last executing test programs: 4m15.365893167s ago: executing program 2 (id=547): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) capset(&(0x7f0000000240)={0x19980330, r2}, 0x0) write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r1, {0x7, 0x1f, 0xc1da, 0x804a080, 0x0, 0x3, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0x3}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r4, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r3, &(0x7f00000000c0)='!', 0xb7f40, 0x3000}]) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r6, 0x4048aec9, 0x0) io_submit(r4, 0x47f, &(0x7f0000000740)=[&(0x7f00000001c0)={0xfdfe, 0x0, 0x0, 0x1, 0x256, r3, 0x0, 0x0, 0x9a1, 0x0, 0x0, r3}]) dup3(r3, r0, 0x0) 4m14.916479705s ago: executing program 2 (id=549): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f00)=@newtaction={0x78, 0x30, 0x1, 0x0, 0x0, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xbabd, 0x81, 0x6, 0x1, 0xfff}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xfdac}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x10) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'dvmrp1\x00'}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x4e24, 0x2, 'sed\x00', 0x0, 0xfffffffc}, 0x2c) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x20, 0x1402, 0x1, 0x70bd28, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x800) 4m14.751661343s ago: executing program 2 (id=551): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = syz_clone(0x100b300, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000001c0)={&(0x7f0000bda000/0x4000)=nil, &(0x7f0000bdd000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000bdc000/0x2000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000bda000/0x1000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000bde000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000280)="cca46f75bde18ff11cf0ea27aa87f28525e9625ec1dca5ac81d0549e5983629f131da178dfa74a04ebc6972990d163f86e016c69b78ad2b74be9bf2d8b5ac25b6ea923fc24b3fb7d45eaaa421476d701b2927c010e4b3e68723c63148f5e903a65fc8c2bdf5b6cb999f5cd9d0905fe0c42a1fc5ba7a3dcfeed97553bdf9fba7c62a8e1704cc0fea88614498735688f42b12de461706330a08248c5cbc3091d4093716b1ba5e2f8462e1f03cc64d3c0fb76c3c1f89a13e2839850856887", 0xbd, r1}, 0x64) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r4}, 0x0, &(0x7f0000001c40)=r5}, 0x1c) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r6, 0x407, 0x0) write$FUSE_INIT(r6, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) r7 = socket(0x10, 0x3, 0x0) r8 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xa8\xc4\xd2o\xae\xb4W`\xfd\x196\xa0Rd\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7', 0x42, 0x1f0, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') bpf$MAP_CREATE(0x0, 0x0, 0x48) close(r8) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de0000000018001280080001"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x10) vmsplice(r6, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fcntl$setpipe(r6, 0x407, 0x2000000) prctl$PR_SET_THP_DISABLE(0x29, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) move_pages(r0, 0x3, &(0x7f0000000080)=[&(0x7f0000bdf000/0x1000)=nil, &(0x7f0000bdd000/0x3000)=nil, &(0x7f0000bdd000/0x1000)=nil], 0x0, &(0x7f0000000200), 0x4) io_uring_enter(0xffffffffffffffff, 0x627, 0x4c1, 0x43, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x1e, 0x0, 0x0) 4m13.828917072s ago: executing program 2 (id=554): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r1], 0x0, 0x8, 0x28, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180)) 4m12.815804911s ago: executing program 2 (id=561): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000008000000000000000008500000020000000180100000920702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r2) userfaultfd(0x1) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) accept4(r3, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) r4 = socket(0x10, 0x80002, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r4, @ANYRESDEC], 0x52) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}}) 4m12.565868391s ago: executing program 2 (id=563): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = syz_clone(0x100b300, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000001c0)={&(0x7f0000bda000/0x4000)=nil, &(0x7f0000bdd000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000bdc000/0x2000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000bda000/0x1000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000bde000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000280)="cca46f75bde18ff11cf0ea27aa87f28525e9625ec1dca5ac81d0549e5983629f131da178dfa74a04ebc6972990d163f86e016c69b78ad2b74be9bf2d8b5ac25b6ea923fc24b3fb7d45eaaa421476d701b2927c010e4b3e68723c63148f5e903a65fc8c2bdf5b6cb999f5cd9d0905fe0c42a1fc5ba7a3dcfeed97553bdf9fba7c62a8e1704cc0fea88614498735688f42b12de461706330a08248c5cbc3091d4093716b1ba5e2f8462e1f03cc64d3c0fb76c3c1f89a13e2839850856887", 0xbd, r1}, 0x64) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r4}, 0x0, &(0x7f0000001c40)=r5}, 0x1c) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r6, 0x407, 0x0) write$FUSE_INIT(r6, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) r7 = socket(0x10, 0x3, 0x0) r8 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xa8\xc4\xd2o\xae\xb4W`\xfd\x196\xa0Rd\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7', 0x42, 0x1f0, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') bpf$MAP_CREATE(0x0, 0x0, 0x48) close(r8) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de0000000018001280080001"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x10) vmsplice(r6, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fcntl$setpipe(r6, 0x407, 0x2000000) prctl$PR_SET_THP_DISABLE(0x29, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) move_pages(r0, 0x3, &(0x7f0000000080)=[&(0x7f0000bdf000/0x1000)=nil, &(0x7f0000bdd000/0x3000)=nil, &(0x7f0000bdd000/0x1000)=nil], 0x0, &(0x7f0000000200), 0x4) io_uring_enter(0xffffffffffffffff, 0x627, 0x4c1, 0x43, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x1e, 0x0, 0x0) 4m12.410684816s ago: executing program 32 (id=563): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r0 = syz_clone(0x100b300, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000001c0)={&(0x7f0000bda000/0x4000)=nil, &(0x7f0000bdd000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000bdc000/0x2000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000bda000/0x1000)=nil, &(0x7f0000bde000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000bde000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000280)="cca46f75bde18ff11cf0ea27aa87f28525e9625ec1dca5ac81d0549e5983629f131da178dfa74a04ebc6972990d163f86e016c69b78ad2b74be9bf2d8b5ac25b6ea923fc24b3fb7d45eaaa421476d701b2927c010e4b3e68723c63148f5e903a65fc8c2bdf5b6cb999f5cd9d0905fe0c42a1fc5ba7a3dcfeed97553bdf9fba7c62a8e1704cc0fea88614498735688f42b12de461706330a08248c5cbc3091d4093716b1ba5e2f8462e1f03cc64d3c0fb76c3c1f89a13e2839850856887", 0xbd, r1}, 0x64) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r4}, 0x0, &(0x7f0000001c40)=r5}, 0x1c) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r6, 0x407, 0x0) write$FUSE_INIT(r6, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) r7 = socket(0x10, 0x3, 0x0) r8 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xa8\xc4\xd2o\xae\xb4W`\xfd\x196\xa0Rd\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7', 0x42, 0x1f0, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') bpf$MAP_CREATE(0x0, 0x0, 0x48) close(r8) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000010000304016100"/20, @ANYRES32=0x0, @ANYBLOB="d3ddd1de0000000018001280080001"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x10) vmsplice(r6, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fcntl$setpipe(r6, 0x407, 0x2000000) prctl$PR_SET_THP_DISABLE(0x29, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) move_pages(r0, 0x3, &(0x7f0000000080)=[&(0x7f0000bdf000/0x1000)=nil, &(0x7f0000bdd000/0x3000)=nil, &(0x7f0000bdd000/0x1000)=nil], 0x0, &(0x7f0000000200), 0x4) io_uring_enter(0xffffffffffffffff, 0x627, 0x4c1, 0x43, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x1e, 0x0, 0x0) 7.210857857s ago: executing program 4 (id=1580): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x18a) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) socket$igmp(0x2, 0x3, 0x2) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x0, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x100000, 0xffffffffffffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x40) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./bus\x00', 0x101800, 0x40) r4 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) socket$qrtr(0x2a, 0x2, 0x0) write(r4, &(0x7f0000004200)='t', 0x1) sendfile(r4, r3, 0x0, 0x3ffff) 6.227008706s ago: executing program 0 (id=1589): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='freezer.self_freezing\x00', 0x26e1, 0x0) syz_open_dev$usbfs(0x0, 0x77, 0x101301) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x2e0e, 0x0, 0x0, 0xffffffffffffffa2) mkdirat(r2, 0x0, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) mq_getsetattr(r2, 0x0, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) ioctl$DRM_IOCTL_RM_MAP(r2, 0x4028641b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000751000/0x2000)=nil}) r5 = dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r5, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000200)='\x00', 0x1) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) madvise(&(0x7f00002e2000/0x1000)=nil, 0x1000, 0x65) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'}) 6.022451908s ago: executing program 4 (id=1583): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000300)="d0", 0x1, 0x4040810, 0x0, 0x0) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0xfffffffc, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r3, 0x1) socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) r4 = io_uring_setup(0x5491, &(0x7f00000001c0)={0x0, 0x554, 0x1, 0xfffffffc, 0x211}) ioctl$BLKTRACESETUP(r1, 0xc0401273, &(0x7f0000000000)={'\x00', 0x2, 0x6f11, 0xb, 0xfffffffffffffeff, 0x11c3adec}) r5 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x40, 0x2, 0xfffffffc, 0x0, r4}, 0x0, 0x0) io_uring_enter(r5, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) ioctl$BLKTRACESTART(r1, 0x1276, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 5.846842565s ago: executing program 0 (id=1584): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r5 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000001480), 0x1, 0x0) lseek(r5, 0x5, 0x2) r6 = socket$inet6(0xa, 0x80002, 0x0) r7 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x200, 0x2f5380, 0x41414770, 0x58595556, 0x425, 0x10001, 0xa, 0x2, 0x1, 0x3, 0x0, 0x7}}) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(r7, 0x4038564f, &(0x7f0000000300)={{0x1, @name="c42a6838d28443227483ec8fe343db49cbeecd991aef557d83b98b12db1f5b3d"}, 0x8, 0x4, 0x47}) syz_open_dev$usbmon(&(0x7f0000000340), 0x7, 0x501400) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) 5.304691889s ago: executing program 1 (id=1585): mkdir(0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=']) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x0, 0x70bd26, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x0, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x3) ioctl$KVM_GET_DEBUGREGS(r1, 0x8080aea1, &(0x7f0000000640)) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r5, 0x5423, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_SCRNMAP(r6, 0x4b41, &(0x7f00000005c0)="698b795025046c56fdae1c35e2d2b943a92669976742fb747b7124e23cf31ca8a1b2f9b93ecc4487d1cffe823c43d669d45cd0ce87eef19fff81e324c082899cc3b724451fcadf572bbf496026") ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[]) chdir(&(0x7f0000000100)='./file0\x00') r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r7) 4.715035904s ago: executing program 4 (id=1586): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0xd, 0x0, 0x7fffffff}]}) socket$inet(0x2, 0x3, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) unshare(0x6a040000) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x38}, 0x4}, 0x1c) socket$inet6(0xa, 0x6, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff}) recvmsg$unix(r3, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) recvmsg$unix(r3, &(0x7f0000000d00)={0x0, 0x0, 0x0}, 0x2) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r4 = dup(r2) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x20, 0x4, &(0x7f0000000900)=ANY=[@ANYRES32=r2], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r5, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) sendmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00009ff000/0x3000)=nil, 0x3000, 0xf) socketpair$unix(0x1, 0x2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, 0x0, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0xa, 0x3) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_open_procfs(0x0, 0x0) 4.426318311s ago: executing program 0 (id=1588): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000b80)={&(0x7f00000009c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int]}}, 0x0, 0x2a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) r1 = syz_io_uring_setup(0xec6, &(0x7f0000000c00)={0x0, 0x31f0, 0x2, 0xfffffffe, 0xfffffffd}, &(0x7f0000000500)=0x0, &(0x7f0000000600)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x140d, 0x10a5, 0x47, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') read$eventfd(r3, &(0x7f0000000180), 0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r4) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002a00)=@getchain={0x64, 0x66, 0x8, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0x9}, {0xd, 0xf}, {0x6, 0x7}}, [{0x8}, {0x8, 0xb, 0x40d}, {0x8, 0xb, 0x6}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0x4}, {0x8, 0xb, 0x7}, {0xfffa}]}, 0x64}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="170900000000000000000100000005000700000000000800090000000000060002000000000008000a000000000008001800ac1414aa08001900ffffffff14001b00fe"], 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x0) r7 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r8 = creat(&(0x7f00000002c0)='./file0\x00', 0x60) r9 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write$binfmt_script(r8, &(0x7f0000002000)={'#! ', './file0', [{0x20, ',\xeaZu\xad\x8b\x1bo\xb5\xaa\t\x8d\x8f6j\\\xb0i\xd0{\xe8\xbd\x94\xe6\xd4[\xa3\x111\xb3\x93\xc9\x16eRuA{\f\xd4qf\a\xc4,V\x04U\x83hspb\xd5\xfa\xe2\xc9e\xc1\xbd:|\x15\xf4\x91\x13\xb6\x06\xc9\xb5D\a6\x11\xc9\x06\xc7\xcc\xfa\xf8\vBp9DCxf7\xcf\x14\xf9\xafFD\xbaz\xdd\x06(c\xb2\xa4.K.fxd\x1b]\xff\x9e'}, {0x20, '\t\x1b\x1c\x1e\xc3h$\xb0^\xc1\xab/\xb9\xf0\x13\xed\xd2\x05\xdfn{q\xac\xca\'\xef\xb0*\x11j=\xfb\x06$pY\x1cD\xd4\xf3\x98\xc6\xa1\x88\x9c\xe4\r9\xd3\x06L\xbf\x1a\xf1}M79?L\x98e\f\xb5\x0f\xfb\bH\xa8V\xc9ty\xdaJ9E-\xd0Z\xf4\x9b\xa0\xf5\x92\x06\x1b\x81\x03\xb7\xb0\xe3\x88\x85}G\xd9\x05\x85Jn\xf7\xf0\xae\xf7\xe22\x80[\xc62\'\x8e\xafC!b\x12\x9e\xd6\x0fW\x03\xf2c\xa5\x98h\xf9H\xa2\xa8\x83\xcb\x1c\xdd\xdc\xd2}\xfezZ\xc5\xd0ua\xd7\x06\x00\xa8\xf27\x8cU\xc4\x11\x1e\"`\x06Y\xafZ\xefK\xb1\xf0\x99\xd6\x1b\xed\xf5\xb7@/\x9d\x11\x9b\xe5\x9dP\xff\x99w\x81\xca,\x9a\xfc\a\x99\f\b%\x90\xd5\xd8\xb7\xc07#\xb7\xb5\xfc!i/\x05\x865\xeawWV+\xcc\x8c\xd3\xb5\x03\xff\xe0\x00'/233}, {0x20, '\x00{aU<7*g\xa0W\x110\xba\'\xd8\xad\xe4\x87\x0f\xbd\x0f\x1d\xfd\xbf]8\x0e\x1d\t\x12\xa2L\xb6i\x03\r\bYK8\xc9c\x99\x03\x00\x00\x00\x01\xc8r\n\x80\x04!\x80j\x9f\xb6s\xed1\x96\xc5\x16\x0f|h\xa8\xc9]\xfc\x1c\x97\aQMP\xf8\f\x91\xcf\x90\xad\xbf\xc1:\x96\xe8n\xb7)m\x9e\xc81\x85qL\x06\x81\xa0\x1d\xd2\xc7\xe9\xe8V\xc4\x88I\xdb\xdd\xb1\x98yC\v\x9d\x1e\xad\xcbQ\x02\x00\x00\x00\x00\x00\x00\x00\x86\x01;+\xea,a\x94\xce\xb0h\xaf!^\xe9I\xf2\xd5u\x9c\xab^\n\xe1{B#uTb\xdb\xdc<\x00\x8d\xc6\xdc{)\xa5\xa9D5\xe9\x8a\xc3\xcc\xad\xa5\xd1\xef\xb3\xe7\x8cZ\xdb(\xbb\tV\xda\x05Iz\x04\xbe\xf1^\xe7%\x0e\xf1[|2r\\\x03\xea0\x03\x93@\xae\xba \"\xa5\'Q\x98!+\xb6\xa8\x8d\xd0\x7f\x12\xfay\xa7\xa0\x13f\x0f&\'\xe2\x15\xa7\n\x1a\xf7\x00\xea\x994*.a\n\xf7[~\xe8\x81\xd53}\xc4\x86V[O\xe0\xa2\xd7\xdc\xc5\x0e\xc7\xf2\xec\x13\x8e\xcen\xd8\x00mqc\x9e\x83x\xe6#\x99TJ\xa6\b$\x9c\x97\xac+\x90|\xc5\x1d\x03m\xc5\xd9\x91\xd5\xde\xe2\xa8^\xfeIju.w\xa9\xb1\x8b\xe5JM\xca\xa3\t)\xa8\xbb\xb6\x12lJ\xfb\"\xba\x8b\xe7V\x0eZRc\xe0\xe6\x13\x06\x8c\x1f\xe93q\xfe\xd6tTW\x13\r\xcd\x9c\x92\xf2\xa6\xd8=|\xb7\xe8\xd0\xe1\xbc\xa2\xf5\xdf\xbd\xdb\xb8n\xad{s\x85OU!\x94\xdf\xc9j\x8d\xe1=\xa5d\x81\xeb\xc0\x01N\x04\x84\xe1\xb4\x84\xdd#\xe22\xd99Uc\xeex\xaa`\xe3\xf5\xd5X\xa0\x1d\"\x94J6\x96\xb6OM$\xf6>t\xd0S\x81\xb4\xc9l[\xa4D\xe6/Q\x8d\x16\x00\xf6o*w\xd6\xe2\xac\x15\xfd\vl=\xd9\xfb$\x86@\x7f\xdb\xc1\xe7b\x96OY\xf2\xeceC\x89\x93$C\xcc\xc1\x80I%\xe6\xe0\x14\x0f\x92@y\xc6'}, {0x20, '\xa4\xdfy\xf5Y\xbf\xd9i@8\\\x87h\xa6\xa0\xa43\x84\xe7\xd5\x98\xe8\x01\xd3\xf0\xc72\xdf\xfb\x00\xfd\xcd\xf2q\x84\xcb-\xf3\x92\x12\xef^~v\x10/X\x1e\xc3\xb1T\xf4\xd0m|\xabr\xc7L\x9b3\xbeCJ\xad!\xb2\xb5g\x7f\xe9W\a\x00\x03=q\x8a\x83|\\w\xe1\xf3\xf1\xe8\x83\xef\xe2\x8bU\xebG4<\x1b\a57<;\xefm:?\x8e\x16\tu\xd5=\xc6P5\xd7\xeci\xcaI\x15\x00]\xc6%\x94&9\xac\xa9\xe9k\x99qc2\xc6V6\x1e\x1c\xeb\x9e\xc78\xb4y+\x85\xc4\xfa.\x15\xe4\x11\xa2\x92\t\xde\xa9\xdc\xe1\xfd\x98\xd2Ja\'r4\xe3sFv\x02\xa6\x8exO\xd0D\x8ea\xc3g\xe5V|@1\x15H4(\xb8E\xa4\xa9\x8bp:\x82k/.:\xf6\x003G(\xd4\xfc\xa0\x01\xe3Q\x805?\br\xc2\x96(y\x8c\x95\xf2Rx\xca\x06\xea\xf43\xf2/8L\xd3u\x87m\x96\xfc\x9cU]\xffiN\x14\xe7-{\xea\x9f\'D\xc0\xeeqA\x1a\xed\x8d\xc8\xad\xcdZS\x1b\xb6{\xfa\xa8\x84\nd=\x0e\x8fc9\xf0\x7fK\xd7\b\x86r\xac\xaf\xd0\xb6^y\xc5\x03c\xc22\xa9R\x90\x9e\xfc\xce\x957O\x06]\xdcZ\x17\xb3\x1bb\xc9Dm\xa2\xd3\x91'}]}, 0x49f) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r9, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r10, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x4052, r7, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)={0x0, 0x0, @d}, 0x18, 0xfffffffffffffffb) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f000000b5c0)={0x8, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) socket(0x18, 0x0, 0xf9a) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000029c0)={0x20, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0xc, 0x11a, 0x0, 0x1, [@nested={0x8, 0xa, 0x0, 0x1, [@generic="ef0771c3"]}]}]}, 0x20}}, 0x0) 4.266539534s ago: executing program 1 (id=1590): socket$inet6_mptcp(0xa, 0x1, 0x106) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r3, 0x8008af26, &(0x7f0000000280)={@my=0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'ip6tnl0\x00', 0x0}) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000180), 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x3c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x10) r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r6 = mmap$KVM_VCPU(&(0x7f0000b8b000/0x3000)=nil, 0x930, 0x300000b, 0x12, r5, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000002c0)="c733a3b8ec3522cb25092845f6a5eb4aaea8a15348ec54876d8adc72a63fdd4a0c1baa7dca9b5d8476dce91d60fda13bc231dd2156fb06845058a7b15982dca1278276c5eaec0ddc", 0x0, 0x48) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$dri(&(0x7f00000001c0), 0x2, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB(r7, 0xc01c64ae, &(0x7f0000000380)={0x0, 0x4, 0x0, 0x0, 0x10, 0xf}) r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r8, &(0x7f0000000000)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r8, &(0x7f0000000200)={0x24, @short={0x2, 0x3}}, 0x14) 4.102505848s ago: executing program 0 (id=1592): syz_open_dev$tty1(0xc, 0x4, 0x3) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$media(&(0x7f0000000340), 0xff, 0x102) ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc01c7c02, &(0x7f0000000700)={0x80000000, 0x0, &(0x7f0000000780)}) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008841}, 0x10) tkill(0x0, 0xb) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r6 = accept4$alg(r5, 0x0, 0x0, 0x0) io_setup(0xff, &(0x7f0000000380)=0x0) io_submit(r7, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r6, &(0x7f0000000340), 0x41}]) socket$alg(0x26, 0x5, 0x0) 3.228279787s ago: executing program 3 (id=1593): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000200)={0x2a, 0x1}, 0xc) syz_open_dev$vcsn(&(0x7f0000000380), 0xffffff80, 0x8020) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000014000000080000000c00000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xd, &(0x7f0000001a40)=ANY=[@ANYBLOB="b879669bd37749db67431da200e6992aab84d0896d8e0205acd58bf92da22e9a0b604db6afa22bed681602edcb4779cd03386c3b72dbd44f8a892da8b5979fcc9265c49c6704844f8c26b22312ae4cbdcffc7cc91bf15176f5b9ed955518327bc5eab54a5870916f36bbf30151", @ANYRESOCT=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000000)='exfat\x00', 0x8000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x1410, 0x1280, 0x150, 0x150, 0x0, 0xf8010000, 0x1348, 0x238, 0x238, 0x1348, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x1218, 0x1280, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x1, 0x1, './cgroup.net/syz0\x00', 0x1000000, {0x8}}}, @common=@inet=@sctp={{0x144}, {[], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000], 0x6, [], 0x0, 0x6}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [0x0, 0x0, 0x0, 0xffffffff], [], 'batadv_slave_0\x00', 'gre0\x00', {}, {}, 0x87}, 0x0, 0xa4, 0xc8}, @common=@inet=@SYNPROXY={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x146c) syz_io_uring_submit(0x0, 0x0, 0x0) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r5, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newlink={0x50, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @sit={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3f}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x800000f0}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004}, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xc8) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r7 = socket$inet_smc(0x2b, 0x1, 0x0) stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r1, 0x0, r8) getsockopt$inet_tcp_int(r7, 0x6, 0xc, 0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}) io_uring_enter(0xffffffffffffffff, 0x3512, 0x9d5c, 0x4, 0x0, 0x0) 3.224846689s ago: executing program 1 (id=1601): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x88200) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000500)={0x9, 0x8, 0x1, 0x1ff, '\x00', '\x00', '\x00', 0xe, 0x1, 0x8, 0xfc2, "f9912fa04476a8f1497f7bbea0ce97e2"}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e20}, 0x6e) mlock2(&(0x7f0000549000/0x1000)=nil, 0x1000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x1) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000040)=0x5, 0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$tipc(0x1e, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_ADV_SET_RAND_ADDR={{0x3}, 0x80}}}, 0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0x80049363, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="4f6b3780907c340a944dc93f004f", 0x0, 0x7, 0x0, 0xffffffffffffff1c, 0x0, 0x0, 0x0, 0x3, 0x9, 0x5}, 0x4c) 3.053305011s ago: executing program 4 (id=1594): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x15, 0x301, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000140)=[{0x0}], 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20181, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000580)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil}) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = syz_open_dev$vim2m(0x0, 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000040)={0xf0f029, 0x1}) 3.052990175s ago: executing program 1 (id=1595): openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x8200, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10ffd, @void, @value}, 0x94) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb, [{}, {}, {0x3, 0x4}, {}, {}, {}, {}, {0x0, 0xfffffffe}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r1, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setresuid(0x0, 0xee00, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r5 = socket(0x10, 0x80002, 0x0) connect$inet6(r5, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r4, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r6, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r6, 0x540a, 0x2) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x9}}}, 0x24}}, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) bpf$PROG_LOAD(0x5, 0x0, 0x0) 3.042818133s ago: executing program 3 (id=1596): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r0}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x3, &(0x7f00000004c0)=ANY=[@ANYRES16=r0, @ANYRESDEC=r0, @ANYRES32=r0, @ANYRESDEC=r0], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) r5 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2) ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000040)={0xf0f042}) pread64(r5, &(0x7f0000000400)=""/42, 0x2a, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) close(r6) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) 2.881992559s ago: executing program 0 (id=1597): setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x15) writev(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025", 0x1d}, {&(0x7f0000000580)="fa21bd2b5c40cc420740358ffc7f9f4b6e68fc8d1aa2597e7b484f301f11e35f22", 0x21}], 0x2) r4 = socket$rxrpc(0x21, 0x2, 0xa) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800050001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0) bind$rxrpc(r4, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x4001, 0x3, 0x2e4, 0x0, 0x0, 0x148, 0x0, 0x148, 0x250, 0x240, 0x240, 0x250, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x190, 0x1c0, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x8000000, 0x0, 0x2, 0x0, 'syz1\x00'}}, @common=@addrtype={{0x2c}, {0x0, 0x280}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x3, 0x2, 0x7}, {0x4, 0x2, 0x4}, 0xff}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x340) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x14, 0x28b}, &(0x7f0000000140), &(0x7f0000000200)) socket$l2tp6(0xa, 0x2, 0x73) 2.176114651s ago: executing program 1 (id=1598): r0 = gettid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000480)=ANY=[@ANYRES16, @ANYRES32=r0, @ANYRES64=r0, @ANYRES32, @ANYRESDEC=r0], &(0x7f0000000000)='GPL\x00', 0x8, 0xaf, &(0x7f0000000140)=""/175, 0x82200, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x200008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, 0x0, 0x20048041) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) syz_init_net_socket$rose(0xb, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="28000000120001002bbd7000ffdbdf25001f0000", @ANYRES32=0x0, @ANYBLOB="c0e200000020000008001c00", @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x40014}, 0x40) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7b, 0x0, &(0x7f0000000040)=0x700) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknod(&(0x7f0000000100)='./file1/file3\x00', 0xc000, 0x7) renameat2(0xffffffffffffff9c, &(0x7f0000002200)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000021c0)='./file1/file3\x00', 0x2) 2.003793581s ago: executing program 3 (id=1599): socket$nl_generic(0x10, 0x3, 0x10) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$vcsn(&(0x7f0000000180), 0x0, 0x26642) fsetxattr$security_capability(r0, &(0x7f0000000280), &(0x7f0000000380)=@v2={0x2000000, [{0x6, 0x10}, {0xffffff89, 0x100004}]}, 0x14, 0x3) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4001, 0x0, @empty, 0xd}, 0x1c) getsockopt$inet6_tcp_buf(r5, 0x6, 0x1a, 0x0, &(0x7f00000001c0)=0xd) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x50) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) socket$nl_generic(0x10, 0x3, 0x10) 1.74629558s ago: executing program 4 (id=1600): socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x9, 0x2, 0x9, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000280)) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f00000001c0)=0x2) ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000000c0)) read$dsp(r4, &(0x7f0000000300)=""/79, 0x4f) unlink(&(0x7f0000000000)='./file0\x00') sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) 1.039600124s ago: executing program 1 (id=1602): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0xd) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000100)=0x7) mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') unlink(&(0x7f0000000280)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15) 979.020444ms ago: executing program 3 (id=1603): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x58}}, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000000)) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000300)) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/75, 0x0}) r3 = dup(r2) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x0, r3}) r4 = epoll_create1(0x0) r5 = creat(&(0x7f00000001c0)='./bus\x00', 0x4e) close(r5) socket(0x15, 0x5, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000180), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYRES64=r5, @ANYRES16=r4]) close(0x3) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x1000000}) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x103fc, 0x6, 0x0, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_GET_VCPU_EVENTS(r10, 0x4048aecb, &(0x7f0000000180)) write$uinput_user_dev(r7, 0x0, 0x0) pselect6(0x40, &(0x7f0000000080)={0x3, 0x9, 0x7fffffff, 0x100000000, 0x80, 0x6, 0x1, 0xc}, &(0x7f0000000140)={0x2, 0x6, 0x1000, 0xfffffffffffff000, 0x5, 0x3, 0x2, 0x1}, &(0x7f0000000240)={0x1, 0xfffffffffffffeff, 0x4, 0x9, 0x41, 0xff, 0x114c, 0xb}, &(0x7f00000003c0), &(0x7f0000000280)={&(0x7f0000000440)={[0x1, 0x5]}, 0x8}) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="040e04141a0c"], 0x7) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000040)) 831.696242ms ago: executing program 3 (id=1604): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) socket$kcm(0x2d, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r4 = openat$procfs(0xffffff9c, &(0x7f0000000040)='/proc/zoneinfo\x00', 0x0, 0x0) sendfile(r3, r4, &(0x7f00000000c0)=0x8e, 0x180000504) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) r7 = syz_open_dev$sndpcmc(&(0x7f000000cc40), 0x1, 0x8000) syz_emit_ethernet(0x2a, &(0x7f00000005c0)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x5, 0x1c, 0x68, 0x0, 0xd, 0x11, 0x0, @broadcast, @multicast1}, {0x4e22, 0x4e20, 0x8}}}}}, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r7, 0xc25c4111, &(0x7f000000cc80)={0xf65, [[0x0, 0x5, 0x0, 0x5, 0x0, 0x4, 0xfffffffe, 0x5], [0x804, 0x6, 0x3, 0x3, 0x333, 0x7, 0x3000000, 0x1], [0x3, 0xb, 0x6, 0x9, 0x1, 0x6, 0x5, 0x5f1]], '\x00', [{0xa6, 0x2b, 0x1, 0x1, 0x0, 0x1}, {0x9, 0x8, 0x1, 0x1, 0x1}, {0x80, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x104, 0x5, 0x0, 0x1, 0x1}, {0x401, 0xfae, 0x1, 0x1}, {0x4, 0x3, 0x0, 0x0, 0x1}, {0xdfffff05, 0xff, 0x0, 0x1, 0x1}, {0x7802e748, 0x4, 0x0, 0x1, 0x0, 0x1}, {0x3, 0x2, 0x1, 0x1, 0x1}, {0x2, 0x9, 0x1}, {0x5, 0xfff, 0x0, 0x1, 0x0, 0x1}, {0xffffff00, 0x40000, 0x1, 0x1, 0x1}], '\x00', 0x80000000}) rt_sigsuspend(&(0x7f0000000040)={[0x3]}, 0x8) tkill(0x0, 0x27) r8 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r8, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r8, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x327cf3e4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x4fb6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x953, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x400, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xa2ce, 0x0, 0x0, 0x0, 0x0, 0x9]}) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r9, 0x0, 0x0) ioctl$sock_bt_hci(r9, 0x800448d5, &(0x7f0000000080)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES64=r5], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) 392.737086ms ago: executing program 0 (id=1605): socketpair$unix(0x1, 0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000ec0)) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, 0x0, 0x20000010) r1 = openat$audio1(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000140)=0x20) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000f, 0x40a2012, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20040820) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x4, 0x141901) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r6, 0x2ded, 0x4000, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000000, 0x10, r6, 0x97793000) ppoll(0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x14) syz_emit_ethernet(0x42, &(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES32=r3, @ANYRES8=r2, @ANYRESOCT=r0], 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r9, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) 370.696296ms ago: executing program 4 (id=1606): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x11000, @void, @value}, 0x94) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x0, 0xb}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="280008d10306010200000000000000000500000005000100070000000900020073797a3100000000"], 0x28}}, 0x20000840) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r2, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r6 = socket(0x10, 0x80002, 0x0) connect$inet6(r6, &(0x7f00000002c0)={0xa, 0x4e23, 0xa0000000, @mcast2, 0x3}, 0x1c) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x1) r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) r8 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x0, 0x4}, &(0x7f0000000440)) ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) mknod$loop(&(0x7f0000000200)='./file0\x00', 0x2000, 0x1) socket$nl_generic(0x10, 0x3, 0x10) 0s ago: executing program 3 (id=1607): fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="6c80000010", @ANYRES32=0x0, @ANYBLOB="debf0100e10000004c0012800b00010062726964676500003c000280050024000100000005002900010000000500250000000000060006000600000008001d008000000005001800010000000800050001000000"], 0x6c}}, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') migrate_pages(r1, 0xa94b, &(0x7f0000000b80), &(0x7f0000000bc0)=0x27e0407a) r6 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc2c45512, 0x0) umount2(&(0x7f0000000340)='./file0\x00', 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000c00)=""/21, 0x15}], 0x1, &(0x7f0000000200)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x84}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000680)=""/66, 0x42}], 0x2}}, {{&(0x7f0000000740), 0x6e, &(0x7f0000000980)=[{&(0x7f00000007c0)=""/179, 0xb3}, {&(0x7f0000000880)=""/204, 0xcc}], 0x2, &(0x7f00000009c0)=[@cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xe4}}], 0x3, 0x0, &(0x7f0000000b40)={0x0, 0x3938700}) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x2a0, 0x0, 0x11, 0x148, 0x0, 0x10, 0x20c, 0x2a8, 0x2a8, 0x20c, 0x2a8, 0xac, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'veth1_vlan\x00', 'sit0\x00'}, 0x10, 0xf4, 0x13c, 0x1c, {}, [@common=@unspec=@helper={{0x44}, {0x0, 'irc-20000\x00'}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@local, 'ip6gre0\x00', {0x2}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x0, 0x5, 0x7, 0x6, 0x1], 0x5, 0x3}, {0x3, [0x2, 0x2, 0x3, 0x6, 0x2, 0x3], 0x2, 0x3}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x2fc) syz_emit_ethernet(0x2a, &(0x7f0000000c40)=ANY=[@ANYBLOB="0180c200000050a245d5cde086dd4500001c000000000002907800000000ffffffff1cff49dc958bb45948a35779ee2fb5981200907800000000"], 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2d, 0x101, 0x0, 0x0, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x11, 0x0, 0x0, @u64=0x8000000000000000}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001540)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000e12020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000006fd6850000002d000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sys_enter\x00', r7}, 0x10) setfsgid(0xffffffffffffffff) kernel console output (not intermixed with test programs): cuous mode [ 126.145020][ T8204] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 126.148447][ T8204] Cannot create hsr debugfs directory [ 126.314593][ T8204] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 126.328007][ T8204] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 126.343438][ T8204] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 126.372771][ T8204] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 126.398728][ T8204] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.401287][ T8204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.414609][ T8229] batman_adv: batadv0: Adding interface: dummy0 [ 126.416811][ T8229] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.425106][ T8229] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 126.455950][ T8204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.464345][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.481384][ T8204] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.481517][ T8231] netlink: 4 bytes leftover after parsing attributes in process `syz.3.573'. [ 126.491010][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.493718][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.497667][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.500008][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.512583][ T8231] bridge_slave_1: left allmulticast mode [ 126.514442][ T8231] bridge_slave_1: left promiscuous mode [ 126.516334][ T8231] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.520455][ T8231] bridge_slave_0: left allmulticast mode [ 126.522342][ T8231] bridge_slave_0: left promiscuous mode [ 126.524853][ T8231] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.761635][ T8204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.992181][ T8204] veth0_vlan: entered promiscuous mode [ 126.998673][ T8204] veth1_vlan: entered promiscuous mode [ 127.011593][ T8204] veth0_macvtap: entered promiscuous mode [ 127.020073][ T8204] veth1_macvtap: entered promiscuous mode [ 127.030452][ T8204] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.040425][ T8204] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 127.047876][ T8204] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.050718][ T8204] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.054008][ T8204] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.056819][ T8204] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.088064][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.102551][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.117094][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.120091][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.248424][ T8263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.565'. [ 127.314037][ T8262] lo speed is unknown, defaulting to 1000 [ 127.422764][ T5290] Bluetooth: hci1: command tx timeout [ 128.245970][ T8273] netlink: 40 bytes leftover after parsing attributes in process `syz.1.583'. [ 128.393976][ T8285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.588'. [ 128.470033][ T8287] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 128.949754][ T8309] netlink: 24 bytes leftover after parsing attributes in process `syz.1.597'. [ 129.148096][ T8313] ip6t_srh: unknown srh invflags 6BE9 [ 129.157588][ T8313] ubi: mtd0 is already attached to ubi31 [ 129.424905][ T40] audit: type=1326 audit(1747697673.878:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.431807][ T40] audit: type=1326 audit(1747697673.878:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.438971][ T40] audit: type=1326 audit(1747697673.888:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.446584][ T40] audit: type=1326 audit(1747697673.888:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.454325][ T40] audit: type=1326 audit(1747697673.888:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.461331][ T40] audit: type=1326 audit(1747697673.888:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.468232][ T40] audit: type=1326 audit(1747697673.888:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.475570][ T40] audit: type=1326 audit(1747697673.888:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.483592][ T40] audit: type=1326 audit(1747697673.888:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=218 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.490261][ T40] audit: type=1326 audit(1747697673.888:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8317 comm="syz.1.599" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 129.502798][ T5290] Bluetooth: hci1: command tx timeout [ 129.512610][ C1] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 129.988086][ T8324] Cannot find del_set index 3 as target [ 129.990991][ T8324] netlink: 'syz.0.600': attribute type 11 has an invalid length. [ 129.993678][ T8324] netlink: 224 bytes leftover after parsing attributes in process `syz.0.600'. [ 130.552539][ C1] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 130.557732][ T8345] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 131.582558][ T5290] Bluetooth: hci1: command tx timeout [ 132.211813][ T8387] tipc: Enabling of bearer rejected, failed to enable media [ 132.310017][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.313617][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.526669][ T8395] Cannot find del_set index 3 as target [ 132.533436][ T8395] netlink: 'syz.4.613': attribute type 11 has an invalid length. [ 132.536869][ T8395] netlink: 224 bytes leftover after parsing attributes in process `syz.4.613'. [ 132.781650][ T8397] lo speed is unknown, defaulting to 1000 [ 133.045479][ T8418] ip6t_srh: unknown srh invflags 6BE9 [ 133.457790][ T8422] ip6t_srh: unknown srh invflags 6BE9 [ 133.672387][ T5290] Bluetooth: hci1: command tx timeout [ 133.795526][ T5290] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 133.800056][ T5290] CPU: 1 UID: 0 PID: 5290 Comm: kworker/u33:1 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) [ 133.800074][ T5290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.800082][ T5290] Workqueue: hci0 hci_rx_work [ 133.800098][ T5290] Call Trace: [ 133.800102][ T5290] [ 133.800107][ T5290] dump_stack_lvl+0x16c/0x1f0 [ 133.800125][ T5290] sysfs_warn_dup+0x7f/0xa0 [ 133.800143][ T5290] sysfs_create_dir_ns+0x24b/0x2b0 [ 133.800160][ T5290] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 133.800176][ T5290] ? find_held_lock+0x2b/0x80 [ 133.800189][ T5290] ? do_raw_spin_unlock+0x172/0x230 [ 133.800205][ T5290] kobject_add_internal+0x2c4/0x9b0 [ 133.800219][ T5290] kobject_add+0x16e/0x240 [ 133.800228][ T5290] ? __pfx_kobject_add+0x10/0x10 [ 133.800239][ T5290] ? do_raw_spin_unlock+0x172/0x230 [ 133.800254][ T5290] ? kobject_put+0xab/0x5a0 [ 133.800278][ T5290] device_add+0x288/0x1a70 [ 133.800294][ T5290] ? __pfx_dev_set_name+0x10/0x10 [ 133.800311][ T5290] ? __pfx_device_add+0x10/0x10 [ 133.800326][ T5290] ? mgmt_send_event_skb+0x2fb/0x460 [ 133.800348][ T5290] hci_conn_add_sysfs+0x17e/0x230 [ 133.800361][ T5290] le_conn_complete_evt+0x1075/0x1d70 [ 133.800382][ T5290] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 133.800398][ T5290] ? hci_event_packet+0x43c/0x1190 [ 133.800417][ T5290] hci_le_conn_complete_evt+0x23c/0x370 [ 133.800436][ T5290] hci_le_meta_evt+0x2f6/0x5e0 [ 133.800447][ T5290] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 133.800469][ T5290] hci_event_packet+0x66c/0x1190 [ 133.800485][ T5290] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 133.800496][ T5290] ? __pfx_hci_event_packet+0x10/0x10 [ 133.800514][ T5290] ? kcov_remote_start+0x3c9/0x6d0 [ 133.800529][ T5290] ? lockdep_hardirqs_on+0x7c/0x110 [ 133.800548][ T5290] hci_rx_work+0x2c5/0x16b0 [ 133.800560][ T5290] ? rcu_is_watching+0x12/0xc0 [ 133.800574][ T5290] process_one_work+0x9cf/0x1b70 [ 133.800606][ T5290] ? __pfx_process_one_work+0x10/0x10 [ 133.800640][ T5290] ? assign_work+0x1a0/0x250 [ 133.800668][ T5290] worker_thread+0x6c8/0xf10 [ 133.800702][ T5290] ? __kthread_parkme+0x19e/0x250 [ 133.800725][ T5290] ? __pfx_worker_thread+0x10/0x10 [ 133.800745][ T5290] kthread+0x3c2/0x780 [ 133.800760][ T5290] ? __pfx_kthread+0x10/0x10 [ 133.800773][ T5290] ? __pfx_kthread+0x10/0x10 [ 133.800786][ T5290] ? __pfx_kthread+0x10/0x10 [ 133.800799][ T5290] ? __pfx_kthread+0x10/0x10 [ 133.800812][ T5290] ? rcu_is_watching+0x12/0xc0 [ 133.800823][ T5290] ? __pfx_kthread+0x10/0x10 [ 133.800837][ T5290] ret_from_fork+0x48/0x80 [ 133.800847][ T5290] ? __pfx_kthread+0x10/0x10 [ 133.800861][ T5290] ret_from_fork_asm+0x1a/0x30 [ 133.800882][ T5290] [ 133.800899][ T5290] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 133.897389][ T5290] Bluetooth: hci0: failed to register connection device [ 134.195819][ T8434] hfs: unable to load iocharset "io#harset" [ 135.332285][ T836] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 135.506436][ T836] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 135.509924][ T836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 135.513978][ T836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 135.518031][ T836] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 135.526596][ T836] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 135.529712][ T836] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 135.547516][ T8457] netlink: 24 bytes leftover after parsing attributes in process `syz.1.626'. [ 135.552007][ T836] usb 5-1: Manufacturer: syz [ 135.563118][ T836] usb 5-1: config 0 descriptor?? [ 135.689936][ T8464] pim6reg: entered allmulticast mode [ 135.995481][ T8473] ip6t_srh: unknown srh invflags 6BE9 [ 136.182192][ T836] rc_core: IR keymap rc-hauppauge not found [ 136.186371][ T836] Registered IR keymap rc-empty [ 136.194402][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.219076][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.258954][ T836] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0 [ 136.265457][ T836] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/rc/rc0/input12 [ 136.279572][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.302586][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.337595][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.384405][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.402502][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.428450][ T8487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.432300][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.435972][ T8487] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.452330][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.482394][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.501094][ T8489] netlink: 24 bytes leftover after parsing attributes in process `syz.3.633'. [ 136.512368][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.542395][ T836] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 136.577861][ T836] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 136.581105][ T836] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 136.826021][ T836] usb 5-1: USB disconnect, device number 10 [ 136.835252][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 136.838152][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 136.841089][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 136.844196][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 136.847425][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 136.850301][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 136.853532][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 136.856436][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 137.826050][ T8519] Cannot find del_set index 3 as target [ 138.179230][ T8526] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 138.189651][ T8526] kvm: pic: level sensitive irq not supported [ 138.190123][ T8526] kvm: pic: non byte read [ 138.196079][ T8526] kvm: pic: level sensitive irq not supported [ 138.196416][ T8526] kvm: pic: non byte read [ 138.730781][ T40] kauditd_printk_skb: 26 callbacks suppressed [ 138.730797][ T40] audit: type=1804 audit(1747697683.179:45): pid=8542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.646" name="/newroot/160/bus" dev="tmpfs" ino=939 res=1 errno=0 [ 139.138871][ T8551] tipc: Started in network mode [ 139.140667][ T8551] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 139.146630][ T8551] tipc: Enabled bearer , priority 10 [ 139.188247][ T8553] Illegal XDP return value 4294967274 on prog (id 157) dev syz_tun, expect packet loss! [ 139.204056][ T40] audit: type=1326 audit(1747697683.659:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8552 comm="syz.0.650" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0 [ 139.536410][ T8558] ipvlan2: entered promiscuous mode [ 139.633739][ T8564] Cannot find del_set index 3 as target [ 140.152016][ T29] tipc: Node number set to 4269801488 [ 140.326822][ T8568] syz.3.655(8568): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 140.336132][ T8568] overlayfs: failed to clone upperpath [ 140.732499][ T8580] ip6t_srh: unknown srh invflags 6BE9 [ 141.237174][ T8584] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 141.752624][ T8600] Cannot find del_set index 3 as target [ 141.757749][ T8600] netlink: 'syz.4.663': attribute type 11 has an invalid length. [ 141.760502][ T8600] __nla_validate_parse: 49 callbacks suppressed [ 141.760510][ T8600] netlink: 224 bytes leftover after parsing attributes in process `syz.4.663'. [ 142.183866][ T5290] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 142.527923][ T8625] netlink: 'syz.4.667': attribute type 10 has an invalid length. [ 142.552658][ T8625] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 142.606353][ T8624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.331833][ T6045] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 143.502258][ T6045] usb 5-1: Using ep0 maxpacket: 32 [ 143.508648][ T6045] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 143.525387][ T6045] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 143.528797][ T6045] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 143.537375][ T6045] usb 5-1: Product: syz [ 143.539287][ T6045] usb 5-1: Manufacturer: syz [ 143.541324][ T6045] usb 5-1: SerialNumber: syz [ 143.552377][ T6045] usb 5-1: config 0 descriptor?? [ 143.555420][ T8631] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 143.820958][ T5975] usb 5-1: USB disconnect, device number 11 [ 144.713703][ T8665] Cannot find del_set index 3 as target [ 145.574629][ T8681] netlink: 14 bytes leftover after parsing attributes in process `syz.3.678'. [ 145.658485][ T8681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 145.663193][ T8681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 145.666462][ T8681] bond0 (unregistering): Released all slaves [ 145.713557][ T8683] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.716144][ T8683] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.791265][ T8683] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.802484][ T8683] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.861773][ T8683] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.865615][ T8683] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.869318][ T8683] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.873243][ T8683] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.275711][ T8700] ip6t_srh: unknown srh invflags 6BE9 [ 146.281712][ T8700] ubi: mtd0 is already attached to ubi31 [ 146.697627][ T8704] Cannot find del_set index 3 as target [ 147.133985][ T8711] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 147.189624][ T8715] netlink: 830 bytes leftover after parsing attributes in process `syz.3.689'. [ 147.267905][ T8721] Cannot find del_set index 3 as target [ 147.273305][ T8721] netlink: 'syz.0.686': attribute type 11 has an invalid length. [ 147.276110][ T8721] netlink: 224 bytes leftover after parsing attributes in process `syz.0.686'. [ 147.281904][ T8719] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 147.285949][ T8719] kvm: requested 12571 ns i8254 timer period limited to 200000 ns [ 147.289765][ T8719] kvm: requested 12571 ns i8254 timer period limited to 200000 ns [ 147.294251][ T8719] kvm: requested 85485 ns i8254 timer period limited to 200000 ns [ 147.297734][ T8719] kvm: requested 93028 ns i8254 timer period limited to 200000 ns [ 147.301308][ T8719] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 147.305479][ T8719] kvm: requested 10057 ns i8254 timer period limited to 200000 ns [ 147.309261][ T8719] kvm: requested 155047 ns i8254 timer period limited to 200000 ns [ 147.313602][ T8719] kvm: requested 160914 ns i8254 timer period limited to 200000 ns [ 147.631973][ T8723] ip6t_srh: unknown srh invflags 6BE9 [ 148.294733][ T40] audit: type=1804 audit(1747697692.749:47): pid=8748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.692" name="/newroot/169/bus" dev="tmpfs" ino=987 res=1 errno=0 [ 149.645203][ T8775] netlink: 32 bytes leftover after parsing attributes in process `syz.1.699'. [ 150.961234][ T8809] program syz.0.708 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 152.049608][ T8836] netlink: 12 bytes leftover after parsing attributes in process `syz.1.714'. [ 152.809430][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.905312][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.975670][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.064195][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.214658][ T8856] hfs: unable to load iocharset "io#harset" [ 153.281655][ T13] bridge_slave_1: left allmulticast mode [ 153.293685][ T13] bridge_slave_1: left promiscuous mode [ 153.313123][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.342048][ T13] bridge_slave_0: left allmulticast mode [ 153.343930][ T13] bridge_slave_0: left promiscuous mode [ 153.345810][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.749724][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.755621][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.760434][ T13] bond0 (unregistering): Released all slaves [ 154.080870][ T8881] netlink: 12 bytes leftover after parsing attributes in process `syz.3.723'. [ 154.228553][ T13] hsr_slave_0: left promiscuous mode [ 154.230915][ T13] hsr_slave_1: left promiscuous mode [ 154.239053][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.246824][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.250844][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.261376][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.307669][ T13] veth1_macvtap: left promiscuous mode [ 154.309556][ T13] veth0_macvtap: left promiscuous mode [ 154.311381][ T13] veth1_vlan: left promiscuous mode [ 154.313843][ T13] veth0_vlan: left promiscuous mode [ 155.354896][ T13] team0 (unregistering): Port device team_slave_1 removed [ 155.478844][ T13] team0 (unregistering): Port device team_slave_0 removed [ 155.487627][ T8909] netlink: 'syz.0.729': attribute type 10 has an invalid length. [ 155.944918][ T8920] ip6t_srh: unknown srh invflags 6BE9 [ 155.950028][ T8920] ubi: mtd0 is already attached to ubi31 [ 156.110057][ T8909] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 156.138945][ T8916] batman_adv: batadv0: Adding interface: vxlan0 [ 156.141264][ T8916] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.149499][ T8916] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active [ 156.442272][ T8946] bridge0: port 4(vlan3) entered blocking state [ 156.444825][ T8946] bridge0: port 4(vlan3) entered disabled state [ 156.447436][ T8946] vlan3: entered allmulticast mode [ 156.449270][ T8946] bridge0: entered allmulticast mode [ 156.455144][ T8946] vlan3: left allmulticast mode [ 156.456870][ T8946] bridge0: left allmulticast mode [ 157.461235][ T8983] warning: `syz.3.737' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 157.769846][ T8989] Cannot find del_set index 3 as target [ 157.773566][ T8989] netlink: 'syz.0.738': attribute type 11 has an invalid length. [ 157.776120][ T8989] netlink: 224 bytes leftover after parsing attributes in process `syz.0.738'. [ 157.781503][ T40] audit: type=1326 audit(1747697702.240:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8991 comm="syz.4.740" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x0 [ 157.883528][ T9002] overlayfs: failed to clone upperpath [ 158.191274][ T9015] ip6t_srh: unknown srh invflags 6BE9 [ 158.467122][ T9024] batadv_slave_0: entered promiscuous mode [ 159.232091][ T9019] batadv_slave_0: left promiscuous mode [ 159.332382][ T9065] ip6t_srh: unknown srh invflags 6BE9 [ 160.373456][ T9090] ip6t_srh: unknown srh invflags 6BE9 [ 160.958760][ T9098] hfs: unable to load iocharset "io#harset" [ 161.319981][ T9113] delete_channel: no stack [ 161.375250][ T9107] geneve1: entered promiscuous mode [ 161.587522][ T9119] ip6t_srh: unknown srh invflags 6BE9 [ 161.592911][ T9119] ubi: mtd0 is already attached to ubi31 [ 162.507633][ T9139] netlink: 12 bytes leftover after parsing attributes in process `syz.4.766'. [ 162.752528][ T9149] overlay: ./file1 is not a directory [ 163.751843][ T9170] Cannot find del_set index 3 as target [ 163.756950][ T9170] netlink: 'syz.0.771': attribute type 11 has an invalid length. [ 163.759544][ T9170] netlink: 224 bytes leftover after parsing attributes in process `syz.0.771'. [ 164.576095][ T9196] ip6t_srh: unknown srh invflags 6BE9 [ 164.626206][ T9198] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 164.628266][ T9198] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 164.653639][ T9202] sctp: [Deprecated]: syz.0.775 (pid 9202) Use of int in maxseg socket option. [ 164.653639][ T9202] Use struct sctp_assoc_value instead [ 164.765929][ T9198] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 164.767873][ T9198] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 164.785961][ T9198] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 164.788232][ T9198] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 164.862258][ T9215] netlink: 12 bytes leftover after parsing attributes in process `syz.4.776'. [ 164.994388][ T9198] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 164.999156][ T9198] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 165.472548][ T9225] hfs: unable to load iocharset "io#harset" [ 165.636739][ T9250] ip6t_srh: unknown srh invflags 6BE9 [ 165.643697][ T9250] ubi: mtd0 is already attached to ubi31 [ 165.883822][ T9255] binder: 9241:9255 ioctl 4018620d 0 returned -22 [ 166.673222][ T9273] Cannot find del_set index 3 as target [ 166.708451][ T9285] Cannot find del_set index 3 as target [ 166.712470][ T9285] netlink: 'syz.0.785': attribute type 11 has an invalid length. [ 166.715023][ T9285] netlink: 224 bytes leftover after parsing attributes in process `syz.0.785'. [ 166.772677][ T9296] ip6t_srh: unknown srh invflags 6BE9 [ 167.214978][ T9311] hfs: unable to load iocharset "io#harset" [ 167.574829][ T9311] geneve1: entered promiscuous mode [ 167.814148][ T9325] trusted_key: encrypted_key: insufficient parameters specified [ 168.358696][ T9349] ip6t_srh: unknown srh invflags 6BE9 [ 168.611803][ T9360] virtio-fs: tag not found [ 168.733840][ T9368] ipvlan3: entered promiscuous mode [ 168.888223][ T9357] syz.4.793 (9357) used greatest stack depth: 20424 bytes left [ 169.094154][ T9384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.797'. [ 169.106207][ T9388] Cannot find del_set index 3 as target [ 169.110423][ T9388] netlink: 'syz.4.796': attribute type 11 has an invalid length. [ 169.112996][ T9388] netlink: 224 bytes leftover after parsing attributes in process `syz.4.796'. [ 169.345960][ T9397] ip6t_srh: unknown srh invflags 6BE9 [ 169.608833][ T9411] xt_CT: You must specify a L4 protocol and not use inversions on it [ 170.971352][ T9472] ip6t_srh: unknown srh invflags 6BE9 [ 172.022233][ T9503] Cannot find del_set index 3 as target [ 172.852885][ T9549] ip6t_srh: unknown srh invflags 6BE9 [ 173.260198][ C1] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 173.612968][ T40] audit: type=1800 audit(1747697718.066:49): pid=9583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.818" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 174.451017][ T9625] netlink: 32 bytes leftover after parsing attributes in process `syz.0.821'. [ 176.387115][ T9705] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: 5a:98:ca:00:00:85 [ 176.536067][ T9705] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 176.538492][ T65] IPVS: starting estimator thread 0... [ 176.540537][ T9705] tipc: Enabled bearer , priority 10 [ 176.666260][ T9717] ip6t_srh: unknown srh invflags 6BE9 [ 176.679097][ T9713] IPVS: using max 42 ests per chain, 100800 per kthread [ 176.680064][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 176.959898][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 177.137484][ T9731] netlink: 100 bytes leftover after parsing attributes in process `syz.1.831'. [ 177.489881][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 177.717255][ T9761] Cannot find del_set index 3 as target [ 178.539879][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 178.988838][ T9793] netlink: 12 bytes leftover after parsing attributes in process `syz.0.839'. [ 178.993106][ T9793] bridge0: port 3(batadv0) entered disabled state [ 178.999456][ T9793] bridge_slave_1: left allmulticast mode [ 179.001948][ T9793] bridge_slave_1: left promiscuous mode [ 179.004502][ T9793] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.010346][ T9793] bridge_slave_0: left allmulticast mode [ 179.015406][ T9793] bridge_slave_0: left promiscuous mode [ 179.018833][ T9793] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.222339][ T9805] ip6t_srh: unknown srh invflags 6BE9 [ 179.226813][ T9805] ubi: mtd0 is already attached to ubi31 [ 179.410135][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 179.414809][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 179.419400][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 179.424240][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 179.579836][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 179.733715][ T9818] ip6t_srh: unknown srh invflags 6BE9 [ 179.990774][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 179.995495][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 180.000184][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 180.004746][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 180.584475][ T9852] ip6t_srh: unknown srh invflags 6BE9 [ 182.318683][ T9918] ip6t_srh: unknown srh invflags 6BE9 [ 182.323456][ T9918] ubi: mtd0 is already attached to ubi31 [ 183.146651][ T40] audit: type=1326 audit(1747697727.596:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.156908][ T40] audit: type=1326 audit(1747697727.606:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.164911][ T40] audit: type=1326 audit(1747697727.606:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.219080][ T40] audit: type=1326 audit(1747697727.606:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.313184][ T40] audit: type=1326 audit(1747697727.606:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.322875][ T40] audit: type=1326 audit(1747697727.606:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.341592][ T40] audit: type=1326 audit(1747697727.606:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.354203][ T40] audit: type=1326 audit(1747697727.606:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.366749][ T40] audit: type=1326 audit(1747697727.606:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.381597][ T40] audit: type=1326 audit(1747697727.606:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9964 comm="syz.1.858" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 183.699757][ T77] net_ratelimit: 27 callbacks suppressed [ 183.699839][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 183.708430][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 183.714696][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 183.720916][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 183.739523][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 183.967869][ T9992] netlink: 'syz.4.859': attribute type 10 has an invalid length. [ 183.983072][ T9992] bond0: (slave wlan1): Releasing backup interface [ 184.250551][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 184.256779][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 184.262984][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 184.269057][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 184.780156][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 184.817514][T10007] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 185.106489][T10010] ip6t_srh: unknown srh invflags 6BE9 [ 185.112168][T10010] ubi: mtd0 is already attached to ubi31 [ 185.438450][T10017] trusted_key: encrypted_key: master key parameter 'u' is invalid [ 185.491354][T10016] lo speed is unknown, defaulting to 1000 [ 185.510953][T10016] lo speed is unknown, defaulting to 1000 [ 185.551955][T10016] lo speed is unknown, defaulting to 1000 [ 185.560562][T10016] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 185.580907][T10016] lo speed is unknown, defaulting to 1000 [ 185.583682][T10016] lo speed is unknown, defaulting to 1000 [ 185.586367][T10016] lo speed is unknown, defaulting to 1000 [ 185.589038][T10016] lo speed is unknown, defaulting to 1000 [ 185.593051][T10016] lo speed is unknown, defaulting to 1000 [ 186.478326][T10041] netlink: 'syz.3.872': attribute type 10 has an invalid length. [ 186.500001][T10041] veth0_vlan: left promiscuous mode [ 186.511970][T10041] veth0_vlan: entered promiscuous mode [ 186.528389][T10041] team0: Device veth0_vlan failed to register rx_handler [ 186.790068][T10035] syz.4.871 (10035) used greatest stack depth: 17224 bytes left [ 187.103176][T10049] ip6t_srh: unknown srh invflags 6BE9 [ 187.331044][T10051] Cannot find del_set index 3 as target [ 188.173186][T10059] ip6t_srh: unknown srh invflags 6BE9 [ 188.815869][T10065] fuse: Bad value for 'fd' [ 188.930185][ T1139] net_ratelimit: 35 callbacks suppressed [ 188.930234][ T1139] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 188.930353][T10067] syz.4.877: attempt to access beyond end of device [ 188.930353][T10067] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 188.932128][ T1139] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 188.937579][T10067] XFS (nbd4): SB validate failed with error -5. [ 188.942141][ T1139] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 188.949935][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 188.955330][ T1139] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 189.071467][T10076] overlayfs: failed to clone lowerpath [ 189.076328][T10076] overlayfs: failed to clone lowerpath [ 189.201183][T10087] netlink: 'syz.3.882': attribute type 10 has an invalid length. [ 189.204394][T10087] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 189.352033][T10094] netlink: 8 bytes leftover after parsing attributes in process `syz.1.880'. [ 189.355063][T10094] netlink: 3 bytes leftover after parsing attributes in process `syz.1.880'. [ 189.393636][T10094] netlink: 12 bytes leftover after parsing attributes in process `syz.1.880'. [ 189.459276][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 189.465080][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 189.470987][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 189.476725][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 189.558654][T10097] Cannot find del_set index 3 as target [ 189.979255][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 190.360709][T10102] Cannot find del_set index 3 as target [ 190.363875][T10102] netlink: 'syz.4.886': attribute type 11 has an invalid length. [ 190.366752][T10102] netlink: 224 bytes leftover after parsing attributes in process `syz.4.886'. [ 191.536274][T10138] netlink: 12 bytes leftover after parsing attributes in process `syz.1.894'. [ 191.666372][T10142] netlink: 4 bytes leftover after parsing attributes in process `syz.1.895'. [ 191.751846][T10142] team0 (unregistering): Port device team_slave_0 removed [ 191.755984][T10142] team0 (unregistering): Port device team_slave_1 removed [ 192.082072][T10151] Cannot find del_set index 3 as target [ 192.085472][T10151] netlink: 'syz.0.897': attribute type 11 has an invalid length. [ 192.088129][T10151] netlink: 224 bytes leftover after parsing attributes in process `syz.0.897'. [ 192.136929][T10152] ip6t_srh: unknown srh invflags 6BE9 [ 192.386432][T10154] ip6t_srh: unknown srh invflags 6BE9 [ 192.472958][T10171] netlink: 12 bytes leftover after parsing attributes in process `syz.3.903'. [ 192.485186][T10174] Cannot find map_set index 0 as target [ 192.681882][ T40] kauditd_printk_skb: 218 callbacks suppressed [ 192.681893][ T40] audit: type=1326 audit(1747697737.127:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.697520][ T40] audit: type=1326 audit(1747697737.127:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.708445][ T40] audit: type=1326 audit(1747697737.127:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.717168][ T40] audit: type=1326 audit(1747697737.127:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.728464][ T40] audit: type=1326 audit(1747697737.127:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.741008][ T40] audit: type=1326 audit(1747697737.127:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.751952][ T40] audit: type=1326 audit(1747697737.127:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.763247][ T40] audit: type=1326 audit(1747697737.127:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.773714][ T40] audit: type=1326 audit(1747697737.127:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=218 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 192.784381][ T40] audit: type=1326 audit(1747697737.127:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10183 comm="syz.3.905" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 193.606129][T10200] hfs: unable to load iocharset "io#harset" [ 193.739347][T10208] ip6t_srh: unknown srh invflags 6BE9 [ 193.744165][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.745246][T10208] ubi: mtd0 is already attached to ubi31 [ 193.746269][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.114722][T10216] netlink: 12 bytes leftover after parsing attributes in process `syz.3.913'. [ 194.138974][ C3] net_ratelimit: 35 callbacks suppressed [ 194.141754][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 194.268961][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 194.274844][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 194.279889][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 194.284433][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 194.555634][T10230] Cannot find del_set index 3 as target [ 194.850234][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 194.857543][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 194.863911][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 194.870232][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 195.178908][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 195.272190][T10249] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 195.428412][T10253] Cannot find del_set index 3 as target [ 196.586694][T10269] ip6t_srh: unknown srh invflags 6BE9 [ 197.430597][T10276] netlink: 8 bytes leftover after parsing attributes in process `syz.0.936'. [ 198.137436][T10288] netlink: 24 bytes leftover after parsing attributes in process `syz.0.932'. [ 198.644019][T10292] Cannot find del_set index 3 as target [ 198.648780][T10292] netlink: 'syz.0.933': attribute type 11 has an invalid length. [ 198.651907][T10292] netlink: 224 bytes leftover after parsing attributes in process `syz.0.933'. [ 199.255686][T10308] 9pnet_virtio: no channels available for device ./file0/file0 [ 199.338700][ C3] net_ratelimit: 35 callbacks suppressed [ 199.338721][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 199.462104][ T40] kauditd_printk_skb: 72 callbacks suppressed [ 199.462165][ T40] audit: type=1326 audit(1747697743.917:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 199.500717][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.0.937'. [ 199.649999][ T46] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 199.655897][ T46] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 199.661761][ T46] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 199.667524][ T46] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 199.970451][T10316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.939'. [ 200.075412][T10316] team0 (unregistering): Port device team_slave_0 removed [ 200.082492][T10316] team0 (unregistering): Port device team_slave_1 removed [ 200.188770][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 200.195025][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 200.201358][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 200.207531][ T7803] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 200.250642][ T40] audit: type=1326 audit(1747697744.697:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.268737][ T40] audit: type=1326 audit(1747697744.697:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.291377][ T40] audit: type=1326 audit(1747697744.697:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.303538][ T40] audit: type=1326 audit(1747697744.697:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.316997][ T40] audit: type=1326 audit(1747697744.697:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.337001][ T40] audit: type=1326 audit(1747697744.697:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.344765][ T40] audit: type=1326 audit(1747697744.697:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.353010][ T40] audit: type=1326 audit(1747697744.697:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.362855][ T40] audit: type=1326 audit(1747697744.697:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10310 comm="syz.4.938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7fc00000 [ 200.378717][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 200.454051][T10327] ip6t_srh: unknown srh invflags 6BE9 [ 200.463681][T10327] ubi: mtd0 is already attached to ubi31 [ 200.716442][T10334] overlayfs: failed to clone upperpath [ 201.179513][T10346] Cannot find del_set index 3 as target [ 201.552481][T10349] lo speed is unknown, defaulting to 1000 [ 201.554528][T10349] lo speed is unknown, defaulting to 1000 [ 201.558120][T10349] lo speed is unknown, defaulting to 1000 [ 201.584047][T10349] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 201.627763][T10349] lo speed is unknown, defaulting to 1000 [ 201.634522][T10349] lo speed is unknown, defaulting to 1000 [ 201.642777][T10349] lo speed is unknown, defaulting to 1000 [ 201.651290][T10349] lo speed is unknown, defaulting to 1000 [ 202.815969][T10375] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 203.621454][T10384] lo speed is unknown, defaulting to 1000 [ 203.624169][T10384] lo speed is unknown, defaulting to 1000 [ 204.310583][ T65] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 204.458404][ T65] usb 9-1: Using ep0 maxpacket: 8 [ 204.461808][ T65] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 204.465469][ T65] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 204.470721][ T65] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.473944][ T65] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.478790][ T65] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 204.481754][ T65] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.538381][ C3] net_ratelimit: 31 callbacks suppressed [ 204.538399][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 204.576899][T10396] Cannot find del_set index 3 as target [ 204.710304][ T65] usb 9-1: GET_CAPABILITIES returned 0 [ 204.712688][ T65] usbtmc 9-1:16.0: can't read capabilities [ 204.731634][T10400] syz_tun: entered allmulticast mode [ 204.737109][T10399] syz_tun: left allmulticast mode [ 204.749183][ T594] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 204.754727][ T594] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 204.760678][ T594] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 204.765813][ T594] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 204.921505][ T65] usb 9-1: USB disconnect, device number 2 [ 205.289244][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 205.293928][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 205.298698][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 205.303271][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 205.588263][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 206.561713][T10422] netlink: 8 bytes leftover after parsing attributes in process `syz.1.974'. [ 207.184535][T10426] 9pnet_virtio: no channels available for device ./file0/file0 [ 207.483012][T10432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.976'. [ 208.576908][T10449] Cannot find del_set index 3 as target [ 208.584787][T10449] netlink: 'syz.4.972': attribute type 11 has an invalid length. [ 208.588315][T10449] netlink: 224 bytes leftover after parsing attributes in process `syz.4.972'. [ 208.803260][T10450] ip6t_srh: unknown srh invflags 6BE9 [ 209.633221][T10476] Cannot find del_set index 3 as target [ 209.738162][ C3] net_ratelimit: 35 callbacks suppressed [ 209.738178][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 209.918138][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 209.924255][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 209.930288][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 209.936152][ T13] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 210.448157][ T1139] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 210.454368][ T1139] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 210.460620][ T1139] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 210.466740][ T1139] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 210.568516][T10485] 9pnet_virtio: no channels available for device ./file0/file0 [ 210.778076][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 210.856330][T10492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.983'. [ 210.971680][T10495] Cannot find map_set index 0 as target [ 211.680715][T10504] netlink: 'syz.0.988': attribute type 10 has an invalid length. [ 211.691348][T10503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.091781][T10510] Cannot find del_set index 3 as target [ 213.964269][T10529] program syz.0.1001 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.009423][ T1109] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 [ 214.012061][ T1109] ata1.00: irq_stat 0x40000000 [ 214.013689][ T1109] ata1.00: failed command: ZAC MANAGEMENT OUT [ 214.016046][ T1109] ata1.00: cmd 9f/02:00:00:00:00/00:00:00:00:00/40 tag 4 [ 214.016046][ T1109] res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error) [ 214.021760][ T1109] ata1.00: status: { DRDY ERR } [ 214.023528][ T1109] ata1.00: error: { ABRT } [ 214.025165][ T1109] ata1.00: device reported invalid CHS sector 0 [ 214.493844][ C3] ata1: illegal qc_active transition (00000000->00200000) [ 214.851893][ T1109] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 214.859175][ T1109] ata1.00: configured for UDMA/100 [ 214.937840][ C3] net_ratelimit: 35 callbacks suppressed [ 214.937854][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 215.128014][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 215.133794][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 215.138759][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 215.143829][ T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 215.636574][T10551] 9pnet_virtio: no channels available for device ./file0/file0 [ 215.657842][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 215.662558][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 215.667836][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 215.672400][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 215.831556][T10558] ip6t_srh: unknown srh invflags 6BE9 [ 215.987777][ C3] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 216.110838][T10559] netlink: 8 bytes leftover after parsing attributes in process `syz.1.997'. [ 219.822635][T10611] ip6t_srh: unknown srh invflags 6BE9 [ 220.205726][ T40] kauditd_printk_skb: 30 callbacks suppressed [ 220.205743][ T40] audit: type=1326 audit(1747697764.658:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.216964][ T40] audit: type=1326 audit(1747697764.658:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.232248][ T40] audit: type=1326 audit(1747697764.668:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=293 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.240624][ T40] audit: type=1326 audit(1747697764.668:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.251072][ T40] audit: type=1326 audit(1747697764.668:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.259238][ T40] audit: type=1326 audit(1747697764.668:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.265981][ T40] audit: type=1326 audit(1747697764.668:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.276653][ T40] audit: type=1326 audit(1747697764.668:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.285032][ T40] audit: type=1326 audit(1747697764.678:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.292846][ T40] audit: type=1326 audit(1747697764.688:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10616 comm="syz.3.1016" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 220.301444][ T77] net_ratelimit: 32 callbacks suppressed [ 220.301458][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 220.308142][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 220.312510][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 220.316746][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 220.611709][T10627] batman_adv: batadv0: Adding interface: vxlan0 [ 220.613789][T10627] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.622710][T10627] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active [ 220.837534][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:00:00:00:01 [ 220.843126][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:00:00:2a [ 220.848842][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 33:33:ff:aa:aa:2a [ 220.854450][ T77] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01 [ 220.969520][T10638] batman_adv: batadv0: Interface deactivated: dummy0 [ 221.010339][T10638] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.018471][T10638] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.054886][T10638] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.058657][T10638] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.062269][T10638] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.066044][T10638] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.077636][T10638] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0 [ 221.080643][T10638] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0 [ 221.083552][T10638] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0 [ 221.088440][T10638] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0 [ 221.100409][T10638] bond2: left allmulticast mode [ 221.102586][T10638] bond2: left promiscuous mode [ 221.116937][ T6045] syz1: Port: 1 Link DOWN [ 221.214646][T10645] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in; [ 221.214646][T10645] program syz.0.1023 not setting count and/or reply_len properly [ 221.871115][T10662] ip6t_srh: unknown srh invflags 6BE9 [ 222.590306][T10675] ip6t_srh: unknown srh invflags 6BE9 [ 222.598463][T10675] ubi: mtd0 is already attached to ubi31 [ 223.626785][T10689] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.629334][T10689] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.643645][T10693] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1036'. [ 223.712672][T10689] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 223.739157][T10689] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 223.828792][T10689] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.831822][T10689] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.834942][T10689] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.839017][T10689] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.861321][ T65] lo speed is unknown, defaulting to 1000 [ 223.863986][ T65] syz2: Port: 1 Link DOWN [ 223.865916][T10690] batadv_slave_0: entered promiscuous mode [ 224.104980][T10683] batadv_slave_0: left promiscuous mode [ 224.576565][T10706] ip6t_srh: unknown srh invflags 6BE9 [ 224.588570][T10706] ubi: mtd0 is already attached to ubi31 [ 224.641727][T10713] ip6t_srh: unknown srh invflags 6BE9 [ 224.646909][T10713] ubi: mtd0 is already attached to ubi31 [ 225.531922][T10716] ip6t_srh: unknown srh invflags 6BE9 [ 226.626763][T10738] binder: 10736:10738 ioctl c0306201 0 returned -14 [ 227.619448][T10753] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1049'. [ 227.996470][T10758] virtio-fs: tag not found [ 228.038359][T10761] ip6t_srh: unknown srh invflags 6BE9 [ 228.043461][T10761] ubi: mtd0 is already attached to ubi31 [ 228.685082][T10769] ip6t_srh: unknown srh invflags 6BE9 [ 228.881255][T10770] netlink: 'syz.4.1054': attribute type 1 has an invalid length. [ 228.884170][T10770] netlink: 'syz.4.1054': attribute type 2 has an invalid length. [ 228.892048][T10770] nftables ruleset with unbound set [ 229.210091][ T65] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 229.368320][ T65] usb 5-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= 3.90 [ 229.375385][ T65] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.385349][ T65] usb 5-1: config 0 descriptor?? [ 229.392153][ T65] bfusb 5-1:0.0: probe with driver bfusb failed with error -5 [ 229.600309][ T65] usb 5-1: USB disconnect, device number 12 [ 230.387228][T10791] lo speed is unknown, defaulting to 1000 [ 230.390106][T10791] lo speed is unknown, defaulting to 1000 [ 230.686227][T10805] ip6t_srh: unknown srh invflags 6BE9 [ 230.691130][T10805] ubi: mtd0 is already attached to ubi31 [ 231.065349][T10811] virtio-fs: tag not found [ 231.174830][T10815] netlink: 'syz.4.1066': attribute type 10 has an invalid length. [ 231.261727][T10815] bond0: (slave wlan1): Opening slave failed [ 231.265034][T10814] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 231.743896][T10829] 9pnet_fd: Insufficient options for proto=fd [ 232.288552][T10840] netlink: 'syz.4.1072': attribute type 1 has an invalid length. [ 232.291194][T10840] netlink: 'syz.4.1072': attribute type 2 has an invalid length. [ 232.347482][T10849] ip6t_srh: unknown srh invflags 6BE9 [ 232.353225][T10849] ubi: mtd0 is already attached to ubi31 [ 232.535993][T10841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1074'. [ 232.911241][T10854] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1077'. [ 232.943059][T10860] hfs: unable to load iocharset "io#harset" [ 233.382425][T10874] geneve1: entered promiscuous mode [ 234.887602][T10913] Invalid source name [ 235.879708][T10933] program syz.4.1085 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.931490][T10938] ip6t_srh: unknown srh invflags 6BE9 [ 236.227055][ T1109] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 [ 236.229777][ T1109] ata1.00: irq_stat 0x40000000 [ 236.231820][ T1109] ata1.00: failed command: ZAC MANAGEMENT OUT [ 236.234404][ T1109] ata1.00: cmd 9f/02:00:00:00:00/00:00:00:00:00/40 tag 18 [ 236.234404][ T1109] res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error) [ 236.240296][ T1109] ata1.00: status: { DRDY ERR } [ 236.242338][ T1109] ata1.00: error: { ABRT } [ 236.243840][ T1109] ata1.00: device reported invalid CHS sector 0 [ 236.876914][T10950] ip6t_srh: unknown srh invflags 6BE9 [ 237.919687][ C3] ata1: illegal qc_active transition (00000000->00000800) [ 237.983330][T10968] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1094'. [ 238.262626][ T1109] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 238.276849][ T1109] ata1.00: configured for UDMA/100 [ 239.088015][T10985] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1097'. [ 239.091038][T10985] bridge_slave_1: left allmulticast mode [ 239.092898][T10985] bridge_slave_1: left promiscuous mode [ 239.094884][T10985] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.098922][T10985] bridge_slave_0: left allmulticast mode [ 239.100824][T10985] bridge_slave_0: left promiscuous mode [ 239.103790][T10985] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.535224][T10994] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1100'. [ 241.108860][T11013] program syz.4.1114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 241.470552][T11022] netlink: 'syz.3.1105': attribute type 1 has an invalid length. [ 241.472997][T11022] netlink: 'syz.3.1105': attribute type 2 has an invalid length. [ 242.439626][T11034] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1110'. [ 242.745770][T11048] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1111'. [ 245.374097][T11084] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1120'. [ 245.414044][T11084] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 245.562656][ T40] kauditd_printk_skb: 26 callbacks suppressed [ 245.562667][ T40] audit: type=1326 audit(1747698046.012:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11086 comm="syz.3.1121" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x0 [ 245.617433][T11095] tmpfs: Bad value for 'mpol' [ 246.629438][T11116] netlink: 'syz.3.1129': attribute type 1 has an invalid length. [ 247.012161][T11118] overlayfs: missing 'lowerdir' [ 247.868439][ T40] audit: type=1326 audit(1747698048.322:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 247.900509][ T40] audit: type=1326 audit(1747698048.322:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 247.910439][ T40] audit: type=1326 audit(1747698048.332:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=163 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 247.921775][ T40] audit: type=1326 audit(1747698048.332:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 247.930408][ T40] audit: type=1326 audit(1747698048.332:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 247.938455][ T40] audit: type=1326 audit(1747698048.332:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 247.996254][ T40] audit: type=1326 audit(1747698048.442:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 248.018976][ T40] audit: type=1326 audit(1747698048.442:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 248.029920][ T40] audit: type=1326 audit(1747698048.472:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11132 comm="syz.1.1134" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 248.663504][T11145] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1 [ 248.675101][T11145] ref_ctr decrement failed for inode: 0x292 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88804fffda00 [ 248.681904][T11145] uprobe: syz.4.1136:11145 failed to unregister, leaking uprobe [ 248.936980][T11150] netlink: 'syz.0.1138': attribute type 10 has an invalid length. [ 248.944489][T11149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 251.269793][T11192] Cannot find del_set index 3 as target [ 251.272779][T11192] netlink: 'syz.0.1154': attribute type 11 has an invalid length. [ 251.275415][T11192] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1154'. [ 251.328157][T11196] ip6t_srh: unknown srh invflags 6BE9 [ 252.478358][T11219] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1160'. [ 252.488377][T11219] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1160'. [ 252.876702][T11234] ip6t_srh: unknown srh invflags 6BE9 [ 253.307515][T11226] lo speed is unknown, defaulting to 1000 [ 253.311223][T11226] lo speed is unknown, defaulting to 1000 [ 254.595943][T11257] Cannot find del_set index 3 as target [ 254.604333][T11257] netlink: 'syz.4.1159': attribute type 11 has an invalid length. [ 254.607851][T11257] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1159'. [ 255.186177][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.189781][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.360952][T11269] wg1: entered promiscuous mode [ 255.363066][T11269] wg1: entered allmulticast mode [ 255.462922][T11275] pim6reg: entered allmulticast mode [ 255.474970][T11275] pim6reg: left allmulticast mode [ 255.791085][T11279] bridge0: port 3(vlan2) entered blocking state [ 255.793259][T11279] bridge0: port 3(vlan2) entered disabled state [ 255.795414][T11279] vlan2: entered allmulticast mode [ 255.797185][T11279] bridge0: entered allmulticast mode [ 255.819451][T11279] vlan2: left allmulticast mode [ 255.821783][T11279] bridge0: left allmulticast mode [ 257.221901][T11304] netlink: 'syz.1.1177': attribute type 10 has an invalid length. [ 257.224897][T11304] bond0: (slave wlan1): Opening slave failed [ 257.228320][T11299] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 257.537230][T11307] Cannot find del_set index 3 as target [ 257.659633][T11309] ubi: mtd0 is already attached to ubi31 [ 257.887793][T11308] lo speed is unknown, defaulting to 1000 [ 257.890516][T11308] lo speed is unknown, defaulting to 1000 [ 258.032565][T11311] syz.0.1171 (11311): drop_caches: 2 [ 258.445735][T11321] Debayer A: ================= START STATUS ================= [ 258.448286][T11321] Debayer A: Debayer Mean Window Size: 3 [ 258.450322][T11321] Debayer A: ================== END STATUS ================== [ 258.455280][T11321] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1174'. [ 258.544997][T11321] team0 (unregistering): Port device team_slave_0 removed [ 258.572954][T11321] team0 (unregistering): Port device team_slave_1 removed [ 259.228839][T11340] netdevsim netdevsim4: Direct firmware load for . [ 259.228839][T11340] failed with error -2 [ 259.581788][T11340] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 259.581788][T11340] [ 260.088521][T11351] netlink: 'syz.1.1181': attribute type 10 has an invalid length. [ 260.091400][T11351] bond0: (slave wlan1): Opening slave failed [ 260.107649][T11350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 260.426215][T11361] Cannot find del_set index 3 as target [ 260.433460][T11359] netlink: 'syz.4.1182': attribute type 11 has an invalid length. [ 260.436178][T11359] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1182'. [ 261.292898][T11378] Debayer A: ================= START STATUS ================= [ 261.295422][T11378] Debayer A: Debayer Mean Window Size: 3 [ 261.308157][T11378] Debayer A: ================== END STATUS ================== [ 261.312966][T11378] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1186'. [ 261.449594][T11378] team0 (unregistering): Port device team_slave_0 removed [ 261.453110][T11378] team0 (unregistering): Port device team_slave_1 removed [ 261.489200][T11381] Cannot find del_set index 3 as target [ 261.494102][T11381] netlink: 'syz.4.1187': attribute type 11 has an invalid length. [ 261.496813][T11381] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1187'. [ 262.529837][T11391] netlink: 'syz.0.1188': attribute type 10 has an invalid length. [ 262.532350][T11400] overlayfs: failed to clone upperpath [ 262.533600][T11391] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1188'. [ 262.547029][T11391] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 262.895506][T11414] ip6t_srh: unknown srh invflags 6BE9 [ 263.160126][T11418] wg1: entered promiscuous mode [ 263.176131][T11418] wg1: entered allmulticast mode [ 263.790820][T11430] ip6t_srh: unknown srh invflags 6BE9 [ 263.800137][T11430] ubi: mtd0 is already attached to ubi31 [ 264.202818][T11434] ubi: mtd0 is already attached to ubi31 [ 264.272421][T11431] lo speed is unknown, defaulting to 1000 [ 264.276313][T11431] lo speed is unknown, defaulting to 1000 [ 265.182167][T11446] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 265.361937][T11454] bond0: entered promiscuous mode [ 265.363732][T11454] bond_slave_0: entered promiscuous mode [ 265.365734][T11454] bond_slave_1: entered promiscuous mode [ 265.368723][T11454] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 265.652631][T11461] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1206'. [ 265.660020][T11461] trusted_key: encrypted_key: insufficient parameters specified [ 265.664322][T11461] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1206'. [ 266.450055][T11479] 9pnet: Unknown protocol version 9p20\++} [ 266.487645][T11460] lo speed is unknown, defaulting to 1000 [ 266.491529][T11460] lo speed is unknown, defaulting to 1000 [ 267.552445][T11500] Cannot find del_set index 3 as target [ 267.700669][T11506] netfs: Couldn't get user pages (rc=-14) [ 267.845338][T11512] netlink: 'syz.0.1220': attribute type 10 has an invalid length. [ 267.851540][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 267.981825][T11513] overlayfs: failed to clone upperpath [ 268.001472][T11513] overlayfs: missing 'lowerdir' [ 268.195707][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 268.195721][ T40] audit: type=1326 audit(1747698068.642:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.201270][T11515] syz.3.1221 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 268.207368][ T40] audit: type=1326 audit(1747698068.652:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.207411][ T40] audit: type=1326 audit(1747698068.652:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.207447][ T40] audit: type=1326 audit(1747698068.652:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.207482][ T40] audit: type=1326 audit(1747698068.652:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.252138][ T40] audit: type=1326 audit(1747698068.652:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=104 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.263228][ T40] audit: type=1326 audit(1747698068.672:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.272921][ T40] audit: type=1326 audit(1747698068.672:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.281255][ T40] audit: type=1326 audit(1747698068.672:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.289117][ T40] audit: type=1326 audit(1747698068.672:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11514 comm="syz.3.1221" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7ffc0000 [ 268.657604][T11523] Cannot find del_set index 3 as target [ 268.728759][T11526] overlayfs: failed to clone upperpath [ 269.020406][T11531] ref_ctr going negative. vaddr: 0x80ffc002, curr val: 0, delta: -1 [ 269.027225][T11531] ref_ctr decrement failed for inode: 0x6f2 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff88805ebb9e00 [ 269.051135][T11531] uprobe: syz.1.1225:11531 failed to unregister, leaking uprobe [ 270.399506][T11549] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1227'. [ 270.402496][T11549] netlink: 'syz.1.1227': attribute type 5 has an invalid length. [ 270.405010][T11549] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1227'. [ 270.418944][T11549] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 270.422003][T11549] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 270.424903][T11549] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 270.520772][T11549] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 270.531288][T11549] geneve2: entered promiscuous mode [ 270.533181][T11549] geneve2: entered allmulticast mode [ 270.546499][T11543] hub 2-0:1.0: USB hub found [ 270.548394][T11543] hub 2-0:1.0: 2 ports detected [ 270.674966][T11555] No buffer was provided with the request [ 274.354720][T11599] could not allocate digest TFM handle cbcmac-aes-neon [ 275.039937][T11611] overlayfs: failed to clone upperpath [ 275.262181][T11621] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1244'. [ 275.266247][T11614] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1244'. [ 275.297315][T11612] trusted_key: encrypted_key: insufficient parameters specified [ 275.303028][T11612] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1244'. [ 276.443657][T11635] netlink: 'syz.1.1251': attribute type 10 has an invalid length. [ 277.389610][ T57] Process accounting resumed [ 277.627303][ T5974] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 279.653865][T11670] netlink: 'syz.1.1260': attribute type 10 has an invalid length. [ 279.657354][T11670] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1260'. [ 279.660698][T11670] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 279.810215][ T40] kauditd_printk_skb: 83 callbacks suppressed [ 279.810226][ T40] audit: type=1800 audit(1747698080.262:546): pid=11686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1261" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 280.931345][ T40] audit: type=1326 audit(1747698081.382:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11693 comm="syz.4.1265" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fc5579 code=0x0 [ 281.443860][ T40] audit: type=1326 audit(1747698081.892:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11695 comm="syz.3.1266" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x7fc00000 [ 281.497525][T11709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 281.938724][T11723] cgroup: Unknown subsys name ':#&:.œ!-.^' [ 281.951759][T11723] overlayfs: failed to resolve './bus': -2 [ 282.109355][T11730] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1275'. [ 282.657139][T11744] lo speed is unknown, defaulting to 1000 [ 282.659817][T11744] lo speed is unknown, defaulting to 1000 [ 283.283686][T11760] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1280'. [ 283.307944][T11760] : entered promiscuous mode [ 283.339357][T11761] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1279'. [ 283.347495][T11759] trusted_key: encrypted_key: insufficient parameters specified [ 283.356451][T11759] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1279'. [ 283.700101][T11765] 9pnet: Unknown protocol version 9p20\++} [ 283.773380][T11768] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 284.289721][T11780] Cannot find del_set index 3 as target [ 284.844608][T11791] overlayfs: missing 'lowerdir' [ 285.022933][T11795] xt_ecn: cannot match TCP bits for non-tcp packets [ 285.266892][ T5974] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 285.608044][ T5974] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 285.611193][ T5974] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 285.614365][ T5974] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 72 [ 285.619386][ T5974] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 285.622411][ T5974] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.625010][ T5974] usb 9-1: Product: syz [ 285.626405][ T5974] usb 9-1: Manufacturer: syz [ 285.628142][ T5974] usb 9-1: SerialNumber: syz [ 285.631495][T11798] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 285.841000][ T5974] usblp 9-1:1.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 286.049852][ C2] usblp0: nonzero read bulk status received: -71 [ 286.050831][T11798] usblp0: error -71 reading from printer [ 286.051517][ C2] usblp0: nonzero read bulk status received: -71 [ 286.531752][T11824] netlink: 'syz.3.1294': attribute type 10 has an invalid length. [ 286.536653][T11823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 287.622726][T11844] netlink: 'syz.3.1297': attribute type 10 has an invalid length. [ 287.626132][T11844] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1297'. [ 287.632278][T11844] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 287.664814][T11838] lo speed is unknown, defaulting to 1000 [ 287.668633][T11838] lo speed is unknown, defaulting to 1000 [ 288.303335][ T65] usb 9-1: USB disconnect, device number 3 [ 288.307285][ T65] usblp0: removed [ 288.511674][T11868] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1301'. [ 288.528609][T11868] : entered promiscuous mode [ 289.208143][T11875] netlink: 'syz.1.1305': attribute type 10 has an invalid length. [ 289.248152][T11875] bond0: (slave wlan1): Opening slave failed [ 289.264596][T11874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 290.251013][ T40] audit: type=1800 audit(1747698090.612:549): pid=11891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1306" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 290.261822][T11895] netlink: 'syz.3.1308': attribute type 23 has an invalid length. [ 290.415282][T11898] netlink: 'syz.0.1309': attribute type 10 has an invalid length. [ 290.420016][T11898] veth0_vlan: left allmulticast mode [ 290.693271][T11894] netlink: 'syz.4.1307': attribute type 10 has an invalid length. [ 290.697067][T11894] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1307'. [ 290.707021][T11894] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 291.387272][T11910] random: crng reseeded on system resumption [ 291.535137][T11904] Cannot find del_set index 3 as target [ 291.538241][T11909] Cannot find del_set index 3 as target [ 292.110264][T11921] netlink: 'syz.1.1316': attribute type 10 has an invalid length. [ 292.113294][T11921] bond0: (slave wlan1): Opening slave failed [ 292.118384][T11920] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 292.902825][T11927] Cannot find del_set index 3 as target [ 292.905524][T11927] netlink: 'syz.4.1317': attribute type 11 has an invalid length. [ 292.908166][T11927] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1317'. [ 292.924918][T11933] 9pnet_virtio: no channels available for device ./file0/file0 [ 293.090876][T11941] tipc: New replicast peer: 0.0.0.0 [ 293.093463][T11941] tipc: Enabled bearer , priority 10 [ 293.099458][T11941] tipc: New replicast peer: 172.20.20.170 [ 293.391730][T11937] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1319'. [ 293.400234][T11937] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 294.807769][T11974] IPVS: stopping backup sync thread 11975 ... [ 295.092184][T11954] netlink: 'syz.0.1322': attribute type 10 has an invalid length. [ 295.094855][T11954] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1322'. [ 295.097997][T11954] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 295.561346][T11985] netlink: 'syz.0.1327': attribute type 10 has an invalid length. [ 295.566088][T11981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 295.944029][T11990] netlink: 'syz.1.1329': attribute type 6 has an invalid length. [ 295.976833][T11990] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1329'. [ 296.753280][T12006] cgroup: Unknown subsys name ':#&:.œ!-.^' [ 296.760392][T12006] overlayfs: failed to resolve './bus': -2 [ 296.766984][T11997] lo speed is unknown, defaulting to 1000 [ 296.770719][T11997] lo speed is unknown, defaulting to 1000 [ 296.781670][T12001] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1333'. [ 297.378003][ T5974] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 297.576796][ T5974] usb 9-1: Using ep0 maxpacket: 32 [ 297.580098][T12013] netlink: 'syz.1.1337': attribute type 10 has an invalid length. [ 297.582812][T12013] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1337'. [ 297.585694][T12013] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 297.591861][ T5974] usb 9-1: config 0 has no interfaces? [ 297.595595][ T5974] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 297.599961][ T5974] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 297.606931][ T5974] usb 9-1: Product: syz [ 297.616919][ T5974] usb 9-1: Manufacturer: syz [ 297.619148][ T5974] usb 9-1: SerialNumber: syz [ 297.627160][ T5974] usb 9-1: config 0 descriptor?? [ 297.723677][T12028] netlink: 'syz.1.1340': attribute type 10 has an invalid length. [ 297.727155][T12028] bond0: (slave wlan1): Opening slave failed [ 297.730879][T12027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.898908][ T65] usb 9-1: USB disconnect, device number 4 [ 298.049841][T12031] lo speed is unknown, defaulting to 1000 [ 298.052934][T12031] lo speed is unknown, defaulting to 1000 [ 298.280389][T12040] netlink: 'syz.1.1343': attribute type 1 has an invalid length. [ 298.293584][T12040] netlink: 384 bytes leftover after parsing attributes in process `syz.1.1343'. [ 299.288489][T12054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1353'. [ 299.301116][T12054] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 300.766078][T12060] lo speed is unknown, defaulting to 1000 [ 300.770022][T12060] lo speed is unknown, defaulting to 1000 [ 300.983192][T12075] tipc: Started in network mode [ 300.985517][T12075] tipc: Node identity ac141425, cluster identity 4711 [ 300.988832][T12075] tipc: Enabling of bearer rejected, failed to enable media [ 301.374816][T12077] netlink: 'syz.4.1351': attribute type 10 has an invalid length. [ 301.378824][T12077] bond0: (slave wlan1): Opening slave failed [ 301.383153][T12076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 301.512720][T12081] tipc: New replicast peer: 10.1.1.2 [ 301.515014][T12081] tipc: Enabled bearer , priority 10 [ 301.942193][T12094] overlayfs: missing 'lowerdir' [ 302.064086][T12091] tipc: Enabling of bearer rejected, failed to enable media [ 302.430761][T12101] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1356'. [ 302.574397][T12101] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1356'. [ 302.637864][ T65] tipc: Node number set to 1488919180 [ 302.794980][T12101] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1356'. [ 303.704620][T12131] loop6: detected capacity change from 0 to 524287999 [ 303.726888][ T5974] usb 9-1: new full-speed USB device number 5 using dummy_hcd [ 304.051389][ T5974] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 304.054735][ T5974] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 304.082717][ T5974] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 304.086330][ T5974] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.235418][T12140] lo speed is unknown, defaulting to 1000 [ 304.238618][T12140] lo speed is unknown, defaulting to 1000 [ 304.326198][ T5974] usb 9-1: usb_control_msg returned -32 [ 304.328441][ T5974] usbtmc 9-1:16.0: can't read capabilities [ 304.870223][T12149] ip6t_srh: unknown srh invflags 6BE9 [ 304.875622][T12149] ubi: mtd0 is already attached to ubi31 [ 305.464074][T12156] Cannot find del_set index 3 as target [ 306.234707][T12164] lo: left promiscuous mode [ 306.240205][T12164] wg1: left promiscuous mode [ 306.242382][T12164] wg1: left allmulticast mode [ 306.251238][T12164] geneve1: left promiscuous mode [ 306.253826][T12164] ip6erspan0: left promiscuous mode [ 306.255760][T12164] ip6erspan0: left allmulticast mode [ 306.568313][T12173] netlink: 'syz.0.1369': attribute type 9 has an invalid length. [ 306.571976][T12173] netlink: 212384 bytes leftover after parsing attributes in process `syz.0.1369'. [ 306.594443][T12173] openvswitch: netlink: Message has 5 unknown bytes. [ 307.089092][T12170] lo speed is unknown, defaulting to 1000 [ 307.091865][T12170] lo speed is unknown, defaulting to 1000 [ 307.139854][ T57] usb 9-1: USB disconnect, device number 5 [ 307.401185][T12187] IPVS: Error connecting to the multicast addr [ 307.472967][ T5994] Process accounting resumed [ 307.759630][T12196] ip6t_srh: unknown srh invflags 6BE9 [ 308.379971][T12204] Cannot find del_set index 3 as target [ 309.212378][T12220] overlayfs: missing 'lowerdir' [ 309.215713][T12220] lo speed is unknown, defaulting to 1000 [ 309.218747][T12220] lo speed is unknown, defaulting to 1000 [ 309.221414][T12220] lo speed is unknown, defaulting to 1000 [ 309.317310][ T65] lo speed is unknown, defaulting to 1000 [ 309.320187][T12220] infiniband sz1: set down [ 309.322351][T12220] infiniband sz1: added lo [ 309.358120][T12220] RDS/IB: sz1: added [ 309.359897][T12220] smc: adding ib device sz1 with port count 1 [ 309.362605][T12220] smc: ib device sz1 port 1 has pnetid [ 309.365543][ T5974] lo speed is unknown, defaulting to 1000 [ 309.372241][T12220] lo speed is unknown, defaulting to 1000 [ 309.559649][T12220] lo speed is unknown, defaulting to 1000 [ 309.690771][T12220] lo speed is unknown, defaulting to 1000 [ 309.806833][T12220] lo speed is unknown, defaulting to 1000 [ 309.889547][T12227] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1384'. [ 310.019490][T12231] overlayfs: failed to clone lowerpath [ 310.817983][T12246] lo speed is unknown, defaulting to 1000 [ 310.820705][T12246] lo speed is unknown, defaulting to 1000 [ 310.823423][T12246] lo speed is unknown, defaulting to 1000 [ 312.667584][T12269] Cannot find del_set index 3 as target [ 312.913302][T12266] hub 2-0:1.0: USB hub found [ 312.916624][T12266] hub 2-0:1.0: 2 ports detected [ 313.356343][T12274] netlink: 'syz.1.1402': attribute type 10 has an invalid length. [ 313.378492][T12274] bond0: (slave wlan1): Opening slave failed [ 313.403949][T12273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 313.923623][T12285] 9pnet_virtio: no channels available for device ./file0/file0 [ 314.175803][T12290] Cannot find del_set index 3 as target [ 314.492379][T12289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1397'. [ 314.520557][T12289] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 315.029044][T12293] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1399'. [ 315.036003][T12293] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 315.039501][T12293] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 315.042635][T12293] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 315.045925][T12293] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 315.054150][T12293] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.057675][T12293] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.061400][T12293] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.065036][T12293] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 315.772729][T12312] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 316.053002][T12315] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1405'. [ 316.172140][T12320] netlink: 'syz.3.1407': attribute type 10 has an invalid length. [ 316.283654][T12314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 316.350773][T11861] udevd[11861]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 316.623140][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.626117][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.092770][T12333] bond0: (slave bond_slave_0): Releasing backup interface [ 317.097379][T12333] bond0: (slave bond_slave_1): Releasing backup interface [ 317.103590][T12333] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 317.103725][T12339] netlink: 'syz.4.1408': attribute type 6 has an invalid length. [ 317.109381][T12339] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1408'. [ 317.109838][T12333] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 317.116526][T12333] batman_adv: batadv0: Removing interface: vxlan0 [ 317.931417][T12343] Cannot find del_set index 3 as target [ 317.942193][T12343] netlink: 'syz.0.1410': attribute type 11 has an invalid length. [ 317.946870][T12343] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1410'. [ 318.045166][T12352] trusted_key: encrypted_key: key user:syz not found [ 318.775828][T12371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1414'. [ 318.798503][ T1118] sr 2:0:0:0: [sr0] tag#10 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s [ 318.803034][ T1118] sr 2:0:0:0: [sr0] tag#10 Sense Key : Illegal Request [current] [ 318.806841][ T1118] sr 2:0:0:0: [sr0] tag#10 Add. Sense: Invalid command operation code [ 318.810610][ T1118] sr 2:0:0:0: [sr0] tag#10 CDB: Write(10) 2a 00 00 00 00 00 00 00 02 00 [ 318.814669][ T1118] critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 318.821642][ T1118] Buffer I/O error on dev sr0, logical block 0, lost async page write [ 318.823627][T12371] bridge_slave_1: left allmulticast mode [ 318.827340][T12371] bridge_slave_1: left promiscuous mode [ 318.829568][T12371] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.842272][T12371] bridge_slave_0: left allmulticast mode [ 318.844397][T12371] bridge_slave_0: left promiscuous mode [ 318.846708][T12371] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.385767][T12386] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1419'. [ 319.387728][T12374] lo speed is unknown, defaulting to 1000 [ 319.413095][T12386] veth7: entered promiscuous mode [ 319.417600][T12374] lo speed is unknown, defaulting to 1000 [ 319.440803][T12374] lo speed is unknown, defaulting to 1000 [ 319.652483][T12386] tipc: Enabling of bearer rejected, failed to enable media [ 319.662972][T12393] IPVS: Error connecting to the multicast addr [ 319.867171][T12399] loop6: detected capacity change from 0 to 524287999 [ 320.051181][T12401] xt_CT: No such helper "pptp" [ 320.101669][T12398] ip6erspan0: entered promiscuous mode [ 320.319686][T12406] batman_adv: batadv0: Removing interface: dummy0 [ 320.371736][T12406] bond1: (slave veth0_to_bond): Releasing active interface [ 320.380061][T12406] veth0_to_bond: left allmulticast mode [ 320.459368][T12406] bond0: (slave bond_slave_0): Releasing backup interface [ 320.464205][T12406] bond_slave_0: left promiscuous mode [ 320.471640][T12406] bond0: (slave bond_slave_1): Releasing backup interface [ 320.670720][T12405] Cannot find del_set index 3 as target [ 320.741537][T12406] bond_slave_1: left promiscuous mode [ 320.846169][T12406] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 320.864171][T12406] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 320.886796][T12406] bond0: (slave wlan1): Releasing backup interface [ 320.903625][T12406] mac80211_hwsim hwsim9 wlan1: left promiscuous mode [ 320.926657][T12406] bond1: (slave veth3): Releasing active interface [ 320.973468][T12417] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1427'. [ 321.756708][T12425] ceph: No mds server is up or the cluster is laggy [ 321.760231][ T57] libceph: connect (1)[c::]:6789 error -101 [ 321.765664][ T57] libceph: mon0 (1)[c::]:6789 connect error [ 323.491525][T12457] "syz.0.1434" (12457) uses obsolete ecb(arc4) skcipher [ 323.761471][T12466] overlayfs: failed to resolve './file0': -2 [ 323.891079][T12469] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1437'. [ 323.908187][T12469] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.911088][T12469] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.913930][T12469] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.916716][T12469] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 323.932494][T12469] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 323.935621][T12469] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 323.938635][T12469] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 323.941518][T12469] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 323.972647][T12470] random: crng reseeded on system resumption [ 324.067722][T12470] Restarting kernel threads ... done. [ 324.765005][T12489] block device autoloading is deprecated and will be removed. [ 324.887461][T12487] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1439'. [ 324.894385][T12487] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 324.897430][T12487] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 324.900299][T12487] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 324.903179][T12487] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 324.909029][T12487] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 324.912001][T12487] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 324.914890][T12487] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 324.917871][T12487] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 327.512272][T12523] netlink: 'syz.1.1450': attribute type 1 has an invalid length. [ 327.515708][T12523] netlink: 'syz.1.1450': attribute type 2 has an invalid length. [ 328.498399][T12536] ceph: No mds server is up or the cluster is laggy [ 328.523951][T12540] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1453'. [ 328.762111][T12546] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 329.026840][T12554] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 330.159269][T12573] lo speed is unknown, defaulting to 1000 [ 330.161844][T12573] lo speed is unknown, defaulting to 1000 [ 330.164336][T12573] lo speed is unknown, defaulting to 1000 [ 330.654360][T12580] netlink: 'syz.4.1459': attribute type 10 has an invalid length. [ 330.660489][T12580] bond0: (slave wlan1): Opening slave failed [ 330.669564][T12579] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 330.704683][T12582] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 330.709461][T12582] Error validating options; rc = [-22] [ 331.149614][T12589] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1461'. [ 331.433893][T12591] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1464'. [ 331.436955][T12591] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1464'. [ 331.440048][T12591] netlink: 'syz.4.1464': attribute type 6 has an invalid length. [ 331.659058][T12598] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1464'. [ 331.666897][T12598] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1464'. [ 332.003158][T12602] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1466'. [ 332.026566][T12602] veth5: entered promiscuous mode [ 332.275554][T12602] tipc: Enabling of bearer rejected, already enabled [ 333.208610][T12615] hub 2-0:1.0: USB hub found [ 333.216918][T12615] hub 2-0:1.0: 2 ports detected [ 334.286971][T12636] 9pnet: Unknown protocol version 9p20\++} [ 334.549441][T12646] overlayfs: failed to clone upperpath [ 334.582856][T12646] sz1: rxe_newlink: already configured on lo [ 334.907180][ T40] audit: type=1326 audit(1747698135.352:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 334.926062][T12649] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1475'. [ 334.940258][ T40] audit: type=1326 audit(1747698135.352:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 334.961834][ T40] audit: type=1326 audit(1747698135.352:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 334.992118][ T40] audit: type=1326 audit(1747698135.362:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 335.001350][ T40] audit: type=1326 audit(1747698135.362:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 335.009282][ T40] audit: type=1326 audit(1747698135.362:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 335.017751][ T40] audit: type=1326 audit(1747698135.362:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 335.025229][ T40] audit: type=1326 audit(1747698135.362:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 335.032370][ T40] audit: type=1326 audit(1747698135.372:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 335.041665][ T40] audit: type=1326 audit(1747698135.372:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12637 comm="syz.1.1475" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 336.856414][T12684] hub 2-0:1.0: USB hub found [ 336.859542][T12684] hub 2-0:1.0: 2 ports detected [ 337.766926][ T5974] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 338.399061][ T5974] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 338.402386][ T5974] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 338.406622][ T5974] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 338.409683][ T5974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.695720][ T5974] usb 5-1: usb_control_msg returned -32 [ 338.698178][ T5974] usbtmc 5-1:16.0: can't read capabilities [ 339.023333][T12710] overlayfs: failed to clone lowerpath [ 339.095196][T12717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1490'. [ 339.552109][T12722] program syz.4.1491 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 340.169172][T12734] overlayfs: failed to resolve './bus': -2 [ 340.450013][T12740] netlink: 'syz.1.1495': attribute type 10 has an invalid length. [ 340.456127][T12740] bond0: (slave wlan1): Opening slave failed [ 340.466064][T12739] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 340.876020][T12730] ceph: No mds server is up or the cluster is laggy [ 341.714304][T12755] lo speed is unknown, defaulting to 1000 [ 341.718391][T12755] lo speed is unknown, defaulting to 1000 [ 341.722260][T12755] lo speed is unknown, defaulting to 1000 [ 341.939635][ T874] usb 5-1: USB disconnect, device number 13 [ 342.722894][T12768] lo speed is unknown, defaulting to 1000 [ 342.727219][T12768] lo speed is unknown, defaulting to 1000 [ 342.732626][T12768] lo speed is unknown, defaulting to 1000 [ 343.893368][T12779] netlink: 'syz.4.1505': attribute type 10 has an invalid length. [ 343.997901][T12779] bond0: (slave wlan1): Opening slave failed [ 344.008367][T12778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 344.233245][T12776] ceph: No mds server is up or the cluster is laggy [ 344.463423][T12791] netfs: Couldn't get user pages (rc=-14) [ 345.436814][T12801] ALSA: mixer_oss: invalid OSS volume '' [ 346.884335][T12829] overlayfs: failed to clone lowerpath [ 346.943732][T12835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1518'. [ 347.212916][T12837] lo speed is unknown, defaulting to 1000 [ 347.215739][T12837] lo speed is unknown, defaulting to 1000 [ 347.218620][T12837] lo speed is unknown, defaulting to 1000 [ 347.856389][T12843] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1519'. [ 348.285499][T12859] Cannot find del_set index 3 as target [ 349.307575][T12873] /dev/nullb0: Can't lookup blockdev [ 351.231657][T12897] loop6: detected capacity change from 0 to 524287999 [ 351.820443][T12902] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 351.826667][T12902] Error validating options; rc = [-22] [ 352.401970][T12913] Cannot find del_set index 3 as target [ 353.615812][T12926] ceph: No mds server is up or the cluster is laggy [ 353.627434][ T874] libceph: connect (1)[c::]:6789 error -101 [ 353.634620][ T874] libceph: mon0 (1)[c::]:6789 connect error [ 354.477746][T12941] overlayfs: failed to resolve './bus': -2 [ 354.517694][T12942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1538'. [ 355.156037][T12953] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 355.160797][T12953] Error validating options; rc = [-22] [ 355.177319][ T5974] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 356.292939][T12981] syz.0.1546: attempt to access beyond end of device [ 356.292939][T12981] sr0: rw=0, sector=64, nr_sectors = 4 limit=0 [ 356.461080][T12981] syz.0.1546: attempt to access beyond end of device [ 356.461080][T12981] sr0: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 356.468869][T12981] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=256, location=256 [ 356.472607][T12981] syz.0.1546: attempt to access beyond end of device [ 356.472607][T12981] sr0: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 356.479909][T12981] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=512, location=512 [ 356.486367][T12981] UDF-fs: warning (device sr0): udf_load_vrs: No anchor found [ 356.489569][T12981] UDF-fs: Scanning with blocksize 2048 failed [ 356.493006][T12981] syz.0.1546: attempt to access beyond end of device [ 356.493006][T12981] sr0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 356.582968][T12981] syz.0.1546: attempt to access beyond end of device [ 356.582968][T12981] sr0: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 356.592540][T12981] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=256, location=256 [ 356.599775][T12981] syz.0.1546: attempt to access beyond end of device [ 356.599775][T12981] sr0: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 356.609761][T12981] UDF-fs: error (device sr0): udf_read_tagged: read failed, block=512, location=512 [ 356.613264][T12981] UDF-fs: warning (device sr0): udf_load_vrs: No anchor found [ 356.616528][T12981] UDF-fs: Scanning with blocksize 4096 failed [ 356.620991][T12981] UDF-fs: warning (device sr0): udf_fill_super: No partition found (1) [ 357.496886][T12995] tmpfs: Bad value for 'mpol' [ 357.554071][ T40] kauditd_printk_skb: 93 callbacks suppressed [ 357.554136][ T40] audit: type=1326 audit(1747698158.002:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.573960][ T40] audit: type=1326 audit(1747698158.012:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.582633][ T40] audit: type=1326 audit(1747698158.012:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.591519][ T40] audit: type=1326 audit(1747698158.012:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.599538][ T40] audit: type=1326 audit(1747698158.012:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.648527][ T40] audit: type=1326 audit(1747698158.102:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.656086][T13012] Cannot find del_set index 3 as target [ 357.671099][ T40] audit: type=1326 audit(1747698158.102:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.691853][ T40] audit: type=1326 audit(1747698158.132:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.699792][ T40] audit: type=1326 audit(1747698158.132:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 357.713881][ T40] audit: type=1326 audit(1747698158.132:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13005 comm="syz.4.1551" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5579 code=0x7ffc0000 [ 362.161772][T13034] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1554'. [ 362.165856][T13034] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1554'. [ 362.581831][T13052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1556'. [ 363.277859][T13074] Cannot find del_set index 3 as target [ 364.077362][T13087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1562'. [ 364.279044][T13089] ptrace attach of "/syz-executor exec"[5948] was attempted by "/syz-executor exec"[13089] [ 365.309328][ T65] libceph: connect (1)[c::]:6789 error -101 [ 365.311392][ T65] libceph: mon0 (1)[c::]:6789 connect error [ 365.562022][T13096] ceph: No mds server is up or the cluster is laggy [ 365.568792][ T65] libceph: connect (1)[c::]:6789 error -101 [ 365.571562][ T65] libceph: mon0 (1)[c::]:6789 connect error [ 365.976888][T13114] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1569'. [ 365.980718][T13114] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 365.997991][T13115] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1568'. [ 366.017363][T13115] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1568'. [ 366.945249][T13122] IPv6: sit1: Disabled Multicast RS [ 366.948430][T13120] xt_CT: No such helper "pptp" [ 367.906852][ T65] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 368.067000][ T65] usb 9-1: Using ep0 maxpacket: 8 [ 368.073292][ T65] usb 9-1: config index 0 descriptor too short (expected 5924, got 36) [ 368.075980][ T65] usb 9-1: config 250 has an invalid interface number: 228 but max is -1 [ 368.082542][ T65] usb 9-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 368.085496][ T65] usb 9-1: config 250 has no interface number 0 [ 368.092959][ T65] usb 9-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 368.106886][ T65] usb 9-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 368.111347][ T65] usb 9-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 368.116267][ T65] usb 9-1: config 250 interface 228 has no altsetting 0 [ 368.123213][ T65] usb 9-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 368.126122][ T65] usb 9-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 368.128886][ T65] usb 9-1: Product: syz [ 368.130260][ T65] usb 9-1: SerialNumber: syz [ 368.134439][ T65] hub 9-1:250.228: bad descriptor, ignoring hub [ 368.136444][ T65] hub 9-1:250.228: probe with driver hub failed with error -5 [ 369.329673][ T40] kauditd_printk_skb: 39 callbacks suppressed [ 369.329689][ T40] audit: type=1326 audit(1747698169.782:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13143 comm="syz.0.1576" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x0 [ 369.360063][T13146] lo speed is unknown, defaulting to 1000 [ 369.362673][T13146] lo speed is unknown, defaulting to 1000 [ 369.364982][T13146] lo speed is unknown, defaulting to 1000 [ 369.935288][T13158] Cannot find del_set index 3 as target [ 369.943080][T13158] netlink: 'syz.0.1578': attribute type 11 has an invalid length. [ 369.945784][T13158] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1578'. [ 370.379336][T13175] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 370.381924][T13175] overlayfs: failed to set xattr on upper [ 370.384242][T13175] overlayfs: ...falling back to redirect_dir=nofollow. [ 370.388739][T13175] overlayfs: ...falling back to index=off. [ 370.391272][T13175] overlayfs: ...falling back to uuid=null. [ 370.556484][ T874] usb 9-1: USB disconnect, device number 6 [ 370.642741][ T40] audit: type=1804 audit(1747698171.092:703): pid=13180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1580" name="/newroot/222/file0/bus/bus" dev="overlay" ino=36586 res=1 errno=0 [ 370.650759][ T40] audit: type=1804 audit(1747698171.102:704): pid=13180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1580" name="/newroot/222/file0/bus/bus" dev="overlay" ino=36586 res=1 errno=0 [ 371.403068][ T40] audit: type=1326 audit(1747698171.852:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13183 comm="syz.1.1582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 371.418726][ T40] audit: type=1326 audit(1747698171.862:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13183 comm="syz.1.1582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 371.449957][ T40] audit: type=1326 audit(1747698171.862:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13183 comm="syz.1.1582" exe="/syz-executor" sig=0 arch=40000003 syscall=227 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 371.458469][ T40] audit: type=1326 audit(1747698171.862:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13183 comm="syz.1.1582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 371.467199][ T40] audit: type=1326 audit(1747698171.862:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13183 comm="syz.1.1582" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 371.476007][ T40] audit: type=1326 audit(1747698171.862:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13183 comm="syz.1.1582" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 371.484943][ T40] audit: type=1326 audit(1747698171.862:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13183 comm="syz.1.1582" exe="/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 372.230579][T13193] overlayfs: overlapping lowerdir path [ 372.954887][T13206] lo speed is unknown, defaulting to 1000 [ 372.972770][T13206] lo speed is unknown, defaulting to 1000 [ 372.975441][T13206] lo speed is unknown, defaulting to 1000 [ 373.278228][T13222] netlink: 'syz.0.1588': attribute type 27 has an invalid length. [ 373.969645][ T874] libceph: connect (1)[c::]:6789 error -101 [ 373.973314][ T874] libceph: mon0 (1)[c::]:6789 connect error [ 374.228415][ T874] libceph: connect (1)[c::]:6789 error -101 [ 374.230624][ T874] libceph: mon0 (1)[c::]:6789 connect error [ 374.327955][T13236] ceph: No mds server is up or the cluster is laggy [ 374.384437][T13241] No control pipe specified [ 374.433806][T13243] xt_CT: No such helper "pptp" [ 374.441678][T13243] IPv6: sit1: Disabled Multicast RS [ 374.863583][T13251] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1595'. [ 374.933428][T13260] netlink: 'syz.3.1596': attribute type 10 has an invalid length. [ 375.072510][T13260] syz_tun: entered promiscuous mode [ 375.506153][T13261] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1597'. [ 375.510210][T13261] netlink: 'syz.0.1597': attribute type 5 has an invalid length. [ 375.512758][T13261] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1597'. [ 375.518766][T13261] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 375.521615][T13261] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 375.524404][T13261] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 375.527427][T13261] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 375.530575][T13261] geneve3: entered promiscuous mode [ 375.533343][T13261] geneve3: entered allmulticast mode [ 375.670525][T13269] overlayfs: failed to clone upperpath [ 376.594258][T13282] 9pnet_fd: Insufficient options for proto=fd [ 376.905680][T13288] overlayfs: failed to clone upperpath [ 377.285138][T13298] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1606'. [ 377.303825][T13298] hub 6-0:1.0: USB hub found [ 377.305703][T13298] hub 6-0:1.0: 1 port detected [ 377.767032][T13312] Cannot find del_set index 3 as target [ 378.063106][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.065809][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.076658][ T1416] ================================================================== [ 378.080164][ T1416] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 378.083394][ T1416] Read of size 8 at addr ffff888069924020 by task aoe_tx0/1416 [ 378.088392][ T1416] [ 378.089481][ T1416] CPU: 2 UID: 0 PID: 1416 Comm: aoe_tx0 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) [ 378.089504][ T1416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 378.089515][ T1416] Call Trace: [ 378.089522][ T1416] [ 378.089529][ T1416] dump_stack_lvl+0x116/0x1f0 [ 378.089559][ T1416] print_report+0xc3/0x670 [ 378.089579][ T1416] ? __virt_addr_valid+0x5e/0x590 [ 378.089602][ T1416] ? __phys_addr+0xc6/0x150 [ 378.089624][ T1416] ? tty_write_room+0x7d/0x90 [ 378.089649][ T1416] kasan_report+0xe0/0x110 [ 378.089670][ T1416] ? tty_write_room+0x7d/0x90 [ 378.089698][ T1416] tty_write_room+0x7d/0x90 [ 378.089724][ T1416] handle_tx+0x14f/0x630 [ 378.089743][ T1416] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 378.089770][ T1416] dev_hard_start_xmit+0x96/0x740 [ 378.089790][ T1416] __dev_queue_xmit+0x7eb/0x43e0 [ 378.089809][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 378.089833][ T1416] ? finish_task_switch.isra.0+0x221/0xc10 [ 378.089853][ T1416] ? rcu_is_watching+0x12/0xc0 [ 378.089869][ T1416] ? __pfx___dev_queue_xmit+0x10/0x10 [ 378.089888][ T1416] ? __lock_acquire+0xaa4/0x1ba0 [ 378.089910][ T1416] ? __lock_acquire+0xaa4/0x1ba0 [ 378.089934][ T1416] ? do_raw_spin_lock+0x12c/0x2b0 [ 378.089963][ T1416] ? rcu_is_watching+0x12/0xc0 [ 378.089981][ T1416] tx+0xcc/0x190 [ 378.090001][ T1416] ? __pfx_tx+0x10/0x10 [ 378.090019][ T1416] kthread+0x1e4/0x3e0 [ 378.090036][ T1416] ? find_held_lock+0x2b/0x80 [ 378.090051][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.090068][ T1416] ? __pfx_default_wake_function+0x10/0x10 [ 378.090086][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 378.090110][ T1416] ? __kthread_parkme+0x19e/0x250 [ 378.090131][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.090147][ T1416] kthread+0x3c2/0x780 [ 378.090171][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.090193][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.090221][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.090244][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.090266][ T1416] ? rcu_is_watching+0x12/0xc0 [ 378.090282][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.090306][ T1416] ret_from_fork+0x48/0x80 [ 378.090321][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.090345][ T1416] ret_from_fork_asm+0x1a/0x30 [ 378.090375][ T1416] [ 378.090381][ T1416] [ 378.180575][ T1416] Allocated by task 13293: [ 378.182533][ T1416] kasan_save_stack+0x33/0x60 [ 378.184572][ T1416] kasan_save_track+0x14/0x30 [ 378.186586][ T1416] __kasan_kmalloc+0xaa/0xb0 [ 378.188461][ T1416] alloc_tty_struct+0x96/0x8c0 [ 378.190524][ T1416] tty_init_dev.part.0+0x1e/0x500 [ 378.192755][ T1416] tty_open+0xa50/0xf90 [ 378.194376][ T1416] chrdev_open+0x234/0x6a0 [ 378.195865][ T1416] do_dentry_open+0x744/0x1c10 [ 378.197452][ T1416] vfs_open+0x82/0x3f0 [ 378.198843][ T1416] path_openat+0x1e5e/0x2d40 [ 378.200703][ T1416] do_filp_open+0x20b/0x470 [ 378.202656][ T1416] do_sys_openat2+0x11b/0x1d0 [ 378.204313][ T1416] __ia32_compat_sys_openat+0x16d/0x210 [ 378.206581][ T1416] __do_fast_syscall_32+0x73/0x120 [ 378.208734][ T1416] do_fast_syscall_32+0x32/0x80 [ 378.210889][ T1416] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 378.213657][ T1416] [ 378.214724][ T1416] Freed by task 65: [ 378.216405][ T1416] kasan_save_stack+0x33/0x60 [ 378.218500][ T1416] kasan_save_track+0x14/0x30 [ 378.220560][ T1416] kasan_save_free_info+0x3b/0x60 [ 378.222773][ T1416] __kasan_slab_free+0x51/0x70 [ 378.224866][ T1416] kfree+0x2b6/0x4d0 [ 378.226248][ T1416] process_one_work+0x9cf/0x1b70 [ 378.227862][ T1416] worker_thread+0x6c8/0xf10 [ 378.229394][ T1416] kthread+0x3c2/0x780 [ 378.230733][ T1416] ret_from_fork+0x48/0x80 [ 378.232221][ T1416] ret_from_fork_asm+0x1a/0x30 [ 378.233805][ T1416] [ 378.234603][ T1416] Last potentially related work creation: [ 378.236434][ T1416] kasan_save_stack+0x33/0x60 [ 378.237994][ T1416] kasan_record_aux_stack+0xb8/0xd0 [ 378.239706][ T1416] insert_work+0x36/0x230 [ 378.241122][ T1416] __queue_work+0x97e/0x10f0 [ 378.242639][ T1416] queue_work_on+0x1a4/0x1f0 [ 378.244153][ T1416] release_tty+0x4de/0x5d0 [ 378.245620][ T1416] tty_release_struct+0xb7/0xe0 [ 378.247301][ T1416] tty_release+0xe2d/0x1430 [ 378.248832][ T1416] __fput+0x402/0xb70 [ 378.250195][ T1416] task_work_run+0x150/0x240 [ 378.251746][ T1416] syscall_exit_to_user_mode+0x27b/0x2a0 [ 378.253585][ T1416] __do_fast_syscall_32+0x80/0x120 [ 378.255269][ T1416] do_fast_syscall_32+0x32/0x80 [ 378.256864][ T1416] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 378.258932][ T1416] [ 378.259738][ T1416] The buggy address belongs to the object at ffff888069924000 [ 378.259738][ T1416] which belongs to the cache kmalloc-cg-2k of size 2048 [ 378.264405][ T1416] The buggy address is located 32 bytes inside of [ 378.264405][ T1416] freed 2048-byte region [ffff888069924000, ffff888069924800) [ 378.268802][ T1416] [ 378.269613][ T1416] The buggy address belongs to the physical page: [ 378.271708][ T1416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69920 [ 378.274539][ T1416] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 378.277270][ T1416] memcg:ffff88804c5f8b01 [ 378.278674][ T1416] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 378.281128][ T1416] page_type: f5(slab) [ 378.282474][ T1416] raw: 04fff00000000040 ffff88801b44c140 ffffea0001a65600 dead000000000002 [ 378.285242][ T1416] raw: 0000000000000000 0000000080080008 00000000f5000000 ffff88804c5f8b01 [ 378.287996][ T1416] head: 04fff00000000040 ffff88801b44c140 ffffea0001a65600 dead000000000002 [ 378.290787][ T1416] head: 0000000000000000 0000000080080008 00000000f5000000 ffff88804c5f8b01 [ 378.293592][ T1416] head: 04fff00000000003 ffffea0001a64801 00000000ffffffff 00000000ffffffff [ 378.296374][ T1416] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 378.299160][ T1416] page dumped because: kasan: bad access detected [ 378.301247][ T1416] page_owner tracks the page as allocated [ 378.303093][ T1416] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5948, tgid 5948 (syz-executor), ts 47944227683, free_ts 0 [ 378.309561][ T1416] post_alloc_hook+0x181/0x1b0 [ 378.311130][ T1416] get_page_from_freelist+0x135c/0x3920 [ 378.313030][ T1416] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 378.314956][ T1416] alloc_pages_mpol+0x1fb/0x550 [ 378.316555][ T1416] new_slab+0x244/0x340 [ 378.317930][ T1416] ___slab_alloc+0xd9c/0x1940 [ 378.319484][ T1416] __slab_alloc.constprop.0+0x56/0xb0 [ 378.321245][ T1416] __kmalloc_noprof+0x2f2/0x510 [ 378.322855][ T1416] __register_sysctl_table+0xb3/0x1900 [ 378.324636][ T1416] __devinet_sysctl_register+0x1b9/0x360 [ 378.326468][ T1416] devinet_sysctl_register+0x17b/0x200 [ 378.328242][ T1416] inetdev_init+0x2b8/0x5a0 [ 378.329703][ T1416] inetdev_event+0xc5f/0x18a0 [ 378.331251][ T1416] notifier_call_chain+0xbc/0x410 [ 378.332929][ T1416] call_netdevice_notifiers_info+0xbe/0x140 [ 378.334871][ T1416] register_netdevice+0x182e/0x2270 [ 378.336571][ T1416] page_owner free stack trace missing [ 378.338349][ T1416] [ 378.339145][ T1416] Memory state around the buggy address: [ 378.340922][ T1416] ffff888069923f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 378.343546][ T1416] ffff888069923f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 378.346142][ T1416] >ffff888069924000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 378.348677][ T1416] ^ [ 378.350366][ T1416] ffff888069924080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 378.352997][ T1416] ffff888069924100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 378.355598][ T1416] ================================================================== [ 378.358437][ T1416] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 378.360780][ T1416] CPU: 2 UID: 0 PID: 1416 Comm: aoe_tx0 Not tainted 6.15.0-rc7-syzkaller #0 PREEMPT(full) [ 378.364025][ T1416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 378.367528][ T1416] Call Trace: [ 378.368614][ T1416] [ 378.369580][ T1416] dump_stack_lvl+0x3d/0x1f0 [ 378.371104][ T1416] panic+0x71c/0x800 [ 378.372418][ T1416] ? __pfx_panic+0x10/0x10 [ 378.373900][ T1416] ? mark_held_locks+0x49/0x80 [ 378.375501][ T1416] ? tty_write_room+0x7d/0x90 [ 378.377053][ T1416] ? check_panic_on_warn+0x1f/0xb0 [ 378.378748][ T1416] ? tty_write_room+0x7d/0x90 [ 378.380298][ T1416] check_panic_on_warn+0xab/0xb0 [ 378.381942][ T1416] end_report+0x107/0x170 [ 378.383370][ T1416] kasan_report+0xee/0x110 [ 378.384843][ T1416] ? tty_write_room+0x7d/0x90 [ 378.386422][ T1416] tty_write_room+0x7d/0x90 [ 378.387927][ T1416] handle_tx+0x14f/0x630 [ 378.389351][ T1416] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 378.391253][ T1416] dev_hard_start_xmit+0x96/0x740 [ 378.392904][ T1416] __dev_queue_xmit+0x7eb/0x43e0 [ 378.394542][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 378.396252][ T1416] ? finish_task_switch.isra.0+0x221/0xc10 [ 378.398179][ T1416] ? rcu_is_watching+0x12/0xc0 [ 378.399780][ T1416] ? __pfx___dev_queue_xmit+0x10/0x10 [ 378.401554][ T1416] ? __lock_acquire+0xaa4/0x1ba0 [ 378.403204][ T1416] ? __lock_acquire+0xaa4/0x1ba0 [ 378.404839][ T1416] ? do_raw_spin_lock+0x12c/0x2b0 [ 378.406508][ T1416] ? rcu_is_watching+0x12/0xc0 [ 378.408081][ T1416] tx+0xcc/0x190 [ 378.409303][ T1416] ? __pfx_tx+0x10/0x10 [ 378.410699][ T1416] kthread+0x1e4/0x3e0 [ 378.412074][ T1416] ? find_held_lock+0x2b/0x80 [ 378.413631][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.415154][ T1416] ? __pfx_default_wake_function+0x10/0x10 [ 378.417071][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 378.418790][ T1416] ? __kthread_parkme+0x19e/0x250 [ 378.420444][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.421973][ T1416] kthread+0x3c2/0x780 [ 378.423322][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.424841][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.426386][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.427907][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.429451][ T1416] ? rcu_is_watching+0x12/0xc0 [ 378.431023][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.432481][ T1416] ret_from_fork+0x48/0x80 [ 378.434069][ T1416] ? __pfx_kthread+0x10/0x10 [ 378.435608][ T1416] ret_from_fork_asm+0x1a/0x30 [ 378.437245][ T1416] [ 378.439006][ T1416] Kernel Offset: disabled [ 378.440450][ T1416] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:38:42 Registers: info registers vcpu 0 CPU#0 RAX=0000000000672437 RBX=0000000000000000 RCX=ffffffff8b69a3e9 RDX=0000000000000000 RSI=ffffffff8dbde62f RDI=ffffffff8bf48b60 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10 R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90854c10 R15=0000000000000000 RIP=ffffffff8b698c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=ffffffffd66f0000 CR3=000000001c306000 CR4=00352ef0 DR0=0000000000000007 DR1=000000000000000b DR2=0000000000000002 DR3=0000000000000009 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000003 RCX=0000000000000002 RDX=ffff8880245a2440 RSI=ffffffff8168f571 RDI=ffffffff8bf48b60 RBP=ffff88806a593d40 RSP=ffffc90004c8f6b0 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90854c17 R11=0000000000000000 R12=0000000000000003 R13=0000000000000003 R14=ffff88802b33ae40 R15=ffffed100d4b27a8 RIP=ffffffff8b698c7f RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=ffffffffd66f0000 CR3=000000004aea6000 CR4=00352ef0 DR0=fffffffffffffff8 DR1=0000000000000006 DR2=0200000000000000 DR3=0000000000000005 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854c5bf5 RDI=ffffffff9ade4c80 RBP=ffffffff9ade4c40 RSP=ffffc90007a8f440 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ade4c40 R15=ffffffff854c5b90 RIP=ffffffff854c5c1f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979e7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=ffffffffd66f0000 CR3=000000000e180000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000e08e000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000e000000000 0000000300000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000003dba15 RBX=0000000000000003 RCX=ffffffff8b69a3e9 RDX=0000000000000000 RSI=ffffffff8dbde62f RDI=ffffffff8bf48b60 RBP=ffffed10037e4000 RSP=ffffc9000048fdf8 R8 =0000000000000001 R9 =ffffed10056a65bd R10=ffff88802b532deb R11=0000000000000000 R12=0000000000000003 R13=ffff88801bf20000 R14=ffffffff90854c10 R15=0000000000000000 RIP=ffffffff8b698c7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097ae7000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=ffffffffd66f0000 CR3=000000005099b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e DR6=00000000ffff0ff0 DR7=0000000000000600 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000