last executing test programs: 3.677083956s ago: executing program 1 (id=576): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', 0x0}) r3 = syz_open_dev$video(&(0x7f0000000040), 0xc48, 0xa2400) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$FS_IOC_FSSETXATTR(r4, 0x401c5820, &(0x7f0000000100)={0x900}) sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x68, 0x0, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x7}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x7}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x3}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x1}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x10001}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x40) ioctl$VIDIOC_S_FBUF(r3, 0x4030560b, &(0x7f00000001c0)={0x80, 0x12, &(0x7f00000000c0)="4e1dbcec40a73747724f8b511eebdf45085a3bb091d28302c8b6c47249cd303d76bf6d257315c64cdaf8d92b5dc7d0c710a2cff6a0e594fbeef4d40816c4093d05a278107cb9f01a29d2ccd028b2392600c7dfab475426c71f7bc522c7bf19e54b5d2f4e26a1cd768a82169c4ca021d85cc8a5371002caffd304ff039b7425958f2bc667ff18e0e2bb885e2c4fcc963f773a2c427c8ae83e58169b21d7e689d28decbccc98d061c1292955f75f8a0ae2dd15cfdc3ef25d8d3cbc364d1edca63e52471bd05187e08de1b85a00ba3fd42e5bd37b7dec2bf031991d0b8dc3ec462ca30f0eb982d2479716", {0x3, 0x4d7, 0x38415261, 0x6, 0x6, 0x9, 0x7, 0x4fa}}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x800000, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 3.562040557s ago: executing program 1 (id=578): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c) sendto$inet6(r0, &(0x7f00000000c0)='\x00', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x8, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000)=0x8, 0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20181, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x48, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000280)=r4}, 0x20) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20) close(0x3) recvmmsg(r0, &(0x7f0000005900)=[{{0x0, 0x0, 0x0}, 0x80}], 0x1, 0x40010003, 0x0) 3.090136611s ago: executing program 2 (id=586): r0 = fsopen(&(0x7f0000000300)='affs\x00', 0x1) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000080)='discard', &(0x7f0000000200)='\t', 0x1) r1 = request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f00000002c0)={'syz', 0x2}, &(0x7f00000001c0)='\xa7x{8\xb8\x81\xae$\xbb\x17\x90\xaa\x96\xd4\x9b\xd8\x87\x84\xca\xf6\xa6;\xd2!?,J\r\x94EA\x11\xc2\n\xc4h\xad\xc4\xe7*<\x87\xb5H\xfb\xf6t\x12\xed\x8f\x9caU^\xffW\xa1\x06\xcc', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_int(r2, 0x1, 0xa, 0x0, &(0x7f0000000100)) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) r5 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x2, 0x42200) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000280)=0x9) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r6, 0x3, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffffd, 0x2000000000000000, 0xffffffffffffffff}) fcntl$lock(r6, 0x25, &(0x7f0000000040)={0x1, 0x0, 0x80, 0x7}) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r7, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0) fcntl$lock(r6, 0x25, &(0x7f0000000180)={0x0, 0xb0a056243cb20c9f, 0x6, 0x80000000, r7}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000140)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, &(0x7f0000000240)={r8, 0x0, r3}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = dup(r10) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000840)={0x2, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r11, r12, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000480)="c744240000200000c744240200400000c7442406000000000f011c240f21e10fe56491f30f01c89aca9cec3675290000ba4300b0f7ee66f6e4440f20c03501000000440f22c066baf80cb88ccef985ef66bafc0c66b8f69266ef2e0fc7afe79a8903", 0x61}], 0x1, 0x11, 0x0, 0xfffffffffffffdd5) syz_kvm_setup_cpu$x86(r10, r12, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) r13 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, r1) keyctl$instantiate(0xc, r1, 0x0, 0x0, r13) 2.456659624s ago: executing program 1 (id=591): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3800000068000100030010000000008000000000000000000c00020001000000150000000c000c80f2ffffffffffffff0600030001"], 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001a40)=@newtaction={0xe80, 0x30, 0x25, 0x0, 0x0, {}, [{0xe6c, 0x1, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x18, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6, 0x2, 0x1}]}]}, @TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x2, 0x1, 0x10000000, 0x8, 0x8}, 0xf}, [{0x4, 0x1ff, 0x4, 0x20000000, 0x4, 0x15}, {0x3, 0x1c0, 0x4, 0x4, 0x4, 0x1}, {0x10000, 0x0, 0x7, 0x685, 0x8, 0x2}, {0xf, 0xe, 0xab21, 0x1be4, 0x4, 0x8}, {0xfffff800, 0x9, 0x9, 0x4, 0x1, 0x100}, {0x100, 0x5, 0x40, 0x6, 0x5, 0x5}, {0xbee, 0x7, 0xc, 0x9, 0xc, 0x1}, {0x5, 0x4, 0x6, 0xeb7f, 0x3, 0x100}, {0x1, 0x0, 0x80000000, 0xb6f, 0x1, 0xb}, {0x5, 0x3, 0x3, 0x9, 0x80000001, 0x3}, {0x0, 0x1, 0x9a, 0xff, 0xc, 0x5}, {0xfb, 0x8, 0xc, 0x2, 0x1ff, 0x800}, {0x9, 0x3636, 0x119, 0x9, 0x7, 0x4}, {0x6, 0x8, 0x3, 0xfffffffc, 0x1ff, 0x8}, {0x5, 0x8, 0x0, 0x3ff, 0x2, 0xa}, {0xfd, 0x4, 0x7fffffff, 0xaa09, 0x401, 0x4}, {0x4, 0x7fffffff, 0xa1, 0x8, 0xffff, 0x2}, {0x0, 0x8, 0x6, 0x8, 0x5, 0x4}, {0x0, 0x6, 0x568, 0x476a, 0x2e, 0x5}, {0x1000, 0x4, 0x3, 0x4, 0x3, 0x7ff}, {0x4, 0x6, 0x8, 0x39, 0x6, 0x8}, {0x6, 0x2, 0x21, 0x4, 0xa1, 0xfff}, {0xc, 0x4, 0x9, 0x7, 0x9, 0x9}, {0x9, 0x9, 0x6, 0x7, 0x7}, {0x7f, 0x8, 0x7, 0xb5, 0x1000, 0x1}, {0xc, 0x0, 0x0, 0x6, 0xc5a5, 0x5}, {0x2, 0x5, 0x10001, 0xab9b, 0x10000, 0xe825}, {0x3, 0x4, 0x13b, 0x9, 0x6, 0x1}, {0x6, 0xb, 0x4, 0x10, 0x7, 0x7}, {0xfffffabd, 0x4, 0x7ff, 0x6, 0x2, 0x7}, {0xfffffffd, 0x6, 0x7b, 0xaee, 0xfffffffa, 0x3}, {0x4, 0x5, 0x0, 0x0, 0x4, 0x3}, {0x4, 0x3, 0x5, 0xfffffffe, 0x3, 0xf}, {0xf8, 0x37000000, 0x4, 0x9, 0x2, 0x4}, {0x7fffffff, 0x40, 0xff, 0x40, 0x6, 0xa4bd}, {0x3, 0x4, 0x9, 0x7, 0x9, 0x7f}, {0x877, 0x81, 0x2, 0x2c, 0x3, 0x7}, {0x5, 0x8000, 0x6, 0x3, 0x8, 0x6}, {0xa38, 0x6, 0xffff, 0x5, 0x1643, 0x7}, {0x98bc, 0x3, 0x9, 0x100, 0x7, 0xc0000000}, {0x6, 0x4434, 0x9, 0x0, 0x2, 0x2}, {0x9, 0x6, 0x1, 0x10000, 0x3, 0x2}, {0x2f86, 0x6, 0x80000001, 0x13, 0x2, 0x2}, {0x401, 0x7, 0x9, 0x5, 0x4, 0x3}, {0x5, 0x4, 0x9, 0x1f6d, 0x6, 0x6b}, {0x4d4, 0x1, 0x6, 0x9, 0x9, 0x5}, {0x4, 0x8000, 0x2, 0x4, 0x81, 0xfffffffa}, {0x2, 0x8, 0x2, 0x15, 0xc, 0x101}, {0x9, 0x5453, 0xffffffff, 0x6, 0xb, 0x3}, {0x5, 0x40001000, 0xfffffffc, 0x7, 0xfffffff9, 0x8}, {0x400, 0x2, 0x9, 0xff, 0x20d, 0x80}, {0x38000000, 0x0, 0xc17, 0xa620, 0x8, 0x6}, {0x1e4a, 0x9, 0x5, 0xc, 0x8, 0x6}, {0xfffffff9, 0xff, 0x8, 0x45, 0x3109, 0x1ff}, {0xffff467f, 0xd, 0x2, 0x3, 0x8c, 0x1}, {0xe, 0x4, 0x4, 0x7ff, 0x100, 0xb}, {0x9, 0x0, 0x6, 0x3, 0x1, 0x100}, {0x0, 0x8, 0xd7fb, 0x0, 0x2, 0x2}, {0xffff0000, 0x8000, 0x69, 0x5, 0x0, 0x3}, {0x200, 0x10001, 0x9, 0x3, 0x7, 0x2e0f}, {0x9, 0x9, 0x4, 0x1, 0x800, 0x401}, {0xd, 0x0, 0x869, 0x4, 0x9, 0x5}, {0x6, 0x1000, 0x5, 0x8, 0x1, 0x5}, {0xffffffff, 0x5, 0x2, 0x7fffffff, 0x2, 0x41fce7b2}, {0x3480, 0x9, 0x8, 0xfffffff8, 0x80000001, 0x40}, {0xe, 0x400, 0x4, 0x3, 0x66, 0x6}, {0x0, 0x3, 0x9, 0xffffffff, 0x80, 0x3bc0}, {0x1, 0xfff, 0x7fff, 0x200, 0x90, 0x7ff}, {0x9, 0x1, 0x800, 0x3, 0x5}, {0x5a829e1c, 0x5, 0x0, 0x1, 0x5}, {0x5, 0x8000, 0x401, 0xd6, 0x80, 0x9}, {0x8001, 0x400, 0xb, 0x9, 0x1c, 0x4}, {0x3c43, 0x6, 0x19a9, 0xb, 0x5, 0xab53}, {0x81, 0x3, 0xbe2f, 0x388e8000, 0xbb, 0xa}, {0x1, 0x0, 0x6, 0x9, 0x7, 0x100}, {0x3, 0x8, 0x80000001, 0x80, 0x1, 0x9}, {0x2, 0x4, 0x7, 0x7f, 0xbda6, 0x6}, {0x5, 0x1, 0x7, 0x5, 0x80000000, 0x3}, {0x3, 0xffff, 0x9, 0x4, 0x9, 0x8}, {0xfb64bc0, 0x3, 0x7f, 0x4, 0x1000}, {0x5, 0x1, 0x9, 0xb9, 0x4, 0xfffffe01}, {0xb, 0x1, 0x9, 0x1ff, 0x10, 0x7f}, {0x8000, 0x9, 0x7, 0xf12, 0x5edc}, {0xb, 0x8, 0x6e9f, 0xc, 0x5, 0x2}, {0x4, 0x401, 0x9, 0x1, 0xb64, 0x4e8}, {0xc512, 0x2, 0x4, 0x7, 0x24, 0x7de}, {0x401, 0x101, 0x8, 0x0, 0x5, 0x101}, {0x8, 0x8, 0x7, 0x7, 0x6, 0x7}, {0x0, 0x0, 0xffff8000, 0x8, 0x1000, 0xfa}, {0x99, 0x3, 0xfa, 0x4, 0x10001, 0xe84}, {0x0, 0xffff, 0x8, 0x4000, 0x8}, {0x2, 0x0, 0x2, 0x3, 0x9, 0x9}, {0x0, 0x9, 0x0, 0x0, 0xede, 0x7}, {0x5, 0x100, 0xfffffffc, 0x81, 0x0, 0x8}, {0x6, 0xe5, 0x3, 0x0, 0x2, 0x7}, {0xecc, 0x7, 0x5, 0x0, 0x6, 0x1}, {0x7, 0x7, 0x2, 0x2, 0x3ff, 0x2}, {0x8001, 0x7, 0x9, 0x6, 0xff}, {0x5, 0x7, 0x10000, 0x1, 0x9, 0x8c5}, {0x80000000, 0x24, 0xefef, 0x8, 0x5a7, 0x9}, {0x9, 0xf, 0xffff6bec, 0xffffff9e, 0x2, 0x8e}, {0x4, 0x0, 0xfffffff5, 0x2f, 0xe, 0x53c83d7f}, {0x0, 0x8, 0x4, 0xfffeffff, 0x1, 0x9}, {0x4, 0x2, 0x202caeea, 0x3, 0x3, 0x8}, {0xc18, 0x2000000, 0x8, 0x7f, 0x9, 0x7}, {0xfffffffe, 0x401, 0x8, 0x1, 0x3, 0x8}, {0xa, 0x0, 0x38, 0x8001, 0x100, 0xd5a}, {0x0, 0x3, 0xd1b, 0x9, 0x10001, 0xc5b1}, {0x5, 0x7b, 0x401, 0x0, 0x0, 0x6}, {0x5, 0x7610, 0xfffffffe, 0x7459, 0x80000000, 0x3}, {0x8, 0x7, 0xe, 0x4, 0x6, 0xc}, {0x3, 0x3, 0x7, 0x80000000, 0x81, 0x1}, {0x5, 0xfff, 0x7fff, 0x0, 0x8, 0x9}, {0x1, 0x3, 0xfffffff9, 0x3, 0x6, 0x3}, {0x7, 0x64a40ae9, 0x100, 0xb, 0x7f, 0x5}, {0x1, 0x5, 0xe426, 0x4, 0xff, 0xfffff8ea}, {0x0, 0x4, 0x9bd, 0xffffffc0, 0x100, 0x86}, {0x3, 0xd7a0, 0x7fff, 0x6, 0x0, 0x7}, {0x8, 0x7, 0xfffeffff, 0xc, 0x9, 0xa}, {0x3, 0x8, 0x65e3, 0xfffffff8, 0x708, 0x2}, {0x9, 0x9, 0x200, 0xfe0, 0x4, 0x8}, {0xffff, 0x6, 0x5, 0x7fa, 0x80, 0x47}, {0x7, 0x3, 0x0, 0xada, 0xfffff001, 0x3ff}, {0x3, 0x38, 0x1, 0x4, 0x8000, 0x65f8}, {0x9, 0x513e12e3, 0xffffff74, 0x0, 0xe, 0x5}, {0x89d, 0x7fff, 0x8, 0x4, 0x9df4, 0x3}, {0x3, 0x1, 0x5, 0x1, 0x1000, 0x3}, {0x2, 0xfc0, 0x7ff, 0x80000000, 0x0, 0x3}], [{0x2, 0x1}, {0x1}, {0x4, 0x1}, {0x1, 0x1}, {}, {0x3}, {0x1, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x3}, {0x0, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1}, {0x3}, {0x3, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x3}, {0x4, 0x1}, {0x5}, {0x4, 0x1}, {0x6, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x3}, {0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x5c6418bd99d4f808, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x3}, {0x5, 0x1}, {0x2}, {0x4}, {0x0, 0x1}, {0x7, 0x1}, {}, {0x2}, {0x0, 0x1}, {0x2}, {0x1, 0x1}, {0x2, 0xd3790ade80b919d7}, {0x3, 0x1}, {0x5, 0x1}, {}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x1}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {}, {0x0, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {}, {0x5, 0x1}, {0x1}, {0x5}, {0x2}, {0x1, 0x1}, {0x3, 0x1}, {0x3301a96a73d779cb}, {0x3}, {0x2}, {0x3}, {0x4}, {0x5}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x4}, {0x7, 0x1}, {}, {0x3}, {0x3}, {0x3, 0x1}, {0x3}, {0xcd17a28638f0ce7d, 0x1}, {0x5}, {0x4, 0x1}, {0x4, 0x1}, {0x3}, {0x1, 0x1}, {0x1}, {0x4, 0x1}, {0x4}, {0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x2}, {}, {0x1}, {0x3, 0x1}, {0x3}, {0x0, 0x1}, {0x2}, {0x0, 0x1}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x2}, {0x5}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x1, 0x1}, {0x1, 0x1}, {0x3}, {0x2, 0x1}, {0x2}], 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe80}}, 0x0) (async, rerun: 64) mount$bpf(0x0, &(0x7f0000000ac0)='.\x00', &(0x7f0000000b00), 0x618008, &(0x7f0000000200)={[{@uid={'uid', 0x3d, 0xee00}}]}) (rerun: 64) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r2, 0x10001, 0x0) (async) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) (async) ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x8) connect$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs={0x0, 0x0, 0x4e21}, 0x6e) 2.291600405s ago: executing program 1 (id=594): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000240012800900010069706970000000001400028005000900ff"], 0x44}}, 0x0) r3 = memfd_create(&(0x7f0000000040)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbc\x04\x00i\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\x02\xf1\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10Dh$P\x99\xbf2\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9aY\xbb\x86O\xcc:8\x7f\n\xeeAS]\xb2\xb2\x1b9K\x92\\f\xfaf\xaaG\x1fK\x90\xdaK^\rT\x8cW\v\xda~\\-u\xc9\xe3\xef\x1fvL', 0x6) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 2.178358129s ago: executing program 1 (id=596): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000500000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x3, 0x0, 0xc}, @l2cap_cid_signaling={{0x8}, [@l2cap_disconn_req={{0x6, 0xe, 0x4}, {0x100, 0x400}}]}}, 0x11) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x20c01, 0x99) ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x40806685, &(0x7f0000000180)={0x81, 0x3}) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000001c0)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x7}}, 0x30) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000240)=[{0x20, 0x0, 0x0, 0xfffff024}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000200)={'netdevsim0\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x3, 0x3, 0x7, 0x9, 0x7, 0xea7}}) io_setup(0x6, &(0x7f0000001380)) 1.918901596s ago: executing program 1 (id=601): r0 = eventfd(0x8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000020ac050f02220001828301090224000101000000090400000203010200092100050001220000090581", @ANYBLOB="87e9"], 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x400, 0x2000) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x3, 0x5, 0x9, 0xda, 0x0, 0x16, 0x20, 0x7e, 0x3f, 0x3, 0x7f, 0x7, 0xa0, 0x6}, 0xe) recvmmsg(r1, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x40011001, 0x0) r2 = socket$inet6(0xa, 0x3, 0x9) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6}]}, 0x10) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000680)='net/snmp6\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000340)={0x1, 0x10, 0xfa00, {0x0}}, 0x18) r5 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) dup3(r0, r5, 0x80000) 1.918221627s ago: executing program 2 (id=604): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x10) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000380)={0x2}) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0x9264, 0x0, 0x404, 0x3b5}, &(0x7f00000003c0), &(0x7f0000000280)) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x10000000, 0x0, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8000, 0x0, 0x0, 0xa6}, 0x0, 0x1000000}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x84}}, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f00000000c0)=[r4, r4, r2], 0x3) ptrace(0x10, r1) ptrace$getregset(0x4205, r1, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) r5 = socket(0x40000000015, 0x5, 0x0) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) r6 = socket(0x40000000015, 0x5, 0x0) r7 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ppoll(&(0x7f0000000180)=[{r7, 0x4}], 0x1, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000002400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000023c0)={&(0x7f0000002380)={0x28, 0x0, 0x1, 0x101, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0xc, 0xe, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000050) bind$inet(r6, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r9 = userfaultfd(0x801) ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x3c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x25, 0x11, 0x0, 0x1, [@generic="2fe5af660e49035a45f4bfb9f42cf4a03da9dc13dd24291214b225a0c4824cdc01"]}]}, 0x3c}], 0x1}, 0x0) munmap(&(0x7f0000800000/0x800000)=nil, 0x800000) getsockopt$IP_VS_SO_GET_VERSION(r5, 0x0, 0x480, &(0x7f0000000080), &(0x7f0000000100)=0x40) ioctl$UFFDIO_CONTINUE(r9, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000823000/0x3000)=nil, 0x3000}, 0x1}) read$FUSE(r8, &(0x7f0000000340)={0x2020}, 0xcb0a) mprotect(&(0x7f000097a000/0x4000)=nil, 0x4000, 0xe) lseek(r8, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r8, 0x800455d1, &(0x7f0000000000)) 1.362170446s ago: executing program 3 (id=610): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="380000004800010300000000000000000a006000", @ANYRES32=0x0, @ANYBLOB="0000000008000200ff0000ff140001"], 0x38}}, 0x0) r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$chown(0x4, r2, 0x0, 0xffffffffffffffff) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000c00)={0x20, 0x17, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x884) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) socket(0x2b, 0x1, 0x1) listen(r3, 0x0) pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x10000000, 0x1}, &(0x7f0000000000)={0x18, 0x7, 0x9, 0x0, 0x7, 0x400000}, 0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x8, 0x8087, 0x8212, 0x4, {{0x37, 0x4, 0x0, 0x39, 0xdc, 0x66, 0x0, 0x6, 0x29, 0x0, @loopback, @multicast2, {[@cipso={0x86, 0x25, 0x2, [{0x0, 0x11, "7c86b7a3054a1e7ab3071b1e5f88d7"}, {0x0, 0x9, "7a130bc3f92b4b"}, {0x0, 0x5, "391ce4"}]}, @lsrr={0x83, 0x13, 0xf3, [@multicast1, @loopback, @remote, @rand_addr=0x64010102]}, @rr={0x7, 0x7, 0x81, [@local]}, @cipso={0x86, 0x5a, 0x2, [{0x7, 0x3, "e0"}, {0x5, 0x5, "d641c8"}, {0x6, 0xd, "9ee136f2bb2e0859a77792"}, {0x5, 0xd, "d9ac4b777c219bd0b63046"}, {0x7, 0x8, "5f86366cebbe"}, {0x6, 0xf, "506b367e114995a297f0c5e74d"}, {0x1, 0xc, "9b3e3a6ddb4af70ef7c8"}, {0x5, 0xf, "c4c7304edd05bbb2ce5409feea"}]}, @generic={0x0, 0x10, "f8b59ba11f9aed686fffd70681de"}, @generic={0x82, 0x2}, @timestamp={0x44, 0x14, 0x5a, 0x0, 0xa, [0x4, 0x1, 0xdbb, 0x200]}, @lsrr={0x83, 0x7, 0x63, [@empty]}]}}}}}) sendmsg$nl_route_sched(r1, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@delchain={0x3c, 0x65, 0x20, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xffef, 0xffe0}, {0xd, 0xffff}, {0xb, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0x3ff}, @TCA_CHAIN={0x8, 0xb, 0x79092b8a}, @TCA_RATE={0x6, 0x5, {0xc, 0x92}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) 1.244516793s ago: executing program 3 (id=611): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) r0 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe1b) socket$kcm(0x10, 0x2, 0x0) r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0xfe33) 1.1357883s ago: executing program 3 (id=613): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000002640)={0x14, 0x23, 0x1, 0x70bd2c, 0x25dfdbfc, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x48001}, 0x24048884) getpeername(r0, &(0x7f0000000080)=@phonet, &(0x7f0000000000)=0x80) mount(&(0x7f00000001c0)=@sr0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000200)='ocfs2\x00', 0x21000d, 0x0) 1.027994856s ago: executing program 3 (id=615): r0 = socket$inet(0x2, 0x2, 0x1) bind$inet(r0, &(0x7f0000000000)={0x2, 0x6ea4, @private=0xa010102}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200)) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000006c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fef7ff7a0af0fff80000ff79a4f0ff00000000b7060000efffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ba23008500000098000000b70000000000000095000000000000006f88300eaa171100756695acf0af839ec5300a584fe44c80de0b061417e9ade22cecede5d5be6ab3d7828ee094518a5800000082c81ddfe3960a29ea15fa7e26f0f3e51416b698f6da6fe8af496d22585ffab3af24974fae00d824313ffef788c6983945dd3663f79f67e78a48b24a4bcdc33b38c5f86e96111199f0f0af9f42099a0f54041889b971cf394bd43473a5ac2acab9768cbc52ff7f000000000000711727c4a32a6b7ecdae05d2b3fed4572eb0d88976d2adda68000010000000c47b18cf93996a43e2e080f57fadf535d8b3078ebe16b10160fad64474a7b558f7a56f41022feec18e013abd8fda2b96779e534d0675fbcc13ba9f9eb96319fd5b49521d5cb2ced401d7b6fce658f203a9c2da91116d986730da1be85b0000829512099df32814820fbf7be91cd13b77f4e4e599f8bbca388247856073472312a9ff4273b9cd08000000000000616e888cda842c661577818c2069cb41a73b4b7fc28882cad315db3fffc5183deca7a32838ec0ad70d4f55382c1879b71ec504d2f3e3883428ee350123a5cad346f6d517f6fcea5b6bc4fcffffffffffff03f419a6e45fd98e77da4a8202ebbdafe6b2e38c9d7e506f5da2958cf7f0d9b31ca3275e64e29d39d158cebe43308cf8760588001172e19685e9a334aec76530861b772a1da96f0a227514bd0bc26df2b50a45e4eceae1ddfe88d58879d12afdb295ce2edecb253e0471714fa124211203000000000000001f502b6c760655ffb20ae13a1a94f7ae229fbf5da7cae4f994ee82fc98c864c3e352ad16f98208cf1469dd6c1212582a3687f7dbdf708929643f3f0f4e947c40742452685ec044fc71eaca9abc92145677e14054331801b1412b39049ed782742f9a1b6aca9123b243c1a68c047f2db79701b62c8cc0d2f608c7f62d107ebc68df9f8d296721c9d465dad604bc0dc500000000000000000000000000000000000000000568a4997dd54fa83aacd2d209f66de2e26dc2fd862a0b8ee149c148197176745fc8ff1dd5bd6611daa882298a37b041b34668d4662ea8fbe2e787dfc4c8bef2124f0439b2d18ec83361da5cc732f365b0a528db31b90bc1405b6d5301c34319ccae29b1d6034b665c79baeeeac5e71d24e2e3b6ffc5bc2dcb600e645c0048b45e286a49e888d21abfc817085d9c00e08525207e33505226fdda16e6da6dd31f7a1736029b87e8d6a05bcb356298d7dccd7de2af0885bd4939ff96ab74da3871b077e4058c8752ba4994eafed8b239d781638fa339fa0f7dd135af3f80e40f4b885770cf27d205a45d4702f97b8b7c57b180c50b2b370dfb35dc895e8f05d6e71829f36150b2cde31469c4aea0c64850eb3f3e0dc35f8cdd76bdde2018366c3201307c370433762676f72e68c962430a0000000000000000000000000000e737dc2e1a3fdebbb510c663d24f72b954965201f775b3739c14dd4832647c028be09f2809fd396fa26532a30a37737e95f0f41dd024b7bf8a6bf807c9fd9b8c7a39717729339dc3054117cb95693bdd61edcc2860b66545e194a961bdc5457d76ae1a87050e12ead896f3337d5a000000000000000000400000602bfd2f1ace65f2e74dc99cb73a37f40362b7904e8a0ea8d2d9805c924f9985d22972031a1223afa1288af3f48c93fcdb11963d0b748287448f722dc180e87637b662b11effabf45beda2e3a7e1adf8f94b619fa152b33440f2358a745848caf7000eb305c936d26964a2a85e133d01368b8d228d02f96064de261cf02c9632a0eb4ab259e8f4dd63d8b6d2d6b2a0c29fbab7d04d73a381c296af344655b64e12f216fbc646cc6bd60ca773d187f2fd317f6cb2309d1a13526a44b7d9b2bf93947dc3ac3340a7a114051d33d152310574f0d784910dc1a8f5bbf3610c544437626236458f285196161496389b02ba46a72da0149b4ddfdd4ef7862a07395752a37cb0244e94e1310e0c0a148a9a48b149bf2f345f3f89813c9eb05160f63f0b363deee5cb77ea6e951857e1942e5c56d72d724af7aa24a8aadb512f3302972c53b0eb7a693e0b0c775b21aed72995cfe9e9347a07d43ce3db9f22d461e86416ffff6f2e4e36306630052a2b03ee36ec52af0d684fabd5f38adffaa6c5a7a8100d1aefaf8576b363690b76e2eb96b07ab790cf63cfc334b7469b5b5b397c622f7c3ee064f9272443bcb928b6f7a2450cd33550a42843b0b5ac9e37134c81bd56b72e1030b05a5b3ac47b5af22a9dff0700004adacc71db2b15b4ffd98e30224763382ade45d164be76b2e9a674448f3ee2cd29707484df87ea6e8e6333b5fcb1b8b43a7c005ea800000000000000000000010000000000387592adc78ccfe479549e6f4efc14c4a5cfe845e6157d6fe70b278147edf0e25065ec6b17f8022493d105c9c31121e7957aeec5f7f2af0446d128778c8bf15b87a0eec6f4c75966b5f0e06744bda63134223416102aea1254d57c390e1f84ec7d5c3a758ce59c9e2c4ce1f28b6783661e272bf1cb5c8ac177aa9c6ccbead9a96b22394afb840247e5d69473b836f070dc0bf9302e33b03d4e07395c82e33667726b51ff24b0bbea730702835159e3517ffb3da0d01833589fec3bdab629b21e5d9e87c3c58d962ff5e75c81f583c64b7d5a643674801e18b06ca98b49d9e28d004c7ebccf076c64ef71421f672b0948b18ab5af448ca9446e71ba6dd4bd15a12553066de7cb767a121d56d9d26ce27fdbe6721191f2ed1cc3f9c5e3d5cba447c4793165b3cbf51c7d0cf9edf823641e1bc7db7803b60dc8b21e49a33a73ac00337067dfd3ecaf4e6dceee1048f300000000000000000000000000000000000000000000007958a50896df65337581398793d0a9abe75251908c07d2957ca70ad7ac31aae536294d6a944cd35f46cb554d8aecae5a72cb24596d896ff9ad83473567b6cb9d032c395a1459399cea31ebafc1e77649b55af527ca0f1ac972ee72a78391473c1b9e0000000000000000004076eac7e605f8de6f0ce5702af52c5d78bac0097d92f078a3a98229ebf281c3c876d2614109b69967871fea621fb2a29a77a1516b51d9b1c3c5ef1436f50fad4a1cd92a211fec61d37c8b410a20fbdeb642228d6cfeb8cda8eea3a7f343fcaa0459b9d916abb668d4799534307084ee7d854dd0850000000000000000000000002f40c3e24f9c0a56edf543425058c35febda26a43bdab770212186b84421d8b841cf9181d47c08cb392e414c1efba9978a97769e65ae443644dbdb32a50cdc717a34d1aa9ced37820a6d1cd0920a9a07e36a85e967bfa7f2caf1c9b52c06f4d178fbb91a169e9533e401819e57cab814761819b0fc517239a6777dbb92a7462538dbd8a4b82f87df7982b44b160a598c75bafa5a9b388a44303dbebc83ac2ad2da3ae80c851bc2fdb8d444597fdac4538aa33bb9204ffe534b15a1878be30157d0815d38fc2effeb7b87d6bd15e21c7b7c7d1ad7b3fd69b4bd06716a203e82f4c0413719eae0967fc70f03570375c2d0986b0200897e505afb87b878f3e13187001bba6a401bd56f3f8eb5384e33"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x304, 0x10, &(0x7f0000000000), 0xfffffea2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0xe, 0x0, &(0x7f0000000040)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$USBDEVFS_IOCTL(r1, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect) 868.014192ms ago: executing program 2 (id=617): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000080)={0x1ff, 0x90, 0x5, 0x0, 0x0, [{{r0}, 0x6}, {{r0}, 0x8001}, {{r0}, 0x10001}, {{r0}, 0x1c0}, {{r0}, 0x7}]}) r1 = io_uring_setup(0x6f6, &(0x7f0000005100)={0x0, 0x0, 0x802}) io_uring_register$IORING_REGISTER_BUFFERS2(r1, 0xf, &(0x7f0000005500)={0x2, 0x0, 0x0, &(0x7f0000005480)=[{0x0}, {0x0}], 0x0}, 0x20) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') preadv(r2, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x25, &(0x7f0000000780)={0x0, @in={{0x2, 0x0, @empty}}, 0x2}, 0x90) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x13}]}}}, {0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x9c}}, 0x0) 861.286399ms ago: executing program 0 (id=618): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x179, 0x11, 0x100000}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x28042, 0x0) r1 = fsopen(&(0x7f00000002c0)='pvfs2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) read$FUSE(r0, &(0x7f0000001200)={0x2020}, 0x2020) 765.673481ms ago: executing program 3 (id=619): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) unshare(0x62040200) chdir(&(0x7f0000000140)='./file0\x00') syz_fuse_handle_req(r0, &(0x7f0000004140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a302f328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120417af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb780ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba174ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb930beba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeab2946f3ef872d0256196c75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cb53af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e313d819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb27dfedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f5f7998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d1ae7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abf7e14f48d4e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9136c49c69d71732aa223db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a17bfbc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9baa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13766204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f4f0975dc1b9f576ebdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3503a45dfe95e49b9d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc25ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a6db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745dfc7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edce6c85cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280e0000b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, &(0x7f0000000440)={&(0x7f0000000340)={0x50, 0x0, 0x4, {0x7, 0x28, 0x0, 0x8010, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x20, 0xfb}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = getpid() r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$setopts(0x4200, r2, 0x80e96, 0x100011) r3 = syz_pidfd_open(r1, 0x0) setns(r3, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) syz_fuse_handle_req(r0, &(0x7f0000006140)="e0332f8f5747b9f778142cc174a9b5f0244b78bb6346cb5fc9135b8220090ee698fddc241870359d32327f299718466d88c89e68097036bb35abfe03e3c02234dcdb2c7d1209c657485ca1aa3f2fb80e71397b80fca6f3cf2367fb19eb95e5b4a0170063374645d9e020099ffd7def3d94cd29412b3d7b7a47bc70121be848cfcecea78d41a93622b134bd06e84dec07a9e5abc29cb02d5b9091e748cffacf48352628822bab7b24a17bdf4b3f3bd9fb17793496aa6490da3f58039ce5b40745dd63f82d93bed80b50ca5742d67d39029a98db95c9392e2d5fd9a35bad30cfe98682b5a069738a12c3cfd25949106cfc839202fd21c2b28e44be73280d5037351ead2dd1c277d9cc9088c6b14365eb0937ea9685f6b26232293803260f2c8cfe176b55df304bc2865b8f52581afc4beed445ae8cc405cb7bcc51103aef812c41437c5b070a3591ad0964677f4f9017bb300727dfab009056bee3671a9694be2e2f2173fcc06ceba5aed0d93a3d7cd88365c5c354788efcc705e90d572e34e9e566fc206a8167970ecb9cbc43f4d9de4d43688582b6600dfcfc7379c831e756a45835647bd87879a3e3942c61b9ea2c2af35d49a4caa9a109b0beb972996ff8924ea371e15dc48efd12b1203a7f1fe354977fcf9e4ee2c8f210387e551ddb55e5f67ee6bb9bc8772649693b0adf24606e8ccc59f020834d8cbfcadfa1770549fe464dfc412308fbaee8d30bd20c002794bfb923bac6b490841248d12ad9a0e54d1d96e3aff5dc4930a6c8b7c75264a46af7a6339725fb84e0363463ebaaaf58d6b9309ae7c87a8df8c68d2487d684011de1fa7645f3f48cf3bb61bee8bcace2f8ef5f967f2765f8086aeaa5dcc34c84e379a7ddd6438cccb5b8098dfbffffffffffffeadbc4ad2b2ef98412a46f74a171ad056429dbb723cdb9ca9f9f03170dba2870e5988b7cb755599d1eb8f7eaf5c8ded4b56022cb479d0bdfae18f69f9ecc42f4c181ea10838229ba5db7f088ad8d5f77e49c1fd93ed6b983c43b23c7eeb1233f0c114885057a27cd3f67a309e3fecba241836bc92308b830b10b04af6c9595b44e859b9ca7ef079e151fdd500060787be3a7a5b3e23b06ec70f087134504f8b8e7b6799ebfe14f698ba7a813a380e6f92cace9230aa8094a2465f7224e2becad469d0aaf0e48b0098eacfb17abdb69bb2ebba97a09d2b739b532d70db91fcb0fcb38bccdc01d7c8113024ea8b619e385e58d31899721416e10b408504a9c4fcf870d21051227440a616cf62f6637b62eceaee09029f88009be02269cb5e5ed090c6f5e6c652c31214aef301bd23ec2504f90991cd27539c1b8b54db51825e951d076cd0e70f56de4b91894ce22049205483a0fe7d7886b36118bebd96d138980e26604b6e70a7275c6b81501143119a8c2c271558202eda196704ef9ae3c33301e1afbe56d069ce4926bf531d960f3df58192f3da558adc169d48d39e24e04e95c406b34b1f4ed2726ef0f6a67dd84c75636984191d019cebfa883fdf99affcdb4c874614a5312455403895891daf7469d6721583ccd1290ab05b14516f22965fc52c4a528f1a5c20cc133fea279d9efc991ec4d51d2654daceda234f6d3b0c635db697aba3eeaf8356319adba42428266ac09a6e6495ca8f60c1c4e052068511696296e88ef86a591948627ba97df634e0063eb5f208df00a069b1213c29e58cf76f591253d60de9d7c01d29992ccc728140299c429fec0df9d90f83fa2467ce00de83b16d10c7edb80ff8d4b1b19eea9bd1e2783a0d41215c9cf23bc3ca1ff414e3f29aadba00c5a8d5b44c28c10e99140e5428278e54bfd880a93fd1b54b560422ab2bfcf120a7902373b6442c6e9867b19aa0a6b77b1634ab6fd1c8a1d90d99ebb9ebcb89d593562b266fbc53c40501f9298690283c45059b3f6ee278e46cb3904c947446c28af8855b2a68e6e0c0da205a6e12fdd15b393d579039b31c1a54230ac2ea13cf1f5540046b4dcccdd731fff7323c4880e5d2d8668d8a7f08920715c17ef9652eb55f224c82a6fdb970dbf1032403f283bd868a23f4785a6ab9c0bcd2308dba1a1f258ae512cf64784e501008db366ab7093a6cc4b6ee86154d44a1a15c10834602dd5ccf730f6d1142ac19d113496dbcb80021cb5733924265d082a8453b5c21e0245e4a2627e8df090da6a129ee49c58c1a7437369acdee15f5e4e5638f05d9f6391572d9890219def702a013a2b05239664dba44feec2a9508a3200b47de03e6a784bca2f3633df534af33da0a95a34ca845b61a22ff55a5a4c04ff9e06e7162f458a8c56e106e75ffb76a921f4057dd73d5f3801aa78ca4c78d6b79bce560404c2fe3d57876287f73e84c27c486ffb997951f9e0b3aa81a5e7804ac7360add11e7851842d0ed8df041c999e50226fef006373bbb53d5d8e9d1653924e60234fd0b6645b821746f3d88591ff66e294e8e958ca425ddbc7d604f7cbbcb9d5fe0d4ad53878eb16bc801def1005e1eb12a6d4924d2179948e7aa542f2600ba3c6c600629d64c529c7326c1f38aa4e1a6cc259e58f86400d65d67856c8f4fffc33ad4c279dc05367307f562f8127f37b03c3cf38a97cfde0c02aad8ac40d347a9e0a496f227c068dc6c666fb2b6a18990f607399b0707d135752d93739e1840b5b4c125c81eeeb318869b408f87778451e49f3ad988a8aa97672989ad367833ff7e7f0e79c37ac794fe466623e122127fb94ebbc01bc775183b26b2dc407b1aa1a55d4ce04dbe1df4fba0377fea4c4bfa5a37c4dd733fd116b9c7f50b11dd512ad68646b9ddca295fe27bee78476901fbb5c8d2856ae0e9e21ab26e3587c1325f1fa28edb4081f2ba309d5fc39f7f54abbd0d5a152c2f7e3a8b3a5ef6e097b109061c91124f41f33055a7bb86706629f614d40346715cf2fe387ef4e4fc6646839824d3ef85eeac85bc5e681320f6fa7057e0a10de8c4678b48510f77b91bb397dd1209eaba8ea1f237c348e9e0d7af1229e2c04b6560e48e3a7491f3066b63a8923becdcfd8594c1c55098a51283b599765b049831cacd9478e5e996c778d524b476f6677218c94886d7548be7617e5796e35bb3c9b13d70e4897867d85f0350e9329985f051fb556b861aef7dead54e6b29b9ad837cb4774f47a5371ef034612aa0c151345546b876b53e9f2c06e3ce0113e67eba8842f4ac5b51a61315bf050078c710dcf14371d9593730b1d0302ef999f488bbf42b7360171da98ad68932bda4937358fd1d0c2bcd04f7dbe2beaffa0d53cccda316cb19270cf4aa56695ef3203b49fe92d1623cc1d714da6b8f94112db1781562ab2ae50bda23debd55da440434299c992f2f8c264310d6d8ccdd042737db0253d6889d8bf36fe99a131b73300c9798b8fd58b5fc681b97e71230cd3094e441fe5cf1294bbc28f41146f06e39d5e19e673dd489dbddfc16fe281160a8008e375025cbf25e84945f2f0a5ffb2cd58273328ea9d7533b2f0861eff95823cea18dc1877183fefab808bda0890f91f1d79b36953b138fd62caea3411900647a4afadfecade2ff6274175f06614d108daaf9821c413a137e33c826957953bb39e2d852097f978c3577abcb71d68b45794247d8e82614979708f6d6d0e469828206b22913d6d320d815d42c0d943640c63196f703f946089f535eac511e26c6a5a529e875eb15aaf65fd50dcbaf37a009f2f9081cdbc744cf7aa2336913e89f1961581ad4bb6aeb1d23a787e2d3f99639871df5842c30581263d5139128f0a3f37ef48bb636d7aae06581de6baa55a12019d3ed831950915fdc1eee819dd01047bda606f2852699529718c99606246a92bb1dd9435d8f3a48646c0e423441bc783be358c0c91e6846419b6c0a81354500cb2721834dc11ba40c3bbe5717e5142922a168ca0e20fc269ea584c7f68ff7cced62c4277385368b4ad596b79c45a9c4575c37f300cab37a5693cb777fabed412934d3a77505b17cb2628119ddff45f3fcbffb50386eb9cfb6f82b37fa852ad4b65bf8e2898b11bf051cb7fb0fa81cbf81b9ceebb05498aeb2691eb15297edd682976d5a4f444cdaa82f063bc4482c28c4e6257c7cf3e5ee5a502c6527b77b12725e7526ff896ee2f8066536dce04d63072a34c19d533d4dbdb93e7185482cbf7510c5eef2f8aebebad011727cd8061a367b7e1868252bb43d9a74c9c6a10539e357d5367fac69a9296fe5a79a2e5b45950ff462e0e882aa32ff7f29b5644e5311f3e0b076c58683de29ad9dd8b2c92a41ca8313ac997e44981e82aec550bbf6c88adf3d54e9fdf93d9dce95289e9086043d888f19d209cbea79f8f5b2c81b2c3889eae1cb5305e282b883c4cfa3798eceeabb442a74ff6a8470020a296ef01d8e32553663c844e67e5a3a44375f0074ce9547a6c489ee86d7652219491f35c6b904d51a26c3d2cc77d8ff97050dd0d0aed4a1ecf1db7ac48673a1dcc70ac16f709dcf4b90148aede5302111ceaa3a81c49b724cfa206283b62513f96c1da77efafe2d2d08a5f391ab690b5d974ceed2e95e85b1039def0e94c79cc0aa1de1f8133e985adfadf4a657710487b265bb6692fd2b91a06ac98d50b052b8a13168e2638b93209238fbe67f4590a81a2cdbcc479ca9178720a6ec05bc9457f27ad2e2fd2f4e9c643ef85b6287a01f7fd597799cce7d6464ed3c95110733d4ba92314ba3dd81e51f541a6e37f8bb14376e41560f9049b4ff349a467defc205f915a345b5f06d090645180ca642c719f03e9813bff7fd635660efe38b022130d42f2cedd792bcba2bfb14385c6d1cbe5ff2e38c22f1f8d5e4d93d296042507e43f24ff904827b16f2a3572d26078d7fdb0cfdbe2e6bee07b94ae441e510681c96f97ef0ddbd7efbd80ce0689f6e2022a189dd2937d3eadd82a154a5fac91b5ef48523706957b8d5f55077973e9a036009d745a6df39ba154dc59c4ef784d62b3f2d782dc508242a1b0e4cc294b6e62e98ef946f0d984c3174cf86b8a0beb615f046ec50dd0c8a9c0f36df60bd162f1130f894085e7c47b6c28ff336f5d75166c1840e7ad07204fc10ce976505f6aece0316d8c65b973f61cea2fe4c6db722717985c25249f041c07a86b878702a8c9ab7c33fe41039041aa38489b02a28f18d69ab34619e9e35514c54592c8059984ace64b5302b5f22d68c35c7ffb23c63ce877a1e1b160dd2c329eabcc0e1e3072021bd811de3c0c7a68af20ddb9e2912b7eecc2a8cf083a252d0fe31629b20559f7b976e4d8625644385c692b8cdc2886a42d750962d0dee10a1546ecb7ef961216cc456d2450a44aab07014fe0be076ca6bcb46b644af844b2ad8b3817f1895a5d579af3dc937541f4b7e9203e7a7af534b406d8f6e3bc555d767603122ab1c4e62de19d6af63be8e39fe45732859d6d92e11f1a847f7d62764b6364aa7f95f03cc7deba467da5be71657ae50ff6bf93c51efb7d19ac9887e92fe5f3c9d545209eff307c9e02073bd3404827e148aa63c135ed668589bdfec38cb47716201a9d02f1b03993f89e96b33b32e52ddffb0580dac45422ba7a3fef76e519a3dc8d12eac60c2d2f8c4303aafa3e80135c403360d51c9cdeba3ffb31e664302f587e0e983ede7f9b2bfe2bc64bd5029cfa88445e043e08f3e9affee25e980e75d2664738726e3d2eade7dce0ece78a514bbbe5a54c121374d079e3b05996052d66889742232b73e950e1a9892e7352c9e546a8cfb48332d2b2be6327208ca51dc2869a562581947f62b0d5bfb3e0911d4854f822d6738b4deb195840d2bbae0b074b8d1e1010c24ec00052dce7d259e3044aab1a99d261fb3b49cf09dfc85473f94db06d49e202ca12182283d48144f8389a5301679901600bf8130d36315b277a99204b85a1598f84bd2d4c4893108f6717bf44234181467d6eeee61e1823268b5c60bf04d0e13e429f411b51adfca20ff1a1b1eee203d59b03da1643c3e9fc474a91470116c6c5275542adb10f3adae2ae87e88b93f334e0ceb6216fc081e8d84d8b0a503196dc50599b22b89b807627b427a815aea0dbca69e5fb215ee996395d8a21a1c67ac295be33c6517504e1f00f579f8c484873cc670b5b9e787b1c30ca1f0b25f8bb8f4bde3b3f4fa730c292cbf97b25068ba9c65f78c555d5f75d52a57958d7111e824f3afa16484f625abf62afc80654c36fd9f8284466422fb18e08274e8febc719d45b784974d50d187ad2349429af3f7930252a4d45997762e9d5f5493d408ca144532aa89aa3d43c46951dafb8f81794e2e9679ce238cfe86e112f4f046d87feec3be04461032819d62f217faa71fa9dc6da8861015567d1f7309090e25b7015dcc6d72a5e7ba53296ab1bc72467ac50831628cf5238155aed3fb189a8b527ebd38771e16454fe51e3edde55cea454414690491207c23f6cf33aaeeda432de2d1ede04e039a16245e66cce6f4e4ea534f290f02a2a81a46d6ffea7967dfbe37461f83d472091156594852823392efc953f4ac099d74e2d0328d9f47bd952352981a34055acd0273309484ab56afa85ff0c22fb53ac5d7cc8e346b4c2f38a4e2451738146b7b90c14f826c7dbc1b2be79d83772a8d629f2dfaf15286a15be1ea22a05d4ee3de6a6bfb7e208dbbcc88e77baac940d6438aeeb77c3a32db08b46e79545b65f7f3c1bd433092bc9116668c338ab35c01cb5871167868c6b61bd4c0ca5f96e5ce2465da06c4a320839f3bb7c0dffd40d5bb9a32fcbc6f691787de7211da062616272c77c62ac83e4cb29fb954ab27d9009877b79be54acd336bfe2a6e087abaab004743f5ea4ec8ddfb8086920e8e458a413adb98077a3cf860513cc8a453eb129556c871be7e7232a6130c4332819ad17b289fdb31f8f8854dffb4cfeca6d792567b444c750820a2a8a2e0f93779e61a4966650909369fc8bd5bd2bad4ff95cc8a14f6cd83ae6411b4bfe1a9b5cdf1fcf32c54cef1731edc47d41fa581376b25006fc859b98805d70a157e501a2cb2ab425340965213adfecdb5addb2b4b2ec5cc6935e4e279bb98283fb20dfcd8a2c91aefda9dc5a57bba4d8803d1eb0f4ba9529de01e39c2aa60a91267c31d036a3f669b9377661837f58c6950fdf38986ea13ff5e9c4d966bf999002da1a854d54aa225b259d91eb88425328e7d13b06dea321a151a8dfc44755214da97168e8acf027d66b7fff45ded94fcde53ff80342d4595644549c4ed827225596e2b30480e94eb049b6cd718fe8424d044bb5098e0206047ddb81755e3cb92131dd47ec754b64c4b78f663e364cf8a74cdd9857c81316dc4ccd5f02a84b310abfbc9d6a23ee6d1eaf6b8fc1544cfeb06002c8a40fb0e49859d2073a7b1cb112713518ad5e007d0a256f901469bfa5cae98841f877faeb584d41bfe695da72ca5700ae085f39c99f769502ea9f43c0b84ca4611441d5adb3e5d0a426297e535258748169cad487f97d171c0630642943508206ce648aad2971297f3d4037d73e5fbc73460ca7401b7dbd7807273ae077a81fd0d4bc90b6068e3ec95afcfeab16619306fb23942a4308e8253b35f4912df392dfc5daf35dd842a5a1f78fc294cbdbd504056f0c7779121b5b3db7461e437347452476f3b0bb22e63aa23cb9d3e797c6c95513058d8fb2c27864ac0e1f5001c988e29c79bfa4236c7be41dee5561d825c1f0fbebc0c06cc4712e88ad5efd94f4eb4e93794af42a9752a2ebc57dc2f3881c75bbb23ad25b69619f9f5b07fe114ba291d2b5b4c1c175e1aa3ee3eda55e6126b3ad1e613bf8e0bbac727b879e7796fa0ad100893677a18b53f5eb31db43a97370d3749afa92fd0291fa96b05daa6beb43b9c1c11d9515976976d1cc1e44f35d317299ceb68ea2545f2a2b92b4e1046f6f92c33aae6995593189bb2611576599fd765b8e6fe2e88674ffd57ee8252287b1904d622c36a502db45c72b0d5fc3d983cc44bc955eb43911404667a4ab147d72b69ff2514dfb820ad75758e85df88499cea94ed658b4c1c2f49fe2bbb8d2dd97f844a6df289296cfb9cd5bc8d17aa235e2c4501b1422b25acd6dbc3a91d03904c545320524f9034955ab02f5d058097c37d23984baf808d28b3e12821eb8919a77c1b6a8bdeceecfcc487c39db592817dd378a7c5127b427e7279b2a82f6b8eec6b3fabe0947e353e7a386475b15011de93e2f2891f772ef90f4aba1ee1c4d7321c81ce4dcaa378daeabb93182c319494436dbe67d252a01291cacb59686ebd53c6df21c083e98fa299cf5e9b59f1ccea95c62b1437c8ff8754a6372b5b879ebc3241f6430871eafe35337d75cb68c42862846df4342ab434f7f0a7b9f66824e1e696e3dbecde179592774b7511e5a7a1a06ba601eb5f2a935c7cef0f83ecd412a84afdd05120fceb1afb6445ebfcdff8fffffffb75dddccc45afb4f5bb1308d39309c92c0b61a322d5229881fa5d598113cce54107036ca9f63fe863d257c706fe89d5c7ae59a459c6f15ba48d80da4aff541797b26418acddb987df3544bc4918cdbbdd8dd1bc2163c89635044e7b4da878457727a667c0146a12b4c46639497243259bfe4aa5ea50eb79f39fa9209256c9a685e3e39d6d8b6a9ca7d3554fbff0908ad6c6ecf68e506c20b16cd4a98e3ada9eb0cb3eb0b75b13b6d80bf99eddf2282da52cec085d3a725b71c29395d605e1eb26143290946a3a0d24347fa46145735dbf4eabc12150b8d5f7eeca804d7ed1fecd0132d1b94ebec65cbc07dfd4d54a5140567e77c646bd92666922c43aca8e482c59b970fa43087eb76d6715e4e8e5ebe54ca391383ef685b133534fcc1e5c5eb56f9d76a888506c4ac8d289c37039e0c4f927b0e11e85c5c7ec1cf4b19bebee6014cb89ee57f2ade8d166005e956d46a0c01f60b58299479e8a59a2e88f1a7ffd08b27d92fc2772b338959bd0a1c9cb95075c3cc17043c818345b29b76c0b8ed41c8c7259cc780c657cb9509daec1558453cfe061f54e08523a55d3223897559d51096b680802140800000000000000322e007c2af0c08867291dd732bfe4b24d1d5ae517a7f5903c369ac6b157d42eb6ca8c0d7b50fd533a56c814e7cf04db3012eebd53ec1b123d65ab1e462dc19182b690d56a88ad5a1f4d89f1749b005e88085505cc6d7de8eeee08def67bc1d1519d44b7a62dc07e491f328f786956d9200f00d78829e6af7c1a5835366201374b9487330920d4c57e2f7073292e173acc2424bb0d5e0e9448b4c02f9cfc99bc408110b6a3e9bc3799e4b178c2871069bc7d9ceba564378f02b2932c36f159478b5facd452b595a86d119216af9d860bd3997305320159a69a70fc62284141d23d2dc1e5394b271d99e5570450f1c55807e96c7cbe1b7c2e3e96f69fecf0f375e36e0d2acf319e37199e98486a8d145ce2d996c1909402744cce63664a75e480b197c345360321e830e5912d1d7bfe5a129a67fa98e6eda5268fa588047859daa11d087d0dbf0ccc7e120e3a5820cb4f5dc06748317e3f866518eb66e39dc8a68a7411b3403fc8eeab8283dee4d767e8e5842ed922e03ae5b3c9c494d5ebc61527ccd1222740fedd9e469ba6b30761cf387d654081c7e63182860e4548748058914a9cea01caf074fe6a78fafa2b45c516f9f20af9ac6773a400fa9661a872f6b55f0ed52a9be9e9c35502604b924f0eb628d6545da322e0713f9a5587e87e4b04fa495423b7c72093b764adfd1430a2e608b7af3d2bf80fef00e5b69abe386618274921ff57621bb99739de2e066ff17e95eba027f6a35170af3a69e93359a9643e155832d45c1aa9a8f71ad35504b99d3d0a1c11ae108664ea36f4dcded083aee17ac9efe7ee3fdf7b63c7c09bcef62caa88708510d45cea79d323083ddbfe7e5d3d9138f206a7af82ef1d26c85015c3e55a285a35d0052546493536b9061db27291a9292033753b7bddac63dac6f6271689240e43523c434a65e1d35299e386c953d0c92f21057e0b7883e049d20961e75069587eb3df6206496f76bbfd96635bb19837ba2ab193d79072ffb8829306b63697ff104a65031b8a38c24cca9ba23d5cdf753169a00fe2b2c3849f234a7029b657b3324c10d553e601aa97d17024f7bf5a99f96392f4a079a83daa27f4e3b512ee8536e764ce4dc36fd0874dfa502a693e55bd9f116202c5e906703e2c43d84448598b7af78aa60a205c152841e75e23436738ccaa6bbcef87e6a237d86d1a5e38e56c162cd6d61a4fb8b410b1643ad557a22348edfa82c23db11c9abdd8141fce263a66537512e93a930a4801ad862a902c7c1e00eb7c7466b1351318b7196c2a9016c55a05e104e124bdb568132f9397e31b10d04e5284bd029ea2f6a3ed11854e09b5871d6a725c21a9ef5d7e729a90a8206d5f61e6e42e47dda3e31b9134d47872a0dd7a576b665ec6ceaa5fd7d85ed7feede9ac9fc23e40241c0318077edda75b62eb271e28fb3705f7b4950c14b721a3a74a7a4e4de02cef5de76a1602b906016c0892ef37db51b0a1dd53f28b3d896f20abbad1ad0e0220960423267fc6e1779d1150fd584dd184bb43278d2d68ff21ac0daeef5408348cb80f4a9e0e606f6048bbaa517289451f084fffb63c5d904788cfc310b5495528a58f4650dafc4e4675b99d35ebab710ac6fefcee6c51a2835510fb6d2dbd8f97c3e53fb7a23c3f3c0283eb2271504581b9c1fa31e35c117e56a5d668a9c57df3b4e1129ca019a8b877fa4a22768dfbdd9d2154e17f4a7755b065090d88982471bfb242d89af5c6782693a6ab1b1be74dfa5655ac3b5ef4ace8dc595803cf4025bdf5c0e9fbe7a12a3a313311809591da08a2cc6cd8480dc960e1f79fa208440a0e589be5756c36d5830a51c4bdc39c2a85c0431bae3a7331b2ffdf23623693d343a7938a8a8a4dd4d523c6450a705bccbb38427f06f4f84a18adf303c0ddecf4ce2b6cdde4e09a4c31816195f0fe9f05fcdc0609f8a75ad2f23d5c24faaf346c13ec0512a5c29477ac561c878085d1a323f6bab08e2fb9ee57d7bb621ef21caf3609d74036c6dc1d7be0b6058d89dcb8d9aa4462fa0a740be66e3fdaa957f27c5a26dc586ac8c927ab2d7cf1b761798ea4191be8f4423cf1a6727d0c5f27a9969a753573afa584dea82678f3471ba36d726c396d68c671e579120f1a11cd50fa66b26fc2d6cb74ba07edbd5d3a288cf58ed1255381df02b2fb8983b7cf833433d1ab8fdef12651c3507e4b69fbc4b234678cca36761e8da434e5f036f204a1400da15277ef27ac140e2d574b89c0fd617da27e6ce862883bbe81c288834b9477d0d440c15dad505b363fcc1cfef8e2e3a96438809505844196acd0af751dedfced67f209c2ffa9c6da842c93ff4b5fd54a67df904f2f31b4236728c99582a667a8461d397770a657ffa7d514b0f076d7f35e9704a836e7882a2acf0a0ec2158ac7234953c3696abdc791c0b163ee76fbcc5adc18b6fa0f51f76f3d313a0d891f1deb69f6e44289b1aa43a768b8d13270959763a2c45129daeea493a5b0d7b36753b223dca9a8037368653400", 0x2000, &(0x7f0000000700)={&(0x7f00000002c0)={0xffffffffffffffa7, 0xffffffffffffff8c, 0x0, {0x7, 0x2b, 0x0, 0x0, 0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ptrace(0x420e, r2) setreuid(0xee01, 0xee01) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_readv(r4, &(0x7f0000000140)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r5, 0x0, 0x0, 0x20008005, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) 765.213242ms ago: executing program 0 (id=620): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xb, &(0x7f00000003c0)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1b0000000000000000000000ff03000000000000", @ANYRES32, @ANYBLOB="0400002000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000050000000500"/28], 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r0, &(0x7f00000000c0), &(0x7f0000000100)=""/106}, 0x20) 752.500216ms ago: executing program 2 (id=621): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x122) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040), &(0x7f00000006c0)=@v2={0x2000000, [{0xb2, 0x7}, {0xe8000000, 0xffff8000}]}, 0x14, 0x1) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x769}) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x268080, 0x112) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_CONTINUE(r2, 0xc020aa07, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1) 632.533489ms ago: executing program 0 (id=622): rt_sigprocmask(0x0, &(0x7f0000000040)={[0x10000000003]}, &(0x7f0000000840), 0x8) r0 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'vcan0\x00', 0x0}) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000060000000f0000000000000201000000000000000100000d000000000d0000000001000006040000000e0000000c000000006171006100"], &(0x7f0000000580)=""/210, 0x52, 0xd2, 0x1, 0x6, 0x10000, @value}, 0x28) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x20, &(0x7f0000000080)={&(0x7f0000000300)=""/231, 0xe7, 0x0, &(0x7f0000000180)=""/158, 0x9e}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="0e0000000051620002000000000000001200009c598d07a2021550ed87845a7ae299cde426ce8293e1a64e8c2500", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x19, 0x1, &(0x7f0000000280)=@raw=[@alu={0x4, 0x1, 0x2, 0x3, 0x5, 0x20, 0xfffffffffffffff0}], &(0x7f0000000380)='syzkaller\x00', 0x40, 0xb8, &(0x7f00000003c0)=""/184, 0x41100, 0xac, '\x00', r1, @cgroup_sockopt=0x15, r2, 0x8, &(0x7f00000006c0)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000700)={0x0, 0xa, 0x0, 0x4}, 0x10, r4, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000740)=[{0x4, 0x5, 0xb, 0x9}], 0x10, 0x6, @void, @value}, 0x94) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x501c00, 0x0) ioctl$KVM_GET_API_VERSION(r5, 0xae00, 0x0) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x141001) ioctl$CEC_S_MODE(r0, 0x40046109, &(0x7f0000000000)=0x31) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000200)={"aa9c7481", 0x0, 0xf7, 0x0, 0x8, 0x2, "2fbab4cd34744fe00799fe7087dc89", "a998f2c6", "89e9832a", "6f9cff89", ["bd99adaf7e8b7e34f59653cd", "171404168e45b72df3972316", "74cded730c5395ddbf12171b", "734fbd64cf725dfac1dc3171"]}) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(0xffffffffffffffff, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) connect$unix(r6, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) futex(&(0x7f00000040c0), 0x7, 0x8000004, 0x0, 0x0, 0x1) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2200, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000015000080000040"]) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmmsg$unix(r6, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="b2", 0x1}], 0x1, &(0x7f0000000000)=[@rights={{0x14, 0x1, 0x1, [r10]}}], 0x18, 0x8800}}], 0x1, 0x8041) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001640)=@newtaction={0x18, 0x30, 0xb, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 379.810178ms ago: executing program 3 (id=623): semctl$GETALL(0x0, 0x0, 0x14, &(0x7f0000000000)=""/71) r0 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000180)={0x500, 0x320, 0x300, 0x640, 0xffffff01, 0xfd8e, 0x10, 0x0, {0x9, 0x9}, {0x8, 0xe}, {0x7, 0x7f, 0x1}, {0x0, 0x0, 0x1}, 0x3, 0x2, 0x5, 0xffffffff, 0x0, 0x5628, 0x9, 0x1, 0xf41d, 0x28000, 0xb8, 0x0, 0x18, 0x4}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fsopen(&(0x7f0000000040)='afs\x00', 0x0) r1 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_usb_disconnect(r1) syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, &(0x7f0000000240)={0x40, 0x22, 0xc8, {0xc8, 0x30, "d6249e92bcf757cfb5a4e6053065a59c2b1ad03f7ff6dc3a59281c9d0103b1760fc88f455d26fa67c9844197b874b28150e68351e24930c8b4e07991ce8ecd59242256d174ce10e7d1ca4f4988c6b0f04e9853de4ef25cef5bd8c8471d3f87c6b1bf9fff24df7ebf7a1bc4027ecdc6657c30d6afdefc70479e08344205fa803a9be259dcef7a7003e8d6b76a0607cfc8eee5a61c6949774f65e16902aa2c3830f86681fbc97a9fef590c166eb21e25a7e443cf1a4f8354384f4a5fdd818aecfc014f057afcaf"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x411}}, &(0x7f0000000680)=ANY=[@ANYBLOB="002218000000a6f6b9642fda7500881fa8b0a305551b282579cfa926347713780c62b50600e2"], &(0x7f0000000380)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0xab, 0x1, {0x22, 0x57a}}}}, &(0x7f0000000640)={0x2c, &(0x7f0000000440)={0x0, 0x13, 0x2f, "0933c63ea96974e5c431b5fac20d5f24d1199bef2284c50be925105e45cc4d21227feae2417717a2bd6a3ca5092e76"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x5}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000500)={0x20, 0x1, 0xd2, "681e003cf08febec559f626a1c1f094e68e3f993b7c9185122d0df90a7e3d21d6e62273882f048a165fa5b1b76e499f3358fc2f374d9384af487cd7f7299cda17464b4c9dfb34a05c26c8b214588fa8b13cde750e5c17b2abbf198c3dcbc9a716be504ac3439bd84d25a17dff81fde825fda67195c9f77826ae3aed6c04533509a63c82fe55a56457c8d236c5ace5eae3f840e299d35496097a58ad8a38cfda969457f5f690e673053db56048dfeba3aec93346245f29f1445df7989cd68045c071d53646bf321a5d2ee3cb4b47704c314e6"}, &(0x7f0000000600)={0x20, 0x3, 0x1, 0x1}}) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) mbind(&(0x7f0000000000/0x600000)=nil, 0x600006, 0x8003, &(0x7f0000000000)=0x6, 0x8, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x5, 0x10800) fremovexattr(r2, &(0x7f0000000040)=@known='system.posix_acl_access\x00') get_mempolicy(0x0, 0x0, 0x0, &(0x7f00003c9000/0x3000)=nil, 0x2) mount$afs(&(0x7f0000000040)=@cell={0x23, 'syz1:', 'syz1', '.backup'}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x44, &(0x7f0000000400)={[{@dyn}]}) 301.810883ms ago: executing program 2 (id=624): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r1 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000001c0)={"1b00", 0xeadf, 0x5, 0x82, 0x800, 0x1, "f759e100edc71000f7ffd9fc6300", '\x00', "0300", "e8cc1304", ["8b59b4d766cbd6e4af000700", "c2fed6e1dcc98a1c907c6b40", "000000ff00009f0000000020", "0000000000000000001000"]}) ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000000)={0x9, 0xd6, 0x7fffffff, 0x9, 0xace8, 0x344f, "00ec21e1382c329131320f813d6d7ab7", 0x6, 0x7, 0xf8, 0xd7, 0x80, 0x2, 0x7}) r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002"], 0x20}}, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x7) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000006c0)=ANY=[@ANYBLOB="240000001a0021002bbd7000f8dbdf250a100002fd0000090010000008000400", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$TCSETA(r2, 0x8924, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "4feda26323b172e0"}) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r5, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4}) 301.174177ms ago: executing program 0 (id=625): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x30, r5, 0x2586ad4018a3b31b, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_CCA_MODE(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x1c, r7, 0x427, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40080c4}, 0x4008004) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r4, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)={0x34c, r7, 0x4, 0x70bd26, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVKEY={0x74, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}, @NL802154_DEVKEY_ATTR_ID={0x10, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x8}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x10}, @NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x5000}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}]}, @NL802154_ATTR_SEC_DEVKEY={0xa4, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x58, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x34, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xffffffff7fffffff}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7}]}, @NL802154_ATTR_SEC_DEVKEY={0x28, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x10, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xffff}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xfffffff3}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}]}, @NL802154_ATTR_SEC_DEVKEY={0x1bc, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_DEVKEY_ATTR_ID={0xd0, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x2c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0x100}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x54, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}]}, @NL802154_DEVKEY_ATTR_ID={0x34, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x10001}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x2}, @NL802154_DEVKEY_ATTR_ID={0x50, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x80000000}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}]}, @NL802154_ATTR_SEC_DEVKEY={0x18, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7fffffff}]}]}, 0x34c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000) 86.715588ms ago: executing program 0 (id=626): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ipv6_route\x00') openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f0000000000)) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000580)={0x0, 0x34565559, 0x2, @discrete={0x7fffffff, 0x4}}) faccessat2(r0, &(0x7f00000000c0)='./file0\x00', 0x80, 0x200) 577.95µs ago: executing program 2 (id=627): syz_emit_ethernet(0x22, &(0x7f0000000040)={@local, @link_local, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @dev, @local}}}}}, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) (async) prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0) (async) prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) (async) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) (async) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c9, &(0x7f0000000100)) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x34, r5, 0x1, 0x0, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x34}, 0x1, 0x40030000000000, 0x0, 0x40084}, 0x0) (async) r6 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r6, &(0x7f0000000c80)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="fd", 0x1}], 0x1}}], 0x1, 0x0) r7 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f00000002c0)={r8, 0x1}, 0x8) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc020000000000000000000000000000040012"], 0x8c}}, 0x0) listen(r0, 0x100) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@deltclass={0x2c, 0x29, 0x800, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xd, 0xb}, {0xb, 0xfff1}, {0x6, 0xffff}}, [@TCA_RATE={0x6, 0x5, {0x5c, 0x4}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x1) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8}}}, 0x24}}, 0x4000) (async) r9 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 0 (id=628): r0 = socket$packet(0x11, 0x3, 0x300) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000380), 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb230328931deb95ef3fcafb1ce27743a93f4715976edec860ab49c3a4f51ab0124b50c3362201a307df03000", 0x83, r1) keyctl$search(0xa, r1, &(0x7f0000000400)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1, 0x2e}, 0xffffffffffffffff) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000)=0x5, 0x4) kernel console output (not intermixed with test programs): 1941][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.854177][ T5937] bridge_slave_1: entered allmulticast mode [ 52.857034][ T5937] bridge_slave_1: entered promiscuous mode [ 52.904144][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.906453][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.909630][ T5949] bridge_slave_0: entered allmulticast mode [ 52.912206][ T5949] bridge_slave_0: entered promiscuous mode [ 52.916504][ T5938] team0: Port device team_slave_0 added [ 52.920035][ T5938] team0: Port device team_slave_1 added [ 52.939815][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.942757][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.945024][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.948234][ T5949] bridge_slave_1: entered allmulticast mode [ 52.950798][ T5949] bridge_slave_1: entered promiscuous mode [ 52.993484][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 52.995802][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.003980][ T5938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.009824][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.033549][ T5938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.035792][ T5938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.043856][ T5938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.070487][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.096686][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.133073][ T5937] team0: Port device team_slave_0 added [ 53.184784][ T5937] team0: Port device team_slave_1 added [ 53.202641][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.205722][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.209209][ T5939] bridge_slave_0: entered allmulticast mode [ 53.212689][ T5939] bridge_slave_0: entered promiscuous mode [ 53.221704][ T5938] hsr_slave_0: entered promiscuous mode [ 53.224823][ T5938] hsr_slave_1: entered promiscuous mode [ 53.274009][ T5949] team0: Port device team_slave_0 added [ 53.277119][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.279447][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.281722][ T5939] bridge_slave_1: entered allmulticast mode [ 53.284320][ T5939] bridge_slave_1: entered promiscuous mode [ 53.302067][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.304499][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.314021][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.320223][ T5949] team0: Port device team_slave_1 added [ 53.354138][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.356372][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.364306][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.419354][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.424007][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.442893][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.445705][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.455828][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.492117][ T5939] team0: Port device team_slave_0 added [ 53.498517][ T5939] team0: Port device team_slave_1 added [ 53.500942][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.503700][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.513803][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.618000][ T5937] hsr_slave_0: entered promiscuous mode [ 53.620230][ T5937] hsr_slave_1: entered promiscuous mode [ 53.622255][ T5937] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.624721][ T5937] Cannot create hsr debugfs directory [ 53.628542][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.630725][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.638663][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.645487][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.647794][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.655616][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.717838][ T5949] hsr_slave_0: entered promiscuous mode [ 53.720073][ T5949] hsr_slave_1: entered promiscuous mode [ 53.722127][ T5949] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.724476][ T5949] Cannot create hsr debugfs directory [ 53.798803][ T5939] hsr_slave_0: entered promiscuous mode [ 53.801459][ T5939] hsr_slave_1: entered promiscuous mode [ 53.804624][ T5939] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.807804][ T5939] Cannot create hsr debugfs directory [ 54.016962][ T5938] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.026470][ T5938] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.033375][ T5938] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.040569][ T5938] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.075899][ T5937] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.080740][ T5937] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.084943][ T5937] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.097553][ T5937] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.127351][ T5949] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.132376][ T5949] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.136315][ T5949] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.140617][ T5949] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.199430][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.203818][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.208704][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.216381][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.260969][ T5938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.270691][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.277786][ T5952] Bluetooth: hci3: command tx timeout [ 54.289772][ T5938] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.301114][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.303438][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.314902][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.319094][ T5937] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.325784][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.328078][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.333771][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.336096][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.344790][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.355031][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.356839][ T5952] Bluetooth: hci1: command tx timeout [ 54.358150][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.362864][ T5952] Bluetooth: hci2: command tx timeout [ 54.366879][ T5952] Bluetooth: hci0: command tx timeout [ 54.374957][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.377538][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.393983][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.396325][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.414696][ T5938] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.418603][ T5938] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.447868][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.464978][ T40] audit: type=1400 audit(1749783551.350:89): avc: denied { sys_module } for pid=5938 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 54.472539][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.482478][ T75] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.484926][ T75] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.495718][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.498159][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.575172][ T5938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.609458][ T5938] veth0_vlan: entered promiscuous mode [ 54.623713][ T5938] veth1_vlan: entered promiscuous mode [ 54.653563][ T5938] veth0_macvtap: entered promiscuous mode [ 54.664806][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.671418][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.674566][ T5938] veth1_macvtap: entered promiscuous mode [ 54.681882][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.695306][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.722578][ T5938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.730683][ T5938] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.734349][ T5938] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.738007][ T5938] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.740723][ T5938] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.772773][ T5949] veth0_vlan: entered promiscuous mode [ 54.781188][ T5939] veth0_vlan: entered promiscuous mode [ 54.798276][ T5937] veth0_vlan: entered promiscuous mode [ 54.804333][ T5949] veth1_vlan: entered promiscuous mode [ 54.810969][ T5939] veth1_vlan: entered promiscuous mode [ 54.832258][ T5937] veth1_vlan: entered promiscuous mode [ 54.841509][ T99] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.844063][ T99] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.876363][ T5949] veth0_macvtap: entered promiscuous mode [ 54.880733][ T99] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.881844][ T5949] veth1_macvtap: entered promiscuous mode [ 54.883186][ T99] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.891844][ T5939] veth0_macvtap: entered promiscuous mode [ 54.895171][ T5937] veth0_macvtap: entered promiscuous mode [ 54.901012][ T5937] veth1_macvtap: entered promiscuous mode [ 54.906391][ T5939] veth1_macvtap: entered promiscuous mode [ 54.912343][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.921633][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.922411][ T5938] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 54.928909][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.932980][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.940325][ T5937] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.944452][ T5937] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.947787][ T5937] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.950481][ T5937] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.958570][ T5949] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.961299][ T5949] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.963985][ T5949] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.967128][ T5949] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.977596][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.981892][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.000301][ T5939] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.003991][ T5939] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.009975][ T5939] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.013612][ T5939] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.063671][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.066196][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.089125][ T1147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.091657][ T1147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.103317][ T1147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.105997][ T1147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.122373][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.124937][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.141840][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.145137][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.171217][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.175635][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.231732][ T6038] openvswitch: netlink: IP tunnel dst address not specified [ 55.238350][ T6042] netlink: 'syz.0.1': attribute type 10 has an invalid length. [ 55.242337][ T6042] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1'. [ 55.242379][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'. [ 55.243872][ T6038] GUP no longer grows the stack in syz.3.4 (6038): 200000004000-20000000a000 (200000002000) [ 55.243911][ T6038] CPU: 1 UID: 0 PID: 6038 Comm: syz.3.4 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 55.243924][ T6038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.243931][ T6038] Call Trace: [ 55.243934][ T6038] [ 55.243938][ T6038] dump_stack_lvl+0x16c/0x1f0 [ 55.243959][ T6038] gup_vma_lookup+0x1d2/0x220 [ 55.243978][ T6038] __get_user_pages+0x271/0x3b80 [ 55.244002][ T6038] ? __pfx___get_user_pages+0x10/0x10 [ 55.244025][ T6038] get_user_pages_remote+0x258/0xb20 [ 55.244036][ T6038] ? __pfx_mtree_load+0x10/0x10 [ 55.244053][ T6038] ? __pfx_get_user_pages_remote+0x10/0x10 [ 55.244076][ T6038] __access_remote_vm+0x246/0x810 [ 55.244094][ T6038] ? do_raw_spin_lock+0x12c/0x2b0 [ 55.244106][ T6038] ? __pfx___access_remote_vm+0x10/0x10 [ 55.244125][ T6038] proc_pid_cmdline_read+0x4de/0x900 [ 55.244141][ T6038] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 55.244156][ T6038] ? rw_verify_area+0xcf/0x680 [ 55.244169][ T6038] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 55.244181][ T6038] vfs_readv+0x5c1/0x8b0 [ 55.244196][ T6038] ? __pfx_vfs_readv+0x10/0x10 [ 55.244209][ T6038] ? kmem_cache_free+0x2d1/0x4d0 [ 55.244230][ T6038] ? __fget_files+0x20e/0x3c0 [ 55.244248][ T6038] ? do_preadv+0x1a6/0x270 [ 55.244259][ T6038] do_preadv+0x1a6/0x270 [ 55.244272][ T6038] ? __pfx_do_preadv+0x10/0x10 [ 55.244287][ T6038] do_syscall_64+0xcd/0x4c0 [ 55.244306][ T6038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.244317][ T6038] RIP: 0033:0x7f49b238e929 [ 55.244325][ T6038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.244335][ T6038] RSP: 002b:00007f49b3202038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 55.244345][ T6038] RAX: ffffffffffffffda RBX: 00007f49b25b5fa0 RCX: 00007f49b238e929 [ 55.244352][ T6038] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 000000000000000a [ 55.244358][ T6038] RBP: 00007f49b2410b39 R08: 0000000000000000 R09: 0000000000000000 [ 55.244364][ T6038] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 55.244370][ T6038] R13: 0000000000000000 R14: 00007f49b25b5fa0 R15: 00007fff0c698538 [ 55.244383][ T6038] [ 55.333564][ T6042] team0: Failed to send port change of device geneve0 via netlink (err -105) [ 55.336498][ T6042] team0: Failed to send options change via netlink (err -105) [ 55.339819][ T6042] team0: Port device geneve0 added [ 55.358241][ T6043] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 55.361360][ T6043] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 55.364869][ T6043] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 55.368062][ T6043] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 55.384085][ T6043] vxlan0: entered promiscuous mode [ 55.542882][ T6062] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 55.558967][ T6062] CIFS mount error: No usable UNC path provided in device string! [ 55.558967][ T6062] [ 55.562315][ T6062] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 55.688724][ T6070] syz.3.17: attempt to access beyond end of device [ 55.688724][ T6070] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0 [ 55.692998][ T6070] vxfs: unable to read disk superblock at 1 [ 55.695364][ T6070] syz.3.17: attempt to access beyond end of device [ 55.695364][ T6070] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 55.699908][ T6070] vxfs: unable to read disk superblock at 8 [ 55.701888][ T6070] vxfs: can't find superblock. [ 56.357728][ T5952] Bluetooth: hci3: command tx timeout [ 56.437857][ T5947] Bluetooth: hci2: command tx timeout [ 56.437882][ T5953] Bluetooth: hci1: command tx timeout [ 56.440290][ T5952] Bluetooth: hci0: command tx timeout [ 56.530192][ T6105] netlink: 'syz.1.21': attribute type 1 has an invalid length. [ 56.542445][ T6105] ip6erspan0: entered promiscuous mode [ 56.551549][ T6107] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 56.554397][ T6107] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 56.559531][ T6107] vhci_hcd vhci_hcd.0: Device attached [ 56.617854][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23'. [ 56.826678][ T836] usb 38-1: SetAddress Request (2) to port 0 [ 56.828805][ T836] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd [ 56.933189][ T6150] XFS (nullb0): Invalid superblock magic number [ 56.986737][ T40] kauditd_printk_skb: 97 callbacks suppressed [ 56.986748][ T40] audit: type=1400 audit(1749783553.870:187): avc: denied { setopt } for pid=6156 comm="syz.1.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 56.994628][ T40] audit: type=1400 audit(1749783553.870:188): avc: denied { bind } for pid=6156 comm="syz.1.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.001641][ T40] audit: type=1400 audit(1749783553.870:189): avc: denied { name_bind } for pid=6156 comm="syz.1.31" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 57.009906][ T40] audit: type=1400 audit(1749783553.880:190): avc: denied { node_bind } for pid=6156 comm="syz.1.31" saddr=172.20.20.170 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 57.017268][ T40] audit: type=1400 audit(1749783553.880:191): avc: denied { getopt } for pid=6156 comm="syz.1.31" laddr=172.20.20.170 lport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.024091][ T40] audit: type=1400 audit(1749783553.880:192): avc: denied { read } for pid=6156 comm="syz.1.31" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 57.031586][ T40] audit: type=1400 audit(1749783553.880:193): avc: denied { open } for pid=6156 comm="syz.1.31" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 57.151026][ T40] audit: type=1400 audit(1749783554.040:194): avc: denied { unlink } for pid=6163 comm="syz.1.33" name="#1" dev="tmpfs" ino=88 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 57.159243][ T40] audit: type=1400 audit(1749783554.040:195): avc: denied { mount } for pid=6163 comm="syz.1.33" name="/" dev="overlay" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 57.222377][ T40] audit: type=1400 audit(1749783554.110:196): avc: denied { connect } for pid=6166 comm="syz.1.34" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 57.270011][ T6173] SELinux: Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped). [ 57.288196][ T6173] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 57.369584][ T6109] vhci_hcd: connection reset by peer [ 57.372649][ T99] vhci_hcd: stop threads [ 57.374278][ T99] vhci_hcd: release socket [ 57.376082][ T99] vhci_hcd: disconnect device [ 57.488705][ T6183] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 57.492565][ T6183] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 57.496348][ T6183] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 57.506432][ T6183] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 57.530906][ T5952] Bluetooth: hci3: Invalid connection link type handle 0x00c8 [ 57.574071][ T6198] netlink: 4 bytes leftover after parsing attributes in process `syz.2.43'. [ 57.643216][ T6213] netlink: 16 bytes leftover after parsing attributes in process `syz.1.48'. [ 57.646438][ T6213] netlink: 16 bytes leftover after parsing attributes in process `syz.1.48'. [ 57.669983][ T6217] Invalid ELF header type: 0 != 1 [ 57.709824][ T6223] process 'syz.1.51' launched '/dev/fd/5' with NULL argv: empty string added [ 57.742863][ T6223] [U]  [ 57.778899][ T6237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.55'. [ 57.781917][ T6237] netlink: 12 bytes leftover after parsing attributes in process `syz.3.55'. [ 57.782994][ T6238] binder: Bad value for 'max' [ 57.784901][ T6237] netlink: 'syz.3.55': attribute type 18 has an invalid length. [ 57.787864][ T6238] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.56'. [ 57.790040][ T6028] libceph: connect (1)[c::]:6789 error -101 [ 57.792800][ T6237] netlink: 8 bytes leftover after parsing attributes in process `syz.3.55'. [ 57.794194][ T6028] libceph: mon0 (1)[c::]:6789 connect error [ 57.797499][ T6237] netlink: 'syz.3.55': attribute type 18 has an invalid length. [ 57.801197][ T6237] netlink: 'syz.3.55': attribute type 18 has an invalid length. [ 57.803747][ T6237] netlink: 'syz.3.55': attribute type 18 has an invalid length. [ 57.804000][ T6238] netlink: 'syz.2.56': attribute type 27 has an invalid length. [ 57.806346][ T6237] netlink: 'syz.3.55': attribute type 18 has an invalid length. [ 57.811346][ T6237] netlink: 'syz.3.55': attribute type 18 has an invalid length. [ 57.813957][ T6237] netlink: 'syz.3.55': attribute type 18 has an invalid length. [ 57.959523][ T6258] Zero length message leads to an empty skb [ 57.974305][ T6261] Bluetooth: MGMT ver 1.23 [ 58.068196][ T6029] libceph: connect (1)[c::]:6789 error -101 [ 58.071119][ T6029] libceph: mon0 (1)[c::]:6789 connect error [ 58.253080][ T6028] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 58.416049][ T6028] usb 8-1: Using ep0 maxpacket: 32 [ 58.426649][ T6028] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.431266][ T6028] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 58.446085][ T6028] usb 8-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 58.450228][ T5952] Bluetooth: hci3: command tx timeout [ 58.453501][ T6028] usb 8-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 58.456917][ T6028] usb 8-1: Product: syz [ 58.458843][ T6028] usb 8-1: Manufacturer: syz [ 58.460766][ T6028] usb 8-1: SerialNumber: syz [ 58.475249][ T6028] input: appletouch as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:1.0/input/input5 [ 58.529728][ T5952] Bluetooth: hci0: command tx timeout [ 58.529745][ T5953] Bluetooth: hci2: command tx timeout [ 58.539945][ T5953] Bluetooth: hci1: command tx timeout [ 58.569870][ T6292] 8021q: adding VLAN 0 to HW filter on device bond1 [ 58.591696][ T6028] libceph: connect (1)[c::]:6789 error -101 [ 58.593941][ T6028] libceph: mon0 (1)[c::]:6789 connect error [ 58.608828][ T6298] capability: warning: `syz.2.75' uses deprecated v2 capabilities in a way that may be insecure [ 58.619312][ T6298] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 58.622446][ T6298] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 58.623121][ T6233] ceph: No mds server is up or the cluster is laggy [ 58.626483][ T6298] overlayfs: failed to get uuid (/file1, err=-95); falling back to uuid=null. [ 58.680258][ T6028] usb 8-1: USB disconnect, device number 2 [ 58.685421][ T6300] sp0: Synchronizing with TNC [ 58.712811][ T6028] appletouch 8-1:1.0: input: appletouch disconnected [ 58.782626][ T1147] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x4d [ 58.788418][ T6309] IPVS: sync thread started: state = MASTER, mcast_ifn = wlan1, syncid = 0, id = 0 [ 58.949652][ T6315] input: syz0 as /devices/virtual/input/input6 [ 58.951792][ T6315] input: failed to attach handler leds to device input6, error: -6 [ 58.963066][ T1338] usb 6-1: new low-speed USB device number 2 using dummy_hcd [ 58.964655][ T6315] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 59.141276][ T1338] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 59.143751][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 59.147293][ T1338] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 59.148901][ T2067] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 59.151225][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 59.157593][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 59.162064][ T1338] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 59.164477][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 59.167981][ T1338] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 59.171829][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 59.175792][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 59.180924][ T1338] usb 6-1: config 168 descriptor has 1 excess byte, ignoring [ 59.183351][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 59.186941][ T1338] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 59.191058][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 59.194694][ T1338] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 59.202822][ T1338] usb 6-1: string descriptor 0 read error: -22 [ 59.205007][ T1338] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 59.207995][ T1338] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.222129][ T1338] adutux 6-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 59.285275][ T6335] random: crng reseeded on system resumption [ 59.324376][ T2067] usb 7-1: Using ep0 maxpacket: 16 [ 59.338109][ T2067] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 59.347773][ T2067] usb 7-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 59.350592][ T2067] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.353063][ T2067] usb 7-1: Product: syz [ 59.354405][ T2067] usb 7-1: Manufacturer: syz [ 59.356501][ T2067] usb 7-1: SerialNumber: syz [ 59.359729][ T2067] usb 7-1: config 0 descriptor?? [ 59.364031][ T2067] hub 7-1:0.0: bad descriptor, ignoring hub [ 59.366083][ T2067] hub 7-1:0.0: probe with driver hub failed with error -5 [ 59.371061][ T2067] input: syz syz as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input7 [ 59.447978][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.457072][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.458926][ T6349] program syz.3.92 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 59.460732][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 59.531911][ T34] usb 6-1: USB disconnect, device number 2 [ 59.592403][ T6030] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 59.748417][ T6030] usb 5-1: config 0 has no interfaces? [ 59.750354][ T6030] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 59.753319][ T6030] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.756920][ T6028] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 59.757890][ T6030] usb 5-1: config 0 descriptor?? [ 59.798511][ T34] usb 7-1: USB disconnect, device number 2 [ 59.921518][ T6028] usb 8-1: Using ep0 maxpacket: 32 [ 59.924580][ T6028] usb 8-1: config 0 has an invalid interface number: 51 but max is 0 [ 59.927278][ T6028] usb 8-1: config 0 has no interface number 0 [ 59.931031][ T6028] usb 8-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 59.935660][ T6028] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.938682][ T6028] usb 8-1: Product: syz [ 59.940065][ T6028] usb 8-1: Manufacturer: syz [ 59.941615][ T6028] usb 8-1: SerialNumber: syz [ 59.945216][ T6028] usb 8-1: config 0 descriptor?? [ 59.949156][ T6028] quatech2 8-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 59.997425][ T6030] usb 5-1: USB disconnect, device number 2 [ 60.155565][ T6028] usb 8-1: qt2_setup_urbs - submit read urb failed -8 [ 60.157942][ T6028] quatech2 8-1:0.51: probe with driver quatech2 failed with error -8 [ 60.349049][ T6365] overlayfs: failed to resolve './file1': -2 [ 60.364625][ T6028] usb 8-1: USB disconnect, device number 3 [ 60.590325][ T5953] Bluetooth: hci3: command tx timeout [ 60.649972][ T6378] capability: warning: `syz.2.102' uses 32-bit capabilities (legacy support in use) [ 60.672762][ T5953] Bluetooth: hci1: command tx timeout [ 60.673104][ T5952] Bluetooth: hci2: command tx timeout [ 60.674515][ T5953] Bluetooth: hci0: command tx timeout [ 60.807729][ T6391] validate_nla: 59 callbacks suppressed [ 60.807747][ T6391] netlink: 'syz.1.104': attribute type 7 has an invalid length. [ 60.813647][ T6391] netlink: 'syz.1.104': attribute type 8 has an invalid length. [ 60.837171][ T34] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 60.929341][ T6395] `: renamed from veth0_vlan (while UP) [ 60.977692][ T6399] syz.1.107 uses obsolete (PF_INET,SOCK_PACKET) [ 60.991379][ T34] usb 8-1: Using ep0 maxpacket: 32 [ 60.997671][ T34] usb 8-1: config 0 has an invalid interface number: 51 but max is 0 [ 61.000403][ T34] usb 8-1: config 0 has no interface number 0 [ 61.005101][ T34] usb 8-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 61.007982][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.010422][ T34] usb 8-1: Product: syz [ 61.011767][ T34] usb 8-1: Manufacturer: syz [ 61.013447][ T34] usb 8-1: SerialNumber: syz [ 61.017671][ T34] usb 8-1: config 0 descriptor?? [ 61.020610][ T34] quatech2 8-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 61.229575][ T34] usb 8-1: qt2_setup_urbs - submit read urb failed -8 [ 61.231903][ T34] quatech2 8-1:0.51: probe with driver quatech2 failed with error -8 [ 61.258443][ T6419] fuse: Bad value for 'rootmode' [ 61.263425][ T6419] syz.2.113: attempt to access beyond end of device [ 61.263425][ T6419] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 61.267522][ T6419] SQUASHFS error: Failed to read block 0x0: -5 [ 61.270646][ T6419] unable to read squashfs_super_block [ 61.318615][ T6421] __nla_validate_parse: 131 callbacks suppressed [ 61.318637][ T6421] netlink: 8 bytes leftover after parsing attributes in process `syz.1.114'. [ 61.324134][ T6421] netlink: 12 bytes leftover after parsing attributes in process `syz.1.114'. [ 61.326939][ T6421] netlink: 'syz.1.114': attribute type 18 has an invalid length. [ 61.397587][ T6426] sg_write: data in/out 440207358/4056 bytes for SCSI command 0x45-- guessing data in; [ 61.397587][ T6426] program syz.1.116 not setting count and/or reply_len properly [ 61.436968][ T6351] netlink: 'syz.3.93': attribute type 4 has an invalid length. [ 61.439349][ T6351] netlink: 152 bytes leftover after parsing attributes in process `syz.3.93'. [ 61.446164][ T6351] : renamed from bond0 (while UP) [ 61.458910][ T5943] usb 8-1: USB disconnect, device number 4 [ 61.468564][ T6428] netlink: 'syz.1.117': attribute type 1 has an invalid length. [ 61.470996][ T6428] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 61.768028][ T6432] cgroup: Name too long [ 61.988942][ T836] usb 38-1: device descriptor read/8, error -110 [ 62.038240][ T6442] syzkaller1: entered promiscuous mode [ 62.040461][ T6442] syzkaller1: entered allmulticast mode [ 62.159144][ T40] kauditd_printk_skb: 92 callbacks suppressed [ 62.159154][ T40] audit: type=1400 audit(1750307846.932:289): avc: denied { mount } for pid=6445 comm="syz.2.123" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 62.169053][ T40] audit: type=1400 audit(1750307846.932:290): avc: denied { read } for pid=6445 comm="syz.2.123" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 62.176710][ T40] audit: type=1400 audit(1750307846.932:291): avc: denied { open } for pid=6445 comm="syz.2.123" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 62.210228][ T40] audit: type=1400 audit(1750307846.981:292): avc: denied { ioctl } for pid=6448 comm="syz.3.124" path="socket:[9972]" dev="sockfs" ino=9972 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 62.218044][ T40] audit: type=1400 audit(1750307846.981:293): avc: denied { setopt } for pid=6448 comm="syz.3.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 62.320284][ T40] audit: type=1400 audit(1750307847.088:294): avc: denied { ioctl } for pid=6445 comm="syz.2.123" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 62.328561][ T40] audit: type=1400 audit(1750307847.088:295): avc: denied { name_connect } for pid=6445 comm="syz.2.123" dest=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 62.398108][ T836] usb usb38-port1: attempt power cycle [ 62.405855][ T40] audit: type=1400 audit(1750307847.166:296): avc: denied { setopt } for pid=6452 comm="syz.0.125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 62.780061][ T40] audit: type=1400 audit(1750307847.537:297): avc: denied { map } for pid=6465 comm="syz.3.130" path="/dev/video0" dev="devtmpfs" ino=956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 62.844695][ T6472] ======================================================= [ 62.844695][ T6472] WARNING: The mand mount option has been deprecated and [ 62.844695][ T6472] and is ignored by this kernel. Remove the mand [ 62.844695][ T6472] option from the mount to silence this warning. [ 62.844695][ T6472] ======================================================= [ 62.867757][ T40] audit: type=1400 audit(1750307847.625:298): avc: denied { load_policy } for pid=6471 comm="syz.3.132" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 62.873372][ T6472] SELinux: ebitmap start bit (64767) is not a multiple of the map unit size (64) [ 62.882269][ T6472] SELinux: failed to load policy [ 62.885856][ T6472] fuse: Unknown parameter 'rootmodȲ4M00000000000 000' [ 62.894394][ T6472] option changes via remount are deprecated (pid=6471 comm=syz.3.132) [ 62.929284][ T6474] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 62.931901][ T6474] overlayfs: failed to set xattr on upper [ 62.933702][ T6474] overlayfs: ...falling back to redirect_dir=nofollow. [ 62.935935][ T6474] overlayfs: ...falling back to index=off. [ 62.937940][ T6474] overlayfs: ...falling back to uuid=null. [ 62.983322][ T836] usb usb38-port1: unable to enumerate USB device [ 63.039722][ T6480] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 63.048520][ T6480] vlan2: entered allmulticast mode [ 63.050257][ T6480] vlan1: entered allmulticast mode [ 63.051872][ T6480] veth0_vlan: entered allmulticast mode [ 63.221461][ T6497] lo speed is unknown, defaulting to 1000 [ 63.225037][ T6497] lo speed is unknown, defaulting to 1000 [ 63.230559][ T6497] lo speed is unknown, defaulting to 1000 [ 63.308646][ T6497] infiniband syz0: set active [ 63.310829][ T6497] infiniband syz0: added lo [ 63.311101][ T836] lo speed is unknown, defaulting to 1000 [ 63.332480][ T6497] RDS/IB: syz0: added [ 63.334504][ T6497] smc: adding ib device syz0 with port count 1 [ 63.336645][ T6497] smc: ib device syz0 port 1 has pnetid [ 63.339575][ T836] lo speed is unknown, defaulting to 1000 [ 63.344568][ T6497] lo speed is unknown, defaulting to 1000 [ 63.372796][ T6503] FAULT_INJECTION: forcing a failure. [ 63.372796][ T6503] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 63.386674][ T6503] CPU: 0 UID: 0 PID: 6503 Comm: syz.3.141 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 63.386692][ T6503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.386699][ T6503] Call Trace: [ 63.386703][ T6503] [ 63.386707][ T6503] dump_stack_lvl+0x16c/0x1f0 [ 63.386727][ T6503] should_fail_ex+0x512/0x640 [ 63.386744][ T6503] _copy_from_user+0x2e/0xd0 [ 63.386760][ T6503] copy_msghdr_from_user+0x98/0x160 [ 63.386777][ T6503] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 63.386799][ T6503] ___sys_sendmsg+0xfe/0x1d0 [ 63.386815][ T6503] ? __pfx____sys_sendmsg+0x10/0x10 [ 63.386830][ T6503] ? __lock_acquire+0x622/0x1c90 [ 63.386862][ T6503] __sys_sendmsg+0x16d/0x220 [ 63.386877][ T6503] ? __pfx___sys_sendmsg+0x10/0x10 [ 63.386901][ T6503] do_syscall_64+0xcd/0x4c0 [ 63.386919][ T6503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.386930][ T6503] RIP: 0033:0x7f49b238e929 [ 63.386938][ T6503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 63.386948][ T6503] RSP: 002b:00007f49b3202038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 63.386959][ T6503] RAX: ffffffffffffffda RBX: 00007f49b25b5fa0 RCX: 00007f49b238e929 [ 63.386965][ T6503] RDX: 0000000000040884 RSI: 0000200000000300 RDI: 0000000000000003 [ 63.386971][ T6503] RBP: 00007f49b3202090 R08: 0000000000000000 R09: 0000000000000000 [ 63.386988][ T6503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 63.386995][ T6503] R13: 0000000000000000 R14: 00007f49b25b5fa0 R15: 00007fff0c698538 [ 63.387008][ T6503] [ 63.550215][ T6497] lo speed is unknown, defaulting to 1000 [ 63.661759][ T6497] lo speed is unknown, defaulting to 1000 [ 63.672430][ T6514] syz.3.144: attempt to access beyond end of device [ 63.672430][ T6514] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 63.680694][ T6514] syz.3.144: attempt to access beyond end of device [ 63.680694][ T6514] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 63.685906][ T6514] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 63.690468][ T6514] syz.3.144: attempt to access beyond end of device [ 63.690468][ T6514] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 63.695891][ T6514] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 63.701290][ T6514] syz.3.144: attempt to access beyond end of device [ 63.701290][ T6514] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 63.707066][ T6514] syz.3.144: attempt to access beyond end of device [ 63.707066][ T6514] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 63.714763][ T6514] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 63.719755][ T6514] syz.3.144: attempt to access beyond end of device [ 63.719755][ T6514] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 63.725208][ T6514] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 63.728683][ T6514] syz.3.144: attempt to access beyond end of device [ 63.728683][ T6514] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 63.735634][ T6514] syz.3.144: attempt to access beyond end of device [ 63.735634][ T6514] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 63.739830][ T6514] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 63.743238][ T6514] syz.3.144: attempt to access beyond end of device [ 63.743238][ T6514] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 63.747257][ T6514] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 63.752352][ T6514] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 63.756238][ T6514] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 63.759147][ T6514] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 63.822797][ T6497] lo speed is unknown, defaulting to 1000 [ 63.935105][ T6505] rdma_rxe: rxe_newlink: failed to add veth0_to_team [ 64.098539][ T6524] netlink: 28 bytes leftover after parsing attributes in process `syz.2.148'. [ 64.131476][ T6533] FAULT_INJECTION: forcing a failure. [ 64.131476][ T6533] name failslab, interval 1, probability 0, space 0, times 1 [ 64.136653][ T6533] CPU: 3 UID: 0 PID: 6533 Comm: syz.2.151 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 64.136674][ T6533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.136683][ T6533] Call Trace: [ 64.136689][ T6533] [ 64.136695][ T6533] dump_stack_lvl+0x16c/0x1f0 [ 64.136717][ T6533] should_fail_ex+0x512/0x640 [ 64.136731][ T6533] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 64.136747][ T6533] should_failslab+0xc2/0x120 [ 64.136763][ T6533] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 64.136777][ T6533] ? __alloc_skb+0x2b2/0x380 [ 64.136795][ T6533] __alloc_skb+0x2b2/0x380 [ 64.136809][ T6533] ? __pfx___alloc_skb+0x10/0x10 [ 64.136826][ T6533] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 64.136841][ T6533] netlink_alloc_large_skb+0x69/0x130 [ 64.136853][ T6533] netlink_sendmsg+0x6a1/0xdd0 [ 64.136867][ T6533] ? __pfx_netlink_sendmsg+0x10/0x10 [ 64.136888][ T6533] ____sys_sendmsg+0xa95/0xc70 [ 64.136900][ T6533] ? copy_msghdr_from_user+0x10a/0x160 [ 64.136916][ T6533] ? __pfx_____sys_sendmsg+0x10/0x10 [ 64.136934][ T6533] ___sys_sendmsg+0x134/0x1d0 [ 64.136950][ T6533] ? __pfx____sys_sendmsg+0x10/0x10 [ 64.136965][ T6533] ? __lock_acquire+0x622/0x1c90 [ 64.136999][ T6533] __sys_sendmsg+0x16d/0x220 [ 64.137015][ T6533] ? __pfx___sys_sendmsg+0x10/0x10 [ 64.137040][ T6533] do_syscall_64+0xcd/0x4c0 [ 64.137057][ T6533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.137068][ T6533] RIP: 0033:0x7f49a5f8e929 [ 64.137076][ T6533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.137089][ T6533] RSP: 002b:00007f49a6dda038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.137100][ T6533] RAX: ffffffffffffffda RBX: 00007f49a61b5fa0 RCX: 00007f49a5f8e929 [ 64.137106][ T6533] RDX: 0000000000040884 RSI: 0000200000000300 RDI: 0000000000000003 [ 64.137112][ T6533] RBP: 00007f49a6dda090 R08: 0000000000000000 R09: 0000000000000000 [ 64.137118][ T6533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 64.137124][ T6533] R13: 0000000000000000 R14: 00007f49a61b5fa0 R15: 00007ffea85b4438 [ 64.137137][ T6533] [ 64.265046][ T6540] netlink: 28 bytes leftover after parsing attributes in process `syz.2.153'. [ 64.278838][ T6541] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47511 sclass=netlink_route_socket pid=6541 comm=syz.1.150 [ 64.407189][ T6552] syz0: rxe_newlink: already configured on lo [ 64.442790][ T6554] netlink: 20 bytes leftover after parsing attributes in process `syz.2.157'. [ 64.497198][ T6561] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 64.641739][ T6571] syz0: rxe_newlink: already configured on lo [ 64.657048][ T6573] fuse: Unknown parameter '000000000000000000030x0000000000000003' [ 64.674923][ T6573] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 64.729330][ T5947] Bluetooth: hci1: ACL packet too small [ 64.839959][ T6584] rdma_rxe: rxe_newlink: failed to add lo [ 64.895563][ T6593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.168'. [ 64.985983][ T6605] FAULT_INJECTION: forcing a failure. [ 64.985983][ T6605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 64.990770][ T6605] CPU: 1 UID: 0 PID: 6605 Comm: syz.2.171 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 64.990786][ T6605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 64.990792][ T6605] Call Trace: [ 64.990796][ T6605] [ 64.990800][ T6605] dump_stack_lvl+0x16c/0x1f0 [ 64.990820][ T6605] should_fail_ex+0x512/0x640 [ 64.990838][ T6605] _copy_from_iter+0x29f/0x16f0 [ 64.990856][ T6605] ? __alloc_skb+0x200/0x380 [ 64.990872][ T6605] ? __pfx__copy_from_iter+0x10/0x10 [ 64.990888][ T6605] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 64.990904][ T6605] netlink_sendmsg+0x829/0xdd0 [ 64.990921][ T6605] ? __pfx_netlink_sendmsg+0x10/0x10 [ 64.990937][ T6605] ____sys_sendmsg+0xa95/0xc70 [ 64.990950][ T6605] ? copy_msghdr_from_user+0x10a/0x160 [ 64.990966][ T6605] ? __pfx_____sys_sendmsg+0x10/0x10 [ 64.990984][ T6605] ___sys_sendmsg+0x134/0x1d0 [ 64.991001][ T6605] ? __pfx____sys_sendmsg+0x10/0x10 [ 64.991015][ T6605] ? __lock_acquire+0x622/0x1c90 [ 64.991049][ T6605] __sys_sendmsg+0x16d/0x220 [ 64.991065][ T6605] ? __pfx___sys_sendmsg+0x10/0x10 [ 64.991090][ T6605] do_syscall_64+0xcd/0x4c0 [ 64.991107][ T6605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.991118][ T6605] RIP: 0033:0x7f49a5f8e929 [ 64.991127][ T6605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.991137][ T6605] RSP: 002b:00007f49a6dda038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.991147][ T6605] RAX: ffffffffffffffda RBX: 00007f49a61b5fa0 RCX: 00007f49a5f8e929 [ 64.991153][ T6605] RDX: 0000000000040884 RSI: 0000200000000300 RDI: 0000000000000003 [ 64.991159][ T6605] RBP: 00007f49a6dda090 R08: 0000000000000000 R09: 0000000000000000 [ 64.991165][ T6605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 64.991171][ T6605] R13: 0000000000000000 R14: 00007f49a61b5fa0 R15: 00007ffea85b4438 [ 64.991184][ T6605] [ 65.059653][ C1] vkms_vblank_simulate: vblank timer overrun [ 65.228764][ T6613] program syz.1.172 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 65.506497][ T6630] lo speed is unknown, defaulting to 1000 [ 65.520337][ T6636] SELinux: policydb string does not match my string SE Linux [ 65.522560][ T6636] SELinux: failed to load policy [ 65.600441][ T6632] /dev/sr0: Can't open blockdev [ 65.641465][ T6640] fuse: Unknown parameter 'fd-0x0000000000000003' [ 65.648802][ T6640] netlink: 'syz.2.179': attribute type 27 has an invalid length. [ 65.679093][ T6640] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.682340][ T6640] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.761971][ T6640] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.769827][ T6640] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.817061][ T6640] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.819918][ T6640] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.822781][ T6640] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.826017][ T6640] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.865558][ T6640] vlan2: left allmulticast mode [ 65.867157][ T6640] vlan1: left allmulticast mode [ 65.868710][ T6640] veth0_vlan: left allmulticast mode [ 65.871321][ T6028] lo speed is unknown, defaulting to 1000 [ 65.885279][ T29] cfg80211: failed to load regulatory.db [ 65.889578][ T6641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.892676][ T6641] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.898256][ T6641] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 65.916482][ T54] lo speed is unknown, defaulting to 1000 [ 65.918825][ T6028] lo speed is unknown, defaulting to 1000 [ 65.945228][ T6648] FAULT_INJECTION: forcing a failure. [ 65.945228][ T6648] name failslab, interval 1, probability 0, space 0, times 0 [ 65.950132][ T6648] CPU: 3 UID: 0 PID: 6648 Comm: syz.3.183 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 65.950154][ T6648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 65.950164][ T6648] Call Trace: [ 65.950171][ T6648] [ 65.950177][ T6648] dump_stack_lvl+0x16c/0x1f0 [ 65.950228][ T6648] should_fail_ex+0x512/0x640 [ 65.950254][ T6648] ? __kmalloc_noprof+0xbf/0x510 [ 65.950275][ T6648] ? _ib_alloc_device+0x3a/0x800 [ 65.950292][ T6648] should_failslab+0xc2/0x120 [ 65.950315][ T6648] __kmalloc_noprof+0xd2/0x510 [ 65.950337][ T6648] _ib_alloc_device+0x3a/0x800 [ 65.950347][ T6648] rxe_net_add+0x1d/0xe0 [ 65.950363][ T6648] rxe_newlink+0x70/0x190 [ 65.950377][ T6648] nldev_newlink+0x3a6/0x680 [ 65.950393][ T6648] ? __pfx_nldev_newlink+0x10/0x10 [ 65.950444][ T6648] ? cred_has_capability.isra.0+0x193/0x2f0 [ 65.950460][ T6648] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 65.950484][ T6648] ? security_capable+0x7e/0x260 [ 65.950497][ T6648] ? ns_capable+0xd7/0x110 [ 65.950508][ T6648] ? __pfx_nldev_newlink+0x10/0x10 [ 65.950524][ T6648] rdma_nl_rcv_msg+0x38a/0x6e0 [ 65.950540][ T6648] ? __pfx_rdma_nl_rcv_msg+0x10/0x10 [ 65.950558][ T6648] ? __lock_acquire+0x622/0x1c90 [ 65.950577][ T6648] rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430 [ 65.950595][ T6648] ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10 [ 65.950619][ T6648] ? netlink_deliver_tap+0x1ae/0xd30 [ 65.950630][ T6648] ? is_vmalloc_addr+0x86/0xa0 [ 65.950646][ T6648] netlink_unicast+0x53d/0x7f0 [ 65.950659][ T6648] ? __pfx_netlink_unicast+0x10/0x10 [ 65.950674][ T6648] netlink_sendmsg+0x8d1/0xdd0 [ 65.950688][ T6648] ? __pfx_netlink_sendmsg+0x10/0x10 [ 65.950706][ T6648] ____sys_sendmsg+0xa95/0xc70 [ 65.950718][ T6648] ? copy_msghdr_from_user+0x10a/0x160 [ 65.950734][ T6648] ? __pfx_____sys_sendmsg+0x10/0x10 [ 65.950753][ T6648] ___sys_sendmsg+0x134/0x1d0 [ 65.950769][ T6648] ? __pfx____sys_sendmsg+0x10/0x10 [ 65.950784][ T6648] ? __lock_acquire+0x622/0x1c90 [ 65.950817][ T6648] __sys_sendmsg+0x16d/0x220 [ 65.950833][ T6648] ? __pfx___sys_sendmsg+0x10/0x10 [ 65.950863][ T6648] do_syscall_64+0xcd/0x4c0 [ 65.950881][ T6648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.950893][ T6648] RIP: 0033:0x7f49b238e929 [ 65.950902][ T6648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.950911][ T6648] RSP: 002b:00007f49b3202038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.950923][ T6648] RAX: ffffffffffffffda RBX: 00007f49b25b5fa0 RCX: 00007f49b238e929 [ 65.950929][ T6648] RDX: 0000000000040884 RSI: 0000200000000300 RDI: 0000000000000003 [ 65.950936][ T6648] RBP: 00007f49b3202090 R08: 0000000000000000 R09: 0000000000000000 [ 65.950942][ T6648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.950947][ T6648] R13: 0000000000000000 R14: 00007f49b25b5fa0 R15: 00007fff0c698538 [ 65.950961][ T6648] [ 65.950966][ T6648] rdma_rxe: rxe_newlink: failed to add lo [ 66.093705][ T6656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.186'. [ 66.096451][ T6656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.186'. [ 66.100784][ T6656] netlink: 'syz.3.186': attribute type 14 has an invalid length. [ 66.146908][ T6660] netlink: 'syz.0.188': attribute type 1 has an invalid length. [ 66.149367][ T6660] netlink: 'syz.0.188': attribute type 2 has an invalid length. [ 66.154611][ T6660] netlink: 'syz.0.188': attribute type 1 has an invalid length. [ 66.157903][ T6660] netlink: 'syz.0.188': attribute type 2 has an invalid length. [ 66.185911][ T6660] netlink: 8 bytes leftover after parsing attributes in process `syz.0.188'. [ 66.216794][ T6664] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 66.220344][ T6664] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 66.228014][ T6669] bridge_slave_0: left allmulticast mode [ 66.229935][ T6669] bridge_slave_0: left promiscuous mode [ 66.231897][ T6669] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.249114][ T6669] bridge_slave_1: left allmulticast mode [ 66.250997][ T6669] bridge_slave_1: left promiscuous mode [ 66.258394][ T6669] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.268855][ T6669] bond0: (slave bond_slave_0): Releasing backup interface [ 66.276725][ T6669] bond0: (slave bond_slave_1): Releasing backup interface [ 66.294631][ T6669] team0: Port device team_slave_0 removed [ 66.300169][ T6669] team0: Port device team_slave_1 removed [ 66.302443][ T6669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 66.305326][ T6669] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 66.309000][ T6669] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 66.311227][ T6669] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 66.348304][ T6681] netlink: 'syz.0.194': attribute type 5 has an invalid length. [ 66.351231][ T6681] netlink: 'syz.0.194': attribute type 7 has an invalid length. [ 66.361455][ T6681] : entered promiscuous mode [ 66.447913][ T6689] rdma_rxe: rxe_newlink: failed to add lo [ 66.484487][ T6693] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 66.565125][ T6702] __nla_validate_parse: 1 callbacks suppressed [ 66.565142][ T6702] netlink: 36 bytes leftover after parsing attributes in process `syz.3.202'. [ 66.612912][ T6704] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 66.615012][ T6704] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 66.617426][ T6704] vhci_hcd vhci_hcd.0: Device attached [ 66.853413][ T6030] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 66.863603][ T6028] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 67.017730][ T6028] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 67.020636][ T6028] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 67.023157][ T6028] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 67.025759][ T6028] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.029386][ T6028] usb 8-1: config 0 descriptor?? [ 67.118409][ T6714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.206'. [ 67.121099][ T6714] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 67.123174][ T6714] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 67.154810][ T6718] netlink: 'syz.0.207': attribute type 29 has an invalid length. [ 67.166147][ T6718] netlink: 'syz.0.207': attribute type 29 has an invalid length. [ 67.173043][ T6718] input: syz1 as /devices/virtual/input/input10 [ 67.185945][ T6718] rdma_rxe: rxe_newlink: failed to add lo [ 67.237001][ T34] usb 8-1: USB disconnect, device number 5 [ 67.239920][ T6705] usb 43-1: recv xbuf, 0 [ 67.245481][ T12] vhci_hcd: stop threads [ 67.246928][ T12] vhci_hcd: release socket [ 67.250814][ T12] vhci_hcd: disconnect device [ 67.322516][ T6030] vhci_hcd: vhci_device speed not set [ 67.331989][ T6728] netlink: 'syz.2.211': attribute type 4 has an invalid length. [ 67.339138][ T6730] FAULT_INJECTION: forcing a failure. [ 67.339138][ T6730] name failslab, interval 1, probability 0, space 0, times 0 [ 67.343425][ T6730] CPU: 3 UID: 0 PID: 6730 Comm: syz.0.212 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 67.343441][ T6730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.343447][ T6730] Call Trace: [ 67.343451][ T6730] [ 67.343456][ T6730] dump_stack_lvl+0x16c/0x1f0 [ 67.343476][ T6730] should_fail_ex+0x512/0x640 [ 67.343491][ T6730] ? __kmalloc_noprof+0xbf/0x510 [ 67.343505][ T6730] ? alloc_port_data+0x12f/0x440 [ 67.343516][ T6730] should_failslab+0xc2/0x120 [ 67.343534][ T6730] __kmalloc_noprof+0xd2/0x510 [ 67.343548][ T6730] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 67.343566][ T6730] alloc_port_data+0x12f/0x440 [ 67.343578][ T6730] ib_device_set_netdev+0x100/0x860 [ 67.343588][ T6730] ? lockdep_init_map_type+0x5c/0x280 [ 67.343606][ T6730] ? debug_mutex_init+0x37/0x70 [ 67.343620][ T6730] rxe_register_device+0x23e/0x320 [ 67.343633][ T6730] rxe_net_add+0x8e/0xe0 [ 67.343649][ T6730] rxe_newlink+0x70/0x190 [ 67.343662][ T6730] nldev_newlink+0x3a6/0x680 [ 67.343683][ T6730] ? __pfx_nldev_newlink+0x10/0x10 [ 67.343735][ T6730] ? cred_has_capability.isra.0+0x193/0x2f0 [ 67.343751][ T6730] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 67.343775][ T6730] ? security_capable+0x7e/0x260 [ 67.343788][ T6730] ? ns_capable+0xd7/0x110 [ 67.343799][ T6730] ? __pfx_nldev_newlink+0x10/0x10 [ 67.343815][ T6730] rdma_nl_rcv_msg+0x38a/0x6e0 [ 67.343831][ T6730] ? __pfx_rdma_nl_rcv_msg+0x10/0x10 [ 67.343848][ T6730] ? __lock_acquire+0x622/0x1c90 [ 67.343867][ T6730] rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430 [ 67.343885][ T6730] ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10 [ 67.343907][ T6730] ? netlink_deliver_tap+0x1ae/0xd30 [ 67.343918][ T6730] ? is_vmalloc_addr+0x86/0xa0 [ 67.343934][ T6730] netlink_unicast+0x53d/0x7f0 [ 67.343947][ T6730] ? __pfx_netlink_unicast+0x10/0x10 [ 67.343963][ T6730] netlink_sendmsg+0x8d1/0xdd0 [ 67.343977][ T6730] ? __pfx_netlink_sendmsg+0x10/0x10 [ 67.343994][ T6730] ____sys_sendmsg+0xa95/0xc70 [ 67.344007][ T6730] ? copy_msghdr_from_user+0x10a/0x160 [ 67.344022][ T6730] ? __pfx_____sys_sendmsg+0x10/0x10 [ 67.344041][ T6730] ___sys_sendmsg+0x134/0x1d0 [ 67.344057][ T6730] ? __pfx____sys_sendmsg+0x10/0x10 [ 67.344072][ T6730] ? __lock_acquire+0x622/0x1c90 [ 67.344105][ T6730] __sys_sendmsg+0x16d/0x220 [ 67.344122][ T6730] ? __pfx___sys_sendmsg+0x10/0x10 [ 67.344147][ T6730] do_syscall_64+0xcd/0x4c0 [ 67.344165][ T6730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.344176][ T6730] RIP: 0033:0x7fb35598e929 [ 67.344186][ T6730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.344196][ T6730] RSP: 002b:00007fb3568dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 67.344206][ T6730] RAX: ffffffffffffffda RBX: 00007fb355bb5fa0 RCX: 00007fb35598e929 [ 67.344213][ T6730] RDX: 0000000000040884 RSI: 0000200000000300 RDI: 0000000000000003 [ 67.344219][ T6730] RBP: 00007fb3568dc090 R08: 0000000000000000 R09: 0000000000000000 [ 67.344225][ T6730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 67.344231][ T6730] R13: 0000000000000000 R14: 00007fb355bb5fa0 R15: 00007ffccc9fc258 [ 67.344244][ T6730] [ 67.344278][ T6730] rdma_rxe: rxe_newlink: failed to add lo [ 67.387212][ T6732] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 67.642137][ T6749] veth0: entered promiscuous mode [ 67.644349][ T6749] netlink: 4 bytes leftover after parsing attributes in process `syz.1.218'. [ 67.689759][ T6754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.696297][ T6754] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.787939][ T6757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.804253][ T6757] bond0: (slave gretap1): making interface the new active one [ 67.809538][ T6757] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 67.818682][ T6760] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 67.822437][ T6760] rdma_rxe: rxe_newlink: failed to add lo [ 67.847921][ T6763] openvswitch: netlink: IP tunnel dst address not specified [ 67.850925][ T40] kauditd_printk_skb: 63 callbacks suppressed [ 67.850933][ T40] audit: type=1400 audit(1750307852.503:362): avc: denied { map } for pid=6762 comm="syz.1.223" path="socket:[12539]" dev="sockfs" ino=12539 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 67.863647][ T40] audit: type=1400 audit(1750307852.512:363): avc: denied { read accept } for pid=6762 comm="syz.1.223" path="socket:[12539]" dev="sockfs" ino=12539 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 67.909134][ T40] audit: type=1400 audit(1750307852.561:364): avc: denied { write } for pid=6771 comm="syz.3.226" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 67.911859][ T6773] binder: 6771:6773 ioctl c0306201 2000000003c0 returned -14 [ 67.916806][ T40] audit: type=1400 audit(1750307852.561:365): avc: denied { ioctl } for pid=6771 comm="syz.3.226" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 67.927844][ T40] audit: type=1400 audit(1750307852.561:366): avc: denied { set_context_mgr } for pid=6771 comm="syz.3.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 67.934532][ T40] audit: type=1400 audit(1750307852.561:367): avc: denied { map } for pid=6771 comm="syz.3.226" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 67.935228][ T2067] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 68.005433][ T40] audit: type=1400 audit(1750307852.660:368): avc: denied { bind } for pid=6779 comm="syz.3.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 68.012448][ T40] audit: type=1400 audit(1750307852.660:369): avc: denied { accept } for pid=6779 comm="syz.3.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 68.018550][ T40] audit: type=1400 audit(1750307852.660:370): avc: denied { listen } for pid=6779 comm="syz.3.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 68.046647][ T6786] netlink: 28 bytes leftover after parsing attributes in process `syz.3.229'. [ 68.050797][ T6786] ipt_ECN: cannot use operation on non-tcp rule [ 68.086573][ T2067] usb 7-1: device descriptor read/64, error -71 [ 68.294939][ T6791] Bluetooth: hci4: Frame reassembly failed (-84) [ 68.299624][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 68.340077][ T2067] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 68.482313][ T2067] usb 7-1: device descriptor read/64, error -71 [ 68.606053][ T2067] usb usb7-port1: attempt power cycle [ 68.836887][ T6796] FAULT_INJECTION: forcing a failure. [ 68.836887][ T6796] name failslab, interval 1, probability 0, space 0, times 0 [ 68.841133][ T6796] CPU: 0 UID: 0 PID: 6796 Comm: syz.1.231 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 68.841148][ T6796] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.841154][ T6796] Call Trace: [ 68.841158][ T6796] [ 68.841162][ T6796] dump_stack_lvl+0x16c/0x1f0 [ 68.841198][ T6796] should_fail_ex+0x512/0x640 [ 68.841217][ T6796] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 68.841235][ T6796] should_failslab+0xc2/0x120 [ 68.841250][ T6796] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 68.841265][ T6796] ? __lock_acquire+0xb8a/0x1c90 [ 68.841281][ T6796] ? kstrdup_const+0x63/0x80 [ 68.841298][ T6796] kstrdup+0x53/0x100 [ 68.841312][ T6796] kstrdup_const+0x63/0x80 [ 68.841325][ T6796] kvasprintf_const+0x164/0x1a0 [ 68.841342][ T6796] kobject_set_name_vargs+0x5a/0x140 [ 68.841354][ T6796] dev_set_name+0xc7/0x100 [ 68.841367][ T6796] ? __pfx_dev_set_name+0x10/0x10 [ 68.841379][ T6796] ? down_write+0x14d/0x200 [ 68.841390][ T6796] ? __pfx_down_write+0x10/0x10 [ 68.841400][ T6796] ? xa_load+0x153/0x2c0 [ 68.841412][ T6796] ib_register_device+0x7df/0xe00 [ 68.841424][ T6796] ? mark_held_locks+0x49/0x80 [ 68.841440][ T6796] ? __pfx_ib_register_device+0x10/0x10 [ 68.841450][ T6796] ? lockdep_hardirqs_on+0x7c/0x110 [ 68.841466][ T6796] ? ib_device_set_netdev+0x7e/0x860 [ 68.841480][ T6796] rxe_register_device+0x275/0x320 [ 68.841493][ T6796] rxe_net_add+0x8e/0xe0 [ 68.841509][ T6796] rxe_newlink+0x70/0x190 [ 68.841523][ T6796] nldev_newlink+0x3a6/0x680 [ 68.841539][ T6796] ? __pfx_nldev_newlink+0x10/0x10 [ 68.841590][ T6796] ? cred_has_capability.isra.0+0x193/0x2f0 [ 68.841606][ T6796] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 68.841630][ T6796] ? security_capable+0x7e/0x260 [ 68.841643][ T6796] ? ns_capable+0xd7/0x110 [ 68.841654][ T6796] ? __pfx_nldev_newlink+0x10/0x10 [ 68.841675][ T6796] rdma_nl_rcv_msg+0x38a/0x6e0 [ 68.841691][ T6796] ? __pfx_rdma_nl_rcv_msg+0x10/0x10 [ 68.841709][ T6796] ? __lock_acquire+0x622/0x1c90 [ 68.841728][ T6796] rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430 [ 68.841746][ T6796] ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10 [ 68.841768][ T6796] ? netlink_deliver_tap+0x1ae/0xd30 [ 68.841780][ T6796] ? is_vmalloc_addr+0x86/0xa0 [ 68.841796][ T6796] netlink_unicast+0x53d/0x7f0 [ 68.841809][ T6796] ? __pfx_netlink_unicast+0x10/0x10 [ 68.841825][ T6796] netlink_sendmsg+0x8d1/0xdd0 [ 68.841839][ T6796] ? __pfx_netlink_sendmsg+0x10/0x10 [ 68.841856][ T6796] ____sys_sendmsg+0xa95/0xc70 [ 68.841868][ T6796] ? copy_msghdr_from_user+0x10a/0x160 [ 68.841884][ T6796] ? __pfx_____sys_sendmsg+0x10/0x10 [ 68.841903][ T6796] ___sys_sendmsg+0x134/0x1d0 [ 68.841920][ T6796] ? __pfx____sys_sendmsg+0x10/0x10 [ 68.841934][ T6796] ? __lock_acquire+0x622/0x1c90 [ 68.841968][ T6796] __sys_sendmsg+0x16d/0x220 [ 68.841985][ T6796] ? __pfx___sys_sendmsg+0x10/0x10 [ 68.842010][ T6796] do_syscall_64+0xcd/0x4c0 [ 68.842028][ T6796] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.842039][ T6796] RIP: 0033:0x7f968b58e929 [ 68.842048][ T6796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.842058][ T6796] RSP: 002b:00007f968c4a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 68.842069][ T6796] RAX: ffffffffffffffda RBX: 00007f968b7b5fa0 RCX: 00007f968b58e929 [ 68.842075][ T6796] RDX: 0000000000040884 RSI: 0000200000000300 RDI: 0000000000000003 [ 68.842081][ T6796] RBP: 00007f968c4a1090 R08: 0000000000000000 R09: 0000000000000000 [ 68.842087][ T6796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 68.842093][ T6796] R13: 0000000000000000 R14: 00007f968b7b5fa0 R15: 00007ffe949ac3a8 [ 68.842107][ T6796] [ 68.842617][ T6796] rdma_rxe: rxe_newlink: failed to add lo [ 68.972374][ T2067] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 69.001268][ T2067] usb 7-1: device descriptor read/8, error -71 [ 69.002536][ T6798] netlink: 4 bytes leftover after parsing attributes in process `syz.1.232'. [ 69.007081][ T6798] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 69.055947][ T40] audit: type=1400 audit(1750307853.692:371): avc: denied { module_load } for pid=6801 comm="syz.1.234" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=system permissive=1 [ 69.056661][ T6802] kernel read not supported for file /policy (pid: 6802 comm: syz.1.234) [ 69.255044][ T2067] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 69.263071][ T6826] rdma_rxe: rxe_newlink: failed to add lo [ 69.265645][ T6826] FAULT_INJECTION: forcing a failure. [ 69.265645][ T6826] name failslab, interval 1, probability 0, space 0, times 0 [ 69.270478][ T6826] CPU: 2 UID: 0 PID: 6826 Comm: syz.1.240 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 69.270493][ T6826] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.270499][ T6826] Call Trace: [ 69.270503][ T6826] [ 69.270508][ T6826] dump_stack_lvl+0x16c/0x1f0 [ 69.270527][ T6826] should_fail_ex+0x512/0x640 [ 69.270542][ T6826] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 69.270559][ T6826] should_failslab+0xc2/0x120 [ 69.270575][ T6826] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 69.270588][ T6826] ? __up_read+0x1f8/0x750 [ 69.270603][ T6826] ? __alloc_skb+0x2b2/0x380 [ 69.270622][ T6826] __alloc_skb+0x2b2/0x380 [ 69.270636][ T6826] ? __pfx___alloc_skb+0x10/0x10 [ 69.270656][ T6826] netlink_ack+0x15d/0xb80 [ 69.270669][ T6826] ? __lock_acquire+0x622/0x1c90 [ 69.270688][ T6826] rdma_nl_rcv_skb.constprop.0.isra.0+0x330/0x430 [ 69.270707][ T6826] ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10 [ 69.270729][ T6826] ? netlink_deliver_tap+0x1ae/0xd30 [ 69.270739][ T6826] ? is_vmalloc_addr+0x86/0xa0 [ 69.270755][ T6826] netlink_unicast+0x53d/0x7f0 [ 69.270768][ T6826] ? __pfx_netlink_unicast+0x10/0x10 [ 69.270783][ T6826] netlink_sendmsg+0x8d1/0xdd0 [ 69.270796][ T6826] ? __pfx_netlink_sendmsg+0x10/0x10 [ 69.270813][ T6826] ____sys_sendmsg+0xa95/0xc70 [ 69.270825][ T6826] ? copy_msghdr_from_user+0x10a/0x160 [ 69.270841][ T6826] ? __pfx_____sys_sendmsg+0x10/0x10 [ 69.270861][ T6826] ___sys_sendmsg+0x134/0x1d0 [ 69.270878][ T6826] ? __pfx____sys_sendmsg+0x10/0x10 [ 69.270892][ T6826] ? __lock_acquire+0x622/0x1c90 [ 69.270925][ T6826] __sys_sendmsg+0x16d/0x220 [ 69.270941][ T6826] ? __pfx___sys_sendmsg+0x10/0x10 [ 69.270966][ T6826] do_syscall_64+0xcd/0x4c0 [ 69.270983][ T6826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.270994][ T6826] RIP: 0033:0x7f968b58e929 [ 69.271003][ T6826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.271013][ T6826] RSP: 002b:00007f968c4a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.271023][ T6826] RAX: ffffffffffffffda RBX: 00007f968b7b5fa0 RCX: 00007f968b58e929 [ 69.271030][ T6826] RDX: 0000000000040884 RSI: 0000200000000300 RDI: 0000000000000003 [ 69.271036][ T6826] RBP: 00007f968c4a1090 R08: 0000000000000000 R09: 0000000000000000 [ 69.271042][ T6826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 69.271048][ T6826] R13: 0000000000000000 R14: 00007f968b7b5fa0 R15: 00007ffe949ac3a8 [ 69.271061][ T6826] [ 69.276922][ T2067] usb 7-1: device descriptor read/8, error -71 [ 69.416968][ T6815] kvm: kvm [6814]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xe525 [ 69.478730][ T2067] usb usb7-port1: unable to enumerate USB device [ 69.623300][ T6834] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 69.716623][ T6844] IPVS: persistence engine module ip_vs_pe_s not found [ 69.768353][ T6847] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=6847 comm=syz.3.247 [ 69.826459][ T6855] rdma_rxe: rxe_newlink: failed to add lo [ 69.828428][ T6855] FAULT_INJECTION: forcing a failure. [ 69.828428][ T6855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 69.832530][ T6855] CPU: 3 UID: 0 PID: 6855 Comm: syz.3.250 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 69.832545][ T6855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.832552][ T6855] Call Trace: [ 69.832557][ T6855] [ 69.832561][ T6855] dump_stack_lvl+0x16c/0x1f0 [ 69.832582][ T6855] should_fail_ex+0x512/0x640 [ 69.832599][ T6855] _copy_to_user+0x32/0xd0 [ 69.832616][ T6855] simple_read_from_buffer+0xcb/0x170 [ 69.832631][ T6855] proc_fail_nth_read+0x197/0x270 [ 69.832645][ T6855] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 69.832659][ T6855] ? rw_verify_area+0xcf/0x680 [ 69.832671][ T6855] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 69.832684][ T6855] vfs_read+0x1e4/0xc60 [ 69.832699][ T6855] ? __pfx___mutex_lock+0x10/0x10 [ 69.832716][ T6855] ? __pfx_vfs_read+0x10/0x10 [ 69.832732][ T6855] ? __fget_files+0x20e/0x3c0 [ 69.832751][ T6855] ksys_read+0x12a/0x250 [ 69.832764][ T6855] ? __pfx_ksys_read+0x10/0x10 [ 69.832781][ T6855] do_syscall_64+0xcd/0x4c0 [ 69.832799][ T6855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.832810][ T6855] RIP: 0033:0x7f49b238d33c [ 69.832819][ T6855] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 69.832829][ T6855] RSP: 002b:00007f49b3202030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 69.832839][ T6855] RAX: ffffffffffffffda RBX: 00007f49b25b5fa0 RCX: 00007f49b238d33c [ 69.832847][ T6855] RDX: 000000000000000f RSI: 00007f49b32020a0 RDI: 0000000000000004 [ 69.832856][ T6855] RBP: 00007f49b3202090 R08: 0000000000000000 R09: 0000000000000000 [ 69.832865][ T6855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 69.832873][ T6855] R13: 0000000000000000 R14: 00007f49b25b5fa0 R15: 00007fff0c698538 [ 69.832895][ T6855] [ 69.914728][ T6858] program syz.3.251 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 69.920139][ T5953] Bluetooth: hci3: ACL packet for unknown connection handle 2912 [ 69.927768][ T1070] Bluetooth: hci5: Frame reassembly failed (-84) [ 69.986331][ T5952] Bluetooth: hci3: command tx timeout [ 70.393308][ T5952] Bluetooth: hci4: command 0xfc11 tx timeout [ 70.394958][ T5947] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 70.428894][ T6862] xt_hashlimit: size too large, truncated to 1048576 [ 70.635713][ T5947] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 70.668979][ T6875] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 70.672470][ T6875] overlayfs: missing 'lowerdir' [ 70.677600][ T5947] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 70.736807][ T6882] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.762623][ T6884] netlink: 104 bytes leftover after parsing attributes in process `syz.1.261'. [ 70.822149][ T6882] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.904910][ T6892] overlay: ./file0 is not a directory [ 70.932212][ T6894] netlink: 36 bytes leftover after parsing attributes in process `syz.1.265'. [ 70.941899][ T6882] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.990938][ T6896] netlink: 32 bytes leftover after parsing attributes in process `syz.1.266'. [ 71.004142][ T6882] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.031114][ T6900] netlink: 100 bytes leftover after parsing attributes in process `syz.1.267'. [ 71.069712][ T6902] 8021q: adding VLAN 0 to HW filter on device bond2 [ 71.084985][ T6902] 8021q: adding VLAN 0 to HW filter on device bond2 [ 71.087241][ T6902] bond2: (slave wireguard0): The slave device specified does not support setting the MAC address [ 71.090928][ T6902] bond2: (slave wireguard0): Error -95 calling set_mac_address [ 71.109076][ T6882] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.117239][ T6882] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.125935][ T6882] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.136655][ T6905] bond2: (slave dummy0): making interface the new active one [ 71.139339][ T6905] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 71.146638][ T6882] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.293242][ T6915] netlink: 16 bytes leftover after parsing attributes in process `syz.1.272'. [ 71.298611][ T6915] afs: Unknown parameter '|yn' [ 71.400360][ T6924] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 71.453727][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.456586][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.489126][ T6931] tun0: tun_chr_ioctl cmd 1074025675 [ 71.491435][ T6931] tun0: persist enabled [ 71.493466][ T6931] tun0: tun_chr_ioctl cmd 1074025675 [ 71.495688][ T6931] tun0: persist disabled [ 71.498926][ T6931] rdma_rxe: rxe_newlink: failed to add lo [ 71.673376][ T6940] __nla_validate_parse: 2 callbacks suppressed [ 71.673387][ T6940] netlink: 20 bytes leftover after parsing attributes in process `syz.0.278'. [ 71.716418][ T6942] netlink: 788 bytes leftover after parsing attributes in process `syz.2.280'. [ 71.830657][ T6952] validate_nla: 3 callbacks suppressed [ 71.830669][ T6952] netlink: 'syz.1.284': attribute type 1 has an invalid length. [ 71.845695][ T6952] 8021q: adding VLAN 0 to HW filter on device bond3 [ 71.873672][ T6952] bond3: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 72.015420][ T5947] Bluetooth: hci5: command 0xfc11 tx timeout [ 72.015575][ T5953] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 72.060389][ T6969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.289'. [ 72.063863][ T6969] openvswitch: netlink: Flow key attr not present in new flow. [ 72.073783][ T6969] netlink: 700 bytes leftover after parsing attributes in process `syz.1.289'. [ 72.203242][ T5947] Bluetooth: hci0: hardware error 0x71 [ 72.395288][ T6991] netlink: 4 bytes leftover after parsing attributes in process `syz.2.295'. [ 72.408761][ T6990] team0: Device gtp1 is of different type [ 72.632714][ T7014] netlink: 20 bytes leftover after parsing attributes in process `syz.0.301'. [ 72.632783][ T7015] netlink: 20 bytes leftover after parsing attributes in process `syz.0.301'. [ 72.648518][ T7013] netlink: 'syz.0.301': attribute type 1 has an invalid length. [ 72.669820][ T7013] 8021q: adding VLAN 0 to HW filter on device bond2 [ 72.678834][ T7013] bond2: (slave geneve2): making interface the new active one [ 72.682150][ T7013] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 72.721612][ T7031] netlink: 'syz.0.304': attribute type 15 has an invalid length. [ 72.726382][ T7031] netlink: 24 bytes leftover after parsing attributes in process `syz.0.304'. [ 72.757793][ T7037] block nbd0: NBD_DISCONNECT [ 72.835290][ T7042] netlink: 'syz.2.308': attribute type 1 has an invalid length. [ 72.852271][ T7042] 8021q: adding VLAN 0 to HW filter on device bond2 [ 72.881018][ T7043] veth3: entered promiscuous mode [ 72.890497][ T7043] bond2: (slave veth3): Enslaving as an active interface with a down link [ 72.902509][ T7042] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.905918][ T7042] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.910043][ T7042] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.912725][ T7042] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.916858][ T7042] bond2: (slave geneve2): making interface the new active one [ 72.920429][ T7042] geneve2: entered promiscuous mode [ 72.922867][ T7042] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 73.010654][ T40] kauditd_printk_skb: 31 callbacks suppressed [ 73.010670][ T40] audit: type=1326 audit(1750307857.586:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.019999][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 73.024753][ T40] audit: type=1326 audit(1750307857.586:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.033552][ T40] audit: type=1326 audit(1750307857.586:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.047537][ T40] audit: type=1326 audit(1750307857.586:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.057029][ T40] audit: type=1326 audit(1750307857.586:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.066276][ T40] audit: type=1326 audit(1750307857.586:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.076565][ T40] audit: type=1326 audit(1750307857.586:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.085513][ T40] audit: type=1326 audit(1750307857.586:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.094432][ T40] audit: type=1326 audit(1750307857.586:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.102109][ T40] audit: type=1326 audit(1750307857.586:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7046 comm="syz.1.307" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f968b58e929 code=0x50000 [ 73.182062][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 73.184928][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 73.188375][ T24] usb 5-1: New USB device found, idVendor=044f, idProduct=b654, bcdDevice= 0.00 [ 73.191256][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.195049][ T24] usb 5-1: config 0 descriptor?? [ 73.197255][ T7062] sg_write: data in/out 3171656/120 bytes for SCSI command 0x0-- guessing data in; [ 73.197255][ T7062] program syz.3.311 not setting count and/or reply_len properly [ 73.458012][ T7074] netlink: 16 bytes leftover after parsing attributes in process `syz.0.305'. [ 73.463135][ T7074] netlink: 'syz.0.305': attribute type 12 has an invalid length. [ 73.465735][ T7074] netlink: 'syz.0.305': attribute type 29 has an invalid length. [ 73.468554][ T7074] netlink: 148 bytes leftover after parsing attributes in process `syz.0.305'. [ 73.565307][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 73.595556][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 73.612306][ T7077] syz0: rxe_newlink: already configured on lo [ 74.245501][ T7086] mkiss: ax0: crc mode is auto. [ 74.285659][ T5947] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 74.455946][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 74.458734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 74.461256][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 74.596572][ T7090] block nbd0: not configured, cannot reconfigure [ 74.647955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 74.650529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 75.136788][ T7111] netlink: 'syz.2.325': attribute type 4 has an invalid length. [ 75.143123][ T6835] lo speed is unknown, defaulting to 1000 [ 75.145549][ T6835] syz0: Port: 1 Link DOWN [ 75.147134][ T6835] lo speed is unknown, defaulting to 1000 [ 75.218113][ T7111] netlink: 'syz.2.325': attribute type 4 has an invalid length. [ 75.234528][ T34] lo speed is unknown, defaulting to 1000 [ 75.237047][ T34] syz0: Port: 1 Link ACTIVE [ 75.238961][ T34] lo speed is unknown, defaulting to 1000 [ 75.267763][ T7113] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 75.329662][ T7113] CUSE: info not properly terminated [ 75.464312][ T7125] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 75.476761][ T7127] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=61476 sclass=netlink_route_socket pid=7127 comm=syz.3.330 [ 75.721195][ T7140] xt_hashlimit: size too large, truncated to 1048576 [ 75.829316][ T24] usbhid 5-1:0.0: can't add hid device: -71 [ 75.831486][ T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 75.839246][ T24] usb 5-1: USB disconnect, device number 3 [ 75.874201][ T7151] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 75.919813][ T7151] xt_hashlimit: size too large, truncated to 1048576 [ 76.117024][ T7171] netlink: 'syz.0.340': attribute type 9 has an invalid length. [ 76.120372][ T7171] netlink: 'syz.0.340': attribute type 7 has an invalid length. [ 76.205429][ T7179] syz0: rxe_newlink: already configured on lo [ 76.264968][ T7184] mmap: syz.2.348 (7184) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 76.272848][ T7184] openvswitch: netlink: Duplicate key (type 0). [ 76.346556][ T6030] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 76.430304][ T7191] Invalid logical block size (53244) [ 76.507857][ T6030] usb 8-1: Using ep0 maxpacket: 16 [ 76.522846][ T6030] usb 8-1: config 0 has too many interfaces: 111, using maximum allowed: 32 [ 76.525616][ T6030] usb 8-1: config 0 has an invalid interface number: 157 but max is 110 [ 76.528802][ T6030] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 76.533073][ T6030] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 111 [ 76.536713][ T6030] usb 8-1: config 0 has no interface number 0 [ 76.540346][ T6030] usb 8-1: New USB device found, idVendor=058f, idProduct=9720, bcdDevice=fb.74 [ 76.543180][ T6030] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.545683][ T6030] usb 8-1: Product: syz [ 76.547175][ T6030] usb 8-1: Manufacturer: syz [ 76.548894][ T6030] usb 8-1: SerialNumber: syz [ 76.551584][ T6030] usb 8-1: config 0 descriptor?? [ 76.554616][ T6030] pl2303 8-1:0.157: required endpoints missing [ 76.657752][ T7205] sch_fq: defrate 0 ignored. [ 76.757715][ T7165] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 76.775082][ T836] usb 8-1: USB disconnect, device number 6 [ 76.817789][ T7214] loop4: detected capacity change from 0 to 2 [ 76.847968][ T7217] __nla_validate_parse: 6 callbacks suppressed [ 76.847980][ T7217] netlink: 8 bytes leftover after parsing attributes in process `syz.3.360'. [ 76.854208][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.3.360'. [ 76.903727][ T7219] bio_check_eod: 3 callbacks suppressed [ 76.903738][ T7219] syz.3.361: attempt to access beyond end of device [ 76.903738][ T7219] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 76.911634][ T7219] syz.3.361: attempt to access beyond end of device [ 76.911634][ T7219] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 76.918549][ T7219] Mount JFS Failure: -5 [ 76.920148][ T7219] jfs_mount failed w/return code = -5 [ 77.079346][ T7228] kvm: pic: non byte write [ 77.084197][ T7228] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns [ 77.146359][ T7228] pvfs2: Unknown parameter 'fuse' [ 77.184696][ T1338] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 77.335995][ T1338] usb 7-1: Using ep0 maxpacket: 16 [ 77.339082][ T1338] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 77.341997][ T1338] usb 7-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 77.345574][ T1338] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.349667][ T1338] usb 7-1: config 0 descriptor?? [ 77.559250][ T7221] warning: `syz.2.362' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 77.564178][ T7221] tipc: Started in network mode [ 77.565978][ T7221] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711 [ 77.568981][ T7221] tipc: Enabling of bearer rejected, failed to enable media [ 77.574150][ T34] usb 7-1: USB disconnect, device number 7 [ 78.054465][ T7244] geneve2: entered promiscuous mode [ 78.056229][ T7244] geneve2: entered allmulticast mode [ 78.108635][ T40] kauditd_printk_skb: 52016 callbacks suppressed [ 78.108669][ T40] audit: type=1400 audit(1750307862.631:52429): avc: denied { write } for pid=7245 comm="syz.2.371" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 78.146844][ T75] bond0: (slave bond_slave_0): interface is now down [ 78.151781][ T40] audit: type=1400 audit(1750307862.670:52430): avc: denied { getopt } for pid=7252 comm="syz.2.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 78.154981][ T75] bond0: (slave bond_slave_1): interface is now down [ 78.162878][ T75] bond0: now running without any active interface! [ 78.222987][ T40] audit: type=1400 audit(1750307862.740:52431): avc: denied { unmount } for pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 78.281671][ T40] audit: type=1400 audit(1750307862.799:52432): avc: denied { mounton } for pid=7264 comm="syz.1.378" path="/106/file0/bus" dev="ramfs" ino=13140 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 78.283900][ T7265] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 78.291161][ T7265] overlayfs: failed to set xattr on upper [ 78.293024][ T7265] overlayfs: ...falling back to redirect_dir=nofollow. [ 78.295367][ T7265] overlayfs: ...falling back to metacopy=off. [ 78.297257][ T7265] overlayfs: ...falling back to index=off. [ 78.299063][ T7265] overlayfs: ...falling back to uuid=null. [ 78.337179][ T7271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.380'. [ 78.465525][ T7280] netlink: 328 bytes leftover after parsing attributes in process `syz.1.383'. [ 78.809998][ T5947] Bluetooth: hci3: command tx timeout [ 78.815549][ T7299] support for the xor transformation has been removed. [ 78.864811][ T7301] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 78.915099][ T7304] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 78.968099][ T7311] binder: 7310:7311 ioctl c0306201 200000000040 returned -22 [ 79.134512][ T7319] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 79.136604][ T7319] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 79.142380][ T7319] vhci_hcd vhci_hcd.0: Device attached [ 79.148945][ T40] audit: type=1400 audit(1750307863.662:52433): avc: denied { getopt } for pid=7318 comm="syz.2.395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 79.153954][ T7319] vhci_hcd vhci_hcd.0: port 0 already used [ 79.160214][ T7320] vhci_hcd: connection closed [ 79.160316][ T60] vhci_hcd: stop threads [ 79.163568][ T60] vhci_hcd: release socket [ 79.163799][ T40] audit: type=1400 audit(1750307863.681:52434): avc: denied { module_load } for pid=7322 comm="syz.0.396" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=2061 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 79.165049][ T60] vhci_hcd: disconnect device [ 79.292346][ T40] audit: type=1400 audit(1750307863.800:52435): avc: denied { connect } for pid=7334 comm="syz.1.399" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 79.298659][ T40] audit: type=1400 audit(1750307863.800:52436): avc: denied { read } for pid=7334 comm="syz.1.399" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 79.336164][ T40] audit: type=1400 audit(1750307863.850:52437): avc: denied { create } for pid=7338 comm="syz.1.401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 79.342330][ T40] audit: type=1400 audit(1750307863.850:52438): avc: denied { connect } for pid=7338 comm="syz.1.401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 79.397885][ T7343] Invalid source name [ 79.399703][ T7343] UBIFS error (pid: 7343): cannot open "./file0", error -22 [ 79.401919][ T7343] binder: Bad value for 'max' [ 79.458297][ T7350] IPv6: sit1: Disabled Multicast RS [ 79.460690][ T7350] sit1: entered allmulticast mode [ 79.512175][ T7351] IPv6: sit1: Disabled Multicast RS [ 79.514264][ T7351] sit1: entered allmulticast mode [ 79.792526][ T7376] bpf: Bad value for 'uid' [ 79.795744][ T7376] netlink: 36 bytes leftover after parsing attributes in process `syz.2.412'. [ 79.835110][ T7383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'. [ 79.838013][ T7383] netlink: 12 bytes leftover after parsing attributes in process `syz.2.414'. [ 79.840843][ T7383] validate_nla: 3 callbacks suppressed [ 79.840850][ T7383] netlink: 'syz.2.414': attribute type 18 has an invalid length. [ 79.886237][ T7390] netlink: 12 bytes leftover after parsing attributes in process `syz.0.417'. [ 79.948006][ T7396] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 80.181925][ T5947] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 80.184759][ T5947] Bluetooth: hci3: Injecting HCI hardware error event [ 80.187911][ T5953] Bluetooth: hci3: hardware error 0x00 [ 80.303844][ T7414] syzkaller0: entered promiscuous mode [ 80.303975][ T6030] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 80.306157][ T7414] syzkaller0: entered allmulticast mode [ 80.467763][ T6030] usb 6-1: Using ep0 maxpacket: 32 [ 80.477415][ T6030] usb 6-1: config 6 has an invalid interface number: 199 but max is 3 [ 80.480550][ T6030] usb 6-1: config 6 has an invalid interface number: 127 but max is 3 [ 80.484080][ T6030] usb 6-1: config 6 has an invalid interface number: 104 but max is 3 [ 80.486727][ T6030] usb 6-1: config 6 has an invalid interface number: 109 but max is 3 [ 80.489372][ T6030] usb 6-1: config 6 has no interface number 0 [ 80.491609][ T6030] usb 6-1: config 6 has no interface number 1 [ 80.493777][ T6030] usb 6-1: config 6 has no interface number 2 [ 80.495979][ T6030] usb 6-1: config 6 has no interface number 3 [ 80.498087][ T6030] usb 6-1: config 6 interface 104 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 80.503206][ T6030] usb 6-1: config 6 interface 104 altsetting 1 endpoint 0x3 has invalid maxpacket 1416, setting to 1024 [ 80.508292][ T6030] usb 6-1: config 6 interface 104 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 80.512812][ T6030] usb 6-1: config 6 interface 109 altsetting 15 has a duplicate endpoint with address 0x7, skipping [ 80.516556][ T6030] usb 6-1: config 6 interface 109 altsetting 15 bulk endpoint 0xF has invalid maxpacket 32 [ 80.519861][ T6030] usb 6-1: config 6 interface 109 altsetting 15 has a duplicate endpoint with address 0xE, skipping [ 80.523778][ T6030] usb 6-1: config 6 interface 109 altsetting 15 has a duplicate endpoint with address 0x7, skipping [ 80.528236][ T6030] usb 6-1: config 6 interface 109 altsetting 15 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 80.532747][ T6030] usb 6-1: config 6 interface 109 altsetting 15 has a duplicate endpoint with address 0xF, skipping [ 80.537036][ T6030] usb 6-1: config 6 interface 109 altsetting 15 has a duplicate endpoint with address 0x7, skipping [ 80.541389][ T6030] usb 6-1: config 6 interface 199 has no altsetting 0 [ 80.543717][ T6030] usb 6-1: config 6 interface 127 has no altsetting 0 [ 80.548165][ T6030] usb 6-1: config 6 interface 104 has no altsetting 0 [ 80.550427][ T6030] usb 6-1: config 6 interface 109 has no altsetting 0 [ 80.555079][ T6030] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0102, bcdDevice=b1.ca [ 80.558092][ T6030] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.560630][ T6030] usb 6-1: Product: syz [ 80.562045][ T6030] usb 6-1: Manufacturer: syz [ 80.563617][ T6030] usb 6-1: SerialNumber: syz [ 80.708682][ T7419] sctp: [Deprecated]: syz.2.425 (pid 7419) Use of int in max_burst socket option. [ 80.708682][ T7419] Use struct sctp_assoc_value instead [ 81.448000][ T7426] binder: 7425:7426 ioctl c0306201 200000000080 returned -14 [ 81.452000][ T7424] mkiss: ax0: crc mode is auto. [ 81.510545][ T7424] netlink: 68 bytes leftover after parsing attributes in process `syz.2.427'. [ 81.519404][ T7430] sctp: [Deprecated]: syz.3.430 (pid 7430) Use of struct sctp_assoc_value in delayed_ack socket option. [ 81.519404][ T7430] Use struct sctp_sack_info instead [ 81.586297][ T7428] 9pnet_fd: p9_fd_create_tcp (7428): problem connecting socket to 127.0.0.1 [ 81.668491][ T7437] overlayfs: missing 'workdir' [ 81.744007][ T7439] netlink: 8 bytes leftover after parsing attributes in process `syz.2.432'. [ 81.853710][ T9] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 82.016216][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 82.019924][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 82.024637][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 82.027592][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.031578][ T9] usb 5-1: config 0 descriptor?? [ 82.037644][ T7428] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 82.247505][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 82.249538][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 82.254267][ T9] usb 5-1: USB disconnect, device number 4 [ 82.276374][ T5953] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 82.586817][ T7445] Cannot find map_set index 0 as target [ 82.645135][ T7441] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 83.076922][ T6030] kvaser_usb 6-1:6.199: error -ENODEV: Cannot get usb endpoint(s) [ 83.086984][ T6030] kvaser_usb 6-1:6.127: error -ENODEV: Cannot get usb endpoint(s) [ 83.090700][ T7452] program syz.1.436 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 83.091626][ T6030] kvaser_usb 6-1:6.104: error -ENODEV: Cannot get usb endpoint(s) [ 83.098709][ T6030] kvaser_usb 6-1:6.109: error -ENODEV: Cannot get usb endpoint(s) [ 83.105341][ T6030] usb 6-1: USB disconnect, device number 3 [ 83.180017][ T7454] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 83.186174][ T7454] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 83.312334][ T7460] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=7460 comm=syz.2.439 [ 83.358341][ T7468] netlink: 16 bytes leftover after parsing attributes in process `syz.2.441'. [ 83.373280][ T7465] netlink: 28 bytes leftover after parsing attributes in process `syz.1.440'. [ 83.377789][ T7465] netlink: 28 bytes leftover after parsing attributes in process `syz.1.440'. [ 83.444077][ T40] kauditd_printk_skb: 26 callbacks suppressed [ 83.444089][ T40] audit: type=1400 audit(1750307867.920:52465): avc: denied { read write } for pid=7477 comm="syz.2.445" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 83.454090][ T40] audit: type=1400 audit(1750307867.920:52466): avc: denied { open } for pid=7477 comm="syz.2.445" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 83.469530][ T7473] hfs: can't find a HFS filesystem on dev sr0 [ 83.565975][ T7490] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 83.570667][ T7490] Cannot find del_set index 0 as target [ 83.667299][ T7498] Illegal XDP return value 4412814 on prog (id 115) dev syz_tun, expect packet loss! [ 83.917509][ T6030] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 83.932405][ T7503] SELinux: Context is not valid (left unmapped). [ 84.063214][ T40] audit: type=1400 audit(1750307868.536:52467): avc: denied { setopt } for pid=7507 comm="syz.0.454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 84.068214][ T6030] usb 8-1: Using ep0 maxpacket: 8 [ 84.072217][ T6030] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 84.075699][ T6030] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 84.078568][ T6030] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.083109][ T6030] usb 8-1: config 0 descriptor?? [ 84.201296][ T99] geneve2: left promiscuous mode [ 84.297899][ T6030] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 84.503648][ T7537] sock: sock_set_timeout: `syz.1.462' (pid 7537) tries to set negative timeout [ 84.510583][ T7537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.462'. [ 84.524785][ T40] audit: type=1400 audit(1750307869.003:52468): avc: denied { ioctl } for pid=7497 comm="syz.3.450" path="socket:[15735]" dev="sockfs" ino=15735 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 84.594988][ T7537] hsr_slave_1 (unregistering): left promiscuous mode [ 84.608513][ T6030] usb 8-1: USB disconnect, device number 7 [ 84.768143][ T7542] netlink: 'syz.1.464': attribute type 1 has an invalid length. [ 84.781876][ T7542] 8021q: adding VLAN 0 to HW filter on device bond4 [ 84.792426][ T7542] bond4: (slave geneve2): making interface the new active one [ 84.795837][ T7542] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 84.834533][ T7545] block nbd1: not configured, cannot reconfigure [ 85.007619][ T7556] rtc_cmos 00:05: Alarms can be up to one day in the future [ 85.011572][ T7556] fuseblk: Bad value for 'fd' [ 85.013459][ T7556] tmpfs: Unknown parameter 'noswapN' [ 85.046890][ T40] audit: type=1400 audit(1750307869.520:52469): avc: denied { execmem } for pid=7557 comm="syz.1.471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 85.251335][ T7578] netlink: 4 bytes leftover after parsing attributes in process `syz.0.477'. [ 85.310775][ T7580] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 85.312902][ T7580] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 85.315543][ T7580] vhci_hcd vhci_hcd.0: Device attached [ 85.326812][ T7581] vhci_hcd: connection closed [ 85.327095][ T1070] vhci_hcd: stop threads [ 85.331195][ T1070] vhci_hcd: release socket [ 85.333356][ T1070] vhci_hcd: disconnect device [ 85.604143][ T5947] Bluetooth: hci4: command 0x1003 tx timeout [ 85.607106][ T5953] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 85.707328][ T40] audit: type=1400 audit(1750307870.142:52470): avc: denied { open } for pid=7584 comm="syz.2.478" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=16910 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 85.741196][ T7588] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 85.748244][ T7590] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 85.780536][ T7592] netlink: 12 bytes leftover after parsing attributes in process `syz.2.480'. [ 85.808165][ T40] audit: type=1400 audit(1750307870.233:52471): avc: denied { append } for pid=7596 comm="syz.2.481" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 85.815460][ T40] audit: type=1400 audit(1750307870.233:52472): avc: denied { map } for pid=7596 comm="syz.2.481" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 85.823554][ T40] audit: type=1400 audit(1750307870.233:52473): avc: denied { execute } for pid=7596 comm="syz.2.481" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 85.921523][ T7605] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 85.936237][ T7605] overlay: ./file0 is not a directory [ 85.986153][ T7609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.485'. [ 86.080603][ T7614] netlink: zone id is out of range [ 86.082964][ T7614] netlink: zone id is out of range [ 86.085297][ T7614] netlink: zone id is out of range [ 86.089392][ T7614] netlink: zone id is out of range [ 86.091883][ T7614] netlink: zone id is out of range [ 86.094178][ T7614] netlink: zone id is out of range [ 86.098830][ T7614] netlink: zone id is out of range [ 86.102503][ T7614] netlink: zone id is out of range [ 86.105549][ T7614] netlink: zone id is out of range [ 86.179946][ T5943] libceph: connect (1)[c::]:6789 error -101 [ 86.182627][ T5943] libceph: mon0 (1)[c::]:6789 connect error [ 86.198540][ T7614] xt_ecn: cannot match TCP bits for non-tcp packets [ 86.204287][ T40] audit: type=1400 audit(1750307870.589:52474): avc: denied { create } for pid=7628 comm="syz.2.491" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 86.234825][ T7625] ceph: No mds server is up or the cluster is laggy [ 86.346640][ T7632] batadv_slave_1: entered promiscuous mode [ 86.369608][ T7632] batadv_slave_1: left promiscuous mode [ 86.376801][ T7632] netlink: 24 bytes leftover after parsing attributes in process `syz.3.493'. [ 86.381641][ T7632] netlink: 4 bytes leftover after parsing attributes in process `syz.3.493'. [ 86.454346][ T7653] netlink: 'syz.3.496': attribute type 1 has an invalid length. [ 86.472205][ T7653] 8021q: adding VLAN 0 to HW filter on device bond1 [ 86.475942][ T7657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.497'. [ 86.483030][ T7653] bond1: (slave gretap2): making interface the new active one [ 86.486770][ T7653] bond1: (slave gretap2): Enslaving as an active interface with an up link [ 86.534657][ T7664] netlink: 'syz.2.499': attribute type 1 has an invalid length. [ 86.692004][ T7696] Cannot find del_set index 0 as target [ 86.729929][ T5953] Bluetooth: hci2: adv larger than maximum supported [ 86.759783][ T7707] ip6gre1: entered promiscuous mode [ 87.208329][ T7637] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 87.210857][ T7637] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 87.224409][ T7637] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 87.226338][ T7637] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 87.383652][ T2067] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 87.546997][ T2067] usb 5-1: Using ep0 maxpacket: 8 [ 87.549910][ T2067] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 87.552656][ T2067] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 87.555760][ T2067] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 87.559128][ T2067] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 87.562815][ T2067] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 87.568243][ T2067] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 87.571396][ T2067] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.651293][ T7753] hsr_slave_1 (unregistering): left promiscuous mode [ 87.796123][ T2067] usb 5-1: usb_control_msg returned -32 [ 87.798033][ T2067] usbtmc 5-1:16.0: can't read capabilities [ 88.135925][ T7772] orangefs_mount: mount request failed with -4 [ 88.182398][ T7781] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 88.193744][ T6030] usb 5-1: USB disconnect, device number 5 [ 88.253825][ T7787] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1542 sclass=netlink_route_socket pid=7787 comm=syz.2.532 [ 88.290186][ T7798] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 88.292407][ T7798] IPv6: NLM_F_CREATE should be set when creating new route [ 88.294454][ T7798] IPv6: NLM_F_CREATE should be set when creating new route [ 88.620283][ T2067] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 88.749982][ T7833] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 88.784474][ T7835] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 88.787113][ T7835] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 88.789887][ T7835] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 88.792518][ T7835] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 88.796094][ T7835] geneve3: entered promiscuous mode [ 88.796847][ T2067] usb 7-1: Using ep0 maxpacket: 32 [ 88.798166][ T7835] geneve3: entered allmulticast mode [ 88.801577][ T2067] usb 7-1: config 0 has an invalid interface number: 67 but max is 0 [ 88.804583][ T2067] usb 7-1: config 0 has no interface number 0 [ 88.809136][ T2067] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 88.812044][ T2067] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.814492][ T2067] usb 7-1: Product: syz [ 88.816167][ T2067] usb 7-1: Manufacturer: syz [ 88.817644][ T2067] usb 7-1: SerialNumber: syz [ 88.820940][ T2067] usb 7-1: config 0 descriptor?? [ 88.824461][ T2067] smsc95xx v2.0.0 [ 88.860547][ T7845] gtp1: entered promiscuous mode [ 88.868315][ T40] kauditd_printk_skb: 21 callbacks suppressed [ 88.868332][ T40] audit: type=1400 audit(1750307873.045:52496): avc: denied { connect } for pid=7842 comm="syz.1.552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 88.960246][ T40] audit: type=1400 audit(1750307873.129:52497): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 88.966865][ T40] audit: type=1400 audit(1750307873.129:52498): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 88.973016][ T40] audit: type=1400 audit(1750307873.129:52499): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 88.981127][ T40] audit: type=1400 audit(1750307873.129:52500): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 88.987740][ T40] audit: type=1400 audit(1750307873.129:52501): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 88.994171][ T40] audit: type=1400 audit(1750307873.129:52502): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 89.000273][ T40] audit: type=1400 audit(1750307873.129:52503): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 89.006307][ T40] audit: type=1400 audit(1750307873.129:52504): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 89.012552][ T40] audit: type=1400 audit(1750307873.129:52505): avc: granted { setsecparam } for pid=7857 comm="syz.0.555" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 89.088532][ T7864] ipt_ECN: cannot use operation on non-tcp rule [ 89.214877][ T5943] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 89.376804][ T5943] usb 5-1: Using ep0 maxpacket: 32 [ 89.380561][ T5943] usb 5-1: config 1 interface 0 altsetting 154 endpoint 0x81 has an invalid bInterval 70, changing to 10 [ 89.385031][ T5943] usb 5-1: config 1 interface 0 altsetting 154 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.389233][ T5943] usb 5-1: config 1 interface 0 altsetting 154 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 89.393639][ T5943] usb 5-1: config 1 interface 0 has no altsetting 0 [ 89.399045][ T5943] usb 5-1: New USB device found, idVendor=056a, idProduct=5002, bcdDevice= 0.40 [ 89.402784][ T5943] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.406048][ T5943] usb 5-1: Product: 쵃썉ꖻ嵸⼏褹驩鬯禵쵃뀂꽣᧺䌭忏흍춶땀줓㸕ૡ㎁⮴᪍ீ钘鶀胱⻩嚾Ꜫ꩓톣琢邪⻣ໆꒂ冾헞賎✊㓥懶淢涓窠䏟⅑ꨝⱹ窡ꁃ琏䕻쓳穩俚髻䑌⧠鸙痏禄␳ [ 89.415097][ T5943] usb 5-1: Manufacturer: ࡡ [ 89.417012][ T5943] usb 5-1: SerialNumber: 왴寓잖숹寥뿪줸ꉋﲚ뫟茠ᵂ഍쩕ᴮ魘ꖸ뾖䩥駲䮽⼁㦜왢醧ꩯ︍볚ꨭ崱唣乃低譪鏫ﮖ셴≆妫笮杩ނ쳝է뀕秔徟綫ꙝ퐁៎ⴁ塼븦騨祅㳪쉃脐耺쩩巚麩缉ꧽ솺⇥︜껊奨ﭛꮀ灑裆Ꝙ⡳ [ 89.647857][ T7858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.651677][ T7858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.654924][ T7858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.657849][ T7858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.660838][ T7858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.663851][ T7858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.667968][ T7858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.671891][ T7858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.679539][ T7858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.682444][ T7858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.693634][ T7867] fuse: Bad value for 'group_id' [ 89.695356][ T7867] fuse: Bad value for 'group_id' [ 89.927553][ T5943] usbhid 5-1:1.0: can't add hid device: -71 [ 89.929741][ T5943] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 89.934226][ T5943] usb 5-1: USB disconnect, device number 6 [ 90.010605][ T7873] __nla_validate_parse: 7 callbacks suppressed [ 90.010620][ T7873] netlink: 27 bytes leftover after parsing attributes in process `syz.0.559'. [ 90.090926][ T7876] netlink: 256 bytes leftover after parsing attributes in process `syz.0.559'. [ 90.967479][ T7881] netlink: 300 bytes leftover after parsing attributes in process `syz.0.563'. [ 91.177532][ T7894] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 91.181982][ T7894] bond0: (slave gre0): Error -95 calling set_mac_address [ 91.225682][ T7896] lo speed is unknown, defaulting to 1000 [ 91.274346][ T7899] sp0: Synchronizing with TNC [ 91.286173][ T7903] netlink: 20 bytes leftover after parsing attributes in process `syz.3.570'. [ 91.304565][ T7903] geneve2: entered promiscuous mode [ 91.360431][ T7897] lo speed is unknown, defaulting to 1000 [ 91.460680][ T1338] IPVS: starting estimator thread 0... [ 91.552589][ T7911] IPVS: using max 49 ests per chain, 117600 per kthread [ 91.579379][ T7917] uprobe: syz.3.574:7917 failed to unregister, leaking uprobe [ 91.603719][ T2067] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 91.608180][ T2067] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 91.615446][ T2067] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 91.621396][ T2067] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71 [ 91.631000][ T2067] usb 7-1: USB disconnect, device number 8 [ 91.786337][ T7929] xt_cgroup: xt_cgroup: no path or classid specified [ 91.998088][ T7933] kvm: pic: non byte write [ 92.479387][ T7955] netlink: 16 bytes leftover after parsing attributes in process `syz.3.587'. [ 92.482728][ T7955] net_ratelimit: 7 callbacks suppressed [ 92.482736][ T7955] openvswitch: netlink: Flow actions attr not present in new flow. [ 92.566662][ T7959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.587'. [ 92.569569][ T7959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.587'. [ 92.572438][ T7959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.587'. [ 92.580963][ T7959] SELinux: failure in selinux_parse_skb(), unable to parse packet [ 92.910698][ T7970] netlink: 8 bytes leftover after parsing attributes in process `syz.1.591'. [ 92.933817][ T7968] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 92.936931][ T7968] overlayfs: failed to set xattr on upper [ 92.939116][ T7968] overlayfs: ...falling back to redirect_dir=nofollow. [ 92.941584][ T7968] overlayfs: ...falling back to index=off. [ 92.943405][ T7968] overlayfs: ...falling back to uuid=null. [ 92.945617][ T7968] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 93.051577][ T7977] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 93.063424][ T7977] netlink: 'syz.3.593': attribute type 1 has an invalid length. [ 93.073116][ T7978] netlink: 8 bytes leftover after parsing attributes in process `syz.1.594'. [ 93.676726][ T8019] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !fIZE,=$)%ĂL [ 93.796529][ T2067] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 93.957093][ T2067] usb 6-1: Using ep0 maxpacket: 32 [ 93.967569][ T2067] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.981975][ T2067] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 93.999064][ T2067] usb 6-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 94.007703][ T2067] usb 6-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 94.010372][ T2067] usb 6-1: Product: syz [ 94.014514][ T2067] usb 6-1: Manufacturer: syz [ 94.016163][ T2067] usb 6-1: SerialNumber: syz [ 94.040757][ T2067] input: appletouch as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/input/input12 [ 94.223125][ T8045] (syz.3.613,8045,3):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 94.227044][ T8045] (syz.3.613,8045,3):ocfs2_fill_super:1177 ERROR: status = -22 [ 94.247765][ T40] kauditd_printk_skb: 1354 callbacks suppressed [ 94.247776][ T40] audit: type=1400 audit(1750307878.048:53860): avc: denied { search } for pid=8043 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 94.257164][ T40] audit: type=1400 audit(1750307878.048:53861): avc: denied { search } for pid=8043 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1899 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 94.283048][ T8043] audit: audit_backlog=65 > audit_backlog_limit=64 [ 94.285254][ T8043] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 94.287716][ T8043] audit: backlog limit exceeded [ 94.289539][ T8043] audit: audit_backlog=65 > audit_backlog_limit=64 [ 94.291594][ T8043] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 94.292949][ T8010] audit: audit_backlog=65 > audit_backlog_limit=64 [ 94.293395][ T40] audit: type=1400 audit(1750307878.048:53862): avc: denied { search } for pid=8043 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1903 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 94.293465][ T40] audit: type=1400 audit(1750307878.048:53863): avc: denied { read open } for pid=8043 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1904 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 94.311764][ T8047] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=28181 sclass=netlink_xfrm_socket pid=8047 comm=syz.0.614 [ 94.710123][ T8067] lo speed is unknown, defaulting to 1000 [ 95.087523][ T8089] netlink: 'syz.0.625': attribute type 1 has an invalid length. [ 95.087838][ T8087] sp0: Synchronizing with TNC [ 95.103230][ T8089] 8021q: adding VLAN 0 to HW filter on device bond5 [ 95.139852][ T8089] bond5: (slave veth3): Enslaving as an active interface with a down link [ 95.150819][ T8089] bond5: (slave veth0_to_bond): making interface the new active one [ 95.153945][ T8089] veth0_to_bond: entered promiscuous mode [ 95.156012][ T8089] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 95.171936][ T8086] [U] [ 95.375670][ T8097] ================================================================== [ 95.378192][ T8097] BUG: KASAN: slab-out-of-bounds in _raw_spin_lock+0x2e/0x40 [ 95.380593][ T8097] Read of size 1 at addr ffff88802c901be0 by task syz.2.627/8097 [ 95.385166][ T8097] [ 95.385942][ T8097] CPU: 2 UID: 0 PID: 8097 Comm: syz.2.627 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 95.385957][ T8097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 95.385965][ T8097] Call Trace: [ 95.385969][ T8097] [ 95.385973][ T8097] dump_stack_lvl+0x116/0x1f0 [ 95.385993][ T8097] print_report+0xcd/0x680 [ 95.386008][ T8097] ? __virt_addr_valid+0x81/0x610 [ 95.386021][ T8097] ? __phys_addr+0xe8/0x180 [ 95.386032][ T8097] ? _raw_spin_lock+0x2e/0x40 [ 95.386046][ T8097] kasan_report+0xe0/0x110 [ 95.386061][ T8097] ? _raw_spin_lock+0x2e/0x40 [ 95.386074][ T8097] ? _raw_spin_lock+0x2e/0x40 [ 95.386087][ T8097] __kasan_check_byte+0x36/0x50 [ 95.386102][ T8097] lock_acquire+0xfc/0x350 [ 95.386118][ T8097] ? __pfx___mutex_lock+0x10/0x10 [ 95.386136][ T8097] _raw_spin_lock+0x2e/0x40 [ 95.386149][ T8097] ? __futex_pivot_hash+0x1dd/0x540 [ 95.386163][ T8097] __futex_pivot_hash+0x1dd/0x540 [ 95.386179][ T8097] futex_hash_allocate+0xad1/0xf00 [ 95.386194][ T8097] ? __pfx_futex_hash_allocate+0x10/0x10 [ 95.386208][ T8097] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 95.386221][ T8097] ? cap_task_prctl+0x2af/0xa80 [ 95.386242][ T8097] ? static_key_count+0x5a/0x70 [ 95.386254][ T8097] futex_hash_prctl+0x1f4/0x650 [ 95.386270][ T8097] __do_sys_prctl+0x171f/0x24c0 [ 95.386282][ T8097] ? __pfx___do_sys_prctl+0x10/0x10 [ 95.386294][ T8097] do_syscall_64+0xcd/0x4c0 [ 95.386311][ T8097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.386322][ T8097] RIP: 0033:0x7f49a5f8e929 [ 95.386331][ T8097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.386342][ T8097] RSP: 002b:00007f49a6db9038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 95.386352][ T8097] RAX: ffffffffffffffda RBX: 00007f49a61b6080 RCX: 00007f49a5f8e929 [ 95.386359][ T8097] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000004e [ 95.386365][ T8097] RBP: 00007f49a6010b39 R08: 0000000000000000 R09: 0000000000000000 [ 95.386372][ T8097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.386381][ T8097] R13: 0000000000000001 R14: 00007f49a61b6080 R15: 00007ffea85b4438 [ 95.386392][ T8097] [ 95.386395][ T8097] [ 95.456466][ T8097] Allocated by task 8096: [ 95.457824][ T8097] kasan_save_stack+0x33/0x60 [ 95.459326][ T8097] kasan_save_track+0x14/0x30 [ 95.460815][ T8097] __kasan_kmalloc+0xaa/0xb0 [ 95.462245][ T8097] __kvmalloc_node_noprof+0x27b/0x620 [ 95.463933][ T8097] futex_hash_allocate+0x49d/0xf00 [ 95.465551][ T8097] futex_hash_prctl+0x1f4/0x650 [ 95.467081][ T8097] __do_sys_prctl+0x171f/0x24c0 [ 95.468618][ T8097] do_syscall_64+0xcd/0x4c0 [ 95.470073][ T8097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.471903][ T8097] [ 95.472692][ T8097] The buggy address belongs to the object at ffff88802c901b80 [ 95.472692][ T8097] which belongs to the cache kmalloc-cg-64 of size 64 [ 95.477363][ T8097] The buggy address is located 32 bytes to the right of [ 95.477363][ T8097] allocated 64-byte region [ffff88802c901b80, ffff88802c901bc0) [ 95.481819][ T8097] [ 95.482594][ T8097] The buggy address belongs to the physical page: [ 95.484607][ T8097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802c901280 pfn:0x2c901 [ 95.487707][ T8097] memcg:ffff88803bc2a801 [ 95.489077][ T8097] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 95.491270][ T8097] page_type: f5(slab) [ 95.492570][ T8097] raw: 00fff00000000000 ffff88801b849a40 ffffea00015a8e80 0000000000000006 [ 95.495443][ T8097] raw: ffff88802c901280 0000000080200017 00000000f5000000 ffff88803bc2a801 [ 95.498633][ T8097] page dumped because: kasan: bad access detected [ 95.500648][ T8097] page_owner tracks the page as allocated [ 95.502615][ T8097] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7614, tgid 7613 (syz.0.487), ts 86082751306, free_ts 85932849548 [ 95.508298][ T8097] post_alloc_hook+0x1c0/0x230 [ 95.509801][ T8097] get_page_from_freelist+0x1321/0x3890 [ 95.511556][ T8097] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 95.513400][ T8097] alloc_pages_mpol+0x1fb/0x550 [ 95.514925][ T8097] new_slab+0x23b/0x330 [ 95.516239][ T8097] ___slab_alloc+0xd9c/0x1940 [ 95.517713][ T8097] __slab_alloc.constprop.0+0x56/0xb0 [ 95.519397][ T8097] __kmalloc_cache_noprof+0xfb/0x3e0 [ 95.521066][ T8097] ovs_ct_limit_cmd_set+0x30a/0xa90 [ 95.522720][ T8097] genl_family_rcv_msg_doit+0x206/0x2f0 [ 95.524496][ T8097] genl_rcv_msg+0x55c/0x800 [ 95.525946][ T8097] netlink_rcv_skb+0x155/0x420 [ 95.527416][ T8097] genl_rcv+0x28/0x40 [ 95.528648][ T8097] netlink_unicast+0x53d/0x7f0 [ 95.530112][ T8097] netlink_sendmsg+0x8d1/0xdd0 [ 95.531614][ T8097] ____sys_sendmsg+0xa95/0xc70 [ 95.533122][ T8097] page last free pid 28 tgid 28 stack trace: [ 95.535007][ T8097] __free_frozen_pages+0x7fe/0x1180 [ 95.536699][ T8097] tlb_remove_table_rcu+0x116/0x1a0 [ 95.538304][ T8097] rcu_core+0x79c/0x14e0 [ 95.539655][ T8097] handle_softirqs+0x219/0x8e0 [ 95.541179][ T8097] run_ksoftirqd+0x3a/0x60 [ 95.542601][ T8097] smpboot_thread_fn+0x3f7/0xae0 [ 95.544143][ T8097] kthread+0x3c5/0x780 [ 95.545471][ T8097] ret_from_fork+0x5d4/0x6f0 [ 95.546923][ T8097] ret_from_fork_asm+0x1a/0x30 [ 95.548439][ T8097] [ 95.549221][ T8097] Memory state around the buggy address: [ 95.550996][ T8097] ffff88802c901a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.553482][ T8097] ffff88802c901b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.556485][ T8097] >ffff88802c901b80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 95.559358][ T8097] ^ [ 95.561588][ T8097] ffff88802c901c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.564031][ T8097] ffff88802c901c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 95.566501][ T8097] ================================================================== [ 95.571516][ T8097] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 95.573776][ T8097] CPU: 2 UID: 0 PID: 8097 Comm: syz.2.627 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 95.577425][ T8097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 95.580749][ T8097] Call Trace: [ 95.581801][ T8097] [ 95.582746][ T8097] dump_stack_lvl+0x3d/0x1f0 [ 95.584203][ T8097] panic+0x71c/0x800 [ 95.585470][ T8097] ? __pfx_panic+0x10/0x10 [ 95.586880][ T8097] ? irqentry_exit+0x3b/0x90 [ 95.588350][ T8097] ? lockdep_hardirqs_on+0x7c/0x110 [ 95.589983][ T8097] ? _raw_spin_lock+0x2e/0x40 [ 95.591465][ T8097] ? check_panic_on_warn+0x1f/0xb0 [ 95.593031][ T8097] ? _raw_spin_lock+0x2e/0x40 [ 95.594520][ T8097] check_panic_on_warn+0xab/0xb0 [ 95.596041][ T8097] end_report+0x107/0x170 [ 95.597283][ T8097] kasan_report+0xee/0x110 [ 95.598683][ T8097] ? _raw_spin_lock+0x2e/0x40 [ 95.600177][ T8097] ? _raw_spin_lock+0x2e/0x40 [ 95.601696][ T8097] __kasan_check_byte+0x36/0x50 [ 95.603233][ T8097] lock_acquire+0xfc/0x350 [ 95.604666][ T8097] ? __pfx___mutex_lock+0x10/0x10 [ 95.606242][ T8097] _raw_spin_lock+0x2e/0x40 [ 95.607673][ T8097] ? __futex_pivot_hash+0x1dd/0x540 [ 95.609295][ T8097] __futex_pivot_hash+0x1dd/0x540 [ 95.610860][ T8097] futex_hash_allocate+0xad1/0xf00 [ 95.612452][ T8097] ? __pfx_futex_hash_allocate+0x10/0x10 [ 95.614198][ T8097] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 95.616080][ T8097] ? cap_task_prctl+0x2af/0xa80 [ 95.617593][ T8097] ? static_key_count+0x5a/0x70 [ 95.619116][ T8097] futex_hash_prctl+0x1f4/0x650 [ 95.620668][ T8097] __do_sys_prctl+0x171f/0x24c0 [ 95.622192][ T8097] ? __pfx___do_sys_prctl+0x10/0x10 [ 95.623824][ T8097] do_syscall_64+0xcd/0x4c0 [ 95.625304][ T8097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.627171][ T8097] RIP: 0033:0x7f49a5f8e929 [ 95.628586][ T8097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.634444][ T8097] RSP: 002b:00007f49a6db9038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 95.637045][ T8097] RAX: ffffffffffffffda RBX: 00007f49a61b6080 RCX: 00007f49a5f8e929 [ 95.639483][ T8097] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000004e [ 95.641940][ T8097] RBP: 00007f49a6010b39 R08: 0000000000000000 R09: 0000000000000000 [ 95.644387][ T8097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.646828][ T8097] R13: 0000000000000001 R14: 00007f49a61b6080 R15: 00007ffea85b4438 [ 95.649237][ T8097] [ 95.650818][ T8097] Kernel Offset: disabled [ 95.652166][ T8097] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:59:52 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000000 RBX=ffffc90000007a28 RCX=ffffffff91f3311e RDX=1ffff92000000f46 RSI=ffffffff8e207f48 RDI=ffffc90000007a28 RBP=ffffffff8e207f48 RSP=ffffc90000007978 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000008 R13=ffffc90000007a28 R14=ffffc90000007a30 R15=ffffc90000007a5c RIP=ffffffff816ac610 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6754000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000005660d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6184488 00007f49a6184480 00007f49a6184478 00007f49a6184450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6ced100 00007f49a6184440 00007f49a6184458 00007f49a61844a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6184498 00007f49a6184490 00007f49a6184488 00007f49a6184480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff81cd30be RDX=ffff888026ecc880 RSI=ffffffff81cd300c RDI=0000000000000001 RBP=00007f8f3fd22500 RSP=ffffc90003fa6ff8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffffffff81a780f0 R13=ffffc90003fa7118 R14=0000000000000000 R15=ffff888026ecc880 RIP=ffffffff81bc1cb8 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f8f40421300 ffffffff 00c00000 GS =0000 ffff8880d6854000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c2f4ed9 CR3=0000000032d63000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000010000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a 0000003000000012 0004000000080024 0000000000280034 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000027b 0000001400000000 0000000000000000 0000000000000014 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40ba000200074080 100006a3c0800404 01429824000001c3 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0142980180801000 0ee7808004040142 980002000705c080 100007ad80800404 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0142980010000108 001080e210000a10 0024e010000cddc0 80040c0140ba0280 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8010000fef808004 0401429800100001 080021c0e6100000 100024e010000c80 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8080040c0140ba00 100001080021c0e6 100000100024e010 000c808080040c01 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 08800409a0030008 000990030fffffff ffffff0409800301 0800028004040172 ZMM25=064252b7064252b7 064252b7064252b7 064252b7064252b7 064252b7064252b7 064252b7064252b7 064252b7064252b7 064252b7064252b7 064252b7064252b7 ZMM26=0d643ecc0d643ecc 0d643ecc0d643ecc 0d643ecc0d643ecc 0d643ecc0d643ecc 0d643ecc0d643ecc 0d643ecc0d643ecc 0d643ecc0d643ecc 0d643ecc0d643ecc ZMM27=533226c2533226c2 533226c2533226c2 533226c2533226c2 533226c2533226c2 533226c2533226c2 533226c2533226c2 533226c2533226c2 533226c2533226c2 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=ab030000ab030000 ab030000ab030000 ab030000ab030000 ab030000ab030000 ab030000ab030000 ab030000ab030000 ab030000ab030000 ab030000ab030000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855b6495 RDI=ffffffff9b0883a0 RBP=ffffffff9b088360 RSP=ffffc900036676a8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b088360 R15=ffffffff855b6430 RIP=ffffffff855b64bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f49a6db96c0 ffffffff 00c00000 GS =0000 ffff8880d6954000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f49a6db8f98 CR3=000000005660d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6184488 00007f49a6184480 00007f49a6184478 00007f49a6184450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6ced100 00007f49a6184440 00007f49a6184458 00007f49a61844a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6184498 00007f49a6184490 00007f49a6184488 00007f49a6184480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000b48a9 RBX=0000000000000003 RCX=ffffffff8b7fec99 RDX=0000000000000000 RSI=ffffffff8de19624 RDI=ffffffff8c157060 RBP=ffffed1003c5c000 RSP=ffffc90000197df8 R8 =0000000000000001 R9 =ffffed100d4e6645 R10=ffff88806a73322b R11=0000000000000001 R12=0000000000000003 R13=ffff88801e2e0000 R14=ffffffff90a80f50 R15=0000000000000000 RIP=ffffffff8b7fd7ff RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6a54000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000005660d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f49a6011c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000