ 593.982170][T14941] other info that might help us debug this: [ 593.982170][T14941] [ 593.986502][T14941] Chain exists of: [ 593.986502][T14941] lock#11 --> &p->pi_lock --> &rq->__lock [ 593.986502][T14941] [ 593.991441][T14941] Possible unsafe locking scenario: [ 593.991441][T14941] [ 593.994690][T14941] CPU0 CPU1 [ 593.997161][T14941] ---- ---- [ 593.999512][T14941] lock(&rq->__lock); [ 594.001455][T14941] lock(&p->pi_lock); [ 594.004296][T14941] lock(&rq->__lock); [ 594.007138][T14941] lock(lock#11); [ 594.008756][T14941] [ 594.008756][T14941] *** DEADLOCK *** [ 594.008756][T14941] [ 594.012031][T14941] 3 locks held by syz.3.3227/14941: [ 594.014057][T14941] #0: ffff88806b03ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 594.017956][T14941] #1: ffffffff8dbb49e0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1c2/0x590 [ 594.022114][T14941] #2: ffff88802f667398 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x1e8/0x7c0 [ 594.026974][T14941] [ 594.026974][T14941] stack backtrace: [ 594.029649][T14941] CPU: 0 PID: 14941 Comm: syz.3.3227 Not tainted 6.10.0-syzkaller-11323-g7846b618e0a4 #0 [ 594.034194][T14941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 594.038916][T14941] Call Trace: [ 594.040389][T14941] [ 594.041706][T14941] dump_stack_lvl+0x116/0x1f0 [ 594.043771][T14941] check_noncircular+0x31a/0x400 [ 594.045980][T14941] ? __pfx_check_noncircular+0x10/0x10 [ 594.048485][T14941] ? lockdep_lock+0xc6/0x200 [ 594.050639][T14941] ? __pfx_lockdep_lock+0x10/0x10 [ 594.052932][T14941] __lock_acquire+0x24ed/0x3cb0 [ 594.055140][T14941] ? __pfx___lock_acquire+0x10/0x10 [ 594.057513][T14941] ? lock_acquire+0x1b1/0x560 [ 594.059439][T14941] lock_acquire+0x1b1/0x560 [ 594.061222][T14941] ? __mmap_lock_do_trace_acquire_returned+0x7f/0x790 [ 594.063834][T14941] ? __pfx_lock_acquire+0x10/0x10 [ 594.065808][T14941] ? kvm_guest_state+0xfa/0x160 [ 594.067700][T14941] ? perf_callchain_user+0x21c/0xa20 [ 594.070125][T14941] ? down_read_trylock+0x1ed/0x3f0 [ 594.072545][T14941] ? stack_map_get_build_id_offset+0x1e8/0x7c0 [ 594.075248][T14941] __mmap_lock_do_trace_acquire_returned+0x97/0x790 [ 594.078196][T14941] ? __mmap_lock_do_trace_acquire_returned+0x7f/0x790 [ 594.081254][T14941] ? __pfx_get_perf_callchain+0x10/0x10 [ 594.083650][T14941] stack_map_get_build_id_offset+0x5d9/0x7c0 [ 594.086153][T14941] ? hlock_class+0x4e/0x130 [ 594.088271][T14941] __bpf_get_stack+0x6bf/0x700 [ 594.090507][T14941] ? __pfx___bpf_get_stack+0x10/0x10 [ 594.092820][T14941] bpf_get_stack_raw_tp+0x124/0x160 [ 594.095178][T14941] ? __pfx_bpf_get_stack_raw_tp+0x10/0x10 [ 594.097790][T14941] ___bpf_prog_run+0x3e51/0xabd0 [ 594.100046][T14941] ? __lock_acquire+0x1620/0x3cb0 [ 594.102287][T14941] __bpf_prog_run32+0xc1/0x100 [ 594.104414][T14941] ? __pfx___bpf_prog_run32+0x10/0x10 [ 594.106696][T14941] ? __pfx_lock_acquire+0x10/0x10 [ 594.108665][T14941] ? __pfx___cant_migrate+0x10/0x10 [ 594.110682][T14941] bpf_trace_run2+0x231/0x590 [ 594.112497][T14941] ? __pfx_bpf_trace_run2+0x10/0x10 [ 594.114501][T14941] ? find_held_lock+0x2d/0x110 [ 594.116378][T14941] ? psi_task_switch+0x2d9/0x900 [ 594.118648][T14941] __bpf_trace_tlb_flush+0xd2/0x110 [ 594.121027][T14941] ? __pfx___bpf_trace_tlb_flush+0x10/0x10 [ 594.123623][T14941] ? __phys_addr+0xc6/0x150 [ 594.125724][T14941] trace_tlb_flush+0xf3/0x170 [ 594.127813][T14941] switch_mm_irqs_off+0x697/0xbb0 [ 594.130036][T14941] __schedule+0xc4d/0x5490 [ 594.132087][T14941] ? __pfx___lock_acquire+0x10/0x10 [ 594.134601][T14941] ? __pfx___schedule+0x10/0x10 [ 594.136759][T14941] ? schedule+0x298/0x350 [ 594.138693][T14941] ? __pfx_lock_release+0x10/0x10 [ 594.140868][T14941] ? plist_check_prev_next+0x12a/0x1a0 [ 594.143253][T14941] ? futex_wait_queue+0x41/0x1f0 [ 594.145376][T14941] schedule+0xe7/0x350 [ 594.147144][T14941] futex_wait_queue+0xfc/0x1f0 [ 594.149314][T14941] __futex_wait+0x291/0x3c0 [ 594.151766][T14941] ? __pfx___futex_wait+0x10/0x10 [ 594.153967][T14941] ? try_to_wake_up+0x14b/0x13e0 [ 594.156134][T14941] ? __pfx_futex_wake_mark+0x10/0x10 [ 594.158491][T14941] futex_wait+0xe9/0x380 [ 594.160434][T14941] ? __pfx_futex_wait+0x10/0x10 [ 594.162614][T14941] ? __schedule+0xe3f/0x5490 [ 594.164666][T14941] do_futex+0x22b/0x350 [ 594.166528][T14941] ? __pfx_do_futex+0x10/0x10 [ 594.168643][T14941] __x64_sys_futex+0x1e1/0x4c0 [ 594.170680][T14941] ? __pfx___x64_sys_futex+0x10/0x10 [ 594.172720][T14941] do_syscall_64+0xcd/0x250 [ 594.174583][T14941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.177316][T14941] RIP: 0033:0x7f2754975b59 [ 594.180265][T14941] Code: Unable to access opcode bytes at 0x7f2754975b2f. [ 594.184227][T14941] RSP: 002b:00007f27557040f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 594.188053][T14941] RAX: ffffffffffffffda RBX: 00007f2754b05f68 RCX: 00007f2754975b59 [ 594.191411][T14941] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2754b05f68 [ 594.194710][T14941] RBP: 00007f2754b05f60 R08: 00007f27557046c0 R09: 00007f27557046c0 [ 594.197893][T14941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2754b05f6c [ 594.201392][T14941] R13: 000000000000000b R14: 00007ffd7d591ce0 R15: 00007ffd7d591dc8 [ 594.204837][T14941] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 594.558345][ T5224] Bluetooth: hci5: command tx timeout [ 594.845527][ T104] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.964290][ T104] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.015579][ T104] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.101538][ T104] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 595.209234][ T104] bridge_slave_1: left allmulticast mode [ 595.211542][ T104] bridge_slave_1: left promiscuous mode [ 595.214217][ T104] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.219264][ T104] bridge_slave_0: left allmulticast mode [ 595.221808][ T104] bridge_slave_0: left promiscuous mode [ 595.224370][ T104] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.397457][ T104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 595.403685][ T104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 595.408859][ T104] bond0 (unregistering): Released all slaves [ 595.820161][ T104] hsr_slave_0: left promiscuous mode [ 595.823301][ T104] hsr_slave_1: left promiscuous mode [ 595.826633][ T104] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 595.834739][ T104] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 595.840507][ T104] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 595.843748][ T104] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 595.849862][ T104] veth1_macvtap: left promiscuous mode [ 595.852261][ T104] veth0_macvtap: left promiscuous mode [ 595.854799][ T104] veth1_vlan: left promiscuous mode [ 595.857609][ T104] veth0_vlan: left promiscuous mode [ 596.105591][ T104] team0 (unregistering): Port device team_slave_1 removed [ 596.185567][ T104] team0 (unregistering): Port device team_slave_0 removed [ 597.004732][ T104] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.116769][ T104] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.205919][ T104] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.330848][ T104] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.464598][ T104] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.553220][ T104] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.637584][ T104] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.716038][ T104] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.823279][ T104] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.890567][ T104] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.995905][ T104] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.114408][ T104] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 598.222925][ T104] bridge_slave_1: left allmulticast mode [ 598.225616][ T104] bridge_slave_1: left promiscuous mode [ 598.229283][ T104] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.234071][ T104] bridge_slave_0: left allmulticast mode [ 598.236039][ T104] bridge_slave_0: left promiscuous mode [ 598.238287][ T104] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.935749][ T104] bond0 (unregistering): Released all slaves [ 598.953009][ T104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 598.959532][ T104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 598.967032][ T104] bond0 (unregistering): Released all slaves [ 599.091960][ T104] bond0 (unregistering): Released all slaves [ 599.202826][ T104] : left promiscuous mode [ 599.985257][ T104] hsr_slave_0: left promiscuous mode [ 599.988492][ T104] hsr_slave_1: left promiscuous mode [ 599.994370][ T104] hsr_slave_0: left promiscuous mode [ 599.997004][ T104] hsr_slave_1: left promiscuous mode [ 599.999944][ T104] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 600.003299][ T104] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 600.010795][ T104] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 600.014098][ T104] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 600.023184][ T104] hsr_slave_0: left promiscuous mode [ 600.026134][ T104] hsr_slave_1: left promiscuous mode [ 600.033318][ T104] veth1_macvtap: left promiscuous mode [ 600.035803][ T104] veth0_macvtap: left promiscuous mode [ 600.040062][ T104] veth1_vlan: left promiscuous mode [ 600.042469][ T104] veth0_vlan: left promiscuous mode [ 600.050239][ T104] veth1_macvtap: left promiscuous mode [ 600.052585][ T104] veth0_macvtap: left promiscuous mode [ 600.054904][ T104] veth1_vlan: left promiscuous mode [ 600.057439][ T104] veth0_vlan: left promiscuous mode [ 600.061645][ T104] veth1_macvtap: left promiscuous mode [ 600.064043][ T104] veth0_macvtap: left promiscuous mode [ 600.066586][ T104] veth1_vlan: left promiscuous mode [ 600.069006][ T104] veth0_vlan: left promiscuous mode [ 601.406868][ T104] team0 (unregistering): Port device team_slave_1 removed [ 601.461531][ T104] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 06:20:54 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff84fcdba0 RDI=ffffffff94e436e0 RBP=ffffffff94e436a0 RSP=ffffc9000413eb68 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=732d302e30312e36 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff29c872e R15=dffffc0000000000 RIP=ffffffff84fcdbc7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f27557046c0 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000057e2a000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fff00000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000300000016 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4337 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4344 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e433e ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4352 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e43d8 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e44b6 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000003130302f 3630302f6273752f 7375622f7665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000001213130c 1513130c4150560c 5056410c5546470c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080010003 RBX=0000000000000003 RCX=ffffffff813c34fe RDX=ffff888017ebc880 RSI=ffffffff813c351b RDI=0000000000000000 RBP=ffff88806b03ec80 RSP=ffffc900008b0cb0 R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=0000000000000000 R12=0000000000000003 R13=0000000000000003 R14=ffff88806b13fb40 R15=ffffed100d607d90 RIP=ffffffff813c351c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c363c67 CR3=000000002fafa000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd375d28b0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe4337 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe4344 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe433e ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe4352 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe43d8 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3d2cfe44b6 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000db2f8c RBX=0000000000000002 RCX=ffffffff8aeee249 RDX=ffffed100d646fe2 RSI=ffffffff8b909dc0 RDI=ffffffff816220cc RBP=ffffed1002fda000 RSP=ffffc90000197e08 R8 =0000000000000000 R9 =ffffed100d646fe1 R10=ffff88806b237f0b R11=0000000000000001 R12=0000000000000002 R13=ffff888017ed0000 R14=ffffffff8fe76458 R15=0000000000000000 RIP=ffffffff8aeef63f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fac6bfc8440 CR3=000000003ac52000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe901a7c40 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe4337 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe4344 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe433e ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe4352 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe43d8 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc91bfe44b6 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000c4 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000006a0e83 RBX=0000000000000003 RCX=ffffffff8aeee249 RDX=0000000000000000 RSI=ffffffff8b2cbac0 RDI=ffffffff8b909e40 RBP=ffffed1002fda488 RSP=ffffc900001a7e08 R8 =0000000000000001 R9 =ffffed100d666fe1 R10=ffff88806b337f0b R11=0000000000000000 R12=0000000000000003 R13=ffff888017ed2440 R14=ffffffff8fe76458 R15=0000000000000000 RIP=ffffffff8aeef63f RFL=00000242 [---Z---] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2754b06030 CR3=000000000d97c000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd7d5920d0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4337 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4344 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e433e ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e4352 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e43d8 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f27549e44b6 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000050 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000050 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000