last executing test programs: 2m31.018115296s ago: executing program 32 (id=121): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="240000001000010700000000000000000a000000060001001300000008000a0005"], 0x24}}, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_DESTROY_ACCESS_PAGES(r1, 0x3ba0, &(0x7f0000000240)={0x48, 0x6, r2}) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000580)="0f20e035200000000f22e082970e000000d466ba4200b005ee0f01c50f060f01c3b8cc0000000f23d80f21f80f20d20f23f8c744240000080000c7442402bd0b0000c7442406000000000f011424649c660f75e6", 0x54}], 0x1, 0x53, 0x0, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) sendmsg$nl_route(r4, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34000000700000022abd7000fbdbdf2507000000", @ANYRES32=r3, @ANYBLOB="10000180520e04060002000e00"/28], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x40) 2m19.911230147s ago: executing program 0 (id=254): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), r0) r1 = socket$alg(0x26, 0x5, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x80c00, 0x0, 0xffffffffffffffff}) setsockopt$bt_hci_HCI_FILTER(r2, 0x0, 0x2, &(0x7f0000000200)={0xaf68, [0x866, 0x4], 0x3}, 0x10) bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYRES16=r4, @ANYRES32, @ANYRESHEX=r3], 0x20}, 0x1, 0x0, 0x0, 0x404c050}, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$OSF_MSG_ADD(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0xe0c}}, 0x4) recvmmsg(r5, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000400)=""/161, 0xa1}], 0x1}, 0x4}], 0x1, 0x10002, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000300)=0x10, 0x4) r6 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r6, 0xc2604110, &(0x7f0000000280)={0x0, [[0x7ff], [0x400, 0x2], [0xfff]], '\x00', [{0x0, 0x1, 0x1}, {}, {}, {}, {0x0, 0xfffffffd}]}) ioctl$TCFLSH(r2, 0x540b, 0x2) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv6_getroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x80}}, 0x1c}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020641700000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) r9 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r9, &(0x7f0000002800)=[{&(0x7f0000002500)='\f7', 0x2}], 0x1) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r10, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0x43, 0x1a1413, 0x0, 0x3, 0xfffffffe, 0x0, 0x4000}) r11 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r10, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port0\x00'}) dup3(r10, r11, 0x0) write$cgroup_pid(r9, &(0x7f00000031c0), 0x12) 2m19.791632324s ago: executing program 0 (id=255): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) r3 = socket$kcm(0x29, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94) r5 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r5, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) r6 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000004c0)={0x28, 0x0, 0x2711, @hyper}, 0x10, 0x80800) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r7, 0x40505330, &(0x7f0000000bc0)={{0x0, 0x1}, {0xe}, 0x0, 0x6}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000500)={r6, r4}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r2, r1}) r8 = accept4(r0, 0x0, 0x0, 0x0) r9 = syz_open_dev$video4linux(&(0x7f0000000080), 0x56209516, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r9, 0xc0585605, &(0x7f00000000c0)={0x1, 0x0, {0x0, 0x0, 0x2018, 0x0, 0x8, 0x8, 0x5, 0x657ef077e46ea00d}}) sendmsg$TIPC_NL_MON_PEER_GET(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[], 0x2dc}, 0x1, 0x0, 0x0, 0x4000000}, 0x10000000) r10 = accept4$unix(r8, &(0x7f0000000000), &(0x7f0000000080)=0x6e, 0x80800) recvmsg$unix(r10, &(0x7f0000000480)={&(0x7f0000000140), 0x6e, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/180, 0xb4}, {&(0x7f0000000280)=""/49, 0x31}], 0x2, &(0x7f0000000300)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xc0}, 0x40012002) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x200, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x213aa, 0x20}, [@IFLA_EXT_MASK={0x8}]}, 0x28}}, 0x4000010) r12 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$IMGETVERSION(r12, 0x80044942, &(0x7f00000003c0)) 2m18.961454478s ago: executing program 0 (id=261): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000040)={{{@in=@local, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@empty}}, &(0x7f0000000140)=0xe8) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@can_delroute={0x4c, 0x19, 0x400, 0x70bd2a, 0x25dfdbfc, {0x1d, 0x1, 0x1}, [@CGW_MOD_UID={0x8, 0xe, r2}, @CGW_MOD_AND={0x15, 0x1, {{{0x3, 0x0, 0x1, 0x1}, 0x4, 0xc5310a51c33e5ef, 0x0, 0x0, "722223c843fd500c"}, 0x1}}, @CGW_MOD_OR={0x15, 0x2, {{{0x2, 0x0, 0x1, 0x1}, 0x6, 0x2, 0x0, 0x0, "c133188aafd52dde"}, 0x2}}]}, 0x4c}, 0x1, 0xba01}, 0x4851) 2m18.851899962s ago: executing program 0 (id=263): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1adc51, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0/file0\x00', 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000300), 0x0}, 0x20) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) (async) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) (async) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) (async) mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) (async) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1adc51, 0x0) (async) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) (async) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0/file0\x00', 0x10) (async) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000300), 0x0}, 0x20) (async) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) (async) 2m18.850884351s ago: executing program 0 (id=264): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x100) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000040)={0x4, 0xff, 0x8, 0x7, "2ecdc1bc7e8106fbe610822c1000"}) 2m17.312293728s ago: executing program 0 (id=268): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) (async) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x800400, 0x0) (async) r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x100000005, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000600)={0x1, @win={{0x7fffffff, 0x0, 0x10000, 0x4}, 0x4, 0x2, 0x0, 0x7, 0x0, 0xf8}}) chdir(&(0x7f00000000c0)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 2m17.300160066s ago: executing program 33 (id=268): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) (async) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x800400, 0x0) (async) r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x100000005, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000600)={0x1, @win={{0x7fffffff, 0x0, 0x10000, 0x4}, 0x4, 0x2, 0x0, 0x7, 0x0, 0xf8}}) chdir(&(0x7f00000000c0)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 1m35.791106299s ago: executing program 2 (id=852): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000040)) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) r2 = dup(r1) r3 = syz_open_dev$video(&(0x7f0000000000), 0x100000001, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0x0, 0xf}, {0x0, 0x9}}}, 0x24}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000008000008", 0x1d) r4 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f0000000040)={0x80, 0x32314247, 0x140, 0xb4, 0x3, @stepwise={{0xc, 0x4a}, {0x5, 0x6451}, {0x0, 0x8}}}) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x82fb, 0x0, "1eb4d100"}) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x10) r5 = syz_io_uring_setup(0x6165, &(0x7f0000000300)={0x0, 0xd191, 0x10100, 0x0, 0xa4}, &(0x7f0000000240)=0x0, &(0x7f0000000140)=0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x402}}) io_uring_enter(r5, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1m35.732640647s ago: executing program 2 (id=857): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x1}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_emit_vhci(&(0x7f0000001000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_oob_data_request={{0x35, 0x6}}}, 0x9) r6 = dup(r5) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000ebffff49"]) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000900000000000500200001000000050028"], 0x7c}}, 0x0) 1m35.530209681s ago: executing program 2 (id=861): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000080)={0x0, 0x4}, 0x8) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000040)={0x9, 0x38, [0x7, 0xf, 0x5, 0x8000], &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 1m35.451972691s ago: executing program 2 (id=862): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) syz_clone(0x2080b200, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r1 = syz_clone(0x2080b200, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) (async) r2 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) r3 = fanotify_init(0x0, 0x0) r4 = open$dir(&(0x7f00000002c0)='.\x00', 0x0, 0x0) fanotify_mark(r3, 0x641, 0x48001018, r4, 0x0) (async) fanotify_mark(r3, 0x641, 0x48001018, r4, 0x0) fanotify_mark(r3, 0x1, 0x103b, r4, 0x0) mkdirat(r4, &(0x7f0000002500)='./bus\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000002540)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@default_permissions}, {@nfs_export_off}]}) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) (async) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x9, 0x0, 0x2, 0x400000, 0x10000, @value=r2}, 0x28) r6 = syz_init_net_socket$ax25(0x3, 0x5, 0xcd00) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r6, &(0x7f0000002440)={&(0x7f0000002300), 0xc, &(0x7f0000002400)={&(0x7f0000002340)=ANY=[@ANYBLOB="7c00000001080102000000000000000001000001040004800900010073797a3000000000000500030011dd0000060002400a0000002c00048008000140000000090800014000000003080001400000800008000140fffff9c6080001400000000806000240430500000900010073797a3000"/124], 0x7c}, 0x1, 0x0, 0x0, 0x821}, 0x804) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x2, r1}) (async) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x2, r1}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) mkdirat(0xffffffffffffffff, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f00000023c0)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2181c80, 0x0) mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80000, 0x0) r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_STD(r8, 0x80085617, &(0x7f0000000040)) (async) ioctl$VIDIOC_G_STD(r8, 0x80085617, &(0x7f0000000040)) r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20000, 0x0) (async) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20000, 0x0) move_mount(r9, &(0x7f0000008080)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x160) getsockopt$inet6_IPV6_IPSEC_POLICY(r8, 0x29, 0x22, &(0x7f00000025c0)={{{@in6=@loopback, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@dev}}, &(0x7f0000000280)=0xe8) read$FUSE(r5, &(0x7f00000002c0)={0x2020}, 0xab5) (async) read$FUSE(r5, &(0x7f00000002c0)={0x2020, 0x0, 0x0, 0x0}, 0xab5) setresuid(r7, r10, r11) (async) setresuid(r7, r10, r11) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) 1m35.361879395s ago: executing program 2 (id=863): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f00000000c0)=0x1) (async) write$tun(r1, &(0x7f0000000240)={@val, @val={0x3}, @llc={@snap={0x0, 0x0, "03", "53548b"}}}, 0x16) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) close_range(r3, r3, 0x0) 1m35.151090425s ago: executing program 2 (id=868): futex_waitv(&(0x7f00000010c0)=[{0x8000000000000001, &(0x7f0000000040)=0x2, 0x82}, {0xe1, &(0x7f0000000080)=0x7, 0x82}, {0x0, &(0x7f00000000c0)=0xffffffffffffff54, 0x82}, {0x7f, &(0x7f0000000100)=0x1282, 0x82}, {0xf, &(0x7f0000000140)=0x8000, 0x2}, {0x81, &(0x7f00000001c0)=0x48000000000, 0x2}, {0x0, &(0x7f0000000200)=0x6, 0x82}, {0x4, &(0x7f0000000240)=0x3ff, 0x2}, {0x9, &(0x7f0000000280)=0x3, 0x2}, {0x3, &(0x7f00000002c0)=0x2, 0x2}, {0x3, &(0x7f0000000300)=0x100000001, 0x2}, {0x6, &(0x7f0000000340)=0x3, 0x82}, {0x9, &(0x7f0000000380)=0x4, 0x82}, {0x4, &(0x7f00000003c0)=0xc, 0x2}, {0x0, &(0x7f0000000400)=0xc, 0x2}, {0xfff, &(0x7f0000000440)=0x4, 0x82}, {0x7, &(0x7f0000000480)=0x5, 0x2}, {0x80, &(0x7f00000004c0), 0x2}, {0xffffffffffffffff, &(0x7f0000000500)=0x101, 0x2}, {0xfff, &(0x7f0000000540)=0x5, 0x86}, {0xfffffffe00000000, &(0x7f0000000580)=0x9, 0x2}, {0x1, &(0x7f0000000680)=0x2, 0x82}, {0x1, &(0x7f00000006c0)=0x8, 0x82}, {0x3, &(0x7f0000000700)=0x3}, {0x8, &(0x7f0000000740)=0x3e, 0x82}, {0x0, &(0x7f0000000780)=0x7ff, 0x2}, {0x0, &(0x7f00000007c0)=0x8000, 0x82}, {0x7, &(0x7f0000000800)=0x7, 0x2}, {0x1, &(0x7f0000000840)=0x40, 0x82}, {0x0, &(0x7f0000000880)=0x3, 0x2}, {0xdd0f, &(0x7f00000008c0)=0x6, 0x2}, {0x2, &(0x7f0000000900)=0x2, 0x82}, {0x7, &(0x7f0000000940)=0x80000000, 0x82}, {0x0, &(0x7f0000000980)=0x81, 0x82}, {0x6, &(0x7f00000009c0)=0xf71, 0x2}, {0xfffffffffffffff9, &(0x7f0000000a00)=0xffff, 0x82}, {0x8000, &(0x7f0000000a40)=0x2, 0x2}, {0x0, &(0x7f0000000a80)=0xfffffffffffffffb, 0x2}, {0x6, &(0x7f0000000ac0)=0x3, 0x2}, {0x8, &(0x7f0000000fc0)=0x8c}, {0x4, &(0x7f0000001000)=0x43, 0x82}, {0x15, &(0x7f0000001040)=0x1ff, 0x80}, {0x1ff, &(0x7f0000001080)=0x1bb4, 0x82}], 0x2b, 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x1, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="86000000c8001d"], 0x7) socket(0x2a, 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000001400000060ec970012302c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xfdef) 1m35.092561414s ago: executing program 34 (id=868): futex_waitv(&(0x7f00000010c0)=[{0x8000000000000001, &(0x7f0000000040)=0x2, 0x82}, {0xe1, &(0x7f0000000080)=0x7, 0x82}, {0x0, &(0x7f00000000c0)=0xffffffffffffff54, 0x82}, {0x7f, &(0x7f0000000100)=0x1282, 0x82}, {0xf, &(0x7f0000000140)=0x8000, 0x2}, {0x81, &(0x7f00000001c0)=0x48000000000, 0x2}, {0x0, &(0x7f0000000200)=0x6, 0x82}, {0x4, &(0x7f0000000240)=0x3ff, 0x2}, {0x9, &(0x7f0000000280)=0x3, 0x2}, {0x3, &(0x7f00000002c0)=0x2, 0x2}, {0x3, &(0x7f0000000300)=0x100000001, 0x2}, {0x6, &(0x7f0000000340)=0x3, 0x82}, {0x9, &(0x7f0000000380)=0x4, 0x82}, {0x4, &(0x7f00000003c0)=0xc, 0x2}, {0x0, &(0x7f0000000400)=0xc, 0x2}, {0xfff, &(0x7f0000000440)=0x4, 0x82}, {0x7, &(0x7f0000000480)=0x5, 0x2}, {0x80, &(0x7f00000004c0), 0x2}, {0xffffffffffffffff, &(0x7f0000000500)=0x101, 0x2}, {0xfff, &(0x7f0000000540)=0x5, 0x86}, {0xfffffffe00000000, &(0x7f0000000580)=0x9, 0x2}, {0x1, &(0x7f0000000680)=0x2, 0x82}, {0x1, &(0x7f00000006c0)=0x8, 0x82}, {0x3, &(0x7f0000000700)=0x3}, {0x8, &(0x7f0000000740)=0x3e, 0x82}, {0x0, &(0x7f0000000780)=0x7ff, 0x2}, {0x0, &(0x7f00000007c0)=0x8000, 0x82}, {0x7, &(0x7f0000000800)=0x7, 0x2}, {0x1, &(0x7f0000000840)=0x40, 0x82}, {0x0, &(0x7f0000000880)=0x3, 0x2}, {0xdd0f, &(0x7f00000008c0)=0x6, 0x2}, {0x2, &(0x7f0000000900)=0x2, 0x82}, {0x7, &(0x7f0000000940)=0x80000000, 0x82}, {0x0, &(0x7f0000000980)=0x81, 0x82}, {0x6, &(0x7f00000009c0)=0xf71, 0x2}, {0xfffffffffffffff9, &(0x7f0000000a00)=0xffff, 0x82}, {0x8000, &(0x7f0000000a40)=0x2, 0x2}, {0x0, &(0x7f0000000a80)=0xfffffffffffffffb, 0x2}, {0x6, &(0x7f0000000ac0)=0x3, 0x2}, {0x8, &(0x7f0000000fc0)=0x8c}, {0x4, &(0x7f0000001000)=0x43, 0x82}, {0x15, &(0x7f0000001040)=0x1ff, 0x80}, {0x1ff, &(0x7f0000001080)=0x1bb4, 0x82}], 0x2b, 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x1, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="86000000c8001d"], 0x7) socket(0x2a, 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd0300000000001400000060ec970012302c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xfdef) 1m27.006729672s ago: executing program 1 (id=996): close(0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000000380)={0x4, &(0x7f0000000300)=[{0x5, 0xae, &(0x7f0000000040)="26ba3becd30dfb800678f5315c60f89ee5ec705987177210349fe2411886c44ea97aeb7fed41ae93107e6dc77f6049b17da8f90a84206f9b58ea5225ffb621a3669ec2384c0d5397dcfa70754b3b135945db47cff9a6b30735fb16a80e708b167c6407969e8393e1ac36c7d0eacc25d277ef1ad6f6d5923af6201a5097f8ab09354fd840a7cd37b0c9b19baf2a1d38f7d95626d462d9811f7781cf9ca69fee5d8f6b8ebac7582a6bd44f4bff525d"}, {0x7, 0xf5, &(0x7f0000000100)="f3cc2f4a0289a4f6f394aee8de9ec44dec1e2a6cc29100d4b046be66d575fcbcc61d5fba90953cd6c273c1ad64d1abc68e11db5c4b54ea7c8f44b82abd64a6a4c60b658a3156b99cb0a733c13a1dd7450f39fcc9da38490b3a366a7f78f4921281cc684c1b0f8ead98e377ce5086c53a13a2133d963ebc76ce6eea59a28b7e3fd509f49c9c0cd1ce20147ee5698aeca0cec6d130f3307892a5d480d9528121b52f5dc6ecd91a8950e1af74fac04dbe5256b554d37f625c34a6858248225a920fe6005d8d1d795c282c04071a376684a249b08e61e7afbbaa6072dfb78695a7f6bd54b32bb6e4e1bf77b1327abd7947e54392623357", 0x0, 0x1}, {0xff, 0x96, &(0x7f0000000200)="27abb340427806db882e7a86d135d2ac6eefa807e3966a65d30abf1b2d875b1a302d55c116d861cf8d461c4a2f503630c6d713c70ef994137eb397beb6d8ff3ddfba3cda76cdacb02af5f25ef1c10ea69e47caa19c21d30febfce8c6b3e96c7ac2a2d849bdbe6ca6044a11140c86e73d0cc31319e6975ced1a6387ad9e26cbff6e8dcb717467497f2ee7cfe11fe5b97610dd70b693c8", 0x0, 0x1}, {0x1ff, 0x16, &(0x7f00000002c0)="a55ecfbffe509ee23a9501b6e9daf359987d068627fe", 0x0, 0x1}]}) sendmsg$nl_generic(r0, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)={0xe8, 0x1f, 0x400, 0x70bd2d, 0x25dfdbfd, {0xb}, [@typed={0x8, 0xb0, 0x0, 0x0, @fd=r0}, @typed={0x4, 0x44}, @generic="f042b6f484ad307c09af743998a8fe752d3479da9adef0f81e027f9b5e449366dcee6cd3798fb937e8bfe551d9ec93a51dc122a8f44ab39d92db788a7bbf975cd71b1232767b6c4f72e897af93336962cb6871cf9d1c2413ce36d5c64b6807b3a9746309e97ab67cfdd1849b32cbef23f4f3346b513c7212c084a478cee657d439daf246c7c3b5eb3ebcf9a553ee6296", @typed={0x14, 0x11b, 0x0, 0x0, @ipv6=@remote}, @typed={0x4, 0x5b}, @typed={0x1d, 0xdc, 0x0, 0x0, @binary="1357f61e9116acc57c59fc3302951d0a5e9cb2a19d7ed1a05b"}]}, 0xe8}, 0x1, 0x0, 0x0, 0x4010}, 0x10) setxattr$trusted_overlay_opaque(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0), &(0x7f0000000600), 0x2, 0x3) unlinkat(r0, &(0x7f0000000640)='./file0\x00', 0x0) ioctl$PPPIOCGFLAGS1(r0, 0x8004745a, &(0x7f0000000680)) r1 = socket$kcm(0x29, 0x5, 0x0) rename(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)='./file0\x00') ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000740)) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$EVIOCGPROP(r0, 0x80404509, &(0x7f0000000800)=""/93) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x24, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7fffffff}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000100) mount$bind(&(0x7f0000000980)='./file0\x00', &(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00), 0x25010, 0x0) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000a40)={0x9, 0x6, 0xfff5}) ioctl$PPPIOCBRIDGECHAN(r0, 0x40047435, &(0x7f0000000a80)=0x2) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000ac0)={{0x2, 0x4e24, @local}, {0x6, @broadcast}, 0x58, {0x2, 0x4e24, @multicast1}, 'veth1_macvtap\x00'}) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000b40)={'wg0\x00'}) r3 = dup3(r1, r2, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000b80)={0x7, [0x7ff, 0x10, 0x1, 0x7, 0x400, 0x7, 0x3]}, 0x12) openat$tun(0xffffffffffffff9c, &(0x7f0000000bc0), 0xe81, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000c00)={{0x2, 0x4e21, @rand_addr=0x3b}, {0x1, @remote}, 0x10, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, 'hsr0\x00'}) ioctl$KDSETKEYCODE(r3, 0x4b4d, &(0x7f0000000c80)={0x2, 0x2263}) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000cc0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0) ioctl$MON_IOCQ_RING_SIZE(r5, 0x9205) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x1) sendmmsg(r4, &(0x7f0000001140)=[{{&(0x7f0000000d00)=@ethernet={0x306, @local}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000d80)="ded4e5f6b6e33fd6a1de396dcc6603bb971975f8e2474e868422d5725094f9e65d7bf966c0a169019942", 0x2a}, {&(0x7f0000000dc0)="5e8fea8077e7a2de0a26d921ad292c24b3cfc7625553c653f3a6756e2e397d9c3a81041dfcec68512d5307064e4bee488dcd15781618405c877f42e188ca73b0fb2970254b83515c19752055b6e7e1cd3008a7e426038a04842d4baaa3ceafc2811c20bfc9dbb59336d6ae02702c0864a809f291ad7aa6219933a1382766542f04d1ee14c5334b8db58327", 0x8b}, {&(0x7f0000000e80)="fb81d8b29da8b73a90777afad0db085565e17f1885569cb769bf9503ba372c3fcb496fab2bdcd3aeda48c59d22d7322b977416", 0x33}, {&(0x7f0000000ec0)="c5a564399625d52a5325167496f6b1f202f32377674b1b7f45dbd098d296d7e7", 0x20}], 0x4, &(0x7f0000000f40)=[{0xd8, 0x101, 0x9, "59b1620b7312fa7e16fe7ad88da78f7148feaa85014a15b51e734129c307bc4319aae311941a916e2e5b41f7d308587958caba134473503e55c8b636a7b21fc1734c64fb7f71caf678f0a2b86a4745f17061e5fce2ac2de901b4482cdb9cce70cca40b930f7b1f3f1d9033d5151e5798605b658d6f9895c850be07569faee7168ed83c24a7600cc47ded1276123c87c142b346a47cd88e406aff9a07016bf75e54d6821d654822315238ca23c99aec2f00a8394d18eef6056ff09a7a73aba7f1f19c6a298584b0"}, {0x58, 0x10d, 0x4, "990fd5c3e17a3e8a9e207f64ceaa62dce48ad7014a30fcf46706c87d4754501e09592bfecc64a5fcb9b1d53279557c0c4046b70f6719c88b61d7f56264dbfc2417c77b4d6bcc202e"}, {0xc8, 0x84, 0x77, "70157a26994f06567707881ec9b9110e028af21012154c44c7cedba4379fa009fb579014f7a6efa47419227c0a65d9f462b9187dfd13772abadc3fd7cddcdf62a34e97eb9af61a0c67fa5d5a4c1cf235ee8545193f3e5d0139d1275fc3b1b854c28c3b3dbfec40d43ce8681babd5298df88d5fcc843b5e655ac955d7baca5ee5d9600e834b88647ab16721cf7922066ec2629752a8eeb20597cbf4d7e4cf3cd71c7223511a936929362cc311b06546df18bb862ca52a30"}], 0x1f8}}], 0x1, 0x44842) ioctl$TCXONC(r3, 0x540a, 0x3) syz_open_dev$sndmidi(&(0x7f0000001180), 0x37, 0x40800) 1m27.00536462s ago: executing program 1 (id=997): r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x64, 0x24, 0xd0f, 0x1000000, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xc}, {0xffff, 0xffff}, {0xfff1, 0xc}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2}, {}, 0x1, 0x7f}}, @TCA_TBF_RATE64={0xc, 0x4, 0xe5d11327db56db0}]}}]}, 0x64}}, 0x0) r5 = socket(0xa, 0x3, 0x3a) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000108117980800000000000109022400010000000009040000020300000009210000010122290a090581ffff"], 0x0) r6 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80000, 0x0) pread64(r6, 0x0, 0x0, 0x7fffffffffffffff) r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSABS0(r7, 0x401845c0, 0x0) close(r7) r8 = inotify_init1(0x80800) fallocate(r8, 0x8, 0x2, 0x8) setsockopt$MRT6_DEL_MIF(r5, 0x29, 0xc8, 0x0, 0xc000000) socket(0xa, 0x3, 0x3a) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$SNDCTL_SEQ_GETTIME(r0, 0x80045113, &(0x7f0000000040)) syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd608a96460014040000000000000000000000000000000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="e896330400b96a9d"], 0x0) 1m25.824122909s ago: executing program 1 (id=1021): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000040)) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) r2 = dup(r1) r3 = syz_open_dev$video(&(0x7f0000000000), 0x100000001, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0x0, 0xf}, {0x0, 0x9}}}, 0x24}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000008000008", 0x1d) r4 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f0000000040)={0x80, 0x32314247, 0x140, 0xb4, 0x3, @stepwise={{0xc, 0x4a}, {0x5, 0x6451}, {0x0, 0x8}}}) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x82fb, 0x0, "1eb4d100"}) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_io_uring_setup(0x6165, &(0x7f0000000300)={0x0, 0xd191, 0x10100, 0x0, 0xa4}, &(0x7f0000000240)=0x0, &(0x7f0000000140)=0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r9, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x402}}) io_uring_enter(r5, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1m25.751641018s ago: executing program 1 (id=1023): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe83, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="64000000020601004c0003ce000000000000fffd05000400000000000900020073797a30000000000500010007000000050005000a00000014000780080011400000000008001240000afff116000300686173683a6e65742c706f72742c6e6574"], 0x64}}, 0x0) r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r3, 0x5b01, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r4}, 0x10) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000440)='./file0\x00', &(0x7f0000000080)='./file0\x00') 1m25.150862462s ago: executing program 1 (id=1032): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) accept4(r0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000040)) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) r2 = dup(r1) r3 = syz_open_dev$video(&(0x7f0000000000), 0x100000001, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0x0, 0xf}, {0x0, 0x9}}}, 0x24}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000008000008", 0x1d) r4 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f0000000040)={0x80, 0x32314247, 0x140, 0xb4, 0x3, @stepwise={{0xc, 0x4a}, {0x5, 0x6451}, {0x0, 0x8}}}) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000000)={0x8, 0x0, 0x0, 0x82fb, 0x0, "1eb4d100"}) r5 = syz_io_uring_setup(0x6165, &(0x7f0000000300)={0x0, 0xd191, 0x10100, 0x0, 0xa4}, &(0x7f0000000240)=0x0, &(0x7f0000000140)=0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r9, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x402}}) io_uring_enter(r5, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1m25.080855516s ago: executing program 1 (id=1033): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) io_uring_setup(0x154c, &(0x7f0000000200)={0x0, 0x0, 0x2}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x9, &(0x7f0000000200)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m25.034731141s ago: executing program 35 (id=1033): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) io_uring_setup(0x154c, &(0x7f0000000200)={0x0, 0x0, 0x2}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x9, &(0x7f0000000200)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m17.654619136s ago: executing program 4 (id=1109): ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) r1 = syz_open_procfs(r0, &(0x7f0000000000)='net/xfrm_stat\x00') mq_timedreceive(r1, 0x0, 0x0, 0x100000001, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) 1m17.595373555s ago: executing program 4 (id=1110): add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f00000002c0)="e263c46fd365c0c8337e2e89e78ece92c7ebae90f4afeca14b01ee89471bbc10", 0x20, 0xfffffffffffffffd) r0 = socket(0x10, 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000002f80), r1) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fedbdf251000000005000f000900000008000100", @ANYRES32=0x0, @ANYBLOB="7d7c43020cf761ce5e85c159e9a5c9fff2a41d9f787c2de5522799952a1f058160e1f2c16b57ea8693ae26043bc9b40420c85d333564fca0185c9f30c568616f75f8e0a03496317d6fb45b9de5eb2b7608b980665c01bcc040fc02149661db78afd2d851e6f2fbf3fd08d55c238418ca"], 0x24}}, 0x400c4) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000017000000440006803c00040067636d28279a732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989040005"], 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) sendmsg$TIPC_NL_LINK_GET(r4, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="68010000", @ANYRES16=r6, @ANYBLOB="10002dbd7000fcdbdf250800000044000980080002000800000008000100ffffffff080001000300000008000200800000000800020005000000080002009dac00000800010000000100ffff0c00038008000200010100002400038008000300ffffff7f080002000104000008000200fdffffff08000300070000006c0004801300010062726f6164636173742d6c696e6b00001c0007800800030001000000080001000700000008000200940a00001300010062726f6164636173742d6c696e6b0000040007801300010062726f6164636173742d6c696e6b00000900010073797a3000000000740004800900010073797a30000000000900010073797a31000000002c0007800800010005000000080004000300000008000200881600000800020004510bd2472ebac637d6624d00c82b62bc00000008000100140000002c000780080001001700000008000000000000000800010005000000"], 0x168}, 0x1, 0x0, 0x0, 0x4004000}, 0x800) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x10, &(0x7f00000002c0), 0x4) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) write$sndseq(r8, &(0x7f0000000080)=[{0xe, 0x0, 0x0, 0xfd, @tick, {}, {0xe}, @connect}], 0x1c) setresuid(0x0, r3, 0x0) r9 = geteuid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xffffffffffffffff, 0xee01}}, './file0\x00'}) setresuid(r3, r9, r10) 1m17.507981492s ago: executing program 4 (id=1111): syz_open_dev$vcsu(&(0x7f00000000c0), 0x5, 0x40) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = syz_open_dev$sg(&(0x7f00000001c0), 0x1, 0x60000) ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000200)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x10, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m17.50729997s ago: executing program 4 (id=1112): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc211}) r1 = socket$kcm(0x2, 0xa, 0x2) openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="94010000", @ANYRES16=r3, @ANYBLOB="010000000000000000004f00000008000300", @ANYRES32=r4, @ANYBLOB="18007a800c000300784d106960256ff508000400070000004c007a8014000200e9c8b1ba7746ce2ef332bbc5c97a1b740c0003000d15107ef68d60c21400020064f1c7b9c21297fdc91a5ee15a74a83408000400da0000000c000300cb563cf9c3218fa120007a8008000400769a105808000400080000000c000300c38c1d74c2e200ef34007a800c00030082150e2f564a05fd240001004f2f145c8e994f9270345cd125444dad24f0229259a46df93ada14b60e56ea876c007a801400010080561a80fbcb61b368a6c1ea62d953380c000300ac6a00fe5cf7fa7d08000400fdffffff0c00030086191bb4280530d0140002"], 0x194}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000580)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x3, 0x4, 0x28, 0x65, 0x0, 0x4, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x2e}}, {{0x4e24, 0x4e23, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x80, 0xf1, 0x0, 0x8}}}}, 0x36) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r5, 0x10f, 0x81, &(0x7f0000000280)=0x2, 0x4) setsockopt$TIPC_CONN_TIMEOUT(r5, 0x10f, 0x82, &(0x7f0000000100)=0xfffffffe, 0x4) sendmsg$tipc(r5, &(0x7f0000001680)={&(0x7f0000000000)=@id, 0x10, 0x0}, 0x0) connect$tipc(r5, &(0x7f0000000140)=@id, 0x10) 1m16.501783292s ago: executing program 4 (id=1119): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) (async) listen(r0, 0x80080400) (async) r1 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3aa) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r3, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) (async) connect$bt_sco(r2, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) (async) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)=0x10) statx(r4, 0x0, 0x4000, 0x200, &(0x7f0000000040)) (async) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f0000000080), &(0x7f00000000c0)=0x4) read$FUSE(r4, &(0x7f0000000640)={0x2020}, 0x2020) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4) (async) mkdir(&(0x7f0000000600)='./file0\x00', 0xe8) mount(&(0x7f0000000000)=@sr0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='hpfs\x00', 0x11, 0x0) 1m15.6292261s ago: executing program 4 (id=1129): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x20}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff2}, {}, {0x1c, 0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @multicast1}, @TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x11}]}}]}, 0x44}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff2}, {}, {0x1c, 0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @multicast1}, @TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x11}]}}]}, 0x44}}, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) (async) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) r5 = openat$cgroup(r4, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0) r6 = openat$cgroup_pressure(r5, &(0x7f0000000000)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r6, &(0x7f0000000080)={'full', 0x20, 0x1, 0x20, 0x100002}, 0x2f) (async) write$cgroup_pressure(r6, &(0x7f0000000080)={'full', 0x20, 0x1, 0x20, 0x100002}, 0x2f) write$cgroup_pressure(r6, &(0x7f0000000240)={'some'}, 0x2f) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m0.651533972s ago: executing program 36 (id=1129): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x20}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff2}, {}, {0x1c, 0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @multicast1}, @TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x11}]}}]}, 0x44}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff2}, {}, {0x1c, 0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_IPV4_DST={0x8, 0xc, @multicast1}, @TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x11}]}}]}, 0x44}}, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) (async) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) r5 = openat$cgroup(r4, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0) r6 = openat$cgroup_pressure(r5, &(0x7f0000000000)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r6, &(0x7f0000000080)={'full', 0x20, 0x1, 0x20, 0x100002}, 0x2f) (async) write$cgroup_pressure(r6, &(0x7f0000000080)={'full', 0x20, 0x1, 0x20, 0x100002}, 0x2f) write$cgroup_pressure(r6, &(0x7f0000000240)={'some'}, 0x2f) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 22.721021129s ago: executing program 7 (id=1713): socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000010"]) sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=@ipv6_delrule={0x30, 0x21, 0x1, 0x0, 0x400, {0xa, 0x0, 0x14}, [@FRA_DST={0x14, 0x1, @private0}]}, 0x30}}, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x4) (async) creat(&(0x7f0000000000)='./file0\x00', 0x4) 22.601409997s ago: executing program 7 (id=1714): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002a22df29082cf7840700000008000300", @ANYRES32=r2, @ANYBLOB="0c009900000000000000000014000400697036746e6c30000000000000000000"], 0x3c}}, 0x0) 22.540428351s ago: executing program 7 (id=1715): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="310401080000030000001600000018000180140002006e657464657673696d3000000000000005000300010000000500040001000000050002"], 0x44}}, 0x8884) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_OIF={0x8}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_ACTION={0x8, 0x1, 0x10}}]}, 0x30}}, 0x0) 22.539914631s ago: executing program 7 (id=1716): r0 = socket$packet(0x11, 0x3, 0x300) r1 = dup(r0) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000100)={0x0, @in6={{0xa, 0x0, 0x0, @dev}}}, &(0x7f0000000000)=0x100) r2 = socket$inet(0x2, 0x3, 0x33) getsockopt$inet_mreqsrc(r2, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x2000) mkdir(&(0x7f0000000540)='./file0\x00', 0xd0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x159080, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_usb_control_io$uac1(r3, 0x0, 0x0) ioctl$KDMKTONE(r4, 0x4b30, 0x1) r5 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_disconnect(r5) r6 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[], 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000000dc0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000180)=ANY=[@ANYBLOB="0500000000f9ffffff11b000000000009500000000000000950000000000000098c944737ed317fbe80eab1c5052b52dba58f0c482641466509c03d30000000055deabb9906d9c9e38b7c911fcaae06a59faa84a8a30a877925eb6c881e9827391091eeea43471966523bce5ee95a2d1884d557343a98a5f91d66505999dc5a109e127d4b8e5a8b6e0da4cb4072f36fb42da3ff6b918643141c8656a31b06e3c0959808e55318d83ce1a2cf01cbb51e2dada135d79fdd3c1c248aee24f2ade6aa6bf1d25eb05a2828f36de8a5108c5037033abfdff4690bbd3030000001198"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="bf000100000000006111140000000000040000000000000095000000000000001abe5201462857a3db65e291772afa2114f5963ed660b870d974d2252829f8290f8d02e3b0096b3df3e6585851cb7efb50a982b66e14716ffe33a164c3d1ff5798fc4bd6d3e5ab096e9ad743eb00"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d43, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 20.905180315s ago: executing program 7 (id=1732): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x6c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x40, 0x3, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x30, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf0}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@setneightbl={0x30, 0x43, 0x1, 0x70bd29, 0x25dfdbfd, {0xa}, [@NDTA_NAME={0x5, 0x1, '\x00'}, @NDTA_GC_INTERVAL={0xc, 0x8, 0x656}, @NDTA_THRESH2={0x8, 0x3, 0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) 20.601024575s ago: executing program 7 (id=1734): r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f0000000040)={0x8001, {{0x2, 0x4e24, @local}}, {{0x2, 0x4e23, @broadcast}}}, 0x108) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001a40)=""/4096, 0x1000}], 0x1, 0x0, 0x1a}}], 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=@gettfilter={0x24, 0x2e, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xd, 0x8387681d3acb1dff}, {0x0, 0x4}, {0x6, 0xd}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8}}]}, 0x40}}, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r6, 0x40085112, &(0x7f0000000d80)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_NOTEON=@special}) 20.587884849s ago: executing program 37 (id=1734): r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f0000000040)={0x8001, {{0x2, 0x4e24, @local}}, {{0x2, 0x4e23, @broadcast}}}, 0x108) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001a40)=""/4096, 0x1000}], 0x1, 0x0, 0x1a}}], 0x1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=@gettfilter={0x24, 0x2e, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xd, 0x8387681d3acb1dff}, {0x0, 0x4}, {0x6, 0xd}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8}}]}, 0x40}}, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r6, 0x40085112, &(0x7f0000000d80)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_NOTEON=@special}) 17.361229095s ago: executing program 9 (id=1829): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310401080000030000001600000018000180140002006e657464657673696d3000000000000005000300010000000500040001000000050002"], 0x44}}, 0x8884) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 17.360050501s ago: executing program 9 (id=1831): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="54010000100013070000010000000000000000000000000077fb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000032000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040007"], 0x154}}, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000004f40)=ANY=[@ANYRESHEX=r0], 0x8) recvmmsg(r0, &(0x7f0000004dc0)=[{{&(0x7f0000000040)=@sco, 0x80, &(0x7f00000002c0)=[{&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/131, 0x83}, {&(0x7f0000000180)=""/216, 0xd8}, {&(0x7f0000000280)=""/58, 0x3a}], 0x4, &(0x7f0000000300)=""/2, 0x2}, 0x5}, {{&(0x7f0000000340)=@tipc=@id, 0x80, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/113, 0x71}], 0x1, &(0x7f00000015c0)=""/4096, 0x1000}, 0x3}, {{&(0x7f0000000480)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000500)=""/47, 0x2f}, {&(0x7f00000025c0)=""/161, 0xa1}], 0x2, &(0x7f0000002680)=""/4096, 0x1000}, 0x7}, {{&(0x7f0000003680)=@in, 0x80, &(0x7f0000004a00)=[{&(0x7f0000003700)=""/253, 0xfd}, {&(0x7f0000003800)=""/161, 0xa1}, {&(0x7f00000038c0)=""/4096, 0x1000}, {&(0x7f00000048c0)=""/44, 0x2c}, {&(0x7f0000004900)=""/157, 0x9d}, {&(0x7f00000049c0)=""/18, 0x12}], 0x6, &(0x7f0000004a80)=""/162, 0xa2}, 0xfffffff7}, {{0x0, 0x0, &(0x7f0000004bc0)=[{&(0x7f0000004b40)=""/82, 0x52}], 0x1, &(0x7f0000004c00)=""/9, 0x9}, 0x7a8f}, {{&(0x7f0000004c40)=@pppol2tpv3in6, 0x80, &(0x7f0000004d00)=[{&(0x7f0000004cc0)=""/57, 0x39}], 0x1, &(0x7f0000004d40)=""/96, 0x60}, 0x1}], 0x6, 0x40000040, 0x0) 17.299636311s ago: executing program 9 (id=1833): unshare(0x20020000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) (async) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000180)) (async) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) (async) r1 = open(&(0x7f0000000000)='.\x00', 0x800, 0x0) (async) r2 = socket$inet(0xa, 0x801, 0x84) ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000600)={'gre0\x00'}) (async) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async) listen(r2, 0x8) (async) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0xd, &(0x7f0000000040)={0x0, 0x1bc}, 0x8) (async) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) (async) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x9, 0x3, 0x2b0, 0x130, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x218, 0xffffffff, 0xffffffff, 0x218, 0xffffffff, 0x3, &(0x7f0000000280), {[{{@uncond, 0x0, 0xe8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xa}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0x4, 0x1, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@rand_addr=0x64010101, 'macsec0\x00', {0x4}}}}, {{@uncond, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@icmp={{0x28}, {0xc, "9e6c", 0x1}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xff}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) (async) unlinkat(r1, &(0x7f0000000140)='./file0\x00', 0x200) 16.465532055s ago: executing program 9 (id=1863): r0 = socket(0x10, 0x3, 0x0) mkdir(&(0x7f00000022c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='/'], 0x2) mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x8afa89, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x24000, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000240)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x6, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xd, &(0x7f0000000340)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x7a, 0x8, 0x8, &(0x7f0000000400)}}, 0x10) r2 = syz_open_dev$vcsn(&(0x7f0000000580), 0x7fffffffffffffff, 0x40201) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f00000005c0)={&(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x1000, 0x1}) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESHEX=r0, @ANYBLOB="5be45dbdc14fcdc4fe8d3016c16a9e291c96c038b9d7851b494f8dd01b4217712443e927b89df92b5e38091074ebaf46e0dbe8b23b5bb641e3d369e8f256709274c16869fd0de991d821a6ff94e5d6b713b726239848c6560d4ab458f093e9248cc3c57fc760b34548d9506aa960233c4875c245a588c1b7c6f9c9dce4bfa597340adf72199005849185757d6105dcc903cb3d49efaed3f984ef4233f154a97c7569d685a55dbcda5b4752e2a6977e53645101", @ANYRES16=r0, @ANYBLOB="341b784519673cc47239a5e3920cde2ba7714c5df6fa229044d9", @ANYRESDEC=r0, @ANYRESDEC=r0, @ANYRESHEX=r0, @ANYRESOCT=r0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket(0x10, 0x3, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r6, 0x26, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r5}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r8}, &(0x7f0000000780), &(0x7f00000007c0)=r5}, 0x20) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x80000020}, 0x10) sendmsg$nl_route(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=@getlink={0x20, 0x12, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10400}}, 0x20}}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000047c0)=r3, 0x4) sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000007e00)=@newtaction={0x14, 0x32, 0x12f}, 0x14}}, 0x0) 16.391228134s ago: executing program 9 (id=1866): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310401080000030000001600000018000180140002006e657464657673696d3000000000000005000300010000000500040001000000050002"], 0x44}}, 0x8884) syz_genetlink_get_family_id$fou(&(0x7f0000000100), r0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 14.770992102s ago: executing program 9 (id=1919): futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000)=0x3, 0x2}, {0x3, &(0x7f0000000040)=0x3, 0x82}], 0x2, 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x1, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="86000000c8001d"], 0x7) socket(0x2a, 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd03000000f5ff1400000060ec970012302c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xfdef) 14.720584021s ago: executing program 38 (id=1919): futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000)=0x3, 0x2}, {0x3, &(0x7f0000000040)=0x3, 0x82}], 0x2, 0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x1, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="86000000c8001d"], 0x7) socket(0x2a, 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="020086dd03000000f5ff1400000060ec970012302c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xfdef) 7.652798134s ago: executing program 3 (id=1920): r0 = io_uring_setup(0x17c7, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1}) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000040801010000000011000000000000000500030084000000090001007379fb5300000000060002"], 0x4c}}, 0x40000c0) listen(r1, 0x4) recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 6.338009285s ago: executing program 3 (id=1920): r0 = io_uring_setup(0x17c7, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1}) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000040801010000000011000000000000000500030084000000090001007379fb5300000000060002"], 0x4c}}, 0x40000c0) listen(r1, 0x4) recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 4.893012336s ago: executing program 3 (id=1920): r0 = io_uring_setup(0x17c7, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1}) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000040801010000000011000000000000000500030084000000090001007379fb5300000000060002"], 0x4c}}, 0x40000c0) listen(r1, 0x4) recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 3.411204397s ago: executing program 6 (id=2008): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310401080000030000001600000018000180140002006e657464657673696d3000000000000005000300010000000500040001000000050002"], 0x44}, 0x1, 0x0, 0x100000000000000}, 0x8884) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 3.408593269s ago: executing program 6 (id=2010): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000018c0)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18, 0x20008880}}], 0x1, 0x4c054) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0xa031, 0xffffffffffffffff, 0x180000000) r2 = socket$alg(0x26, 0x5, 0x0) ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, &(0x7f0000000040)={0x2, 0xc, 0x3}) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r0, 0x40049421, 0x2) sendmsg$nl_route_sched_retired(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000700)={&(0x7f000000c2c0)=@newtaction={0x14, 0x30, 0x400, 0x70bd2d, 0x25dfdbff}, 0x14}}, 0x84) remap_file_pages(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x1, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x440200) ioctl$SCSI_IOCTL_DOORLOCK(r4, 0x5380) 3.406299216s ago: executing program 3 (id=1920): r0 = io_uring_setup(0x17c7, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1}) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000040801010000000011000000000000000500030084000000090001007379fb5300000000060002"], 0x4c}}, 0x40000c0) listen(r1, 0x4) recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 1.849209145s ago: executing program 5 (id=2013): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000180)={'veth0_to_bridge\x00'}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0, 0x0], 0x2, 0x1000, 0x0, 0xffffffffffffffff}) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="360f3366b9800000c00f326635000100000f30debb26ac0f09baf80c66efbafc0cb8f1ffef63aa2161f80466b8ebb83488bafc0cec0fc74a5e260fc75d042e3e0f1bd00f32", 0x4c}], 0x34, 0x0, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0058a10100d04261a5fb2d002200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r6 = socket$inet(0x2, 0xa, 0x4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f00000001c0), &(0x7f00000004c0)=@udp=r6}, 0x20) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'pim6reg0\x00', 0x2}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.84899469s ago: executing program 6 (id=2014): madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e21, @remote}]}, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = dup3(r1, r0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x71, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x17) mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000006, 0x10010, 0xffffffffffffffff, 0x10000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19) 1.848267397s ago: executing program 5 (id=2016): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xff, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0xfd, 0x1, 0x7, 0x1, 0x2, 0x6, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x7, 0x0, 0xb}}}}}]}}]}}, 0x0) (async) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x11) (async) ioctl$TCSETS(r0, 0x8910, &(0x7f0000000100)={0x0, 0x0, 0xfffffffe, 0x0, 0x0, "73195a7375845ee299572d7de2efe20f9d5a12"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x4, 0x3, 0x7f, 0x6}, {0x7, 0x0, 0x0, 0x7}, {0x8cf5, 0x9, 0x7, 0xa}, {0x7, 0x4, 0x2, 0xfff}]}) 1.847579037s ago: executing program 8 (id=2018): syz_emit_ethernet(0xcb, &(0x7f0000000000)={@multicast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0xa9, 0x0, @opaque="910bc5170de8bdf06b054f43f7cbcde160584bd7f0db80f38e9dcf7407428fa1380ef6d4dc2090a15b25342a091144aada32df3ae3e4df1adfb5df8d6891630cb713056696eccdbc2f40263296b676bd647fb20bc33fb47374dea1075770c54e6f8d96ce54ef19f71421cd4ede8f16a2389a1ae3fd88271a287591ee1ea853aef4a25c2462984b257eff5265d3584a8175a29c0786586c248bd0fe3a97a49fd39a"}}}}}, 0x0) 1.791116272s ago: executing program 8 (id=2019): r0 = syz_io_uring_setup(0x95, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000440)={[0x9dd0, 0x4, 0x6, 0x4, 0x3, 0x9, 0x6a16, 0xa, 0xb, 0xfffffff7, 0x1ff, 0x3, 0x2, 0x7, 0x7f, 0x6, 0x10000, 0x9, 0x8, 0xb87e, 0x3ff, 0xca, 0x80, 0xffff, 0x9, 0x2e, 0xffff, 0xfa, 0x6, 0x4, 0x3dc, 0x4, 0x6, 0x7f, 0x9, 0x3, 0x45e, 0x80, 0x6, 0x3, 0xfffffffd, 0x79f00, 0xada, 0x4, 0x12, 0x0, 0x5, 0x2, 0x5, 0x1, 0x5, 0xaa5, 0x9457, 0x2, 0x8, 0x8, 0x7, 0xd9f4, 0x7, 0x4, 0x5, 0x7183, 0x4, 0xf, 0xffff8000, 0x3, 0x4, 0xae, 0x40000000, 0x9, 0x3, 0x8, 0x40, 0xb, 0x2, 0x2, 0x5, 0x41b0, 0xae7, 0xe, 0x2, 0x5, 0x0, 0x0, 0x0, 0x10000, 0x7f, 0x7, 0xbf, 0x82f8, 0x709, 0x5, 0x0, 0xfffffffb, 0x3, 0x133, 0xfffffeff, 0x8, 0x60000, 0x5, 0x10, 0x0, 0x0, 0x7, 0x10001, 0x0, 0xcd5, 0x7ff, 0x0, 0x838, 0x10000, 0x3, 0x6, 0x9, 0x2f06, 0x2, 0x9, 0xb4, 0x4, 0x5, 0xfffffffd, 0x0, 0x2, 0x2, 0x2, 0x0, 0x2ed0, 0x3, 0x5, 0x0, 0x400, 0x4, 0x4, 0x4, 0x305a, 0x7, 0x5, 0xb43, 0x2, 0x2, 0x200, 0x9, 0x4b573e73, 0x10000, 0xb64, 0x9, 0x8, 0x101, 0x4, 0x401, 0x7, 0x9, 0x5857, 0xfffffffc, 0xfffff000, 0xffffff00, 0x5, 0x7, 0x401, 0x10000, 0x3, 0x916b, 0xfffffffd, 0xfffffffa, 0x0, 0xba4a, 0x8, 0x39d, 0x8, 0x6, 0x2, 0x9, 0x0, 0xc, 0x7, 0x9, 0x0, 0xfffff2a0, 0x9, 0x5, 0x0, 0x6, 0x6, 0x0, 0x35, 0x8, 0x3, 0x3ff, 0x5, 0x8001, 0x0, 0x5, 0x6, 0x9, 0x7, 0x60000, 0x9, 0x6, 0x48e, 0x9, 0x9, 0x7, 0x4, 0x4, 0x3, 0x0, 0x3, 0x1, 0x3, 0xffffffff, 0x5, 0xfffffffd, 0x70000000, 0x5, 0x4, 0x400, 0x40, 0xec, 0x253, 0x8001, 0x94, 0x1, 0x10001, 0x3ff, 0x0, 0x53, 0x2, 0x8, 0x87b1, 0x6a, 0x2, 0x2, 0x8, 0x2, 0xf49, 0x45ec, 0x1b, 0xfff, 0x6, 0x8, 0x7, 0x0, 0x3, 0xbb4, 0xa, 0x805, 0x7, 0x0, 0x5, 0x0, 0x7fff, 0x9, 0x8, 0xfffffff1, 0x7, 0xb3, 0x0, 0x0, 0x200, 0x6, 0x65e, 0x2, 0x7, 0x3, 0x3, 0x2, 0x5, 0xfffff311, 0x5, 0x220, 0x1, 0x8, 0x7, 0x17, 0x3d5d, 0x1, 0xfffffeff, 0x8, 0x8, 0x16, 0xfff, 0xf3f, 0x1, 0x3, 0x6, 0xc, 0x10, 0x1, 0x9, 0x3, 0x10, 0x4, 0xf2bd, 0x7ff, 0x8000, 0x3, 0xffff0000, 0x84c, 0x9, 0x5, 0x8, 0x5, 0x5, 0x80000000, 0x53, 0x3, 0x9, 0x100, 0x3, 0x1, 0xe00000, 0x32d, 0x3ff, 0x3, 0xffffffea, 0xa, 0x6fcc36fd, 0x4, 0x400, 0x6, 0x2, 0x4, 0x2, 0x100, 0xce3, 0xd6a, 0x4, 0x0, 0x5, 0x5b0341d6, 0xfffffff8, 0x7, 0xca000000, 0x3, 0x4, 0x10000, 0xffff, 0x1, 0xfffffffe, 0x7, 0x1, 0x100, 0xd26, 0x8001, 0x7, 0x7, 0x7, 0x4, 0x401, 0x10000, 0xd2e, 0x2, 0x80000000, 0xf5ac, 0x7, 0x8, 0x8001, 0x3, 0xb, 0x800, 0x1, 0x7, 0x2, 0x205, 0x80000000, 0xfffffffb, 0x676afd53, 0x0, 0x4, 0x6, 0x4, 0xfffffffd, 0x75f1, 0x40, 0x3, 0xbfbf, 0x4, 0x41, 0x6, 0x4, 0xd, 0x7fffffff, 0x80, 0x3, 0x5, 0x3ff, 0x4, 0x9, 0x0, 0x6458e28d, 0x80, 0x1, 0x1, 0x101, 0x3, 0x9, 0x5, 0x7fff, 0x5, 0x3, 0x5, 0x1, 0x497, 0x68fb1070, 0x9, 0x6, 0x1, 0xe2c9, 0x9, 0x0, 0x9, 0x80, 0x80, 0x7, 0x3, 0x7fffffff, 0x7, 0x8, 0x80000001, 0xfff, 0x3, 0x6, 0x0, 0x6, 0x0, 0x80, 0xcc64, 0x3, 0x0, 0x5, 0xfffffffe, 0x4, 0x7e8, 0x40, 0xffffffff, 0x1, 0xda, 0x7, 0x7, 0xffff, 0x400, 0xc, 0xf, 0x2, 0x1, 0xa, 0x7, 0x1, 0x9, 0xb, 0x2, 0x26f3400d, 0x5, 0x8, 0x60000, 0x2, 0x0, 0x0, 0x8001, 0xffff, 0x7f, 0x6, 0xf, 0x9, 0xffffb01e, 0xc5ff, 0x0, 0xfffff5dc, 0xb, 0x8, 0x2, 0xffffaf2a, 0x8, 0x9, 0x8, 0x5, 0x0, 0x10001, 0x7, 0x2, 0xb89, 0x8001, 0x8, 0x3, 0x13, 0x5, 0x8, 0xd1, 0x9, 0x9, 0x6b, 0x5, 0x2, 0x5, 0x7, 0x2, 0x8, 0xff, 0xfffff5bc, 0xffffffff, 0xffffdb8b, 0x1000, 0x33, 0x1, 0x4, 0x140, 0x0, 0x401, 0x10000, 0x593, 0x8, 0xa3, 0x5, 0x100, 0x1ff, 0x431, 0x1, 0x5, 0x3, 0x0, 0x0, 0x1, 0x4, 0xdd27, 0xc, 0xff, 0x0, 0x7fff, 0x8, 0x400, 0x0, 0xd689, 0x9, 0x8, 0x2772, 0x2, 0x100, 0x2, 0x85, 0x2, 0x6, 0x0, 0x9, 0xfff, 0x80000001, 0x2, 0x80, 0x440, 0x180, 0x81, 0x4, 0x3, 0x829, 0x4, 0x0, 0x2, 0x10000, 0x0, 0x0, 0xf, 0x0, 0x624, 0x6, 0x8000, 0x0, 0x4, 0x0, 0x1ef2c75d, 0x1, 0x2, 0x0, 0x9, 0xf28, 0x3, 0x6adf7de0, 0x9, 0xf, 0x49ea, 0x8, 0xf84, 0x1, 0xe84b, 0x3, 0x7, 0xc, 0xc3, 0x2, 0x101, 0x6, 0x101, 0x8, 0x1, 0x0, 0x80000001, 0x9, 0x2, 0x5, 0xf4, 0x1, 0x7fff, 0x407, 0x7, 0x4, 0x30, 0x3, 0x1, 0x3c, 0x6, 0xc72, 0x3, 0x2, 0x3, 0xffff8000, 0x2, 0x3, 0x6, 0x3, 0x4, 0x7, 0x1, 0x8, 0xe4fd, 0x0, 0x9, 0x80000000, 0x8a68, 0x2, 0xffff8000, 0x5, 0xa, 0x4, 0x6, 0x9, 0x2, 0x8, 0xf16, 0x1, 0x3, 0x0, 0x3, 0x1, 0x1, 0x8, 0x7, 0xb720, 0x2, 0x80000001, 0x2729, 0xd3e3, 0x3, 0x1, 0x6, 0x4, 0xeec, 0x54c0000, 0xbf2498d3, 0x9, 0x5, 0x7ff, 0x7075, 0x10001, 0x4, 0x80000001, 0xf, 0x6, 0x1, 0x0, 0xb571, 0x5, 0x4281, 0x7, 0xfffffe00, 0x9d, 0xf9, 0x4, 0xffffffff, 0x9, 0x7, 0x2f0e, 0x63, 0x7, 0x6, 0x10001, 0x8, 0x80000000, 0xfffeffff, 0x2, 0x3, 0x0, 0x40, 0xf6, 0x1, 0x4, 0x1, 0x0, 0x6cc7, 0x1, 0xfff, 0x7ff, 0x1, 0x60000000, 0x0, 0x0, 0x1, 0x1, 0x40000000, 0x7, 0x8000, 0x10001, 0xf9a, 0x7, 0xd96, 0x8, 0xf, 0x100, 0x6, 0x8, 0x8, 0x0, 0x4, 0xfa, 0x2, 0x71, 0x3, 0x1, 0xe, 0x0, 0x0, 0x9, 0x8, 0x5, 0x2, 0x6, 0x1abb, 0x4, 0x1, 0x6640, 0x7, 0x0, 0xe, 0x2, 0x1000, 0xfffffffa, 0x9, 0x0, 0x8001, 0xe, 0x0, 0x1, 0x9, 0x40, 0x0, 0x8, 0x200, 0x9, 0x6, 0x1ff, 0x7, 0xf, 0x9, 0x9, 0x8001, 0x1, 0x3, 0x6, 0x4, 0x6, 0x6, 0xb, 0xa6cb, 0x8, 0x4, 0x8, 0x6, 0x6, 0xffffffff, 0x97, 0xfffffff7, 0x8001, 0x3, 0x1ff, 0x1, 0x2, 0x9, 0x2, 0x0, 0xffff, 0x2, 0x10, 0x3, 0x8000, 0x60, 0x215, 0x7a74, 0x1, 0xb1b, 0xfffffff8, 0x1, 0x7, 0x9, 0x10001, 0x9, 0x870, 0x80000000, 0x5, 0x9, 0x0, 0x401, 0x6, 0x2, 0x4, 0xe, 0x9, 0x7, 0xfffffffc, 0x2, 0x4dde4532, 0x3, 0x6, 0x1, 0x10001, 0x7, 0x6, 0x4, 0x4, 0x2, 0x6, 0x3782, 0xb, 0x392, 0x2, 0x7fff, 0xff, 0x3, 0x8, 0xc, 0x216, 0xffffbe3f, 0x8a5, 0x4, 0x2, 0x774, 0x2, 0x3, 0x5, 0x4b3e, 0x5, 0xeca, 0x9, 0xd, 0x10e2, 0x0, 0x8, 0xc, 0x174, 0x1, 0x7497, 0x6, 0x3, 0x2, 0x9, 0xf, 0x1, 0x7, 0xd0d, 0x1, 0x7, 0xf, 0x3, 0x10, 0x2b89, 0x2, 0x1a04, 0x4, 0x9c, 0x4, 0xff, 0x69, 0x7, 0x0, 0x7fffffff, 0x2, 0x9, 0x2, 0x8, 0x66c4, 0x7ff, 0x7, 0x6, 0x0, 0x6, 0x101, 0x80000, 0x9c18, 0x7, 0x1, 0x3, 0x7ff, 0x3, 0x26b1, 0x45, 0x9, 0x76e, 0x8a21, 0x9, 0x4, 0x8001, 0x0, 0x6, 0x2, 0x6, 0x9, 0x2, 0xd, 0x33ac, 0x4, 0x848, 0x6, 0x7, 0x3, 0x1, 0x9afd, 0x4, 0x7fff, 0x1, 0x1, 0xc8c, 0x5, 0x424, 0x6, 0x1, 0x1, 0x7, 0xfffffffd, 0x87, 0x8, 0x52ba, 0x9, 0x1, 0xfffffffa, 0x200, 0x8e, 0x6, 0x7976e372, 0x93, 0x10, 0x8, 0x2, 0xfff, 0x0, 0x3, 0x0, 0x3ff, 0x2, 0x9, 0xfff, 0x8561, 0x8000, 0x9, 0xe2b2, 0xc3b, 0x1, 0x3, 0x9, 0x9, 0x5, 0xa, 0x3, 0x6, 0x1, 0x4c, 0x8, 0x8, 0x3ff, 0xc, 0x0, 0x4, 0x6, 0x1, 0x3, 0x4, 0xa, 0x8dd, 0x2, 0x7, 0x2, 0x81, 0xec96, 0x1000, 0x8000, 0x4, 0xfffffffa, 0x73ab6a07, 0x86, 0x80000000, 0x81, 0x80, 0xf7, 0x69c7, 0xd, 0x873, 0x9, 0x8e9, 0x6, 0x100, 0x7ff, 0x1, 0x3, 0x200, 0x800, 0x6, 0x3ff, 0x4, 0x3, 0x6, 0x1387, 0xfffffff8, 0xa, 0x7bf8, 0x0, 0xe, 0x1000, 0x4, 0x6]}) socket$inet6(0xa, 0x2, 0x3a) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r3) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47f6, 0xbacc, 0x0, 0x0, 0x0) r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) r7 = dup(r6) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r7, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7000000000000006111900000e31bd384000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x47, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 1.780489323s ago: executing program 8 (id=2020): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310401080000030000001600000018000180140002006e657464657673696d3000000000000005000300010000000500040001000000050002"], 0x44}, 0x1, 0x0, 0x0, 0x1000000}, 0x8884) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 1.773866258s ago: executing program 6 (id=2021): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000340)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) lseek(r1, 0x9, 0x1000000) 1.720843673s ago: executing program 8 (id=2022): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310401080000030000001600000018000180140002006e657464657673696d3000000000000005000300010000000500040001000000050002"], 0x44}}, 0x8884) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newtaction={0x48, 0x30, 0x1, 0x0, 0x0, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x0}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000140)={0x24, r4, 0x801, 0x0, 0x0, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x24}}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r4, 0x300, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x2}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x9}]}, 0x24}}, 0x8000) 1.715332797s ago: executing program 3 (id=1920): r0 = io_uring_setup(0x17c7, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1}) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000040801010000000011000000000000000500030084000000090001007379fb5300000000060002"], 0x4c}}, 0x40000c0) listen(r1, 0x4) recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 80.826463ms ago: executing program 5 (id=2023): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f00000006c0)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f0000000680)={{0x5, 0x0, 0x80}, "e0f7176672594e817fc843d11dc79dabbbd874b8964d1ddac14e22877106a3316ba1451b54b14b176982a5764c221501f664bb0742c6e00836304ee0701a00ff17ae0af333f9a38e0fbfc0896a25ad9db2f64582ba59d6c7394b2de98e61681be62d7af82c19548520e89cd86b97604994087d948a3f5b2d1241cb52cd16c8aa3e09eceab02a6e16c0737f56dc2a95c5a71dfa0466c097e52f1aae5f457cecdad0610593718c7203e76f123ac3f6a8dd64f3098cb00a1dfafe0a2ab7e8c4711beac69e0ec9095a4c80a67dd20ae80530ccd07ef53349535f56135a649e76caba85260b28994a2b033a35a9b69a5b8ac7ccb75d2694b000d3512eedddc0136611aedf4d57a0c677aa5bd83154d91eef0c0aaea30ca6b011459559bd2c29c169ed168dd6b0ded00dd2d3638a8dfa22d07d0b4936a02facaf78ea7814b97714093ed0943d7ca97483ec9851ab23dde004e623bfa5ce413a6ce504dd8d282bf8f32800c27c19068bdea3309328e470d2e504ee60f817489f7aa72cc99fa75a7157abf98510bdd8fde7e184beded5c50af6e0c45728d5daa30e3220446c2f7886ad5b1dc7a73289fca5bc39fc421ce358047cec50ac4bed17aeaf326f8b9aeb5464f4a3bc5a4623d7ab6f8a4d9627b04b19e995a848172c9219739e81939455d2132f293e0640ffdce5dbc39067d90ad4945fae763db900e056925aab97da2f43fbb6f67d0d25b39cdb580de2b0ae2ba51e208095589223879764aa4f7591115205486c3b7024279c25635494e7caea99f5e6dbcf2938afe46d4c7032cf1be3b762b5724af750e948cf5846cc28637adb7e0cd0a1e1c03528182010f29d51a99f22e4de3a26172890bbebae48afaaefc8a4ae01757b136724659ff1531b9aea130350a5337c4dc994b7e42ad13fecca6f724d10b48d5284b9051e12d39f4ef0c6090e8fce4b5cce7d3111f1e1ced75425a460516249618b5fc4df0866e5d07d4c74ebaa6748d864419ccf98cf47f7314b9df8fc2151e5867f05bdb156a0643e78f658f38192f8419ba9d9e61dd770bfeb97ba4c23436d0196c214f571efac56f7ae65c1b409ae4573e33e026ce65bd0d72060a9000abd2fd196da62379a98729cc008e61ea3229b7ed4170b28227f791782d218ea31a46d7afb7c76aef88540b4537b0de6f8c282dae7a7821ae869776d7f2f6dcf718c00e91c218734aae977e1ed2dec1df98187add274f84247777099ab2c938146cdc83ad651446b74d86c59b5ba3bd72559e474f739037be115bdbb910f9adcd4acf9780ca15c3f8bb700d3ad43e24d3136c707a59d70bdf77d2ff4ac2dcd349c8c963b6336ef7f0af9d0474e2522ce7c50ed6902f572314b56a36351624ba27f9077dfe9c9993877a16888f7977d0cdf29e26d61897c8f2b666f3559bab01b576d9c44ceca1e534d50f76c46b481f356cc6aa653fb11388ed3055b749bb56dfff6c5f42315ae8e06d1af34cbc41d04462d95da402127f95f4ae48c8656b02f36d0b5b5f172999fbc77518c47ab101f2b31815255be0cde88035ad51402f14aa0f9a2d96d425219f517ad732376ac7af52428dc42290337e2d58f95026ec245af1d091e117dc46ed358c975e1176804a56d69ed9d2ae52c355f72613f918a6510d53e51c0676bd297c4cd1f710359922cbef4c8d1536e85a206937fe07ee5c30e675ee028b6900d0fa01c51d98b67f44cc51d5226117e9e29fac174f6509a9de1e3755309f4488dcb3669a6b3f796c7f048252ec4139ad9244111dbd6074b0a5f63e2e88c735d1bde1b2c7943e888fb7725eacd55c0acec2aa1761bcd9817cb55e22c2e855b61f7080b2079461e03fd46643862c3bbe5f685381d4d2dc8e56ee9cdac9a98f277c85e9dc2dae579d74328786c5e8ed790700f7c63e84793cf538d2cc743674b30fc8adefb093ad6b6fbf9e56c851870ae3975c5efced4cd76b63824f5beb7a4609ed05571509de98d66684b9bdd361ca5e6ed4d704b47fa0299a813e8656a14d9ddb27613c5dd4d77822793b026f84281543c0f324d4eded3ca1e2da810e95888186e19e781accd9bdf459514315420f8d7857f3ac87d6c0caec11400f3a36b7cf3779653772e3228bff7c6586c8c0c7029a388f1fab54dd36b73e9c132d0205326902415be1eb8557c41266a8886fc3054980d10d9a6111d25870e604e03453fb6e6fbe9c440f066931c424b2f23f88dad4dab6e71dc92c1828ebd44212b5cf35c97eec114e4abd5c498cc3b0e241481a22ecdd31c9595952eb0c4bc3b29ad2bddc107e9a99dc9872520f7d31b3e7883bed090396fa4f043b6f1bed98f9bc6feb50a24fabb92f1d1bde4ceff36dfdf9dbfe8b4e2f8a64d18c3371d008c50cfbc625e3fdab7f7581a2eca2a653d2376f262e00c4b28c7cf98187bc96d1d684b5c766ce98356c3fb59c8ef460aea39ed8f6aedfeaee9ef6f124bfc4eb425ae198ecc304ef41ce0e670b21c2a029d1e8897b252e9f89308b8973895361719d3f7df07ee71a863fe0fe0002968b292853fa5f52c24a4f53d047c64e4a006923f160940f5b55fe9640e0669eaa560875f82e469b1a86fe015db8d4877919555236c8658e3b7522269725ab2cbb3ec0835c636179da9c9971c30b634287ab4c781822f5fbe5b4717041d900d549b9112fbd599567f3722b642b494dc074c265977a0708ccaf0097f8ea8ed891b2a219d4b80bc83ee27722883785fba8a9168972857a7fb5dab8fc7717d91403ba37c8f64e040cbdec128214ac6aca75a926dcd8954737c40db1586fe7eca91fde84f868e1784d13c5bb857233ab291ede405c18f9a8c60c05f4e4bd37dd57a97982bea4254ff7c19a09a3c17e27f19c5048f6cb1f766492866afd5e1803bbecc455d105c554b0b1721bef741d1dafe2ed2789ceb0e57140f13a551c3d8e3c1f9f8d15bb337ee8fbf307ddc5671bcc77eeb9803f2dc755bff041f9e123d9b850fcffd216293952ae1d5b208703cddce9c8ce6bd2988ecc63cb367e84f72adf75b92033ac3b2d6c86cce34ee292243181bb5e995573b8c7f5168fb63a6a947b11f537b4a51044ebd383962e512502b7c475f4c4dfa3edd5471af3c56d3583df787c59f8daca9fad5c931c7245c06ac4104f7dfa53c90be01d2c76bc5ead2ebcc9f2eadac450c12430c7a4bba764234bc4fd777ea4c8ccd8ef637164b49f5f79660ec1be5a02c5a7415a258f499eb400d9798257cbafeb65dbcf357919531104a432b41b3e3a4594656748e76a47998b6883a63c55bb9ccb8059b7782f39a9ac94538bcb28a7b784512bdfd95c0d524e00fae1d807442041fddb44d5ec2c724d8f28188b68c8a8ec845f8982856a97630bc27e8d119419b849b8a38b118503d07364e1f6bfccf7e18eae1a9a4eccbd6919861254251cdf3cc7dcbb899fc2f8c2ebd7b3c48173ba53d28c049113e34f2be43b4a99fb6d85c31758b5bcb586c02f6303468811330567bfd3b475887898c65723b8c210fdb09b8311048cc42ed1401dc960ada7bd6e63d38f57ead7a7faff319c687244db698dd3416fad96264cc50e67175c26b090fbcb6685f99c3a8af8128c884433c4728b820a469c9722b2c7cb013288a5cfaca951fe415a25742d96bddb1f8ca0756219a226bfa8df56f0a969ed8c0f1dddf8b0913bdf39bbca52c87ad4af94b4d16db39a56109d0129650bc793a9860d574bf1dc078f1644142e1e9dc81ee3aaef2d3b72ef4cd79a99168437519374527655db3a55a817982f24f6bd9afeb0a7954e38d2c90326c7dd08ccf896abdd97a405cb2fcfba80f0ab8f60a19567f2e258d97a542475e5b4edaba018e41d60b334c023e072893cc08353a9e8316f2910a00f7932e652397ca3581e7f8767650d4e6a4768665fe72ee85062fb6c52b6116075638a634592457c231cf469510d9289b74d11696fc0c298de014af33be7001495e816bf2bf33f201a03646c75630ed371df1eae7c9c6d01f6c307490b9641a1afc9d5c8aaaff75430f79998b5e3ed71a9a2d146d2570cf2a2b5a6e16c30d7fab6e814029083c90b43c8c74c9309a78a88bf0dbfd56a3bc53a3e8549fb7535f8bd27b1117098696518d25151e35d1de07382a2cbd6b72f24148f17dd8df92fef31d634e1cdd74141dbb94a395627586f299f64b2a25f242a2b09c7ea7ea321c7e5f3a674a596bd62f91e88ca20c0bb8b455dc9ddb70b505c40a76287612f04dced09dc83fd9ab1c463c70eda281ee608818e274d80a1062a0c719491eb9c71dc7b221423ffffba17ab3c4abf20e429cbb447ef9ef45985849807484ef35c6b185cde95c726254782b84104818b4d1a157c45cbcb34b47bd7e671372d3e9650cf7ef4f0233b30cb4e42049c67e6a343b01583592da37257f2536283f21afacf470f7ce440e4788d49b7a12cbe3d92e178d6724eaa0c3cce540356455f90d6de2a060ab9545c7c8cee8cf54fc7c29134d2920f16026ba61c96fbd6ad60de93d28ffa25a95264a60e1fdd8e7c93dcabd7289fc312141b89a1a40a569df9de1af8c612c3e5855fb3889925e2ad71708bfa6db9c1fb258ae9aaeb7186e6a7adcbafe8c6c84d06b5519476e077f9060bb3956aa8175f84ab95b9d6bb11520d8adfb4244164573a64488e0ef70518307f733087a79af1ceb4e0ab39885cc1a2a2134d0336087c6584a9472134b0fb55afb6812b4c3d411f03e6b89b3ca07263aa9bfd198eaf2c2e04a1d7c3f666089e823bd4cb06d76b401a5a291ba14d60ff2e0813b9239fe69ecff8fe7b0f47dbe4ffbd84869410e65401a7016b5af2a458954db77760fd317aad4b5ce85777c2cab29faa4ff924a925f0b97e73b1944e4b5e1442e4ac67d7b0b2630a5d8e857f5354bc158c32db6c8bb971a8a0d5746fd8c4b4768e10a3d5a2a7d484e56cd1a320f375a571752073caef8b78b2c7ab2c98e6a674b7857ad37bcdf44ec3bdc2d8ca04cbbc236b698423cdd475b8f5f855870f3ba2d730ed092d5becd7958ff55ab824e34eedc3b61709899862b918beff96e3914b267b4e1f9765625394581116e2736dae82610fd62360d50587c897486c84b4836e3528b14ea9b5ab1c623b7aaa8290a48ea7b5fcbcdf0adb64358b07e42b04184ffd2b0b5b4fc471c457fbfc91e357d3c801032eeaf8458d86825786cf316ad5e15529e80c794939c9ac5f842fa5bf5323cd2cb8662f191343599e950161136f2934e957d466bc07c0884e0c34fe91c45867f5958b330a655db012779a5e14031509172c40f446cb5051f222ad7bb62d5cf05f5de1ef6628983bb22133f7c19fbb8c2e74d0377c7a05b80762ff2a1b8916c6ab8d4f21da8b4aaa6b33b76dd75bb64914cbe8d9cbf44337729c3222d65432aa42f114a6fd90e1ec2def28d31da951b1a93b66bd0221989bc6306012edfef4f876639a81005dd52b3ec8b4be1346754abe169b74f55be60fc1ad44201a1f3b8584ad5cd4639c662db448f58a46b4e5e30ee050f56d19d2794dcb87676b8bbfeaeef9b04beb0dfa11299eaeb5205b09d08d68a3943f66b2477dbd3675b296121ea648ebe321e4666a2eb33ecb92d8d1d2f95acd0786ed09b9622d273d35de6600a039623e8fd7a91de94d2a3d025af7f85e845574217574959bf77747e29a9735ef7b3df805a21652f64ac7eb233d8e4a21d9fb2d3c5e80000e8cd3d3a21198e035547589b5f03b9a0652c1036d00258eae5c4fa22c3809c019ce987373638e91b5a0855a727cc9c7974b60e6a95464e68ff598f93be30db", "2ae889f2e8225741af235c4f933c85f170697a5847fcbe2319ecfd41ba7f408cd807a46b1eeced1d46ffaae41ee5558ac7fc2f150189ea20949bc092c6b887c6de8c93478ac0a0879f96816229168d4bf18a292070e0a865f22af7f560b381c021c53b2cc19b6a0d98899c73f598fda31eb0920cb3adfe4f2919e4e46a1e4c935cf60217087cfa639c7d2eb1294c146583b5585cb810c0b8936a0542f950a7b207200da6bfb27497caaf1b807cc1c5b38d21dc3ffc11debe47721cf5e65d715f0773e56fabb0297f914408fb81e950fedf732cb46823819cb2191767879963b4152d7c5781b14298f4a1779f82c47b41cbc76986ca5bdf694cc15c2debbea44c71703f654c43461d50f21c41ebfe4c336b44e342b5d06f5ab877c4b8cf0a6c789228fae6c200d1b040c1a1a7e76ebbb76a4dc209fd6bab7aba0544dd5b47a877b72d3f59ba309b35906eaadf54a5ab15f7b921ae621d770c58c2af0b1e8c1c8f7ad17a78a7d7195176f70749a94c3fcda2562d90d7a204225ced48fc700f6d3fa5c0a34b64fe83cc9663df47c0aeaea438c8456048f78209b96d1a564606048bdb3c70570ba7abc4764349a755933b93050dd1aaae963daddbc01b3ff757942d0fb683fd29619f9df166b88397d1905e183401039e415cf9f7ff14a391a4bcc4d23c5a8cbe6cb9a484af93a8451c6b06843bdcfbdd69f799da0cf8c0f8413befc0f571dce4c10ebfe9a6e3c15c506b22ffa549240869e3f9f115db1c42d3cb8a6e8c5e71450b17c8f5177a7e5834367caf632a52d0a7c4ccd203423ea9845742eea086ac2457730121e1d2e057d0fdb7e24d748ec2b9892ac84e9e85184893d5fd81ab0ad1b95f2730b4114248a47d8cf8f429c27565fa333e7338c1c9e9d917d447c24b7dc4bf4b2207d266e2c59a343cd4d5a4d44f1f186857f5a5ff48748c30cb10cf21e87e229f3ad0436cd451f515055ce037b40d9dee6e39aa5ad7545d584039924519a4d537773410d7f5fab2dda1c237ab28b1c8b6d54b22a1e465ed541b4c0a8098a4f97726b03eefa6093f792a99139c7e244c0e8af28df9edce732792e19cad5101c149f58c7481bdf5c9119c4a38edc3805631069cc91fceaf7296e415f5d531e9743df9105c0692d2abfd9a40c794c6a7c9e10d7f0217bbe94caa2bbaab041340b96d49a2c50224c622095826500704c1bfc37e0ebd9ffc1d6f2821b3c0d108d7da1de4908983657cfe1ae0c361da4014189ef46ce14db41c0fb5f3dbecc246163af5df1a203084a043659750bfb6283f795166e52ead8b3c51627b2e8fd56f84af861236494baa5d6c45527972ed98f5d6e44e46efcf8964ccc6907d03b751058394f6b7e3f799a4f6b386d110344a3c00c37f74a42045349f7280ec27352ff5482c961d0cd04f899db59a7c940102a25d67917cf744f331e57ce982a4bb48439b90583147213580d480f83c9032eaffdc82653584cc16eb047f949a5ecf8d6171bdea89349baf2cc8a797e8b436312be073519da201c257a4e75827ff334e6b2c7975b6c51e83c26e8786279715fbad1bc6650a9b063e1386177b350b1116c3aa66a6406b0e0a1f1c147146bb2ab501c9eff800d25d4fefea8a7852096cf20909301872c4168331cc73df46ac948613e93e371dc3a487c78fe3eb4375172a2a605b23473dffab421f9fd609f0495f994cfe24984e92de805bedf15d4a2c4cc0258af6918e934c165cc0f052f269b28444f6cdb881ccd0b1793d75d24ed4f3955e0896e6566aba7970744825c17655475e9f213b1c5445dcb969c56a9d7d7f25429837d5e9cc96e947ebd8caba59c8e53209ca038b1f7592d915b98b82a9d6c03654b6760d79c7c8c8a642cb458780561747080c2b18019d81e3f4a1684dda2ba20624908d480b02d0cf806cc47e589b79b66b03b0b2edf7e9006923d5e917bcf61152da8c58fc0724224ce823cf916cf5b002705f39bd7db5012a671bed13293ec3005406652ffaed85cb3fe6d013bbeb17af1b8a80ffcfdbf72d8b4abfd43f8032e1fc20e76aaad1e80a3b4a79d8e9eddf69e1e7391d1a6a405297dbf92139b7308eae1cb30fdd9b3bb152378b40645e1af7d7de43b05ccb509cdc143980ed792311ede8066d1416108e358977146de6c5edc494e2a70cdceca2d7fb30fb05cd71d56b86c7b2b1220ce237573673550991de27a5723062b0d768dc820c5e4c7a29c1adfa25c36c465fe6cabfcde5d784b6c85b9652ae673b49926901747cc882ad6415dd7ba19f521c5f89a36bef389234831cd48179f07fba5125270cc2f42cd2e7b325e533c177e23df955c0e8f43e5c46d7a7a2440087b8bdaab8b0300329df3a370b0f6685254ceade9e4d18f49d9060a256c9bdd3e245accb73353b403561cd74390e426d57621fc5a0466df005e63d7c035efbf1c14c1d154d613d8250941fd5eff2583a2fdc870ec190faea29af31610b6ca2f96f148dbbbf29954a94778dbced62747ccfab9649709b4c692bb141d59270cdfdf80153034cb3a174c8090c2bc43f24c6acb2f693215aca4703f20a24fe65480d9f13236cbbf2888d23a0295b463491a34348e1427acbd63ca9bc32359fb36244e01a9c1ec551cc1fdc846f53e056bcdb67a4e9816923585b081786fc07229032d0ca096ce86b6ac0dc57850c7ef0f2f4fdf6d573d29a780dd6316dbfa22c801f48f5d254506f6b0ca6c98402313806484a32eb664f0cace8681aee522b7978bbfbc121eeea61cc8da363b1714accd0b4f6a1657e2727052c6ec085f4aeb702640258c1c9d5006620140d3540e5decd323352047e0fac6f0e3c5a44a2fbd5ba39ad290438c73b67907f3354748bd3e580614392173ced315074fd36e10945dbcd9c0dae61bdfd1a9ee5023d9e7d249c8f5332eaf464e15a8f07fe49d18c4294817892a026d70d42e3495166a1b8a50954b3d8d702b06b4e54dec07d3e94c6210bc65436ca48e7dfed4c38f1bbacb3204909cedf30016c5ea80c7e5c6a84db5b8a4c3d0f70481cd47a68ea4fde337a789ac3aef1afde19cd1a9844340718dd3c6c1ebea3cf989606be6dbdfb2d8c880404d6105069a6ffd6a65639338577ae0188f5ae47c9e2f1abfe04c7a391bd1bb10aef7eddf56f63524b48f588d97d0cc0fc86dd548a645be87c0eabb9dbb497ac41c04830686b1a00edd9d1b8edf015e1f7116e89108d7531955b2638e2ef14ca57ca0ecb5a02840f4ad52bffc7aac6131be12fb8cb267f5b88b393c3d7277636e0b3d98ab2c0b8eedbeb02188affbba6ec247307dae6bd1b8a6c8e0c0b62872dbd30a9f3ac937a07aaf7d70c25cb4def9dcc4194c56425e81eff7409edd9e1304dbd0729c83a16e4d8efa03c3d6e4e28e85316f9a37026320a5a02127dc44e235f7c56610dd6902a748dd218b3822913599ae61baca167a6f1bbc29f7b3caa807fb500001d9b6fd2b07a9ff29ae0efcce41f732f16ba721eb22ac58d13db3489682cdf30b1ec3a4db3168ac4abb44d4d82d4f9ebc660da242ea3cd0107c96f01bef35b502724dc68bfae7c6b5c0835b7f436929c81d7d626a7b65dd4e925f75d2c29fdd4d91c3a5d9aaf4978645b68d0c519ebfdb5bbce12b2ad879c49947b7b09bc46addff32babc9493988718f2ada383975a260b226d803e92042fd69cdedda3f28f1168656cb57e4b03108e01dc0dae635e2bbe7fb0a86de4b4c97f9b1ce51e15e59d1b396755c1c36561233b4aecc5b6b69e7c654b4cada2c3fb9610bde7b1b3d0a5e85cab53908a3d49ebf58cf9cf11c7d391b187473c5f373d0598b7ec73171e8cc18efbb84b1380034425eb547d4ebca49057b5d1fe86c5a9e4d0138d5b2fea43083191a2a31862f11ef37bed6a63c5078cdc1b4b69e6568f7262de81131c6a8c9df2ef5bc72d7d51ae405dc1f7c972be9bd2b9bd67ca9a9f8e40d3a8d0587fb4380ae7d7de1eae24b98267f53db71c7b7cbc838616253db367f0c73bf44f7e16c190d1a5aa736601a56557801e711d1123adba8ba7402153d093b6b9a816add0e7ab313b1d4a10d33124bc5ff48c9387f8cb8ec267e1c92211dab748be9b28fe43ff645e0b1dd13f65e0cccb0819a2a7f500e1e29f0df0d7d88699562a5e61e299fb5309fccf2b73f7408f702ef2218f11ca15522c815af3726ec150046e4c811b422c36c4ad2193e1e48294a08c6374cf1010ebaf9ba26da1672ac724efdb3055fea534cc024a9c8ed75ea8becaca21456b523752d4304f36013963a2c074a2609f8354188b619eb21398782f74d734930861fb07f125312c46585911f7cb4c65990db16766f448ae7b1f15901349db6b59f60a8426efebe7f218fac320b22b4f1197c4fec26ff9084cd8e47b92fbd41473e3cbd27a93d2a8a57136b5d3838f5eea39b5636df5e1d72c02fa22d1eebb5e4a15bca0fa88b332a7077effd1da355b9ea529c70f681ed89ed708d76e6674bb251a8f3674e27a871d91588f72f791daafcd7676279519da862a2cfd74846d14f78b81ac00ff0200c62e2372be0399e47e7f939d2f91e9054e6c7fc3528a0b00cbea8a1b7976a12f0ec9a0ba96197eae3675d2af04fcc598fc53e07deb8e5795a13b42d79ffde0bd3cbf105c9f60a27df0cef2c1801e2c44c2faf8757aa41653f7d6bfb35fb8772769f01b9f4e0198b39eb0ad0e87f4795707aac597ceac6ba42b6afc482d00d928b2087a457a56520cfd0ca922f7180edf53ef736e98284f075a5cf1bb4551d25bd6cdebf0e61f99d703cfbaf95fcc3222f67778f028921f6208a791800e0d7432aac4e342928616c64621e3cb5f1f4235aaac35360c4d46f1ef24cb4ef4b2d00fafcadb58457538159cdab5029c8697dfde9dbfd9ac841b3f952b64c6a77b65ad813fc2339b556c184632a8cbbcd42026cd2612b016460c556340e7756651a3c3bc972b1aec40cdfa6529f5a7fcb8dc81fbc9d1ba5d3e0e8f901904e0afecd55c32527e4eefce1852e8ab38120303e5213cbcee027e1e826c9352fb841c83909b1612ff66c20bbf58702eab6cd4f3aa6bba0ea0a7f2b2d0a8c48a6048a0e5a5d071dedfb5730ef25a5950270e82c99fb0775ab7351fababcd6f345f7d63365e0018c78243e33a98de8abe757d2ce403f5f45eed60c81ab29238fed7ac1e80e8887b5f8970cb7507a87fca1ef87456abff51c064f69c7df170bc50a60aab3af7345ea57f65e8378c5889a4238daefdcb1cd894466e442999ac0958ad3f966f2f3d511553835d3bd2f5794a9ed2bc995291b08b52a41256b3b62df2e393447016c72e3c15e48a4ba1ab0a9d07e6dd753a429ac57e8981610bf314f4507a9a674ffa13545944a1ef18be4d169f3c85b9b75b765f5ff2c34ce31fde6a4749010514bb5f603fac16180300ec26e02b160588df0795e651e0cd0c8b32fa4a24d37622a9355ab936c17161071ea7296545768ea224525cbb33caa493959c37b6fc7376dc7f97a756a5c229ac9c61f5ef9b9f8b110b113d0cf7f99e80b54a61d525941b7de60fee3b6260de5152e60d5fa097e7f02330e7581d271923037c023c095d7f6df7cc15df4cfe8afe7d6573ad22ba0a5b23d204079e273ee6b57b5f78df8149a1dab4852c8dddf0ad7bb4420cfbd88225a4da057c256c9debad1adaacd030dc0d66a3ddf52a291cf9e811ce32b286a5b16363621231d13d80dfc5dbfca9ad84da0d761db40eb97698cdd9f6ecf122371e97c32df5c8bd2eade9b1dd46b7fb67489b4882fb483f653952873604200"}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async) r3 = dup3(r2, r1, 0x0) (async) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001500)={@map=0x1, 0x2f, 0x0, 0x0, &(0x7f00000003c0)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) (async) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1460, 0x18, &(0x7f0000000880)={@flat=@handle={0x73682a85, 0x10a, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000900)=""/206, 0xce}, @fda={0x66646185, 0x5, 0x1}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1400}], 0x0, 0x0, 0x0}) 80.468745ms ago: executing program 6 (id=2024): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) (async, rerun: 32) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async, rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r1, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x9, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xe, &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x4b, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) (async, rerun: 32) r4 = socket$netlink(0x10, 0x3, 0x0) (rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_kthread_stop\x00', r3}, 0x10) (async) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0) 80.300174ms ago: executing program 8 (id=2025): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020001000900010073797a300000000008000240000000032c000000030a01030000e6ff00000027020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x2040084) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020001000900010073797a300000000008000240000000032c000000030a01030000e6ff00000027020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x2040084) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000080)) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRES16=r0], 0x84}}, 0x0) 79.986912ms ago: executing program 5 (id=2026): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000402b00000008000300", @ANYRES32=r2, @ANYBLOB="0a003400150000000101000004002a00"], 0x2c}}, 0x0) 79.21684ms ago: executing program 8 (id=2027): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f00000003c0)="0022041100ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77a62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a12", 0x98) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(r2, &(0x7f0000000400)={&(0x7f00000003c0), 0xc, &(0x7f0000000440)={0x0, 0x34}}, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0x0, 0x9, 0x8}, 0xc) write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r5 = dup(r4) write$P9_RLERRORu(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000340)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000280), 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30) write$binfmt_elf64(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="7fb20700000053c407cd", @ANYRESHEX=r1], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) chdir(&(0x7f0000000100)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x10) syz_emit_ethernet(0x22, &(0x7f00000006c0)={@local, @link_local, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x67, 0x0, @dev, @local}}}}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) creat(&(0x7f0000000140)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x30]}}}}]}) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001e000100000000000000e80007000000", @ANYRES32=r8, @ANYBLOB="000000000a0002"], 0x28}}, 0x0) r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r10 = dup(r9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r10, 0x0) sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newlink={0x20, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0x32b}}, 0x20}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) 78.250404ms ago: executing program 6 (id=2028): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSET={0xc0, 0x9, 0xa, 0x101, 0x0, 0x0, {0xf, 0x0, 0x4}, [@NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0xa}, @NFTA_SET_EXPRESSIONS={0x9c, 0x12, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}, {0x10, 0x1, 0x0, 0x1, @hash={{0x9}, @void}}, {0x10, 0x1, 0x0, 0x1, @hash={{0x9}, @void}}, {0x10, 0x1, 0x0, 0x1, @lookup={{0xb}, @void}}, {0x18, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @void}}, {0x10, 0x1, 0x0, 0x1, @tunnel={{0xb}, @void}}]}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}, @NFT_OBJECT_TUNNEL=@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}}, @NFT_MSG_DELRULE={0x10c, 0x8, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_RULE_USERDATA={0x1f, 0x7, 0x1, 0x0, "a0ded2e17daf4d79e0241cc33a4e1e31038dd5949b6f613a5ec38b"}, @NFTA_RULE_EXPRESSIONS={0xac, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SOCKET_LEVEL={0x8, 0x3, 0x19}]}}}, {0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}, {0x44, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x2b}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_CSUM_OFFSET={0x8, 0x7, 0x1, 0x0, 0x7}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0xd2}, @NFTA_PAYLOAD_DREG={0x8}]}}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}, {0x1c, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x2}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELOBJ={0x84, 0x14, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_OBJ_NAME={0xfffffe65, 0x2, 'syz2\x00'}, @NFTA_OBJ_USERDATA={0x29, 0x8, "e46e2a8258e6676805a07372f6bd21f02323f497629b408a1c1ef02186992a37153d489697"}, @NFTA_OBJ_USERDATA={0x1f, 0x8, "a5f1a563019378309c9c48a55b50d92cb7d5f1beb82c9955d04a35"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}]}, @NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x134, 0x3, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_CHAIN_HOOK={0xa4}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffd}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_HOOK_DEV={0x14, 0x3, 'wlan0\x00'}]}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_POLICY={0x8}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x5}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x400}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r3, &(0x7f0000000300), 0x20000000}, 0x20) recvmsg$unix(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000380)=""/28, 0x1c}], 0x1}, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd) getpeername$unix(r1, &(0x7f0000000580)=@abs, &(0x7f0000000600)=0x6e) quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, 0x0, 0x0) r5 = syz_clone(0x4000, 0x0, 0xffffffffffffff3a, 0x0, 0x0, 0x0) r6 = syz_open_procfs$namespace(r5, &(0x7f0000000440)='ns/net\x00') r7 = syz_clone(0x100000, &(0x7f0000000100)="0c066163e3909e9eb58a7020866bfe9fc9c718d6f601adfa62c086d7c1f8b62911bd8c9a5cb89268605ecc7e4ca47cfea49b63908a554f96ca24cb3b38c3b50b96b83518cfbfc91452586ccf24babbe7d06cb2f58fdf96e2931c69289d3230a9a6fe2a91151aac120f84fd4fa7d5d6eef03cb0dc783d2c440f4f7d26104e8255d2ea8e72961f49a2e9820edec28dec38e6ac7b702d66edf1afdbf7d3e512cb07ffff6beaf8822f", 0xa7, &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000400)="22bf4741c1b4bf3e0064a78937e2") sendmsg$nl_route(r4, &(0x7f0000000540)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=@RTM_NEWNSID={0x4c, 0x58, 0x200, 0x70bd25, 0x25dfdbff, {}, [@NETNSA_NSID={0x8, 0x1, 0x1}, @NETNSA_NSID={0x8, 0x1, 0x2}, @NETNSA_NSID={0x8}, @NETNSA_PID={0x8, 0x2, r5}, @NETNSA_PID={0x8, 0x2, r7}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_PID={0x8, 0x2, 0xffffffffffffffff}]}, 0x4c}}, 0x894) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001cc0)={r3, &(0x7f0000001c80)}, 0x20) close(r2) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003"], 0xcdc}}, 0x0) setns(r6, 0x80) 21.125108ms ago: executing program 5 (id=2029): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5e2b, 0x0, 0x0, 0x0) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) (async) r4 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000100)={'veth1_vlan\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x2c, 0x2}}) (async) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f00000000c0)={'veth1_vlan\x00'}) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) (async) unshare(0x62040200) (async) socket(0x1d, 0x3, 0x1) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) (async) socket$inet(0x2, 0x3, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) (async) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000040)) (async) r9 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r9, @ANYBLOB="0100"], 0xcc}, 0x1, 0xf000}, 0x0) 19.93052ms ago: executing program 5 (id=2030): openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffe5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000002, 0x59032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000300)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000040)={0xfffffffffffffffc, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r4], &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000040)}) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r2, 0x50009404, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00008e6000/0x1000)=nil, 0x1000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000}) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f000023d000/0x4000)=nil, &(0x7f00004fa000/0x4000)=nil, 0x0, &(0x7f0000000ec0)=[{}], 0x1, 0x1ff, 0x0, 0x0, 0x0, 0x1f}) personality(0x6) userfaultfd(0x0) syz_open_dev$sg(&(0x7f00000002c0), 0x9, 0x501040) preadv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)=""/148}, {&(0x7f0000000140)=""/49}, {&(0x7f0000000200)=""/187}], 0x3, 0x80000002, 0x4) r5 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$int_in(r5, 0x5452, &(0x7f00000001c0)=0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=1920): r0 = io_uring_setup(0x17c7, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1}) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x24) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000040801010000000011000000000000000500030084000000090001007379fb5300000000060002"], 0x4c}}, 0x40000c0) listen(r1, 0x4) recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 130.960496][T10392] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1138'. [ 130.964601][ T7149] usb 12-1: USB disconnect, device number 2 [ 130.974221][ T7149] ldusb 12-1:0.55: LD USB Device #1 now disconnected [ 131.030909][T10403] loop2: detected capacity change from 0 to 7 [ 131.035666][T10403] Dev loop2: unable to read RDB block 7 [ 131.037176][T10403] loop2: unable to read partition table [ 131.038819][T10403] loop2: partition table beyond EOD, truncated [ 131.040584][T10403] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 131.045542][T10403] syz.6.1141: attempt to access beyond end of device [ 131.045542][T10403] loop6: rw=0, sector=1, nr_sectors = 1 limit=0 [ 131.049918][T10403] qnx4: unable to read the superblock [ 131.290209][ T4593] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 131.450685][ T4593] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.454218][ T4593] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.456721][ T4593] usb 10-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 131.459198][ T4593] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.462405][ T4593] usb 10-1: config 0 descriptor?? [ 131.507768][T10428] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1150'. [ 131.598752][T10434] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1011 sclass=netlink_route_socket pid=10434 comm=syz.7.1152 [ 131.606270][T10434] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 131.867794][ T4593] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 131.869852][ T4593] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 131.872680][ T4593] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/0003:0D8C:0022.0005/input/input15 [ 131.882049][ T4593] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.5-1/input0 [ 131.923065][T10454] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1159'. [ 132.072463][ T4593] usb 10-1: USB disconnect, device number 12 [ 132.610443][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.612146][ T1413] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.719824][T10459] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 132.721934][T10459] overlayfs: failed to set xattr on upper [ 132.721950][T10459] overlayfs: ...falling back to redirect_dir=nofollow. [ 132.721955][T10459] overlayfs: ...falling back to index=off. [ 132.721958][T10459] overlayfs: ...falling back to uuid=null. [ 132.721963][T10459] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 132.768458][T10457] lo: entered promiscuous mode [ 132.860808][T10455] lo: left promiscuous mode [ 132.890521][T10472] vlan3: entered allmulticast mode [ 132.892527][T10472] bridge0: port 3(vlan3) entered blocking state [ 132.899863][T10472] bridge0: port 3(vlan3) entered disabled state [ 132.907102][T10472] vlan3: entered promiscuous mode [ 132.908735][T10472] bridge0: port 3(vlan3) entered blocking state [ 132.910478][T10472] bridge0: port 3(vlan3) entered forwarding state [ 132.973857][ T39] audit: type=1400 audit(1732372306.390:1141): avc: denied { getopt } for pid=10477 comm="syz.6.1167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 133.213340][T10492] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1169'. [ 133.216385][T10492] vlan3: left promiscuous mode [ 133.218089][T10492] bridge0: port 3(vlan3) entered disabled state [ 133.227956][T10492] bridge_slave_1: left allmulticast mode [ 133.230116][T10492] bridge_slave_1: left promiscuous mode [ 133.232197][T10492] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.248887][T10492] bridge_slave_0: left promiscuous mode [ 133.250549][T10492] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.189971][ T1104] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 134.191830][ T1104] ata1: failed to read log page 10h (errno=-5) [ 134.193451][ T1104] ata1.00: exception Emask 0x1 SAct 0x40 SErr 0x0 action 0x0 [ 134.195379][ T1104] ata1.00: irq_stat 0x40000000 [ 134.196698][ T1104] ata1.00: failed command: WRITE FPDMA QUEUED [ 134.198716][ T1104] ata1.00: cmd 61/18:30:7a:09:10/00:00:00:00:00/40 tag 6 ncq dma 12288 out [ 134.198716][ T1104] res 50/00:01:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 134.204657][ T1104] ata1.00: status: { DRDY } [ 134.206751][ T1104] ata1.00: configured for UDMA/100 [ 134.208378][ T1104] ata1: EH complete [ 134.353223][T10533] netlink: 'syz.6.1182': attribute type 23 has an invalid length. [ 134.355361][T10533] IPv6: NLM_F_CREATE should be specified when creating new route [ 134.429983][T10537] dccp_v6_rcv: dropped packet with invalid checksum [ 134.556805][ T39] audit: type=1400 audit(1732372307.970:1142): avc: denied { getopt } for pid=10546 comm="syz.6.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 134.705253][T10560] usb usb9: usbfs: process 10560 (syz.6.1191) did not claim interface 0 before use [ 134.827883][T10571] dccp_v6_rcv: dropped packet with invalid checksum [ 134.955954][T10582] netlink: 'syz.5.1197': attribute type 23 has an invalid length. [ 134.958057][T10582] netlink: 244 bytes leftover after parsing attributes in process `syz.5.1197'. [ 135.009399][ T9] usb 12-1: new high-speed USB device number 3 using dummy_hcd [ 135.179003][T10608] dccp_v6_rcv: dropped packet with invalid checksum [ 135.182347][ T9] usb 12-1: config 0 has no interfaces? [ 135.183801][ T9] usb 12-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=64.46 [ 135.186403][ T9] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.189939][ T9] usb 12-1: config 0 descriptor?? [ 135.414913][T10563] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=770954412 (770954412 ns) > initial count (134138459 ns). Using initial count to start timer. [ 135.427175][T10623] tmpfs: Bad value for 'mpol' [ 135.640580][ T5962] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 135.643322][ T5962] Bluetooth: hci2: Injecting HCI hardware error event [ 135.647082][ T5312] Bluetooth: hci2: hardware error 0x00 [ 135.876432][T10623] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1207'. [ 135.881394][T10623] nlmon0: entered allmulticast mode [ 136.118269][T10649] Process accounting resumed [ 136.156987][T10666] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1213'. [ 136.274029][T10676] dccp_v6_rcv: dropped packet with invalid checksum [ 136.499312][ T5959] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 136.650696][ T5959] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 136.654836][ T5959] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 136.658738][ T5959] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 136.663679][ T5959] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 136.668301][ T5959] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 136.671950][ T5959] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.677330][ T5959] usb 10-1: config 0 descriptor?? [ 136.680195][T10678] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 137.090924][ T5959] plantronics 0003:047F:FFFF.0006: unknown main item tag 0xd [ 137.093734][ T5959] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 137.099567][ T5959] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 137.335170][T10695] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1218'. [ 137.721928][ T5312] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 137.741849][ T5959] usb 12-1: USB disconnect, device number 3 [ 137.799441][ T57] usb 11-1: new high-speed USB device number 4 using dummy_hcd [ 137.841278][T10713] vlan2: entered allmulticast mode [ 137.843771][T10713] bond0: (slave vlan2): Opening slave failed [ 137.950134][T10715] rtc_cmos 00:05: Alarms can be up to one day in the future [ 137.955111][T10716] rtc_cmos 00:05: Alarms can be up to one day in the future [ 137.959599][ T57] usb 11-1: Using ep0 maxpacket: 8 [ 137.962663][ T57] usb 11-1: config index 0 descriptor too short (expected 5924, got 36) [ 137.964883][ T57] usb 11-1: config 250 has an invalid interface number: 228 but max is -1 [ 137.972002][ T57] usb 11-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 137.974448][ T57] usb 11-1: config 250 has no interface number 0 [ 137.976142][ T57] usb 11-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 137.980714][T10720] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1226'. [ 137.983266][ T57] usb 11-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 137.986631][ T57] usb 11-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 137.989557][ T57] usb 11-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 137.992201][ T57] usb 11-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 137.995730][ T57] usb 11-1: config 250 interface 228 has no altsetting 0 [ 137.998631][ T57] usb 11-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 138.001532][ T57] usb 11-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 138.003677][ T57] usb 11-1: Product: syz [ 138.004790][ T57] usb 11-1: SerialNumber: syz [ 138.012860][ T57] hub 11-1:250.228: bad descriptor, ignoring hub [ 138.014596][ T57] hub 11-1:250.228: probe with driver hub failed with error -5 [ 138.220558][ T57] usblp 11-1:250.228: usblp1: USB Bidirectional printer dev 4 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 138.339999][ T57] IPVS: starting estimator thread 0... [ 138.344658][T10732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.347051][T10732] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.449575][T10733] IPVS: using max 40 ests per chain, 96000 per kthread [ 138.452683][ T4593] usb 10-1: reset high-speed USB device number 13 using dummy_hcd [ 138.869380][ T6172] usb 11-1: USB disconnect, device number 4 [ 138.874356][ T6172] usblp1: removed [ 138.949011][T10736] syz.7.1229 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 139.015107][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 139.015117][ T39] audit: type=1400 audit(1732372312.430:1145): avc: denied { setattr } for pid=10737 comm="syz.7.1230" name="SCO" dev="sockfs" ino=43885 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 139.098658][T10744] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1232'. [ 139.106633][T10744] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1232'. [ 139.389299][T10196] usb 12-1: new high-speed USB device number 4 using dummy_hcd [ 139.559274][T10196] usb 12-1: Using ep0 maxpacket: 8 [ 139.562363][T10196] usb 12-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 139.565421][T10196] usb 12-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 139.567897][T10196] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 139.571515][T10196] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 139.575009][T10196] usb 12-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 139.577767][T10196] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.584483][T10196] hub 12-1:1.0: bad descriptor, ignoring hub [ 139.586447][T10196] hub 12-1:1.0: probe with driver hub failed with error -5 [ 139.588594][T10196] cdc_wdm 12-1:1.0: skipping garbage [ 139.590298][T10196] cdc_wdm 12-1:1.0: skipping garbage [ 139.592429][T10196] cdc_wdm 12-1:1.0: cdc-wdm1: USB WDM device [ 139.594093][T10196] cdc_wdm 12-1:1.0: Unknown control protocol [ 139.790235][ T39] audit: type=1400 audit(1732372313.210:1146): avc: denied { mounton } for pid=10747 comm="syz.7.1233" path="/63/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 139.989455][ T5959] usb 12-1: USB disconnect, device number 4 [ 139.997106][ T57] usb 10-1: USB disconnect, device number 13 [ 140.583223][ T39] audit: type=1400 audit(1732372314.000:1147): avc: denied { getopt } for pid=10753 comm="syz.7.1235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 140.587525][T10757] vlan2: entered allmulticast mode [ 140.591253][T10757] bond0: entered allmulticast mode [ 140.592625][T10757] bond_slave_0: entered allmulticast mode [ 140.594126][T10757] bond_slave_1: entered allmulticast mode [ 140.596610][T10757] bond0: left allmulticast mode [ 140.597923][T10757] bond_slave_0: left allmulticast mode [ 140.599642][T10757] bond_slave_1: left allmulticast mode [ 140.664792][T10765] misc userio: The device must be registered before sending interrupts [ 141.018947][T10785] syzkaller0: entered promiscuous mode [ 141.021646][T10785] syzkaller0: entered allmulticast mode [ 141.028011][T10785] program syz.6.1240 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.567367][ T39] audit: type=1400 audit(1732372314.980:1148): avc: denied { create } for pid=10788 comm="syz.5.1243" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 141.574225][T10790] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1243'. [ 141.685069][T10793] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1241'. [ 142.314414][T10789] syzkaller1: entered promiscuous mode [ 142.315892][T10789] syzkaller1: entered allmulticast mode [ 142.444787][ T39] audit: type=1400 audit(1732372315.860:1149): avc: denied { unlink } for pid=7063 comm="syz-executor" name="file0" dev="tmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 142.492922][T10814] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1249'. [ 142.498010][ T39] audit: type=1400 audit(1732372315.910:1150): avc: denied { setopt } for pid=10811 comm="syz.7.1250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 142.531911][ T39] audit: type=1400 audit(1732372315.950:1151): avc: denied { accept } for pid=10816 comm="syz.5.1251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 142.540267][ T39] audit: type=1400 audit(1732372315.950:1152): avc: denied { accept } for pid=10816 comm="syz.5.1251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 142.586405][T10818] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1251'. [ 142.636759][ T39] audit: type=1326 audit(1732372316.050:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10826 comm="syz.6.1254" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff64497e819 code=0x0 [ 143.298857][T10849] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 143.449075][T10862] FAULT_INJECTION: forcing a failure. [ 143.449075][T10862] name failslab, interval 1, probability 0, space 0, times 0 [ 143.453840][T10862] CPU: 2 UID: 0 PID: 10862 Comm: syz.5.1265 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 143.456514][T10862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 143.459407][T10862] Call Trace: [ 143.460300][T10862] [ 143.461079][T10862] dump_stack_lvl+0x16c/0x1f0 [ 143.462325][T10862] should_fail_ex+0x497/0x5b0 [ 143.463566][T10862] ? fs_reclaim_acquire+0xae/0x150 [ 143.464917][T10862] should_failslab+0xc2/0x120 [ 143.466164][T10862] __kmalloc_cache_noprof+0x6b/0x300 [ 143.467551][T10862] ? media_pipeline_add_pad+0xf3/0x990 [ 143.468984][T10862] media_pipeline_add_pad+0xf3/0x990 [ 143.470388][T10862] __media_pipeline_start+0x2e2/0x2020 [ 143.471809][T10862] ? __pfx___mutex_lock+0x10/0x10 [ 143.473124][T10862] ? __pfx___media_pipeline_start+0x10/0x10 [ 143.474671][T10862] ? rcu_is_watching+0x12/0xc0 [ 143.475933][T10862] media_pipeline_start+0x49/0x70 [ 143.477245][T10862] video_device_pipeline_start+0x79/0xa0 [ 143.478703][T10862] vimc_capture_start_streaming+0x7d/0x130 [ 143.480222][T10862] ? __pfx_vimc_capture_start_streaming+0x10/0x10 [ 143.481894][T10862] vb2_start_streaming+0x15f/0x5a0 [ 143.482096][T10865] xt_NFQUEUE: number of queues (65534) out of range (got 131068) [ 143.483223][T10862] ? __bitmap_weight+0xdc/0x110 [ 143.486515][T10862] vb2_core_streamon+0x2a7/0x450 [ 143.487808][T10862] vb2_ioctl_streamon+0xf4/0x170 [ 143.489015][ T39] audit: type=1400 audit(1732372316.900:1154): avc: denied { connect } for pid=10859 comm="syz.7.1264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 143.489072][T10862] __video_do_ioctl+0xaf0/0xf00 [ 143.495496][T10862] ? __pfx___video_do_ioctl+0x10/0x10 [ 143.496896][T10862] ? __might_fault+0xe3/0x190 [ 143.498127][T10862] video_usercopy+0x4c6/0x1680 [ 143.499378][T10862] ? __pfx___video_do_ioctl+0x10/0x10 [ 143.500961][T10862] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 143.502744][T10862] ? __pfx_video_usercopy+0x10/0x10 [ 143.504113][T10862] v4l2_ioctl+0x1ba/0x250 [ 143.505249][T10862] ? __pfx_v4l2_ioctl+0x10/0x10 [ 143.506529][T10862] __x64_sys_ioctl+0x190/0x200 [ 143.507781][T10862] do_syscall_64+0xcd/0x250 [ 143.508977][T10862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.510533][T10862] RIP: 0033:0x7f690b77e819 [ 143.511706][T10862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.516666][T10862] RSP: 002b:00007f690c4fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 143.518861][T10862] RAX: ffffffffffffffda RBX: 00007f690b935fa0 RCX: 00007f690b77e819 [ 143.520934][T10862] RDX: 0000000020000000 RSI: 0000000040045612 RDI: 0000000000000003 [ 143.522919][T10862] RBP: 00007f690c4fd090 R08: 0000000000000000 R09: 0000000000000000 [ 143.524790][T10862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.526693][T10862] R13: 0000000000000000 R14: 00007f690b935fa0 R15: 00007ffcb64bbab8 [ 143.528679][T10862] [ 143.565383][T10868] program syz.5.1267 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 143.593199][T10870] syz.5.1268 uses old SIOCAX25GETINFO [ 143.825426][T10886] x_tables: duplicate underflow at hook 1 [ 143.892647][T10890] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1275'. [ 144.282481][T10909] fuse: Bad value for 'group_id' [ 144.283783][T10909] fuse: Bad value for 'group_id' [ 144.289206][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 144.289221][ T39] audit: type=1400 audit(1732372317.700:1156): avc: denied { append } for pid=10908 comm="syz.6.1281" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 144.423287][T10916] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1284'. [ 144.819548][T10930] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10930 comm=syz.5.1288 [ 145.390615][T10954] dccp_v6_rcv: dropped packet with invalid checksum [ 145.520670][T10969] netlink: 'syz.5.1302': attribute type 11 has an invalid length. [ 145.540685][T10970] mac80211_hwsim hwsim21 ÿÿÿÿÿÿ: renamed from wlan1 (while UP) [ 145.605611][T10977] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1300'. [ 145.631971][T10980] Dead loop on virtual device ip6_vti0, fix it urgently! [ 145.715185][T10982] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1307'. [ 145.717688][T10982] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1307'. [ 145.732620][ T5962] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 145.738529][ T5962] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 145.743030][ T5962] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 145.745629][ T5962] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 145.754275][ T5962] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 145.756349][ T5962] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 145.858760][T10985] chnl_net:caif_netlink_parms(): no params data found [ 145.908899][ T76] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.944559][T10985] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.946462][T10985] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.948299][T10985] bridge_slave_0: entered allmulticast mode [ 145.950413][T10985] bridge_slave_0: entered promiscuous mode [ 145.952763][T10985] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.954655][T10985] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.956520][T10985] bridge_slave_1: entered allmulticast mode [ 145.958547][T10985] bridge_slave_1: entered promiscuous mode [ 145.997631][ T76] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.004055][T10985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.007531][T10985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.033190][T10985] team0: Port device team_slave_0 added [ 146.036493][T10985] team0: Port device team_slave_1 added [ 146.036649][T10999] dccp_v6_rcv: dropped packet with invalid checksum [ 146.067418][ T76] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.080084][T10985] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.081932][T10985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.088392][T10985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.091921][T10985] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.093674][T10985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.100250][T10985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 146.122426][T10985] hsr_slave_0: entered promiscuous mode [ 146.124386][T10985] hsr_slave_1: entered promiscuous mode [ 146.126251][T10985] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 146.129386][T10985] Cannot create hsr debugfs directory [ 146.183370][ T76] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.303819][T11015] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 146.406837][T11027] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 146.410255][T11027] FAULT_INJECTION: forcing a failure. [ 146.410255][T11027] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.413646][T11027] CPU: 3 UID: 0 PID: 11027 Comm: syz.7.1321 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 146.416322][T11027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 146.418932][T11027] Call Trace: [ 146.419834][T11027] [ 146.420777][T11027] dump_stack_lvl+0x16c/0x1f0 [ 146.422234][T11027] should_fail_ex+0x497/0x5b0 [ 146.423470][T11027] _copy_to_user+0x32/0xd0 [ 146.424619][T11027] simple_read_from_buffer+0xd0/0x160 [ 146.425978][T11027] proc_fail_nth_read+0x198/0x270 [ 146.427220][T11027] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 146.428641][T11027] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 146.430006][T11027] vfs_read+0x1df/0xbe0 [ 146.431045][T11027] ? __fget_files+0x1fc/0x3a0 [ 146.432180][T11027] ? __pfx___mutex_lock+0x10/0x10 [ 146.433445][T11027] ? __pfx_vfs_read+0x10/0x10 [ 146.434678][T11027] ? __fget_files+0x206/0x3a0 [ 146.435918][T11027] ksys_read+0x12b/0x250 [ 146.437032][T11027] ? __pfx_ksys_read+0x10/0x10 [ 146.438281][T11027] do_syscall_64+0xcd/0x250 [ 146.439479][T11027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.441033][T11027] RIP: 0033:0x7f4dcd17d25c [ 146.442214][T11027] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 146.447240][T11027] RSP: 002b:00007f4dcdeb2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 146.449352][T11027] RAX: ffffffffffffffda RBX: 00007f4dcd335fa0 RCX: 00007f4dcd17d25c [ 146.451415][T11027] RDX: 000000000000000f RSI: 00007f4dcdeb20a0 RDI: 0000000000000004 [ 146.453474][T11027] RBP: 00007f4dcdeb2090 R08: 0000000000000000 R09: 0000000000000000 [ 146.455526][T11027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.457559][T11027] R13: 0000000000000000 R14: 00007f4dcd335fa0 R15: 00007ffc5af46418 [ 146.459637][T11027] [ 146.483126][T11028] dccp_v6_rcv: dropped packet with invalid checksum [ 146.586084][T11038] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1323'. [ 146.719340][T11040] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 146.752474][ T8696] Bluetooth: hci4: Frame reassembly failed (-84) [ 146.752494][ T76] bond0 (unregistering): Released all slaves [ 146.754296][ T8696] Bluetooth: hci4: Frame reassembly failed (-84) [ 146.757634][ T8694] Bluetooth: hci4: Frame reassembly failed (-84) [ 146.764877][ T76] bond1 (unregistering): Released all slaves [ 146.849357][ T76] bond2 (unregistering): Released all slaves [ 146.885799][T10985] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 146.890682][T10985] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 146.893869][T10985] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 146.897884][T10985] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 146.928223][ T76] tipc: Left network mode [ 146.978509][T10985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.987670][T10985] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.992178][ T1134] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.994100][ T1134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.997755][ T8694] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.999655][ T8694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.129004][ T76] hsr_slave_0: left promiscuous mode [ 147.131702][ T76] hsr_slave_1: left promiscuous mode [ 147.148563][ T76] veth1_macvtap: left promiscuous mode [ 147.150730][ T76] veth0_macvtap: left promiscuous mode [ 147.153520][ T76] veth1_vlan: left promiscuous mode [ 147.155002][ T76] veth0_vlan: left promiscuous mode [ 147.226502][T11063] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 147.326723][T11032] orangefs_mount: mount request failed with -4 [ 147.799375][ T5962] Bluetooth: hci1: command tx timeout [ 148.702152][T11066] ipvlan2: entered promiscuous mode [ 148.744588][T10985] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.764167][ T5962] Bluetooth: hci4: command 0x1003 tx timeout [ 148.767521][ T5312] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 148.791675][ T39] audit: type=1400 audit(1732372322.200:1157): avc: denied { read } for pid=11070 comm="syz.5.1329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 148.915966][T10985] veth0_vlan: entered promiscuous mode [ 148.928341][T10985] veth1_vlan: entered promiscuous mode [ 148.929486][ T39] audit: type=1400 audit(1732372322.350:1158): avc: denied { setopt } for pid=11093 comm="syz.5.1333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 148.949814][T11089] dccp_v6_rcv: dropped packet with invalid checksum [ 148.958379][T10985] veth0_macvtap: entered promiscuous mode [ 148.991315][T10985] veth1_macvtap: entered promiscuous mode [ 149.006015][T10985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.006280][T11098] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 149.009660][T10985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.009671][T10985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.009679][T10985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.009686][T10985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.009693][T10985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.011667][T10985] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.015363][T11098] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 149.020813][T10985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.032238][ T39] audit: type=1400 audit(1732372322.450:1159): avc: denied { create } for pid=11097 comm="syz.7.1335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 149.032914][T10985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.040273][T10985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.042969][T10985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.045479][T10985] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.048236][T10985] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.052685][T10985] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 149.055814][T10985] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.058021][T10985] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.060871][T10985] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.063068][T10985] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.065720][ T39] audit: type=1400 audit(1732372322.480:1160): avc: denied { map } for pid=11104 comm="syz.5.1336" path="/dev/video6" dev="devtmpfs" ino=963 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 149.072337][ T39] audit: type=1400 audit(1732372322.480:1161): avc: denied { execute } for pid=11104 comm="syz.5.1336" path="/dev/video6" dev="devtmpfs" ino=963 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 149.073172][T11105] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 149.098741][ T76] IPVS: stop unused estimator thread 0... [ 149.128926][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.132735][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.149689][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 149.151742][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.153111][T11109] xt_time: unknown flags 0xc [ 149.158001][ T39] audit: type=1400 audit(1732372322.570:1162): avc: denied { connect } for pid=11107 comm="syz.6.1337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 149.226026][ T39] audit: type=1400 audit(1732372322.640:1163): avc: denied { read } for pid=11117 comm="syz.8.1338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 149.315568][T11126] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1339'. [ 149.322956][ T39] audit: type=1400 audit(1732372322.740:1164): avc: denied { listen } for pid=11124 comm="syz.7.1339" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 149.492761][T11145] dccp_v6_rcv: dropped packet with invalid checksum [ 149.609282][T10196] usb 12-1: new high-speed USB device number 5 using dummy_hcd [ 149.759570][T10196] usb 12-1: Using ep0 maxpacket: 8 [ 149.762854][T10196] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 149.766652][T10196] usb 12-1: config 0 has no interfaces? [ 149.768738][T10196] usb 12-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 149.773338][T10196] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.780342][T10196] usb 12-1: config 0 descriptor?? [ 149.876138][ T39] audit: type=1400 audit(1732372323.290:1165): avc: denied { append } for pid=11168 comm="syz.8.1345" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 149.889392][ T5312] Bluetooth: hci1: command tx timeout [ 150.013273][T11182] syz.6.1349[11182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.013329][T11182] syz.6.1349[11182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.016446][T11182] syz.6.1349[11182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.063932][T11181] Process accounting resumed [ 150.071106][T11191] netlink: 156 bytes leftover after parsing attributes in process `syz.8.1351'. [ 150.099800][T11195] delete_channel: no stack [ 150.156438][T11200] dccp_v6_rcv: dropped packet with invalid checksum [ 150.162924][T11205] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 150.185269][T11138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.188412][T11138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.259472][T11210] tipc: Failed to remove unknown binding: 66,1,1/0:1116559869/1116559871 [ 150.293772][ T5991] usb 12-1: USB disconnect, device number 5 [ 150.340737][T11217] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 150.345580][ T39] audit: type=1400 audit(1732372323.760:1166): avc: denied { mount } for pid=11216 comm="syz.6.1361" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 150.345586][T11217] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 150.345604][T11217] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 150.445100][T11221] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 150.447067][T11221] IPv6: NLM_F_CREATE should be set when creating new route [ 150.511135][ T39] audit: type=1400 audit(1732372323.930:1167): avc: denied { unmount } for pid=9211 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 150.665612][T11234] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 150.738611][T11236] dccp_v6_rcv: dropped packet with invalid checksum [ 150.769298][ T5948] usb 11-1: new full-speed USB device number 5 using dummy_hcd [ 150.878309][T11241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 150.916836][T11250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.919514][T11250] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.928767][ T5948] usb 11-1: unable to get BOS descriptor or descriptor too short [ 150.931967][T11251] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1369'. [ 150.932336][T11240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 150.934960][ T5948] usb 11-1: unable to read config index 0 descriptor/start: -71 [ 150.938969][ T5948] usb 11-1: can't read configurations, error -71 [ 151.405322][T11265] trusted_key: syz.8.1373 sent an empty control message without MSG_MORE. [ 151.437228][T11272] netlink: 'syz.8.1374': attribute type 23 has an invalid length. [ 151.439444][T11272] netlink: 244 bytes leftover after parsing attributes in process `syz.8.1374'. [ 151.550164][ T39] audit: type=1400 audit(1732372324.970:1168): avc: denied { ioctl } for pid=11287 comm="syz.6.1380" path="socket:[47246]" dev="sockfs" ino=47246 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 151.584702][T11290] dns_resolver: Unsupported server list version (126) [ 151.613184][T11292] dccp_v6_rcv: dropped packet with invalid checksum [ 151.679327][ T39] audit: type=1400 audit(1732372325.080:1169): avc: denied { write } for pid=11296 comm="syz.8.1384" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 151.886388][ T39] audit: type=1400 audit(1732372325.300:1170): avc: denied { read } for pid=11309 comm="syz.6.1388" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 151.898868][T11312] block device autoloading is deprecated and will be removed. [ 151.919258][ T39] audit: type=1400 audit(1732372325.300:1171): avc: denied { open } for pid=11309 comm="syz.6.1388" path="/168/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 151.925368][ T39] audit: type=1400 audit(1732372325.320:1172): avc: denied { ioctl } for pid=11309 comm="syz.6.1388" path="/168/file0/file0" dev="fuse" ino=0 ioctlcmd=0x921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 151.959417][ T5312] Bluetooth: hci1: command tx timeout [ 152.039939][T11318] ubi0: attaching mtd0 [ 152.062456][T11318] ubi0: scanning is finished [ 152.063729][T11318] ubi0: empty MTD device detected [ 152.139182][T11326] dccp_v6_rcv: dropped packet with invalid checksum [ 152.160492][T11318] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 152.163051][T11318] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 152.165260][T11318] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 152.167677][T11318] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 152.169874][T11318] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 152.172305][T11318] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 152.175142][T11318] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3136417775 [ 152.178516][T11318] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 152.183232][T11328] ubi0: background thread "ubi_bgt0d" started, PID 11328 [ 152.300021][ T39] audit: type=1400 audit(1732372325.720:1173): avc: denied { watch } for pid=11338 comm="syz.6.1397" path="/173" dev="tmpfs" ino=963 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 152.541863][ T8695] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.625485][ T8695] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.718527][ T8695] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.794888][ T8695] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.909821][ T8695] bridge_slave_1: left allmulticast mode [ 152.911342][ T8695] bridge_slave_1: left promiscuous mode [ 152.912885][ T8695] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.916777][ T8695] bridge_slave_0: left allmulticast mode [ 152.918885][ T8695] bridge_slave_0: left promiscuous mode [ 152.921878][ T8695] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.344096][ T8695] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.348432][ T8695] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.353883][ T8695] bond0 (unregistering): Released all slaves [ 153.669392][ T8695] hsr_slave_0: left promiscuous mode [ 153.672144][ T8695] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.674850][ T8695] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 153.677279][ T8695] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 153.680633][ T8695] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 153.704107][ T8695] veth1_to_team: left promiscuous mode [ 153.705813][ T8695] veth1_macvtap: left promiscuous mode [ 153.707531][ T8695] veth0_macvtap: left promiscuous mode [ 153.708995][ T8695] veth1_vlan: left promiscuous mode [ 153.711084][ T8695] veth0_vlan: left promiscuous mode [ 154.043166][ T5312] Bluetooth: hci1: command tx timeout [ 154.423134][ T8695] team0 (unregistering): Port device team_slave_1 removed [ 154.520046][ T8695] team0 (unregistering): Port device team_slave_0 removed [ 165.039214][T11494] dccp_v6_rcv: dropped packet with invalid checksum [ 165.062164][ T5962] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 165.067898][ T5962] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 165.071989][ T5962] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 165.076078][ T5962] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 165.079216][ T5962] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 165.085227][ T5962] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 165.090290][T11502] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1406'. [ 165.140870][T11502] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1406'. [ 165.193246][T11499] chnl_net:caif_netlink_parms(): no params data found [ 165.196437][T11514] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1406'. [ 165.217090][T11520] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 165.217090][T11520] The task syz.8.1408 (11520) triggered the difference, watch for misbehavior. [ 165.264346][T11499] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.266334][T11499] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.268269][T11499] bridge_slave_0: entered allmulticast mode [ 165.270294][T11499] bridge_slave_0: entered promiscuous mode [ 165.272761][T11499] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.274846][T11499] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.276890][T11499] bridge_slave_1: entered allmulticast mode [ 165.280158][T11499] bridge_slave_1: entered promiscuous mode [ 165.310759][T11499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.314502][T11499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.345476][T11499] team0: Port device team_slave_0 added [ 165.348442][T11499] team0: Port device team_slave_1 added [ 165.357755][T11531] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 165.371768][T11499] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.373952][T11499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.381689][T11499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.385630][T11499] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.387621][T11499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.394424][T11499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.418726][T11499] hsr_slave_0: entered promiscuous mode [ 165.421160][T11499] hsr_slave_1: entered promiscuous mode [ 165.989416][T11499] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 166.012012][T11499] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 166.031781][T11499] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 166.040834][T11499] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 166.043765][T11572] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1417'. [ 166.057959][T11572] fuse: Unknown parameter '0x0000000000000000' [ 166.059866][T11568] dccp_v6_rcv: dropped packet with invalid checksum [ 166.067968][T11499] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.070630][T11499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.073345][T11499] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.075296][T11499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.118642][T11584] ceph: Path missing in source [ 166.122897][ T8695] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.136091][ T8695] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.175326][T11499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.188086][T11499] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.194518][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.196383][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.218987][ T8696] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.221042][ T8696] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.252550][T11600] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1425'. [ 166.368270][T11499] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.544782][ T39] audit: type=1400 audit(1732372339.960:1174): avc: denied { write } for pid=11640 comm="syz.7.1430" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 166.602242][T11499] veth0_vlan: entered promiscuous mode [ 166.612803][T11499] veth1_vlan: entered promiscuous mode [ 166.631591][T11499] veth0_macvtap: entered promiscuous mode [ 166.640113][T11499] veth1_macvtap: entered promiscuous mode [ 166.649667][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.653264][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.656442][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.667459][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.672091][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.675092][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.678620][T11499] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 166.691308][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.694040][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.696570][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.700790][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.703336][T11499] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.706004][T11499] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.709080][T11499] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 166.711334][T11651] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=544 sclass=netlink_route_socket pid=11651 comm=syz.7.1431 [ 166.713506][T11499] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.718084][T11499] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.723555][T11499] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.726470][T11499] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.730663][T11651] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1431'. [ 166.740035][ T39] audit: type=1326 audit(1732372340.150:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.750319][ T39] audit: type=1326 audit(1732372340.160:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.768778][ T7149] IPVS: starting estimator thread 0... [ 166.772911][T11662] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 166.776642][ T39] audit: type=1326 audit(1732372340.160:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.787775][ T8695] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.789974][ T8695] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.795203][ T39] audit: type=1326 audit(1732372340.160:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.803862][ T39] audit: type=1326 audit(1732372340.160:1179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.813545][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.813758][ T39] audit: type=1326 audit(1732372340.170:1180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.816451][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.823180][ T39] audit: type=1326 audit(1732372340.170:1181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.855872][ T39] audit: type=1326 audit(1732372340.170:1182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.869428][T11665] IPVS: using max 41 ests per chain, 98400 per kthread [ 166.871545][ T39] audit: type=1326 audit(1732372340.170:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.7.1431" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4dcd17e819 code=0x7ffc0000 [ 166.903719][T11674] ebtables: ebtables: counters copy to user failed while replacing table [ 166.910576][T11676] ebtables: ebtables: counters copy to user failed while replacing table [ 167.084968][T11701] dccp_v6_rcv: dropped packet with invalid checksum [ 167.089421][ T5996] usb 12-1: new high-speed USB device number 6 using dummy_hcd [ 167.169804][ T5312] Bluetooth: hci0: command tx timeout [ 167.196971][T11717] ipip0: entered promiscuous mode [ 167.236882][T11723] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1443'. [ 167.249484][ T5996] usb 12-1: Using ep0 maxpacket: 8 [ 167.252301][ T5996] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 167.254310][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 167.260344][ T5996] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 167.265328][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 167.268253][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 167.273103][ T5996] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 167.275038][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 167.277980][ T5996] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 167.281636][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 167.284609][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 167.288383][ T5996] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 167.290784][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 167.293556][ T5996] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 167.296479][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 167.299735][ T5996] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 167.309315][ T5996] usb 12-1: string descriptor 0 read error: -22 [ 167.311244][ T5996] usb 12-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 167.313788][ T5996] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.321458][ T5996] adutux 12-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 167.398068][T11743] syz.8.1446: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 167.403922][T11743] CPU: 2 UID: 0 PID: 11743 Comm: syz.8.1446 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 167.407155][T11743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 167.410952][T11743] Call Trace: [ 167.412164][T11743] [ 167.413094][T11743] dump_stack_lvl+0x16c/0x1f0 [ 167.414428][T11743] warn_alloc+0x24d/0x3a0 [ 167.415774][T11743] ? __pfx_warn_alloc+0x10/0x10 [ 167.417438][T11743] ? __pfx_stack_trace_save+0x10/0x10 [ 167.418966][T11743] ? kasan_save_stack+0x42/0x60 [ 167.420740][T11743] ? kasan_save_stack+0x33/0x60 [ 167.422510][T11743] ? kasan_save_track+0x14/0x30 [ 167.424203][T11743] ? __kasan_kmalloc+0xaa/0xb0 [ 167.425790][T11743] ? xskq_create+0x52/0x1d0 [ 167.427343][T11743] ? do_sock_setsockopt+0x222/0x480 [ 167.428691][T11743] ? __sys_setsockopt+0x1a0/0x230 [ 167.430025][T11743] ? __x64_sys_setsockopt+0xbd/0x160 [ 167.431384][T11743] __vmalloc_node_range_noprof+0x11a7/0x15a0 [ 167.432937][T11743] ? xskq_create+0xfb/0x1d0 [ 167.434146][T11743] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 167.435835][T11743] ? xskq_create+0xfb/0x1d0 [ 167.437025][T11743] vmalloc_user_noprof+0x6b/0x90 [ 167.438321][T11743] ? xskq_create+0xfb/0x1d0 [ 167.439541][T11743] xskq_create+0xfb/0x1d0 [ 167.440687][T11743] xsk_setsockopt+0x757/0xa10 [ 167.441923][T11743] ? __pfx_xsk_setsockopt+0x10/0x10 [ 167.443278][T11743] ? selinux_socket_setsockopt+0x6a/0x80 [ 167.444740][T11743] ? __pfx_xsk_setsockopt+0x10/0x10 [ 167.446253][T11743] do_sock_setsockopt+0x222/0x480 [ 167.447778][T11743] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 167.449825][T11743] ? lock_acquire+0x2f/0xb0 [ 167.449844][T11750] netlink: 'syz.8.1446': attribute type 29 has an invalid length. [ 167.451489][T11743] __sys_setsockopt+0x1a0/0x230 [ 167.455666][T11743] __x64_sys_setsockopt+0xbd/0x160 [ 167.457471][T11743] ? do_syscall_64+0x91/0x250 [ 167.459183][T11743] ? lockdep_hardirqs_on+0x7c/0x110 [ 167.461067][T11743] do_syscall_64+0xcd/0x250 [ 167.462709][T11743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.464821][T11743] RIP: 0033:0x7f6ecbd7e819 [ 167.466431][T11743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.473265][T11743] RSP: 002b:00007f6ec9bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 167.476172][T11743] RAX: ffffffffffffffda RBX: 00007f6ecbf35fa0 RCX: 00007f6ecbd7e819 [ 167.478508][T11743] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004 [ 167.480572][T11743] RBP: 00007f6ecbdf175e R08: 0000000000000020 R09: 0000000000000000 [ 167.482642][T11743] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000000 [ 167.484685][T11743] R13: 0000000000000000 R14: 00007f6ecbf35fa0 R15: 00007ffc56de93a8 [ 167.487197][T11743] [ 167.490593][T11743] Mem-Info: [ 167.491501][T11743] active_anon:8770 inactive_anon:0 isolated_anon:0 [ 167.491501][T11743] active_file:5808 inactive_file:50688 isolated_file:0 [ 167.491501][T11743] unevictable:1523 dirty:33 writeback:0 [ 167.491501][T11743] slab_reclaimable:12307 slab_unreclaimable:77032 [ 167.491501][T11743] mapped:25945 shmem:2499 pagetables:1310 [ 167.491501][T11743] sec_pagetables:305 bounce:0 [ 167.491501][T11743] kernel_misc_reclaimable:0 [ 167.491501][T11743] free:451175 free_pcp:2798 free_cma:0 [ 167.497691][T11750] netlink: 'syz.8.1446': attribute type 29 has an invalid length. [ 167.505441][T11743] Node 0 active_anon:34220kB inactive_anon:0kB active_file:23228kB inactive_file:202676kB unevictable:3044kB isolated(anon):0kB isolated(file):0kB mapped:103652kB dirty:132kB writeback:0kB shmem:6460kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14032kB pagetables:5240kB sec_pagetables:1220kB all_unreclaimable? no [ 167.518133][T11743] Node 1 active_anon:488kB inactive_anon:0kB active_file:4kB inactive_file:76kB unevictable:3048kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 167.519561][T11750] netlink: 516 bytes leftover after parsing attributes in process `syz.8.1446'. [ 167.526615][T11743] Node 0 DMA free:15116kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:236kB local_pcp:104kB free_cma:0kB [ 167.537548][T11743] lowmem_reserve[]: 0 1212 0 0 0 [ 167.538977][T11743] Node 0 DMA32 free:198132kB boost:0kB min:27608kB low:34508kB high:41408kB reserved_highatomic:0KB active_anon:34220kB inactive_anon:0kB active_file:23228kB inactive_file:202676kB unevictable:3044kB writepending:40kB present:2080628kB managed:1269920kB mlocked:0kB bounce:0kB free_pcp:5072kB local_pcp:1048kB free_cma:0kB [ 167.549275][T11743] lowmem_reserve[]: 0 0 0 0 0 [ 167.549883][ T64] usb 12-1: USB disconnect, device number 6 [ 167.550586][T11743] Node 1 Normal free:1589532kB boost:0kB min:39632kB low:49540kB high:59448kB reserved_highatomic:0KB active_anon:488kB inactive_anon:0kB active_file:4kB inactive_file:76kB unevictable:3048kB writepending:0kB present:2097152kB managed:1781924kB mlocked:0kB bounce:0kB free_pcp:2900kB local_pcp:252kB free_cma:0kB [ 167.560572][T11743] lowmem_reserve[]: 0 0 0 0 0 [ 167.562356][T11743] Node 0 DMA: 9*4kB (UM) 9*8kB (UM) 8*16kB (UM) 3*32kB (UM) 5*64kB (UM) 5*128kB (UM) 2*256kB (U) 2*512kB (UM) 4*1024kB (UM) 0*2048kB 2*4096kB (M) = 15116kB [ 167.568088][T11743] Node 0 DMA32: 286*4kB (UME) 300*8kB (UM) 175*16kB (UME) 148*32kB (UME) 174*64kB (UME) 67*128kB (UME) 122*256kB (UME) 111*512kB (UME) 38*1024kB (UME) 6*2048kB (UME) 7*4096kB (UM) = 198728kB [ 167.575050][T11743] Node 1 Normal: 26*4kB (UME) 16*8kB (UME) 5*16kB (UME) 137*32kB (UME) 61*64kB (UME) 25*128kB (UME) 3*256kB (UE) 4*512kB (UM) 0*1024kB 3*2048kB (ME) 383*4096kB (UM) = 1589528kB [ 167.581479][T11743] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 167.584249][T11743] Node 0 hugepages_total=3 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB [ 167.587088][T11743] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 167.590596][T11743] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 167.593232][T11743] 59023 total pagecache pages [ 167.594487][T11743] 0 pages in swap cache [ 167.595726][T11743] Free swap = 124148kB [ 167.596867][T11743] Total swap = 124996kB [ 167.597980][T11743] 1048443 pages RAM [ 167.598982][T11743] 0 pages HighMem/MovableOnly [ 167.600349][T11743] 281642 pages reserved [ 167.601569][T11743] 0 pages cma reserved [ 167.756072][T11651] adutux: No device or device unplugged -19 [ 167.869556][T11765] dccp_v6_rcv: dropped packet with invalid checksum [ 168.068948][T11773] Attempt to restore checkpoint with obsolete wellknown handles [ 168.261129][T11776] xt_hashlimit: size too large, truncated to 1048576 [ 168.414181][T11787] xt_connbytes: Forcing CT accounting to be enabled [ 168.416019][T11787] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 168.419281][T11787] xt_bpf: check failed: parse error [ 168.556562][T11798] pim6reg1: entered promiscuous mode [ 168.558073][T11798] pim6reg1: entered allmulticast mode [ 168.681022][T11800] tmpfs: Bad value for 'mpol' [ 169.143906][T11819] sp0: Synchronizing with TNC [ 169.221087][T11821] dccp_close: ABORT with 32 bytes unread [ 169.240213][ T5312] Bluetooth: hci0: command tx timeout [ 169.500890][T11415] usb 13-1: new high-speed USB device number 2 using dummy_hcd [ 169.649348][T11415] usb 13-1: Using ep0 maxpacket: 8 [ 169.655592][T11415] usb 13-1: config 0 has no interfaces? [ 169.657371][T11415] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 169.666749][T11415] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.673312][T11415] usb 13-1: config 0 descriptor?? [ 169.996201][T11874] syzkaller1: entered promiscuous mode [ 169.998309][T11874] syzkaller1: entered allmulticast mode [ 170.008246][T11871] dccp_v6_rcv: dropped packet with invalid checksum [ 170.197670][T11876] team0: Cannot enslave team device to itself [ 170.420351][T11889] set match dimension is over the limit! [ 170.460821][T11893] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1495'. [ 170.464049][T11893] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1495'. [ 170.467401][T11893] netlink: 'syz.6.1495': attribute type 20 has an invalid length. [ 170.482833][T11893] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1495'. [ 170.528487][T11896] dccp_v6_rcv: dropped packet with invalid checksum [ 170.704648][T11922] 9pnet_virtio: no channels available for device syz [ 170.729923][T11922] overlay: Unknown parameter 'euid<00000000000000000000' [ 170.840416][T11928] fuse: Unknown parameter 'roÿÿÿÿde' [ 170.903292][T11936] netlink: 'syz.6.1509': attribute type 10 has an invalid length. [ 170.913677][T11936] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.917535][T11936] bond0: (slave team0): Enslaving as an active interface with an up link [ 170.934591][T11936] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:6cac:96ff:fe96:0627 error=-28 [ 170.990814][T11940] dccp_v6_rcv: dropped packet with invalid checksum [ 170.998431][T11936] infiniband syz1: set active [ 171.002202][T11936] infiniband syz1: added team_slave_0 [ 171.041789][T11936] RDS/IB: syz1: added [ 171.043520][T11936] smc: adding ib device syz1 with port count 1 [ 171.045405][T11936] smc: ib device syz1 port 1 has pnetid [ 171.090855][T11946] overlayfs: failed to resolve './file1': -2 [ 171.148717][T11950] bridge1: entered promiscuous mode [ 171.151059][T11950] bridge1: entered allmulticast mode [ 171.155513][T11952] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1516'. [ 171.329642][ T5312] Bluetooth: hci0: command tx timeout [ 171.342540][T11970] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1520'. [ 171.355314][T11970] sp0: Synchronizing with TNC [ 171.514190][T11978] overlayfs: failed to resolve './file1': -2 [ 171.538339][T11975] dccp_v6_rcv: dropped packet with invalid checksum [ 171.939307][ T5948] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 172.089374][ T5948] usb 10-1: Using ep0 maxpacket: 8 [ 172.095111][ T5948] usb 10-1: config index 0 descriptor too short (expected 5924, got 36) [ 172.097717][ T5948] usb 10-1: config 250 has an invalid interface number: 228 but max is -1 [ 172.114305][ T5948] usb 10-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 172.116957][ T5948] usb 10-1: config 250 has no interface number 0 [ 172.118972][ T5948] usb 10-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 172.124982][ T5948] usb 10-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 172.128693][ T5948] usb 10-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 172.132690][ T5948] usb 10-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 172.136321][ T5948] usb 10-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 172.140775][ T5948] usb 10-1: config 250 interface 228 has no altsetting 0 [ 172.144450][ T5948] usb 10-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 172.147772][ T5948] usb 10-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 172.150728][ T5948] usb 10-1: Product: syz [ 172.152215][ T5948] usb 10-1: SerialNumber: syz [ 172.156472][ T5948] hub 10-1:250.228: bad descriptor, ignoring hub [ 172.158748][ T5948] hub 10-1:250.228: probe with driver hub failed with error -5 [ 172.288002][T11415] usb 13-1: USB disconnect, device number 2 [ 172.337411][T12010] overlayfs: failed to resolve './file1': -2 [ 172.362680][ T5948] usblp 10-1:250.228: usblp0: USB Bidirectional printer dev 14 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 172.508717][T12020] dccp_v6_rcv: dropped packet with invalid checksum [ 172.668554][T12037] Bluetooth: MGMT ver 1.23 [ 172.673059][T12037] program syz.6.1539 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 172.720954][T12041] sp0: Synchronizing with TNC [ 172.875634][T12044] overlayfs: failed to resolve './file0': -2 [ 172.913621][T12046] overlayfs: conflicting options: userxattr,verity=on [ 172.949337][ T5992] usb 13-1: new high-speed USB device number 3 using dummy_hcd [ 172.960270][T11991] usb 10-1: reset high-speed USB device number 14 using dummy_hcd [ 173.064704][T12058] dccp_v6_rcv: dropped packet with invalid checksum [ 173.129827][ T5992] usb 13-1: too many configurations: 9, using maximum allowed: 8 [ 173.135506][ T5992] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 173.138425][ T5992] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 173.142840][ T5992] usb 13-1: config 0 interface 0 has no altsetting 0 [ 173.145700][ T5992] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 173.148964][ T5992] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 173.152865][ T5992] usb 13-1: config 0 interface 0 has no altsetting 0 [ 173.155551][ T5992] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 173.158392][ T5992] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 173.161608][ T5992] usb 13-1: config 0 interface 0 has no altsetting 0 [ 173.164953][ T5992] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 173.167612][ T5992] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 173.171957][ T5992] usb 13-1: config 0 interface 0 has no altsetting 0 [ 173.175347][ T5992] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 173.178422][ T5992] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 173.182328][ T5992] usb 13-1: config 0 interface 0 has no altsetting 0 [ 173.185440][ T5992] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 173.188527][ T5992] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 173.192580][ T5992] usb 13-1: config 0 interface 0 has no altsetting 0 [ 173.195724][ T5992] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 173.198838][ T5992] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 173.202937][ T5992] usb 13-1: config 0 interface 0 has no altsetting 0 [ 173.206066][ T5992] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 173.209323][ T5992] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 173.213027][ T5992] usb 13-1: config 0 interface 0 has no altsetting 0 [ 173.217487][ T5992] usb 13-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 173.220798][ T5992] usb 13-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 173.223690][ T5992] usb 13-1: Product: syz [ 173.225166][ T5992] usb 13-1: Manufacturer: syz [ 173.226824][ T5992] usb 13-1: SerialNumber: syz [ 173.230321][ T5992] usb 13-1: config 0 descriptor?? [ 173.254079][ T39] kauditd_printk_skb: 131 callbacks suppressed [ 173.254089][ T39] audit: type=1400 audit(1732372346.670:1315): avc: denied { bind } for pid=12068 comm="syz.7.1549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 173.357330][ T5992] yurex 13-1:0.0: USB YUREX device now attached to Yurex #1 [ 173.399715][ T5312] Bluetooth: hci0: command tx timeout [ 173.433593][T12074] xt_cluster: node mask cannot exceed total number of nodes [ 173.441286][T12074] binder: 12073:12074 ioctl c0306201 200002c0 returned -14 [ 173.474683][T12079] overlayfs: failed to resolve './file0': -2 [ 173.502693][ T6876] usb 13-1: USB disconnect, device number 3 [ 173.505329][ T6876] yurex 13-1:0.0: USB YUREX #1 now disconnected [ 173.641793][T12092] dccp_v6_rcv: dropped packet with invalid checksum [ 173.661796][ T5996] usb 10-1: USB disconnect, device number 14 [ 173.664667][ T5996] usblp0: removed [ 174.043040][T12110] overlayfs: failed to resolve './file0': -2 [ 174.153638][T12126] pim6reg1: entered promiscuous mode [ 174.155075][T12126] pim6reg1: entered allmulticast mode [ 174.214880][T12118] sctp: [Deprecated]: syz.5.1564 (pid 12118) Use of int in max_burst socket option deprecated. [ 174.214880][T12118] Use struct sctp_assoc_value instead [ 174.231713][ T39] audit: type=1400 audit(1732372347.650:1316): avc: denied { unmount } for pid=10985 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 174.291586][T12131] ptrace attach of "/syz-executor exec"[12132] was attempted by ""[12131] [ 174.379514][T11415] usb 12-1: new high-speed USB device number 7 using dummy_hcd [ 174.539272][T11415] usb 12-1: Using ep0 maxpacket: 16 [ 174.543275][T11415] usb 12-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 174.545654][T11415] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.547744][T11415] usb 12-1: Product: syz [ 174.548874][T11415] usb 12-1: Manufacturer: syz [ 174.550486][T11415] usb 12-1: SerialNumber: syz [ 174.553611][T11415] r8152-cfgselector 12-1: Unknown version 0x0000 [ 174.555324][T11415] r8152-cfgselector 12-1: config 0 descriptor?? [ 174.742746][T12147] overlayfs: failed to resolve './file0': -2 [ 174.761786][T11415] r8152-cfgselector 12-1: Unknown version 0x0000 [ 174.763712][T11415] r8152-cfgselector 12-1: bad CDC descriptors [ 174.768864][T11415] r8152-cfgselector 12-1: USB disconnect, device number 7 [ 175.073479][ T39] audit: type=1400 audit(1732372348.490:1317): avc: denied { ioctl } for pid=12160 comm="syz.8.1576" path="socket:[53331]" dev="sockfs" ino=53331 ioctlcmd=0xf502 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 175.118121][ T39] audit: type=1400 audit(1732372348.530:1318): avc: denied { accept } for pid=12165 comm="syz.6.1578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 175.155583][T12171] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 175.157908][T12171] fuse: Unknown parameter 'grïp_id' [ 175.180616][T12172] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 175.192264][T12174] overlayfs: failed to resolve './file0': -2 [ 175.221322][ T39] audit: type=1400 audit(1732372348.640:1319): avc: denied { accept } for pid=12177 comm="syz.6.1583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 175.292314][ T39] audit: type=1326 audit(1732372348.710:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.8.1582" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6ecbd7e819 code=0x0 [ 175.520310][T12208] overlayfs: failed to resolve './file0': -2 [ 175.598816][T12213] XFS (sr0): Invalid superblock magic number [ 175.703442][T12226] binder: 12225:12226 unknown command 0 [ 175.704996][T12226] binder: 12225:12226 ioctl c0306201 20000500 returned -22 [ 175.766218][T12236] dccp_v6_rcv: dropped packet with invalid checksum [ 175.834030][T12243] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode broadcast(3) [ 175.874932][ T39] audit: type=1400 audit(1732372349.290:1321): avc: denied { module_load } for pid=12238 comm="syz.7.1600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 175.881978][T12239] Invalid ELF header type: 0 != 1 [ 175.892306][T12255] sp0: Synchronizing with TNC [ 175.903909][T12254] overlayfs: failed to resolve './file1': -2 [ 176.088515][T12265] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1606'. [ 176.091964][T12265] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1606'. [ 176.208421][T12276] netlink: 'syz.5.1611': attribute type 4 has an invalid length. [ 176.256817][T12278] overlayfs: failed to resolve './file1': -2 [ 176.298258][T12284] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3) [ 176.300087][T12284] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 176.303627][T12284] vhci_hcd vhci_hcd.0: Device attached [ 176.315641][T12281] dccp_v6_rcv: dropped packet with invalid checksum [ 176.416751][T12285] vhci_hcd: cannot find a urb of seqnum 9 max seqnum 0 [ 176.425253][ T1134] vhci_hcd: stop threads [ 176.426422][ T1134] vhci_hcd: release socket [ 176.427664][ T1134] vhci_hcd: disconnect device [ 176.458565][T12291] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2248643489 (17989147912 ns) > initial count (11631199424 ns). Using initial count to start timer. [ 176.479402][ T58] vhci_hcd: vhci_device speed not set [ 176.679096][ T39] audit: type=1400 audit(1732372350.090:1322): avc: granted { setsecparam } for pid=12294 comm="syz.7.1616" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 177.089994][T12327] xt_recent: hitcount (4294967295) is larger than allowed maximum (65535) [ 177.391220][T12348] overlayfs: failed to resolve './file1': -2 [ 177.457100][T12350] dccp_v6_rcv: dropped packet with invalid checksum [ 177.564743][T12354] 9pnet_virtio: no channels available for device syz [ 177.731323][T12375] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1627'. [ 177.734004][T12375] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 177.808828][T12378] dccp_v6_rcv: dropped packet with invalid checksum [ 177.826386][T12383] ebt_among: dst integrity fail: 101 [ 177.997256][T12398] input: syz0 as /devices/virtual/input/input18 [ 178.074246][ T39] audit: type=1400 audit(1732372351.490:1323): avc: denied { create } for pid=12410 comm="syz.7.1645" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 178.088126][ T39] audit: type=1400 audit(1732372351.500:1324): avc: denied { unlink } for pid=12410 comm="syz.7.1645" name="file0" dev="9p" ino=36837473 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 179.639481][T12437] dccp_v6_rcv: dropped packet with invalid checksum [ 179.642923][T12446] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253 [ 179.645231][T12446] PKCS7: Only support pkcs7_signedData type [ 179.648011][T12448] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 179.662798][T12450] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1657'. [ 179.683651][T12450] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 179.688062][T12450] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1657'. [ 179.698945][T12448] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1656'. [ 179.756389][T12460] netlink: 'syz.5.1659': attribute type 1 has an invalid length. [ 179.759380][T12460] netlink: 'syz.5.1659': attribute type 1 has an invalid length. [ 179.762609][T12460] netlink: 'syz.5.1659': attribute type 1 has an invalid length. [ 179.765396][T12460] netlink: 'syz.5.1659': attribute type 3 has an invalid length. [ 179.768275][T12460] netlink: 199336 bytes leftover after parsing attributes in process `syz.5.1659'. [ 179.793160][T12460] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.802496][T12460] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.805109][T12460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.882804][ T39] audit: type=1326 audit(1732372353.300:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12464 comm="syz.5.1660" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6235d7e819 code=0x0 [ 179.979737][T12470] input: syz0 as /devices/virtual/input/input19 [ 180.029622][T12473] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1662'. [ 180.056761][ T39] audit: type=1400 audit(1732372353.470:1326): avc: denied { map } for pid=12478 comm="syz.7.1663" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 180.067055][ T39] audit: type=1400 audit(1732372353.480:1327): avc: denied { accept } for pid=12478 comm="syz.7.1663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 180.075244][ T39] audit: type=1400 audit(1732372353.480:1328): avc: denied { write } for pid=12478 comm="syz.7.1663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 180.224827][ T39] audit: type=1400 audit(1732372353.640:1329): avc: denied { lock } for pid=12489 comm="syz.7.1667" path="socket:[53026]" dev="sockfs" ino=53026 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 180.422147][T12495] dccp_v6_rcv: dropped packet with invalid checksum [ 180.507444][T12498] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1670'. [ 180.530329][T12503] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 180.563381][T12505] afs: Unknown parameter '._*ÝîEÒÍ~µh;þSšî>3ÈL`øesá%A{gL¢Šá¥·—(>¸x•*;1kmèòÅ6¯$G0î3Z`‡£™Æÿ' [ 180.578559][T12505] overlayfs: failed to resolve './file1': -2 [ 180.614071][T12511] nftables ruleset with unbound set [ 180.623498][T12513] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 180.627333][T12515] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 180.672960][T12521] input: syz0 as /devices/virtual/input/input20 [ 180.728334][T12523] syz.6.1679: attempt to access beyond end of device [ 180.728334][T12523] nbd6: rw=0, sector=0, nr_sectors = 1 limit=0 [ 180.734542][T12523] (syz.6.1679,12523,1):ocfs2_get_sector:1769 ERROR: status = -5 [ 180.736655][T12523] (syz.6.1679,12523,1):ocfs2_sb_probe:749 ERROR: status = -5 [ 180.738709][T12523] (syz.6.1679,12523,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 180.742869][T12523] (syz.6.1679,12523,1):ocfs2_fill_super:1178 ERROR: status = -5 [ 180.843804][T12533] dccp_v6_rcv: dropped packet with invalid checksum [ 181.059445][ T39] audit: type=1326 audit(1732372354.480:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12560 comm="syz.7.1691" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dcd17e819 code=0x7fc00000 [ 181.199404][ T58] usb 13-1: new low-speed USB device number 4 using dummy_hcd [ 181.219273][ T5948] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 181.271896][T12567] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(11) [ 181.274329][T12567] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 181.277225][T12567] vhci_hcd vhci_hcd.0: Device attached [ 181.280943][T12569] vhci_hcd: cannot find the pending unlink 5 [ 181.281606][T12567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.285752][T12567] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.359416][ T58] usb 13-1: Invalid ep0 maxpacket: 32 [ 181.379220][ T5948] usb 10-1: Using ep0 maxpacket: 16 [ 181.381854][ T5948] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.384730][ T5948] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.387286][ T5948] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 181.391101][ T5948] usb 10-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 181.393484][ T5948] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.397879][ T5948] usb 10-1: config 0 descriptor?? [ 181.404845][ T5948] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input21 [ 181.409641][ T5350] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.413226][ T5350] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.419793][ T5350] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.423262][ T5350] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.432201][T11505] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.434882][ T5350] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.437610][ T5350] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.442538][ T5350] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.445056][ T5350] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 181.499251][ T58] usb 13-1: new low-speed USB device number 5 using dummy_hcd [ 181.529305][ T5996] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 181.539611][ T64] usb 49-1: new high-speed USB device number 3 using vhci_hcd [ 181.605911][ T5959] usb 10-1: USB disconnect, device number 15 [ 181.649236][ T58] usb 13-1: Invalid ep0 maxpacket: 32 [ 181.650950][ T58] usb usb13-port1: attempt power cycle [ 181.788916][ T39] audit: type=1326 audit(1732372355.200:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12560 comm="syz.7.1691" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4dcd17e819 code=0x7fc00000 [ 182.009407][ T58] usb 13-1: new low-speed USB device number 6 using dummy_hcd [ 182.039837][ T58] usb 13-1: Invalid ep0 maxpacket: 32 [ 182.103197][T12584] team0: No ports can be present during mode change [ 182.105807][T12583] team0: No ports can be present during mode change [ 182.180571][ T58] usb 13-1: new low-speed USB device number 7 using dummy_hcd [ 182.199951][ T58] usb 13-1: Invalid ep0 maxpacket: 32 [ 182.202154][ T58] usb usb13-port1: unable to enumerate USB device [ 182.302357][T12603] dccp_v6_rcv: dropped packet with invalid checksum [ 183.108449][ T39] audit: type=1400 audit(1732372356.520:1332): avc: denied { getopt } for pid=12610 comm="syz.5.1704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 183.378654][ T39] audit: type=1400 audit(1732372356.790:1333): avc: denied { nosuid_transition } for pid=12630 comm="syz.7.1709" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1 [ 183.389268][ T39] audit: type=1400 audit(1732372356.790:1334): avc: denied { transition } for pid=12630 comm="syz.7.1709" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F5202864656C6574656429 dev="tmpfs" ino=1060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 183.428374][T12635] netlink: 'syz.5.1710': attribute type 23 has an invalid length. [ 183.431093][T12635] netlink: 244 bytes leftover after parsing attributes in process `syz.5.1710'. [ 183.431617][T12637] TCP: out of memory -- consider tuning tcp_mem [ 183.689480][ T9544] usb 10-1: new high-speed USB device number 16 using dummy_hcd [ 183.859244][ T9544] usb 10-1: Using ep0 maxpacket: 8 [ 183.861910][ T9544] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 183.864766][ T9544] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 8817, setting to 1024 [ 183.867769][ T9544] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 183.870102][ T9544] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.873510][ T9544] usb 10-1: config 0 descriptor?? [ 183.979351][ T6172] usb 12-1: new high-speed USB device number 8 using dummy_hcd [ 184.078115][ T9544] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 184.149323][ T6172] usb 12-1: Using ep0 maxpacket: 16 [ 184.152757][ T6172] usb 12-1: config 0 has an invalid interface number: 8 but max is 0 [ 184.155691][ T6172] usb 12-1: config 0 has no interface number 0 [ 184.157946][ T6172] usb 12-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 184.160836][ T6172] usb 12-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 184.165414][ T6172] usb 12-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 184.167450][T12569] vhci_hcd: connection reset by peer [ 184.168725][ T6172] usb 12-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 184.172323][ T6172] usb 12-1: Product: syz [ 184.174069][ T6172] usb 12-1: SerialNumber: syz [ 184.176740][ T6172] usb 12-1: config 0 descriptor?? [ 184.179237][ T8697] vhci_hcd: stop threads [ 184.179640][ T6172] cm109 12-1:0.8: invalid payload size 0, expected 4 [ 184.180511][ T8697] vhci_hcd: release socket [ 184.182874][ T6172] input: CM109 USB driver as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:0.8/input/input22 [ 184.183567][ T8697] vhci_hcd: disconnect device [ 184.238118][T12657] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1719'. [ 184.285412][ T9544] usb 10-1: USB disconnect, device number 16 [ 184.289909][ T9544] iowarrior 10-1:0.0: I/O-Warror #0 now disconnected [ 184.385312][ C2] cm109 12-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 184.399287][ T35] usb 13-1: new high-speed USB device number 8 using dummy_hcd [ 184.515743][T12669] dccp_v6_rcv: dropped packet with invalid checksum [ 184.559293][ T35] usb 13-1: Using ep0 maxpacket: 8 [ 184.562664][ T35] usb 13-1: config 2 interface 0 has no altsetting 0 [ 184.565937][ T35] usb 13-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10 [ 184.569001][ T35] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.571633][ T35] usb 13-1: Product: syz [ 184.572750][ T35] usb 13-1: Manufacturer: syz [ 184.573982][ T35] usb 13-1: SerialNumber: syz [ 184.590212][T12651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.592926][T12651] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.784048][T12653] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.786790][T12653] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.799313][T12651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.803257][ T35] usb 13-1: USB disconnect, device number 8 [ 184.804871][T12651] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.813983][ C3] cm109 12-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 184.814775][ T58] usb 12-1: USB disconnect, device number 8 [ 184.815815][ C3] cm109 12-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 184.833296][ T58] cm109 12-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 184.934420][T12692] overlayfs: missing 'lowerdir' [ 184.971398][T12695] syzkaller1: entered promiscuous mode [ 184.972887][T12695] syzkaller1: entered allmulticast mode [ 185.068248][T12697] netlink: 'syz.6.1730': attribute type 1 has an invalid length. [ 185.356315][T12699] dccp_v6_rcv: dropped packet with invalid checksum [ 185.788458][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 185.795293][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 185.800567][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 185.806662][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 185.810736][ T5953] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 185.813470][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 185.837358][T12714] overlayfs: missing 'lowerdir' [ 185.857740][T12716] program syz.6.1739 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 185.860965][T12716] ata1.00: non-matching transfer count (2097152/0) [ 185.887224][T12721] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1740'. [ 185.890919][T12721] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1740'. [ 185.989764][T12706] chnl_net:caif_netlink_parms(): no params data found [ 186.062218][T12706] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.064536][T12706] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.066874][T12706] bridge_slave_0: entered allmulticast mode [ 186.069904][T12706] bridge_slave_0: entered promiscuous mode [ 186.072464][T12706] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.074333][T12706] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.076389][T12706] bridge_slave_1: entered allmulticast mode [ 186.078263][T12706] bridge_slave_1: entered promiscuous mode [ 186.105995][T12706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.110187][T12706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.152910][T12706] team0: Port device team_slave_0 added [ 186.155944][T12706] team0: Port device team_slave_1 added [ 186.207844][T12754] overlayfs: missing 'lowerdir' [ 186.213968][T12706] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.216434][T12706] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.227978][T12706] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.234185][T12706] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.236684][T12706] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.246648][T12706] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.292079][T12706] hsr_slave_0: entered promiscuous mode [ 186.294767][T12706] hsr_slave_1: entered promiscuous mode [ 186.297215][T12706] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.299747][T12706] Cannot create hsr debugfs directory [ 186.393784][T12761] dccp_v6_rcv: dropped packet with invalid checksum [ 186.440211][T12706] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 186.454281][T12706] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 186.463231][T12706] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 186.473054][T12706] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 186.501876][ T39] kauditd_printk_skb: 4 callbacks suppressed [ 186.501886][ T39] audit: type=1400 audit(1732372359.920:1339): avc: denied { append } for pid=12774 comm="syz.6.1753" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 186.517432][ T39] audit: type=1326 audit(1732372359.930:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.524997][ T39] audit: type=1326 audit(1732372359.930:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.531277][ T39] audit: type=1326 audit(1732372359.930:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.535121][T12706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.537428][ T39] audit: type=1326 audit(1732372359.930:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.546013][ T39] audit: type=1326 audit(1732372359.930:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.548849][T12706] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.552291][ T39] audit: type=1326 audit(1732372359.930:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.552311][ T39] audit: type=1326 audit(1732372359.930:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.552329][ T39] audit: type=1326 audit(1732372359.930:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.552344][ T39] audit: type=1326 audit(1732372359.930:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12776 comm="syz.8.1754" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ecbd7e819 code=0x7ffc0000 [ 186.587796][ T8695] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.590048][ T8695] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.599005][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.601155][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.605124][T12780] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 186.681613][ T64] vhci_hcd: vhci_device speed not set [ 186.714530][T12790] overlayfs: missing 'lowerdir' [ 186.735809][T12706] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.860062][T12706] veth0_vlan: entered promiscuous mode [ 186.867992][T12706] veth1_vlan: entered promiscuous mode [ 186.882066][T12706] veth0_macvtap: entered promiscuous mode [ 186.884897][T12706] veth1_macvtap: entered promiscuous mode [ 186.895043][T12706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.897664][T12706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.900133][T12706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.902702][T12706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.905198][T12706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.907985][T12706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.910949][T12706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.913569][T12706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.916879][T12706] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.920171][T12706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.922772][T12706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.925256][T12706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.927896][T12706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.931155][T12706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.933804][T12706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.936214][T12706] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 186.938805][T12706] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.942108][T12706] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.947447][T12706] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.950597][T12706] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.952814][T12706] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.954928][T12706] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.963066][T12808] dccp_v6_rcv: dropped packet with invalid checksum [ 187.009329][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.011696][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.022834][ T8695] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.025172][ T8695] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.056672][T12817] overlayfs: missing 'lowerdir' [ 187.090085][ T5953] Bluetooth: hci0: command 0x0405 tx timeout [ 187.118897][T12826] erofs (device loop6): cannot find valid erofs superblock [ 187.151039][T12832] FAULT_INJECTION: forcing a failure. [ 187.151039][T12832] name failslab, interval 1, probability 0, space 0, times 0 [ 187.154844][T12832] CPU: 0 UID: 0 PID: 12832 Comm: syz.8.1768 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 187.157599][T12832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 187.160910][T12832] Call Trace: [ 187.162041][T12832] [ 187.163069][T12832] dump_stack_lvl+0x16c/0x1f0 [ 187.164669][T12832] should_fail_ex+0x497/0x5b0 [ 187.166264][T12832] should_failslab+0xc2/0x120 [ 187.167883][T12832] __kmalloc_noprof+0xcb/0x400 [ 187.169484][T12832] io_cqring_event_overflow+0xcb/0x6f0 [ 187.171313][T12832] io_req_cqe_overflow+0x101/0x1e0 [ 187.173042][T12832] __io_submit_flush_completions+0x8d9/0x1c00 [ 187.175084][T12832] io_submit_sqes+0xa21/0x25e0 [ 187.176740][T12832] __do_sys_io_uring_enter+0xd2d/0x1530 [ 187.178184][T12832] ? __fget_files+0x206/0x3a0 [ 187.179392][T12832] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 187.180987][T12832] ? fput+0x67/0x440 [ 187.182007][T12832] ? ksys_write+0x1ba/0x250 [ 187.184078][T12832] ? __pfx_ksys_write+0x10/0x10 [ 187.186601][T12832] do_syscall_64+0xcd/0x250 [ 187.188044][T12832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.190083][T12832] RIP: 0033:0x7f6ecbd7e819 [ 187.191292][T12832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.196196][T12832] RSP: 002b:00007f6ec9bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 187.198397][T12832] RAX: ffffffffffffffda RBX: 00007f6ecbf35fa0 RCX: 00007f6ecbd7e819 [ 187.201404][T12832] RDX: 0000000000000000 RSI: 0000000000002d3e RDI: 0000000000000003 [ 187.203994][T12832] RBP: 00007f6ec9bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 187.206603][T12832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.212269][T12832] R13: 0000000000000000 R14: 00007f6ecbf35fa0 R15: 00007ffc56de93a8 [ 187.212332][T12832] [ 187.273792][T12845] overlayfs: missing 'lowerdir' [ 187.326676][T12847] dccp_v6_rcv: dropped packet with invalid checksum [ 187.328165][T12851] block device autoloading is deprecated and will be removed. [ 187.409386][T12860] FAULT_INJECTION: forcing a failure. [ 187.409386][T12860] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 187.413921][T12860] CPU: 3 UID: 0 PID: 12860 Comm: syz.9.1780 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 187.418462][T12860] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 187.421750][T12860] Call Trace: [ 187.422606][T12860] [ 187.423481][T12860] dump_stack_lvl+0x16c/0x1f0 [ 187.424738][T12860] should_fail_ex+0x497/0x5b0 [ 187.426017][T12860] _copy_to_user+0x32/0xd0 [ 187.427218][T12860] simple_read_from_buffer+0xd0/0x160 [ 187.428664][T12860] proc_fail_nth_read+0x198/0x270 [ 187.430134][T12860] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 187.431620][T12860] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 187.433090][T12860] vfs_read+0x1df/0xbe0 [ 187.434240][T12860] ? __fget_files+0x1fc/0x3a0 [ 187.435498][T12860] ? __pfx___mutex_lock+0x10/0x10 [ 187.436858][T12860] ? __pfx_vfs_read+0x10/0x10 [ 187.438125][T12860] ? __fget_files+0x206/0x3a0 [ 187.438663][T12862] input: syz0 as /devices/virtual/input/input23 [ 187.439372][T12860] ksys_read+0x12b/0x250 [ 187.439388][T12860] ? __pfx_ksys_read+0x10/0x10 [ 187.439404][T12860] do_syscall_64+0xcd/0x250 [ 187.439417][T12860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.439430][T12860] RIP: 0033:0x7f604f57d25c [ 187.439440][T12860] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 187.439461][T12860] RSP: 002b:00007f6050389030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 187.439473][T12860] RAX: ffffffffffffffda RBX: 00007f604f735fa0 RCX: 00007f604f57d25c [ 187.439480][T12860] RDX: 000000000000000f RSI: 00007f60503890a0 RDI: 0000000000000006 [ 187.439486][T12860] RBP: 00007f6050389090 R08: 0000000000000000 R09: 0000000000000000 [ 187.439492][T12860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.439499][T12860] R13: 0000000000000000 R14: 00007f604f735fa0 R15: 00007fff4c311038 [ 187.439511][T12860] [ 187.523540][T12868] overlayfs: missing 'workdir' [ 187.548480][T12872] Bluetooth: MGMT ver 1.23 [ 187.677495][T12883] dccp_v6_rcv: dropped packet with invalid checksum [ 187.789654][T12893] 9pnet_fd: Insufficient options for proto=fd [ 187.841547][T12909] netlink: 'syz.6.1795': attribute type 10 has an invalid length. [ 187.849134][T12909] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 187.879382][ T5953] Bluetooth: hci2: command tx timeout [ 187.893876][T12914] overlayfs: missing 'workdir' [ 187.928825][T12916] overlayfs: failed to get inode (-116) [ 187.932955][T12916] overlayfs: failed to get inode (-116) [ 188.066440][T12925] dccp_v6_rcv: dropped packet with invalid checksum [ 188.300732][T12939] overlayfs: missing 'workdir' [ 188.361422][T12946] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1811'. [ 188.368912][T12946] bond1: entered promiscuous mode [ 188.375449][T12946] gretap1: entered promiscuous mode [ 188.377118][T12946] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 188.451863][T12951] No such timeout policy "syz1" [ 188.466635][T12956] dccp_v6_rcv: dropped packet with invalid checksum [ 188.575039][T12975] ieee802154 phy0 wpan0: encryption failed: -22 [ 188.579040][T12976] overlayfs: missing 'lowerdir' [ 188.650672][ T5953] Bluetooth: hci0: unexpected event for opcode 0x0402 [ 188.650680][T12987] binder: 12986:12987 ioctl c208ae62 200016c0 returned -22 [ 188.652929][T12985] bridge2: entered promiscuous mode [ 188.656847][T12985] bridge2: entered allmulticast mode [ 188.764780][T13001] dccp_v6_rcv: dropped packet with invalid checksum [ 188.908669][T13009] overlayfs: missing 'lowerdir' [ 188.989378][T13023] gfs2: gfs2 mount does not exist [ 189.055581][T13038] overlayfs: missing 'lowerdir' [ 189.126954][T13041] dccp_v6_rcv: dropped packet with invalid checksum [ 189.159493][ T5312] Bluetooth: hci1: command tx timeout [ 189.346563][T13066] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1849'. [ 189.350057][T13066] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1849'. [ 189.354437][T13067] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1847'. [ 189.415974][T13075] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 189.418367][T13075] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 189.487988][T13079] FAULT_INJECTION: forcing a failure. [ 189.487988][T13079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 189.493255][T13079] CPU: 1 UID: 0 PID: 13079 Comm: syz.8.1853 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 189.496980][T13079] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 189.500818][T13079] Call Trace: [ 189.502051][T13079] [ 189.503141][T13079] dump_stack_lvl+0x16c/0x1f0 [ 189.504300][T13083] netlink: 312 bytes leftover after parsing attributes in process `syz.5.1854'. [ 189.504866][T13079] should_fail_ex+0x497/0x5b0 [ 189.509248][T13079] _copy_from_user+0x2e/0xd0 [ 189.510372][T13079] copy_msghdr_from_user+0x99/0x160 [ 189.511637][T13079] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 189.513168][T13079] ___sys_sendmsg+0xff/0x1e0 [ 189.514399][T13079] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.515764][T13079] ? __pfx_lock_release+0x10/0x10 [ 189.517105][T13079] ? trace_lock_acquire+0x146/0x1e0 [ 189.518478][T13079] ? __fget_files+0x206/0x3a0 [ 189.519727][T13079] __sys_sendmsg+0x16e/0x220 [ 189.520939][T13079] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.522298][T13079] do_syscall_64+0xcd/0x250 [ 189.523496][T13079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.525059][T13079] RIP: 0033:0x7f6ecbd7e819 [ 189.526235][T13079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.531143][T13079] RSP: 002b:00007f6ec9bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.533292][T13079] RAX: ffffffffffffffda RBX: 00007f6ecbf35fa0 RCX: 00007f6ecbd7e819 [ 189.535464][T13079] RDX: 0000000000008884 RSI: 0000000020000080 RDI: 0000000000000003 [ 189.537536][T13079] RBP: 00007f6ec9bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 189.539616][T13079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.541683][T13079] R13: 0000000000000000 R14: 00007f6ecbf35fa0 R15: 00007ffc56de93a8 [ 189.543750][T13079] [ 189.626920][T13088] dccp_v6_rcv: dropped packet with invalid checksum [ 189.645000][T13092] ªªªªª»: renamed from bridge_slave_0 (while UP) [ 189.689780][ T5312] Bluetooth: hci0: unexpected event for opcode 0x2012 [ 189.788615][T13106] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 189.791381][T13106] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 189.861369][T13117] tc_dump_action: action bad kind [ 189.868067][T13120] FAULT_INJECTION: forcing a failure. [ 189.868067][T13120] name failslab, interval 1, probability 0, space 0, times 0 [ 189.871256][T13120] CPU: 2 UID: 0 PID: 13120 Comm: syz.8.1865 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 189.873902][T13120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 189.876613][T13120] Call Trace: [ 189.877511][T13120] [ 189.878323][T13120] dump_stack_lvl+0x16c/0x1f0 [ 189.879695][T13120] should_fail_ex+0x497/0x5b0 [ 189.880943][T13120] ? fs_reclaim_acquire+0xae/0x150 [ 189.882316][T13120] should_failslab+0xc2/0x120 [ 189.883571][T13120] kmem_cache_alloc_node_noprof+0x71/0x310 [ 189.885106][T13120] ? __alloc_skb+0x2b1/0x380 [ 189.886291][T13120] __alloc_skb+0x2b1/0x380 [ 189.887428][T13120] ? __pfx___alloc_skb+0x10/0x10 [ 189.888740][T13120] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 189.890508][T13120] netlink_alloc_large_skb+0x69/0x130 [ 189.891932][T13120] netlink_sendmsg+0x689/0xd70 [ 189.893213][T13120] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.894610][T13120] ____sys_sendmsg+0xaaf/0xc90 [ 189.895876][T13120] ? copy_msghdr_from_user+0x10b/0x160 [ 189.897319][T13120] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.898722][T13120] ___sys_sendmsg+0x135/0x1e0 [ 189.900030][T13120] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.901411][T13120] ? __pfx_lock_release+0x10/0x10 [ 189.902743][T13120] ? trace_lock_acquire+0x146/0x1e0 [ 189.904120][T13120] ? __fget_files+0x206/0x3a0 [ 189.905373][T13120] __sys_sendmsg+0x16e/0x220 [ 189.906585][T13120] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.907938][T13120] do_syscall_64+0xcd/0x250 [ 189.909139][T13120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.910698][T13120] RIP: 0033:0x7f6ecbd7e819 [ 189.911879][T13120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.916870][T13120] RSP: 002b:00007f6ec9bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.919049][T13120] RAX: ffffffffffffffda RBX: 00007f6ecbf35fa0 RCX: 00007f6ecbd7e819 [ 189.921143][T13120] RDX: 0000000000008884 RSI: 0000000020000080 RDI: 0000000000000003 [ 189.923218][T13120] RBP: 00007f6ec9bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 189.925290][T13120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.927356][T13120] R13: 0000000000000000 R14: 00007f6ecbf35fa0 R15: 00007ffc56de93a8 [ 189.929509][T13120] [ 189.960162][ T5312] Bluetooth: hci2: command tx timeout [ 190.122449][T13133] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1870'. [ 190.125095][T13134] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1870'. [ 190.156405][T13138] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 190.158770][T13138] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 190.323000][T13165] syz.5.1880[13165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.323066][T13165] syz.5.1880[13165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.327042][T13165] syz.5.1880[13165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 190.547690][T13176] trusted_key: encrypted_key: master key parameter is missing [ 190.557744][T13177] trusted_key: encrypted_key: master key parameter is missing [ 190.564729][T13176] ipt_ECN: cannot use operation on non-tcp rule [ 190.566202][T13179] FAULT_INJECTION: forcing a failure. [ 190.566202][T13179] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.570206][T13179] CPU: 2 UID: 0 PID: 13179 Comm: syz.6.1885 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 190.572823][T13179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 190.575703][T13179] Call Trace: [ 190.576558][T13179] [ 190.577331][T13179] dump_stack_lvl+0x16c/0x1f0 [ 190.578538][T13179] should_fail_ex+0x497/0x5b0 [ 190.579756][T13179] _copy_from_iter+0x2a1/0x1560 [ 190.580983][T13179] ? trace_lock_acquire+0x146/0x1e0 [ 190.582294][T13179] ? __alloc_skb+0x1fe/0x380 [ 190.583468][T13179] ? __pfx__copy_from_iter+0x10/0x10 [ 190.584801][T13179] ? __virt_addr_valid+0x1a4/0x590 [ 190.586094][T13179] ? __virt_addr_valid+0x5e/0x590 [ 190.587359][T13179] ? __phys_addr_symbol+0x30/0x80 [ 190.588625][T13179] ? __check_object_size+0x488/0x710 [ 190.589973][T13179] netlink_sendmsg+0x813/0xd70 [ 190.591190][T13179] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.592521][T13179] ____sys_sendmsg+0xaaf/0xc90 [ 190.593737][T13179] ? copy_msghdr_from_user+0x10b/0x160 [ 190.595104][T13179] ? __pfx_____sys_sendmsg+0x10/0x10 [ 190.596438][T13179] ___sys_sendmsg+0x135/0x1e0 [ 190.597636][T13179] ? __pfx____sys_sendmsg+0x10/0x10 [ 190.598951][T13179] ? __pfx_lock_release+0x10/0x10 [ 190.600238][T13179] ? trace_lock_acquire+0x146/0x1e0 [ 190.601596][T13179] ? __fget_files+0x206/0x3a0 [ 190.602796][T13179] __sys_sendmsg+0x16e/0x220 [ 190.603966][T13179] ? __pfx___sys_sendmsg+0x10/0x10 [ 190.605273][T13179] do_syscall_64+0xcd/0x250 [ 190.606439][T13179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.607960][T13179] RIP: 0033:0x7ff64497e819 [ 190.609231][T13179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.614093][T13179] RSP: 002b:00007ff6457eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 190.616185][T13179] RAX: ffffffffffffffda RBX: 00007ff644b35fa0 RCX: 00007ff64497e819 [ 190.618244][T13179] RDX: 0000000000008884 RSI: 0000000020000080 RDI: 0000000000000003 [ 190.620431][T13179] RBP: 00007ff6457eb090 R08: 0000000000000000 R09: 0000000000000000 [ 190.622606][T13179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.624660][T13179] R13: 0000000000000000 R14: 00007ff644b35fa0 R15: 00007ffd5bde43e8 [ 190.626734][T13179] [ 190.652208][T13184] block device autoloading is deprecated and will be removed. [ 190.786701][T13190] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 190.791219][T13190] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 190.795179][T13190] bond0 (unregistering): Released all slaves [ 191.042515][ T30] kernel write not supported for file /sysvipc/shm (pid: 30 comm: kworker/1:0) [ 191.239500][ T5312] Bluetooth: hci1: command tx timeout [ 191.241953][T13249] netlink: 87 bytes leftover after parsing attributes in process `syz.5.1909'. [ 191.321764][T13258] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 191.323639][T13258] IPv6: NLM_F_CREATE should be set when creating new route [ 191.364658][T13262] 9pnet_virtio: no channels available for device [ 191.525261][ T97] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.614769][ T97] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.690535][T13283] Cache volume key already in use (9p,syz,) [ 191.723828][ T97] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.842143][ T97] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.086368][ T97] bridge_slave_1: left allmulticast mode [ 192.087867][ T97] bridge_slave_1: left promiscuous mode [ 192.090375][ T97] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.093804][ T97] bridge_slave_0: left allmulticast mode [ 192.095257][ T97] bridge_slave_0: left promiscuous mode [ 192.096972][ T97] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.223665][T13329] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1937'. [ 192.465945][ T97] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.470841][ T97] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 192.475399][ T97] bond0 (unregistering): Released all slaves [ 192.528554][ T39] kauditd_printk_skb: 121 callbacks suppressed [ 192.528570][ T39] audit: type=1400 audit(1732372365.940:1470): avc: denied { write } for pid=13340 comm="dhcpcd-run-hook" name="/" dev="devtmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 192.536342][ T39] audit: type=1400 audit(1732372365.940:1471): avc: denied { add_name } for pid=13340 comm="dhcpcd-run-hook" name="null" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 192.544045][ T39] audit: type=1400 audit(1732372365.940:1472): avc: denied { create } for pid=13340 comm="dhcpcd-run-hook" name="null" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:device_t tclass=file permissive=1 [ 192.551814][ T39] audit: type=1400 audit(1732372365.940:1473): avc: denied { write open } for pid=13340 comm="dhcpcd-run-hook" path="/dev/null" dev="devtmpfs" ino=3256 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:device_t tclass=file permissive=1 [ 192.559911][ T39] audit: type=1400 audit(1732372365.940:1474): avc: denied { getattr } for pid=13340 comm="dhcpcd-run-hook" path="/dev/null" dev="devtmpfs" ino=3256 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:device_t tclass=file permissive=1 [ 192.680966][ T5312] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 192.684143][ T5312] Bluetooth: hci0: Injecting HCI hardware error event [ 192.687896][ T5312] Bluetooth: hci0: hardware error 0x00 [ 192.748139][T13353] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1941'. [ 192.753463][T13353] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1941'. [ 192.885523][ T97] hsr_slave_0: left promiscuous mode [ 192.890650][ T97] hsr_slave_1: left promiscuous mode [ 192.893804][ T97] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.895655][ T97] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.898047][ T97] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.908024][ T97] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.945690][ T97] veth1_macvtap: left promiscuous mode [ 192.947150][ T97] veth0_macvtap: left promiscuous mode [ 192.948553][ T97] veth1_vlan: left promiscuous mode [ 192.950262][ T97] veth0_vlan: left promiscuous mode [ 193.329370][ T5953] Bluetooth: hci1: command tx timeout [ 193.853937][ T97] team0 (unregistering): Port device team_slave_1 removed [ 193.944946][ T97] team0 (unregistering): Port device team_slave_0 removed [ 194.051839][ T1413] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.761880][ T5312] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 195.312774][T13426] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1955'. [ 195.313508][ T39] audit: type=1400 audit(1732372368.730:1475): avc: denied { getopt } for pid=13428 comm="syz.8.1956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 195.315785][T13426] netlink: 228 bytes leftover after parsing attributes in process `syz.6.1955'. [ 195.327384][T13426] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1955'. [ 195.334352][ T39] audit: type=1400 audit(1732372368.750:1476): avc: denied { read } for pid=13431 comm="syz.5.1954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 195.382116][T13444] fuse: Unknown parameter '7' [ 195.399538][ T5312] Bluetooth: hci1: command tx timeout [ 195.891321][T13441] syz.5.1959 (13441): drop_caches: 2 [ 196.325402][T13487] netlink: 'syz.6.1966': attribute type 3 has an invalid length. [ 197.327565][T13509] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1972'. [ 197.333613][T13509] xt_CT: You must specify a L4 protocol and not use inversions on it [ 197.355129][T13507] netlink: 134660 bytes leftover after parsing attributes in process `syz.8.1971'. [ 197.362640][T13507] openvswitch: netlink: Message has 76 unknown bytes. [ 197.479341][ T5312] Bluetooth: hci1: command tx timeout [ 198.524453][T13521] wg2: entered promiscuous mode [ 198.525823][T13521] wg2: entered allmulticast mode [ 198.559110][T13531] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1979'. [ 198.734254][T13534] 9pnet_fd: Insufficient options for proto=fd [ 199.559353][ T5312] Bluetooth: hci1: command tx timeout [ 199.872802][T13550] hfs: unable to load iocharset "io#harset" [ 199.957743][ T39] audit: type=1400 audit(1732372373.370:1477): avc: denied { map } for pid=13558 comm="syz.5.1988" path="socket:[60511]" dev="sockfs" ino=60511 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 199.966451][ T39] audit: type=1326 audit(1732372373.370:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13558 comm="syz.5.1988" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6235d7e819 code=0x0 [ 201.243782][T13577] netlink: 'syz.5.1990': attribute type 1 has an invalid length. [ 201.358304][T13605] GUP no longer grows the stack in syz.5.2001 (13605): 20004000-2000a000 (20002000) [ 201.361677][T13605] CPU: 3 UID: 0 PID: 13605 Comm: syz.5.2001 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 201.364823][T13605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 201.368525][T13605] Call Trace: [ 201.369771][T13605] [ 201.370866][T13605] dump_stack_lvl+0x16c/0x1f0 [ 201.372404][T13605] gup_vma_lookup+0x1d2/0x220 [ 201.373734][T13605] __get_user_pages+0x236/0x3b50 [ 201.375017][T13605] ? find_held_lock+0x2d/0x110 [ 201.376355][T13605] ? mtree_load+0x30a/0xa40 [ 201.377555][T13605] ? __pfx_lock_release+0x10/0x10 [ 201.378853][T13605] ? __pfx___get_user_pages+0x10/0x10 [ 201.380230][T13605] get_user_pages_remote+0x25e/0xb30 [ 201.381680][T13605] ? __pfx_get_user_pages_remote+0x10/0x10 [ 201.383328][T13605] __access_remote_vm+0x235/0x7b0 [ 201.384710][T13605] ? __pfx___access_remote_vm+0x10/0x10 [ 201.386271][T13605] ? lock_acquire+0x2f/0xb0 [ 201.387530][T13605] ? proc_pid_cmdline_read+0x25c/0x900 [ 201.389135][T13605] proc_pid_cmdline_read+0x4f5/0x900 [ 201.390550][T13605] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 201.392129][T13605] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 201.393896][T13605] vfs_readv+0x6bf/0x890 [ 201.395011][T13605] ? __pfx___lock_acquire+0x10/0x10 [ 201.396367][T13605] ? __pfx_vfs_readv+0x10/0x10 [ 201.397538][T13605] ? __fget_files+0x1fc/0x3a0 [ 201.398744][T13605] ? __pfx_lock_release+0x10/0x10 [ 201.400098][T13605] ? __fget_files+0x206/0x3a0 [ 201.401300][T13605] ? do_preadv+0x1b1/0x270 [ 201.402432][T13605] do_preadv+0x1b1/0x270 [ 201.403555][T13605] ? __pfx_do_preadv+0x10/0x10 [ 201.404824][T13605] do_syscall_64+0xcd/0x250 [ 201.406020][T13605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.407522][T13605] RIP: 0033:0x7f6235d7e819 [ 201.408683][T13605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.413882][T13605] RSP: 002b:00007f6236a96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 201.416021][T13605] RAX: ffffffffffffffda RBX: 00007f6235f35fa0 RCX: 00007f6235d7e819 [ 201.418145][T13605] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000003 [ 201.420213][T13605] RBP: 00007f6235df175e R08: 0000000000000000 R09: 0000000000000000 [ 201.422235][T13605] R10: 0000000000000500 R11: 0000000000000246 R12: 0000000000000000 [ 201.424357][T13605] R13: 0000000000000000 R14: 00007f6235f35fa0 R15: 00007ffc18eefb88 [ 201.426446][T13605] [ 201.439688][T13605] tipc: Enabling of bearer rejected, failed to enable media [ 202.731396][T13618] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 202.783290][T13628] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2005'. [ 202.786430][T13629] netlink: 'syz.5.2007': attribute type 1 has an invalid length. [ 202.888176][ T39] audit: type=1400 audit(1732372376.300:1479): avc: denied { getopt } for pid=13642 comm="syz.5.2012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 206.216591][T13707] netlink: 112 bytes leftover after parsing attributes in process `syz.6.2028'. [ 206.220038][T13707] netlink: 124 bytes leftover after parsing attributes in process `syz.6.2028'. [ 206.285785][ T39] audit: type=1400 audit(1732372379.700:1480): avc: denied { execute } for pid=13708 comm="syz.8.2027" path="/dev/nullb0" dev="devtmpfs" ino=3255 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 207.497011][ T43] ================================================================== [ 207.499830][ T43] BUG: KASAN: slab-out-of-bounds in move_to_new_folio+0x12e/0x700 [ 207.502487][ T43] Read of size 8 at addr ffff8880246cbf90 by task kcompactd0/43 [ 207.505895][ T43] [ 207.507355][ T43] CPU: 3 UID: 0 PID: 43 Comm: kcompactd0 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 207.511212][ T43] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 207.515019][ T43] Call Trace: [ 207.516187][ T43] [ 207.517230][ T43] dump_stack_lvl+0x116/0x1f0 [ 207.518876][ T43] print_report+0xc3/0x620 [ 207.520468][ T43] ? __virt_addr_valid+0x5e/0x590 [ 207.522227][ T43] ? __phys_addr+0xc6/0x150 [ 207.523814][ T43] kasan_report+0xd9/0x110 [ 207.525382][ T43] ? move_to_new_folio+0x12e/0x700 [ 207.527165][ T43] ? move_to_new_folio+0x12e/0x700 [ 207.528948][ T43] kasan_check_range+0xef/0x1a0 [ 207.530636][ T43] move_to_new_folio+0x12e/0x700 [ 207.532392][ T43] migrate_pages_batch+0x206a/0x31b0 [ 207.534237][ T43] ? __pfx_compaction_free+0x10/0x10 [ 207.536061][ T43] ? __pfx_migrate_pages_batch+0x10/0x10 [ 207.538057][ T43] ? __pfx___lock_acquire+0x10/0x10 [ 207.539884][ T43] migrate_pages_sync+0x131/0x910 [ 207.541642][ T43] ? __pfx_compaction_alloc+0x10/0x10 [ 207.543516][ T43] ? __pfx_compaction_free+0x10/0x10 [ 207.545400][ T43] ? find_held_lock+0x2d/0x110 [ 207.547059][ T43] ? __pfx_migrate_pages_sync+0x10/0x10 [ 207.549016][ T43] ? isolate_movable_page+0x3b/0x7f0 [ 207.550825][ T43] migrate_pages+0x1a57/0x2200 [ 207.552471][ T43] ? __pfx_compaction_alloc+0x10/0x10 [ 207.554307][ T43] ? __pfx_compaction_free+0x10/0x10 [ 207.556120][ T43] ? __pfx_migrate_pages+0x10/0x10 [ 207.557889][ T43] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 207.560122][ T43] ? __pfx___might_resched+0x10/0x10 [ 207.561969][ T43] compact_zone+0x1f68/0x4280 [ 207.563598][ T43] ? __free_zapped_classes+0x2d0/0x320 [ 207.565471][ T43] ? __lock_acquire+0x15a9/0x3c40 [ 207.567216][ T43] ? __pfx___lock_acquire+0x10/0x10 [ 207.569017][ T43] ? __pfx_compact_zone+0x10/0x10 [ 207.570799][ T43] ? lock_acquire.part.0+0x11b/0x380 [ 207.572695][ T43] compact_node+0x1a2/0x2d0 [ 207.574329][ T43] ? __pfx_compact_node+0x10/0x10 [ 207.576105][ T43] ? __pfx_extfrag_for_order+0x10/0x10 [ 207.578010][ T43] kcompactd+0x779/0xdf0 [ 207.579515][ T43] ? __pfx_kcompactd+0x10/0x10 [ 207.580998][ T43] ? __pfx_autoremove_wake_function+0x10/0x10 [ 207.583102][ T43] ? lockdep_hardirqs_on+0x7c/0x110 [ 207.584927][ T43] ? __kthread_parkme+0x148/0x220 [ 207.586678][ T43] ? __pfx_kcompactd+0x10/0x10 [ 207.588353][ T43] kthread+0x2c1/0x3a0 [ 207.589803][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 207.591593][ T43] ? __pfx_kthread+0x10/0x10 [ 207.593198][ T43] ret_from_fork+0x45/0x80 [ 207.594772][ T43] ? __pfx_kthread+0x10/0x10 [ 207.596370][ T43] ret_from_fork_asm+0x1a/0x30 [ 207.598054][ T43] [ 207.599129][ T43] [ 207.599977][ T43] Allocated by task 1134: [ 207.601483][ T43] kasan_save_stack+0x33/0x60 [ 207.603118][ T43] kasan_save_track+0x14/0x30 [ 207.604748][ T43] __kasan_kmalloc+0xaa/0xb0 [ 207.606359][ T43] __kmalloc_node_track_caller_noprof+0x20f/0x430 [ 207.608568][ T43] kmalloc_reserve+0xef/0x2c0 [ 207.610234][ T43] __alloc_skb+0x164/0x380 [ 207.611782][ T43] nsim_dev_trap_report_work+0x2af/0xd00 [ 207.613725][ T43] process_one_work+0x9c5/0x1ba0 [ 207.615450][ T43] worker_thread+0x6c8/0xf00 [ 207.617064][ T43] kthread+0x2c1/0x3a0 [ 207.618479][ T43] ret_from_fork+0x45/0x80 [ 207.620058][ T43] ret_from_fork_asm+0x1a/0x30 [ 207.621725][ T43] [ 207.622569][ T43] Freed by task 1134: [ 207.623940][ T43] kasan_save_stack+0x33/0x60 [ 207.625581][ T43] kasan_save_track+0x14/0x30 [ 207.627191][ T43] kasan_save_free_info+0x3b/0x60 [ 207.628847][ T43] __kasan_slab_free+0x51/0x70 [ 207.630490][ T43] kfree+0x14f/0x4b0 [ 207.631851][ T43] skb_free_head+0x108/0x1d0 [ 207.633441][ T43] skb_release_data+0x560/0x730 [ 207.635131][ T43] consume_skb+0xbf/0x100 [ 207.636626][ T43] nsim_dev_trap_report_work+0x8cf/0xd00 [ 207.638553][ T43] process_one_work+0x9c5/0x1ba0 [ 207.640285][ T43] worker_thread+0x6c8/0xf00 [ 207.642018][ T43] kthread+0x2c1/0x3a0 [ 207.643465][ T43] ret_from_fork+0x45/0x80 [ 207.645029][ T43] ret_from_fork_asm+0x1a/0x30 [ 207.646682][ T43] [ 207.647493][ T43] The buggy address belongs to the object at ffff8880246ca000 [ 207.647493][ T43] which belongs to the cache kmalloc-4k of size 4096 [ 207.652252][ T43] The buggy address is located 3984 bytes to the right of [ 207.652252][ T43] allocated 4096-byte region [ffff8880246ca000, ffff8880246cb000) [ 207.657317][ T43] [ 207.658162][ T43] The buggy address belongs to the physical page: [ 207.660423][ T43] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x246c8 [ 207.663415][ T43] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 207.666298][ T43] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 207.668904][ T43] page_type: f5(slab) [ 207.670347][ T43] raw: 00fff00000000040 ffff88801b043040 dead000000000122 0000000000000000 [ 207.673364][ T43] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 207.676378][ T43] head: 00fff00000000040 ffff88801b043040 dead000000000122 0000000000000000 [ 207.679391][ T43] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000 [ 207.682365][ T43] head: 00fff00000000003 ffffea000091b201 ffffffffffffffff 0000000000000000 [ 207.685359][ T43] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 207.688386][ T43] page dumped because: kasan: bad access detected [ 207.690607][ T43] page_owner tracks the page as allocated [ 207.692573][ T43] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1134, tgid 1134 (kworker/u32:6), ts 204249863632, free_ts 204122948292 [ 207.699720][ T43] post_alloc_hook+0x2d1/0x350 [ 207.701330][ T43] get_page_from_freelist+0xfce/0x2f80 [ 207.703126][ T43] __alloc_pages_noprof+0x223/0x25a0 [ 207.704820][ T43] alloc_pages_mpol_noprof+0x2c9/0x610 [ 207.706717][ T43] new_slab+0x2c9/0x410 [ 207.708122][ T43] ___slab_alloc+0xdac/0x1880 [ 207.709711][ T43] __slab_alloc.constprop.0+0x56/0xb0 [ 207.711512][ T43] __kmalloc_node_track_caller_noprof+0x355/0x430 [ 207.713647][ T43] kmalloc_reserve+0xef/0x2c0 [ 207.715299][ T43] __alloc_skb+0x164/0x380 [ 207.716897][ T43] nsim_dev_trap_report_work+0x2af/0xd00 [ 207.718922][ T43] process_one_work+0x9c5/0x1ba0 [ 207.720683][ T43] worker_thread+0x6c8/0xf00 [ 207.722307][ T43] kthread+0x2c1/0x3a0 [ 207.723757][ T43] ret_from_fork+0x45/0x80 [ 207.725322][ T43] ret_from_fork_asm+0x1a/0x30 [ 207.726996][ T43] page last free pid 13755 tgid 13755 stack trace: [ 207.729227][ T43] free_unref_page+0x661/0x1080 [ 207.730937][ T43] __put_partials+0x14c/0x170 [ 207.732608][ T43] qlist_free_all+0x4e/0x120 [ 207.734244][ T43] kasan_quarantine_reduce+0x195/0x1e0 [ 207.736145][ T43] __kasan_slab_alloc+0x69/0x90 [ 207.737853][ T43] kmem_cache_alloc_noprof+0x121/0x2f0 [ 207.739775][ T43] getname_flags.part.0+0x4c/0x550 [ 207.741617][ T43] getname+0x8d/0xe0 [ 207.743017][ T43] vfs_fstatat+0xdf/0xf0 [ 207.744505][ T43] __do_sys_newfstatat+0xa2/0x130 [ 207.746301][ T43] do_syscall_64+0xcd/0x250 [ 207.747902][ T43] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.749993][ T43] [ 207.750849][ T43] Memory state around the buggy address: [ 207.752739][ T43] ffff8880246cbe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 207.754937][ T43] ffff8880246cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 207.757077][ T43] >ffff8880246cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 207.759940][ T43] ^ [ 207.761209][ T43] ffff8880246cc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 207.763360][ T43] ffff8880246cc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 207.765580][ T43] ================================================================== [ 207.768555][ T43] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 207.770529][ T43] CPU: 3 UID: 0 PID: 43 Comm: kcompactd0 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0 [ 207.773176][ T43] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 207.776072][ T43] Call Trace: [ 207.776958][ T43] [ 207.777849][ T43] dump_stack_lvl+0x3d/0x1f0 [ 207.779086][ T43] panic+0x71d/0x800 [ 207.780167][ T43] ? __pfx_panic+0x10/0x10 [ 207.781375][ T43] ? preempt_schedule_thunk+0x1a/0x30 [ 207.782824][ T43] ? preempt_schedule_common+0x44/0xc0 [ 207.784275][ T43] ? check_panic_on_warn+0x1f/0xb0 [ 207.785697][ T43] check_panic_on_warn+0xab/0xb0 [ 207.787016][ T43] end_report+0x117/0x180 [ 207.788247][ T43] kasan_report+0xe9/0x110 [ 207.789557][ T43] ? move_to_new_folio+0x12e/0x700 [ 207.790884][ T43] ? move_to_new_folio+0x12e/0x700 [ 207.792222][ T43] kasan_check_range+0xef/0x1a0 [ 207.793445][ T43] move_to_new_folio+0x12e/0x700 [ 207.794721][ T43] migrate_pages_batch+0x206a/0x31b0 [ 207.796085][ T43] ? __pfx_compaction_free+0x10/0x10 [ 207.797460][ T43] ? __pfx_migrate_pages_batch+0x10/0x10 [ 207.798908][ T43] ? __pfx___lock_acquire+0x10/0x10 [ 207.800262][ T43] migrate_pages_sync+0x131/0x910 [ 207.801564][ T43] ? __pfx_compaction_alloc+0x10/0x10 [ 207.802967][ T43] ? __pfx_compaction_free+0x10/0x10 [ 207.804345][ T43] ? find_held_lock+0x2d/0x110 [ 207.805599][ T43] ? __pfx_migrate_pages_sync+0x10/0x10 [ 207.807034][ T43] ? isolate_movable_page+0x3b/0x7f0 [ 207.808409][ T43] migrate_pages+0x1a57/0x2200 [ 207.809674][ T43] ? __pfx_compaction_alloc+0x10/0x10 [ 207.811069][ T43] ? __pfx_compaction_free+0x10/0x10 [ 207.812488][ T43] ? __pfx_migrate_pages+0x10/0x10 [ 207.813830][ T43] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 207.815446][ T43] ? __pfx___might_resched+0x10/0x10 [ 207.816820][ T43] compact_zone+0x1f68/0x4280 [ 207.818057][ T43] ? __free_zapped_classes+0x2d0/0x320 [ 207.819490][ T43] ? __lock_acquire+0x15a9/0x3c40 [ 207.820797][ T43] ? __pfx___lock_acquire+0x10/0x10 [ 207.822152][ T43] ? __pfx_compact_zone+0x10/0x10 [ 207.823465][ T43] ? lock_acquire.part.0+0x11b/0x380 [ 207.824836][ T43] compact_node+0x1a2/0x2d0 [ 207.826011][ T43] ? __pfx_compact_node+0x10/0x10 [ 207.827319][ T43] ? __pfx_extfrag_for_order+0x10/0x10 [ 207.828735][ T43] kcompactd+0x779/0xdf0 [ 207.829835][ T43] ? __pfx_kcompactd+0x10/0x10 [ 207.831075][ T43] ? __pfx_autoremove_wake_function+0x10/0x10 [ 207.832643][ T43] ? lockdep_hardirqs_on+0x7c/0x110 [ 207.833900][ T43] ? __kthread_parkme+0x148/0x220 [ 207.835212][ T43] ? __pfx_kcompactd+0x10/0x10 [ 207.836464][ T43] kthread+0x2c1/0x3a0 [ 207.837544][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 207.838897][ T43] ? __pfx_kthread+0x10/0x10 [ 207.840111][ T43] ret_from_fork+0x45/0x80 [ 207.841284][ T43] ? __pfx_kthread+0x10/0x10 [ 207.842498][ T43] ret_from_fork_asm+0x1a/0x30 [ 207.843751][ T43] [ 207.845218][ T43] Kernel Offset: disabled [ 207.846354][ T43] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:33:01 Registers: info registers vcpu 0 CPU#0 RAX=00000000001fcced RBX=0000000000000000 RCX=ffffffff8b2495d9 RDX=0000000000000000 RSI=ffffffff8b6cdd60 RDI=ffffffff8bd0e340 RBP=fffffbfff1bd2f00 RSP=ffffffff8de07e20 R8 =0000000000000001 R9 =ffffed100d4c6fed R10=ffff88806a637f6b R11=0000000000000000 R12=0000000000000000 R13=ffffffff8de97800 R14=ffffffff905f4250 R15=0000000000000000 RIP=ffffffff8b24a9bf RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000563ec8272300 CR3=0000000032af8000 CR4=00352ef0 DR0=0000000000002800 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000f8000000 Opmask01=000000000007ffff Opmask02=000000000007ffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd6811cb40 0000003000000008 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd6811c920 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff0f ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e6970726100656c 69666f7270000920 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6362696c5f5f0045 5441564952505f43 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 726f74616e696d72 6574206f6e203a73 2500657469727720 3a7325006b636f73 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 574a51444b4c4857 4051054a4b051f56 000040514c575205 1f5600004e464a56 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00400b0000000000 0000000000000000 0000000000747369 6c5f747365757165 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000065676173 73656d5f70636864 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 00005603bf15e233 73656d5f70636864 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 725f0f3af5e59661 72610f65fbebf37f 65677773ff75ffff 7f7f7d7f75777965 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000031 0000726565666965 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000021 0000000000000000 0000000000000031 00006d5f65636864 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbfbfbfbfbfbfbf bfbf2b313423342c ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 262821df2e2e33df 3228df3232202b22 df312e232d2435bf 2324353124322431 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020 info registers vcpu 1 CPU#1 RAX=00000000001d1c6d RBX=0000000000000001 RCX=ffffffff8b2495d9 RDX=0000000000000000 RSI=ffffffff8b6cdd60 RDI=ffffffff8bd0e340 RBP=ffffed1003b59910 RSP=ffffc90000187e08 R8 =0000000000000001 R9 =ffffed100d4e6fed R10=ffff88806a737f6b R11=0000000000000000 R12=0000000000000001 R13=ffff88801dacc880 R14=ffffffff905f4250 R15=0000000000000000 RIP=ffffffff8b24a9bf RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000559e48bb4908 CR3=0000000035bb2000 CR4=00352ef0 DR0=0000000000002800 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=3b50c45e3b50c45e 3b50c45e3b50c45e 3b50c45e3b50c45e 3b50c45e3b50c45e 3b50c45e3b50c45e 3b50c45e3b50c45e 3b50c45e3b50c45e 3b50c45e3b50c45e ZMM22=84ae205584ae2055 84ae205584ae2055 84ae205584ae2055 84ae205584ae2055 84ae205584ae2055 84ae205584ae2055 84ae205584ae2055 84ae205584ae2055 ZMM23=03ed5c8703ed5c87 03ed5c8703ed5c87 03ed5c8703ed5c87 03ed5c8703ed5c87 03ed5c8703ed5c87 03ed5c8703ed5c87 03ed5c8703ed5c87 03ed5c8703ed5c87 ZMM24=8fbc21cd8fbc21cd 8fbc21cd8fbc21cd 8fbc21cd8fbc21cd 8fbc21cd8fbc21cd 8fbc21cd8fbc21cd 8fbc21cd8fbc21cd 8fbc21cd8fbc21cd 8fbc21cd8fbc21cd ZMM25=f3379e03f3379e03 f3379e03f3379e03 f3379e03f3379e03 f3379e03f3379e03 f3379e03f3379e03 f3379e03f3379e03 f3379e03f3379e03 f3379e03f3379e03 ZMM26=a5216be3a5216be3 a5216be3a5216be3 a5216be3a5216be3 a5216be3a5216be3 a5216be3a5216be3 a5216be3a5216be3 a5216be3a5216be3 a5216be3a5216be3 ZMM27=63ab254263ab2542 63ab254263ab2542 63ab254263ab2542 63ab254263ab2542 63ab254263ab2542 63ab254263ab2542 63ab254263ab2542 63ab254263ab2542 ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=ad090000ad090000 ad090000ad090000 ad090000ad090000 ad090000ad090000 ad090000ad090000 ad090000ad090000 ad090000ad090000 ad090000ad090000 info registers vcpu 2 CPU#2 RAX=00000000001b8ecf RBX=0000000000000002 RCX=ffffffff8b2495d9 RDX=0000000000000000 RSI=ffffffff8b6cdd60 RDI=ffffffff8bd0e340 RBP=ffffed1003b5c000 RSP=ffffc90000197e08 R8 =0000000000000001 R9 =ffffed100d506fed R10=ffff88806a837f6b R11=0000000000000000 R12=0000000000000002 R13=ffff88801dae0000 R14=ffffffff905f4250 R15=0000000000000000 RIP=ffffffff8b24a9bf RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fff8e1c60b8 CR3=000000000df7e000 CR4=00352ef0 DR0=0000000000002800 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000e0fefffe Opmask01=0000000000000000 Opmask02=000000000000001f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0302000100008881 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff0f 0e0d0c0b0a090807 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0302000100008881 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000ff0000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000ff00ff ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000ff0000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 828183883a3d007e 7d7c605d5c5b3f3e 3d3c3b3a2d2a2928 2726242221200a09 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000563ec827a 0000000000000091 0000000000000000 000000000000005b ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563ec8279938 0000000000000000 000000000000000f 0000000000885d81 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85061f95 RDI=ffffffff9aafdc40 RBP=ffffffff9aafdc00 RSP=ffffc900009b6e78 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552033203a555043 R12=0000000000000000 R13=0000000000000020 R14=ffffffff85061f30 R15=0000000000000000 RIP=ffffffff85061fbf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fff8e1c3fc8 CR3=000000000df7e000 CR4=00352ef0 DR0=0000000000002800 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000c4c0c0fe Opmask01=0000000000000000 Opmask02=00000000c07fff81 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0302000100008881 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563ec827005d ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a002075676f0087 868a898482818388 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000ff0000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000ff00ff ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 0000000000ff0000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563ec8007a2d 0000563ec8284f60 0000000000000000 000000000000005b ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563ec800722d 0000563ec8284f60 0000563ec8284f80 000000000000005b ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000563ec8279938 0000000000000000 000000000000000f 0000000000885d81 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000