last executing test programs: 1m4.037427026s ago: executing program 1 (id=265): openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x1000, 0xfffffffffffff000}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000001000084ffffffff000000000200000006000000000000000000000903000000000000000000000602"], 0x0, 0x4a, 0x2000, 0x0, 0x0, 0x0, @void, @value}, 0x28) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a30000000001400078005001500000000"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000003070000190000000090f248d03eeb2e370766a069410100070000001d48e3e555fd1a4f5d45280964b647d01104410d06122c05db0f8a3798479ead964ab8abe433ca3518b3d0dfb6d9d47f4b13cdc864d50a32aa66d1a10dc97c61d5ef66174eb9274074de865a5d3f21fe5fb20c5455ba94d7c73ed8581d4b087ac2a4ceebe3d3c7ff1711480300f187279749d8191e983136f8452d152236974201000000efb933ab26d913b8e79eedb4da5fcd98cd770fce98538b1510d538ca40ad6ffc923d5423badf20505e70198dc9308980403b3d680975a442b28e985966d73fd0f1ad7eea07c6ebd2824c31f70008ca6530a71de829de151b4d1bc02bc5c7f0611cf4c9316f67703b"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000100000000000001e5ff0000400000000000000001000084080000000000000001"], 0x0, 0x42, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000080000000100000080000000", @ANYRES32=0x1, @ANYBLOB="00d3b3cd5cef2e67b0ab4842e89f23257a8b6b882e248771a68f737a4014e3e655d6c2465e6b50cbc72a5574719eff0ede9c470cc8dd1382a93e19b480319548b483870854971ea8b58cdc583396e603167de716174e45ff7f66565277e661b0017c43a57b", @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="000000000200"/28], 0x48) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848360000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x1) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042) 1m3.025562609s ago: executing program 1 (id=271): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x92, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x5c, 0x6, 0x0, @remote, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x17, 0x2, 0xffff, 0x0, 0x0, {[@mss={0x1e, 0x4, 0xc50}, @mptcp=@mp_fclose={0x1e, 0xc, 0x9, 0x0, 0xffff}, @mptcp=@add_addr={0x1e, 0x11, 0x0, 0x11, 0x9, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xcd6f, "9155bfd27a86b6"}, @timestamp={0x8, 0xa}, @fastopen={0x22, 0x8, "a200af490003"}, @md5sig={0x13, 0x12, '\\\x00'}]}}}}}}}}, 0x0) 1m2.935592532s ago: executing program 1 (id=272): r0 = openat$mixer(0xffffff9c, &(0x7f0000002400), 0x408000, 0x0) fcntl$setsig(r0, 0xa, 0x3f) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r1, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r1, &(0x7f0000002200)={0x110, 0x0, r2, [{0x1400000000000007, 0x0, 0xe3, 0x0, '\x7f\xb4\xe4\xa3\xe8$I\x88\x8c\n}\xac\xa9\x0e\x92\x04\xbc\xd4\xba\xdb\xc6\xf9K\x0eS\x00\xbdu\xb9;\xcd\xeb\x1aL\xec?\x7f\\N\xe1E\x89\xc9f\xd1\x8ax\xf3\x81\x04KJ\v\xe9\x19H+\xdf\xe3\xdb\xa42Lh\xb8\xe4nL\xfe1\xd5`\x86Cc\xdd\xf2n\x0e\xa7\xf5\x86\x03\xee\xec8\xad\x06\xa8\xd70\xba\xa9\xae(\xc0\x063\xd5\xb6i\xeb\xae\xe2>f\xa1\xc7\xe8_\xd9\xae,\x8d\xb0\x01\xf0<\xd6_e\xa4F\x10\xc0\xc6\x10=\x17\x16\x1a\xd9\x8b\xafq\x1e_\xee \xbb\x92\x9f\x89\n\x1b\xaf\xa2DDi\xe4\x9begcv\xa1\xe4E\x8fs\x8e\xc6[.\x98\x0f;\xc3H5\xfb\x0e\xe8\xb2<>\r\xeb\x9b\f\xf6\x15\xf2\xc0&L\xec;\xca\xc0\xa3\xb6\x84\xc7h\x9c\x9d\xfdUY-o3\xce\x00\x003\x90\xdc\x9f\x95,\xb2\xa5\r\xcc\x98\xf5\x00\x00\x00\x00\x00\x00\x00\x00'}]}, 0x110) creat(&(0x7f0000000000)='./file0\x00', 0x60) r3 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) chdir(&(0x7f0000000340)='./cgroup\x00') r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000240), 0x3af4701e) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b29, &(0x7f0000000040)={'wlan0\x00'}) r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000000000000100000000000000000000000000000000000000ff"]) ioctl$KVM_SET_NESTED_STATE(r8, 0x4080aebf, &(0x7f0000000340)={{0x3, 0x0, 0x80, {0xd000, 0x5000, 0x2}}, "a9cbc4b723986beb2541731c8831607b6ee747534f2610e68420ac50bde6dad58d04aad3777f18b4f168b3950653ce1d7740b6225b60f102dea41282032f21c3f19760a59ad876506e4e939e80e92248edfd8137e41621c1a490cf3cbb0502fa6deb4cb0efa6bc813cca06ed4828bafa15d1afd8ac82b71d1a7b410eeac6a6f31e4995b05d3f93bf80a053ae74958ed42c6c4b4d0bcaa08d3e6025a166ac6f19973f974613e0d7ca52d6a648ed23fcce9f475faa3e49d697324fa1b2cdfef7deb66a190e9185a90f5c54c88895af1a61f8c0722f0c0bf9835d8910449682cc5551ec995aec222238bb28f41ba7f99f93b785dd2d48cf389f27da125b9c3ec7f716d6b6b696a93e625f0e17b4ff3bac5eec8e2dd837254c16d8c9b2a773ac70b8dc7216980fcf1db0cd885a6f3379dfcca516b0b5771d3dfb2212fd569b8f6003dcf8478390e14a5bf73eb1a61a12ce20ea3f5fbd6d9a56a4adf6043190cc7d559e7773668d0498f6c7438917d204ed2ec53da03cc744619be3785cd8cddb678f8e90965f22242bb62fa3590dde45cacad3852a54154a90d7495cc4cfbd7baacc19604efd864cc76a7e867cd7403301f45a3ad20ed8edf412e4aae5f279eada88ee43a436dd3b1f37098b7d81759aff2d81e5593535d44035fdcbae0f45a7163c06b8ed7da27a03e266947d7f11d9e1600f1a88b99643a0b99abad360b8137415f7800f8a5a16ba306778733d5493cc73d0aacebe1cc4618847bd620034cb617c55e47ff8d8000f52c25a6b3e9272c297e6b30bed370dda4c2b56278893a4faefb28a87c40229d3f80814e128eedb7050465e1e00547a1b77ebaef78355d9867ce521138d63f147ec3de6cac38d9eeb1d167494466e00d97a32701117bbe0f95304970e632b9cf8ded044b3f1c01326095b422678d798a9c5f8ab05f4e6549639186723aa3d38927ed4ca94a9e6de3c4f5ce99d090389473455cb366c7dfcb43ebe60271a3693e80ae4948291753007f5032f518ffc832f3e819f3bdac1085a80cdd494cdcac4a874a14818b9dae534559c2c5a542a12949a22fddb9060e8a400f96512aa8eaaa6659932dc8852f5709a808604c2fda229c79933646e36255948baec6e0c2d4fbe056628157ba456603e5cb45761b5aa97c0daceb3e6d7a192d109847057cb4322c9c5e62403c921e9cebeca77d12c3ed05f5e131e3c00d9070618872ea8a1f05e4598c98739d3a9245e537ed992aa4eb8a571e4c7c0dc797f91e3258835f9db1b6501edaaf38c9fd4d718c743d30b6f1e480ce9408aa6b894055768738e3df843301d99b476ba8d30f6483022ad7fd50493e600700ef1b70c72f607feb0df9898b61a38f4f59d23779b7af4a5b5a0e7379877d8c875d1e47a9ddbac19208cd22e05f729a9175b9bf1c96618d63585204eb5ea29e0a0f17c12219fd51bc462dcff6d3ff73b64d2a5f7ebe6ebdefd841698e909cf1018a88afefc1802fc97c22a240f20ce6938ae6b2224f7ca311622695577f3e4cb8f7e87bcf5bcdcc5311815bab1499465f687903b4da5693c83cbe13ba3d94f413bbdf9886241fc1f0b9ea00e7b2d1c2fe29d8921c56919bbfa091d4542c590a18848256b7eca92114c5542356bb15e1cd59b28a5d5b86bb92c30e88ea6edc6efd3c685a7e9b840b61f445bb57d670d3dbba61da442fcdabd4c14b9dd6543aafca5bea6ca16c00bbdc0999cec79272dfd1de86bea7d830ec2deaa339c2fc57d6490ee7cf3bb4e6cb4b8dcaa4279bef0af601f96dc25a3cf926eb6c5eb9529a266e1a9d96fbb5e0ffeb472d40e3853f42d69e725d2dd570b531779a09a5f945a2dce4ddd898be60b9d38f3c305f942f8f8a3ee992de01a0d6b3db1a4174b770681d2470edd2319a9b9d04d3cadd67583a313c071f809c89134b2b714cb2d7247d4d6b5d794302e9408e946bf1cadc767a8ae918a6608f7d2dbb2d825e949c823ac6bda0c46dea864c83222f3c7f7ec020f3a6445f3762dfaae5a28c3857053b2548d11c9b9f4af5366b43012e35d14ba139085493e95ad24bcc92b835f3c72ff762fcbe3d04ee2051e959a9e680f51425d5eeeedd99767fccda20b44bbbac6989e1d6f70f030c2530b83923fbf27fbf24f62ff7a5619b39b338e165dcf66faf6092edd19216fdacfb8eb80bd7d8a7767f538c3021e20f498c8e456bc32af1157b5988950caf1c478047f132c01f53c12929f030e9d78c284e64a521350d72748ef214c05f4c8d2e47384c3cd29c99a2df1abb2e8ff5a363a488feb119e8ad5e3c39a4f24449d00b3772090b499e2c65b50a3e6ce7f1e2f2bac0ae5e58147d1d6887617ca38d12b1cc9a5e3ee47539f40179136698acd9b9e20a4f85335dcb19d4ba4a05bcd84b27a9f1897ab8f67abf78ba3ce4d87b37c129562d33bb0836c8fe830c068e7c8b6728ed585258c7d82b5c407d0532bf5ba60cfb0a6e6f3aa44bdf3bb7ac389023c3db4395c3875a3496d85640d42372073bdf6970e4b63718944603ab32b83d7c73af090c3a941561a76f08e2235e1ea8a0b721cd6a73466664c411c33fd1a3e46e580c77034cb09ac38b6d1824f642d3354e827b6ddc0ca15c3bd7192882eaece388d428282c859fed7d280e5d81cd0252c149154e2038a3f2535781dc81d7221278c21ee819fb913fc8d97e96f3dbbf0b2cd63a0ceeadec43fca7a760f45aa53de97597b4afb3abf5921125e9f148da377556e6de1a62aab6055b10c1698649515e62c572d62d901ae7fcd417b627db64785fbdc21f0e978eb143d7abb2771de9a912466fb6e6f55a12f209e131732d45a8293f1a36ddddfad54f857016e3ab7fceb97ddfde1a8c8569dfa972ec636e7c93e603d5e1d0e98d6f109dfa6df50ce987abfc291aba0e488ba8f0596fbd1bacd58862b611250a85cd34e7d100f785286d815281b62ef2dfeea5e8ba4ee4a019af0ff59b0f4f3049f8718d0fca57de1cf88763d13ad26c50cccec4faba99d899ef079c3400052d065cc0a44e8f73dc5bef5f8681015b29c96dacd026d920f369a2b0c341b8295f5268e2d9bf80df2d9ea1017b5b41ec2060c2fecc67c040e7c37521b6d6174c4d4ed4accc5479f6fc4ddc0e45a7f8030ff8e23f000315a3565498d07bd0cc6459f5cff23b40ffb80ace2f48fe0c1a337bb4f748bb8c057089de5cd727b278b45d84a8f7df9f898b3cef2ec319b032f888c4953bfe141c8e4b67ab3f95fa133790ea17b27be21c9478da70641265045e81e28229a4dc15f59c2f18b1b9c082d1154bc9565508fc9419912b48f3b1271609006399a844f6ccedb6323ada63d3e0b340fd07cf9e3b98b1d193bd76796c2a185366b25468017d28371d8792eb42304961bc9c1f4ef4025d2814837dacc9f1d777bfeddb30eca1cacd9f5b6619c4000252ecdabf7107dff264046c111c6f5767e3486c37ec175f52bd3460a7ad49e35bb729ba76e2fa5e117c49b750000005e0abf56340740b81ea37c5df26b7c885cc5da412cf4e9932e2561aa7945945dcba0677786c9ea9b9aee47d73454df82048f021b30a817606c96415c22e1e908316f84aae52e050e31176408d35ef33091618df7d38d22bd2b626dc138f423c32362878c8f6538dcf0b96c4298668d4bb35773c952bbebd4778c964b0eae8eac9bef3469ea5da890377c500ea027180f5308585cd7941c7e3305c32d610de49b5c1acce6c285d88a99dcebb2b5972a276d416abf25b44c1712a43d3e30005a1535553e779c0f72ff519d2407214c02e7020ca479e93c3fb2b867ad73e69ba10e92f329cd54c4c80d227d0710cf384fd9a39d4c4053afce6d1e93b47137843d149e888bd868b1b2179c1fdd8291d15724db10a756300209ae4a2ed91788fe9f980af1bb00d05a8fe1a020fe4bba91fb487c8ea674a6739067a0a86b7f2a4fc141f6c864f065fc6e5effdb5a1f1d063c6888626e13ced52f3669677dad96da1cfff7d700e9f6f74131b8ac0f4fb6c8d5fd675b1ed6001bba7dd0e95567a6d06fe28e756609821312f4725c5909c6353ad385e57fb162e2f65b5e2a0100aaa356a19b9c5c183d195d0134adb8bc8d03415daafd95f3a5e44f201741e22dd905dc12469664040ce714a5d9042f58db392d6c6af1eaa4c82cd9b4996252b44334be627708463ffe52a80d8d1c8a5b1a23f9c68144c4a6c6387e542b3cb9de7765faf05fda086986d3c6a1f0906b2ea0eba741abb9514ccd57f2d8ea1d67145c5d71749b560f85093ecc265a24239078253fa0bd39bf67f8e1d78f07e167c05d808771c7b0146af368e8859273ef76f9feedf7fc69640b5e95a25076c477338e31cc9a7348b8a31a0f8d4dd9e6c46f18126279c5d1192ddee08a7057195689954b26a19dcfd2a59febb6556c18c18abc85527372919196b29a737f8bb3b97bebaf3e6c43099064e067f12772c2333be19dd4e803289430a660d68963a26ff1b1c8c664c0318a2558dec140d984837a936651906ab960b6bff8bc8b32704f3e0769e6c85c9f5bd50201fe1030ea71f2db5c43116bd0641ed31ab6db12514aec68febe59e04d2b872c9fc2173017ee6e75a18d6832c9992d1ed2ead9452dce9b2efa01dc97ea31ee5c3f5743760f2589615f45738140d0f8c148f1858d0897094a34727493e607132bc1eefa0d0ff236f9ac5a2a0f0bf06719c1d5061846e427fa36138c808741ccbd10ad3f6f54470804e656a8ab1a9ee9a523bed87cb2fd4d6db8aa6d6b80d1e9886dc12b915665101b9094a22f44437918005356fed797ebd97ec6493bd681f69321f9735ae6d3d6822818c7cfb21c5f3a0f9d5b8ef070c916fe9ccbbf04128a27e7928e3572f125b986c52ec0de078b40135b922a2feb294b0349df06d1c3e2c9d2ed2ee88b7a1673423c6baedb51beb8f8cb1b3b986d1b9632fedfaec8e9a237311beb89cb0dd7efaa5b68537641d06b7cbfda581344c87452b4d3fe96cea6143378c4dd7586a9d55c666cce828ef91a35f3f0a5c9c369bd20c1bc7cc77fcf316a567fa21863b12c43faf3b9588dce4caa151937c6ee699cf49dba041775773ae062c69783758513a178bf46d2d40e24afe8975dd768a466755af2ffbb9fa728724a18fc9f427672ad5867a72ae8caca60fcc90cf817c291a2025b5243ae36e200b5e5c9ee4e90eac775c3b29fe1df8c35716f37d11961084fc28b0f8855376ec85d7741535f88db7977629dd832f06bb258e9a88cfc8671df2763fd9383a777f768c7aaecb9a7af9e76bb719767767c3d5178e2a10765c6b2ae80753f403125a9203ede6ed44eb96a1a010842f88f020dbb7f8df8bcbea0b60f1b99dd9b9aae2dbc995edc8ed82ec5e21e8d5e4d8d9fd0bfab342db38d12bb24c20c2a579069d74624db16bb9ec501312d8de0e653e9e74668d0ed05ccb0eb99db410c0000000fc246302635630b295ccf849e45944a25baa7f4651fa37f147e0fa977c0304e7cf25fa78260ca03abe8dc32cfb461f019f7d82194a98daae521ec4eaf3e138bb95b09d8ff2f106febcc126743abc8f8b707cd2cae1548c6fe54f64bf46c9ff03975e0c37eda3d485ff76ea5ae71fa5a2ca0d9293ea0cd4186e6e2e26fc2ba5e2cdde9400d9c1717058157a8410c9cd7ca4e679f41d8932576e7b292f28dfb9775b0ac5eb5788a8ddf797e32919e7a41c305af2e4e37eb4d5600", "1acd2077949cf1f27e1e764566e4cffaa168dcad09bfe7c84a06d9db78a4e8f0504116608cffa736ae4427d04f27d39e5de80f8935f281bc483252d1c4e0dff576831d8505d3cf34ddc4f4760b53ec5182b54b352dea1b5975eea9b6bffd5b66524559c7c3e9981d7a0ff5ffe6814c923871db66426d98286aec1debc56864a4b29ee5cb46989af08546d6d1a5d9da45db7d8abea1d392d0c668cc040da5d129ddbbe6a95a7d9e51a13328ea3fbd9ac81f03914ed9d1d2b72c234093a351f7294556996ca5459d796cb4127a9aed8e0cca398d1b5af6eae257d02db91a61d49a5677ee9c8caf1855edd2c25b9b3a9a5174d2193108e5e87d781780d9506a890687c80c429f3a46028ed71364c4b8d3b2380b38d2cf7e447dee058f556dcae2627e49dfd316d169d382f2b6775233157f57c7be54b105e2493e140ad97ecf9c12df8f0db9a973d0ef9197ebbdebc5e822ee06852a408560c7f19c65ab8527edc9ec1d6378f2c748f7e84d1d6e98de8abab3e0e42a866e1ec5d00822b124a98d77e9c8dbb3ac6648afe409b21e1cf2f5458a0588cd11af6887f552f6c16a801abf2594eb9a80e704b8053573f661dd29706e71060b630272037144b33d684f66128950510d4138785418f726eb7c7f84c7dda646b3647d673122f95ef89c863c3d4adec4477664cfe911683f19862cc918451f70a6a359dbc66b3599c0af91858ebe13c253a6e9a96758955fdfd1be103777812339e3786484a25b18994ba69b4275f26a64afb9be5219061d94d7c472236f1a20a9217d70abab15182c5f04c6080d535e34045d6497c1c8a2ea53fc022eb159d0d1be59a21f277ce441f3c5cb03ef0e7e1ac63177dfe567e2cb9055228f32c9ca6d38d99093fdc129951380cedafcca40712a2da5cc0af8d872d8f848ea5ff95210a52d2390e236da76fffce86cc8a78a8ea0e1e4464ceac9021556d29d7470ca19849b417aa6aee032f3bd437cb5c839c9f5fb20ec1367449abfb5e19f8365b7947bda60e34136e2eb53e0243766c2718d4bfe6eec77f8ca04d177cc17bad59d651a08349651de6d4dbf5856a6d42cc8cb2441ab7dfa9420d87d4a5aa5914f619b2478a0d68a98280231c8e7558d11eec87e80f2d039b5d6b287d9b3667b020dc45b999b162247bf38f5ac5fc99b5eb6ac5939d35d7d6e71b366f9553ada2784671aecdbdcaf42a2f254dc0289f7be9c6f0c045b30f63ae1a8fac778030f27e04e980bae66e474bc4f9572b8a0d8119ce13ea2ad1285b3397bc929ff26a2ba1ef2760c77e3e114d15742740b27796cb2fc84761db427cdf3c63be71fd6734ed2cb1300a8d5e2b1964f2a0320bfbad8e9bce0cd9329c8c41d79107d77f65c99f3c03813c1f0f5351869434c2ccb685f1863fac38a44ecf354ffde4926ae3cee90833d633e6dba3585ec36f1aca6701d4d1fc13ac1c5d4cf2ae8c8c418da372bce96451dc2add28828e45ce3f6e35da3d49dcdb8ceb084a581b68fc5fcd4c45246e6b215ca09000000c317fe45404984292a83ac7e62614665bec4a5e80b055a0635003e93172e2045ec88144d9d7a2b50c45333720e2273b165147a0b1af77fe87089fe8c0fd32c4e950aedf6798c9007575dc86c02089414089527baf9bbbe5eaf4d58289de0987f8f310d7900ef2350daa438ac83ff255344a2bc814a3e7055269544310b0fe78b07eb0ee5f16899fc8bdf8e3cc47d27a44c93528885452195706091eaf15930f9df5874c19d0a1deedde0cbe9cda7f0618c378bc4ba6fbe911d546c7bc76954fcc6b5ef56c77d306421f9d24e0770cf8b578aaa6276bff4b98e9968e9a1f8c78c6d647d8c52a42d27ee8359840747913e0983e049ad77d87e35800eeeb19cd786a5edf6886e610f51b4d2290d959c7fe906dad2d3e2a5648c5ec0d48becaf209fbb6599d1b0d6299cb2b2fad3b3efac6ba0911a63ae399fa3f19adecc9b10533c99bba28bf9e37600db41c2b463c25b0602fb86ef043ee72aa26e7f102c3afe4073d1318671a514f8320dcbc699514792d5c90c34fe6809102cb6537a4e76530256cd997a1dba4a75b1578c7f12b409af040afa35c54001a4abf1c402f91413995ced6b64256684c34283e644246d235af905fa2edf8f802a65c1c1e0ba24ea656cb3b1f876b6f335aed27c3a6e8da53b1b9c283d299390310df6dc84e5569ad3ac1744824b329fc24cb8612c061b09440464c1168012dc40e8df788f9c708bde6bd4eb3f6111729b08796d0243b07a21ac542ae418f19ec3d7171197c8ca216b20f786784400f2834d98819a5fbbd909677f7d7309dca5c0e2cf74a8a53c1791c78488fec0520d3c71a9698e5040920acc5eb7764f4c295cb2f00b5a62d5fc1e1d0040c639886712ad4fece171739fbc0519b93c8bccac49f871a0e2f5ba97331be916aaae29b8cd646028629cc227b916d1d8b4729da3baffb0e39b533e039eb9f10073c156485902745ec60b8d281b2f84a8651fe4c533119bab8424bcecb28c067ffb1e03e05bcf9d6d44dfe0782e072934fc36e70b1acbf30387495618ac2729811aa600000000000000800cfbe666fe9fcac86cc81023dda253863714e89c78265e219d00ba20b3c846368dd21816f699a6af20a290f075f4346b98ad40d69caaf2614856c0bdaa661907975679f5cb5afd3738ba811db58123922647476de50ccf17360393433b547bf0377b2115a7cd3576c20000000000000028c638f7c2e725d85f9edd2fdcfea1f7e2bf02f9f0d4236c9d14c6d382dad99192125b219eea6a13b5685efcf34454d2a12537c5354dc5e34ecda968422cc472f0fec174b95cd298e89e7efbc164465dae45059a40e103b1a980ebc781848b0109ce9cec600b190a34dcf741dd6145d56c4ec27c983a7d6328130c122217bbbb33e2cffba1a352b6805dbd715772153b53051db7215f475ba8673b0dd59e2db414a658d3d262c5304d300b930921c7c0a9910eed96a705eea2c8657be193836a20f23fcbc8ef105ca25551626caf00000000c9dcffd9d485f27a63b6992e4b6fa26b02903a4da52fd7fa26397fe2883f9b6a4cac2ffb8ce1f476ec72bccaf0ec7b16e6f601e72f46e835d9bc2a82dccaa449728d22a7ff17772276f54073c66b184de0fa7f681823dcb7603a20aa94b76a9b7adb9f11f447b8764b2d719bea91ea32edbb4d340d18f18b3f53d1d07d0405facb202c30ac1ec145516e071cc71c59cc6205db061a8c19bb2d3ab463f6fea1c6d3b5a69d96e5b67ed569e1c04cff6c9f69ab9343e9a71bf6776d3b84b47de2ecf9a0d45515ef5a3b5c6d55f2c6543ef2bf0eb795219da3026ab06c9ba9bbdc30d5dc7c3782a9f58141a63f8d4683ad5c1d156c92c508cefd9702e9267263e34ff96800c425f768bd204466f4f9badabdfaf35e1a8096150e8afeea3a30586b89d1002f041612f8e81de4dcd268bf538307c4d28d1d2ae1af979f3b02017ebe942cdc8fa7964fe978254eb15fed7478e4200e381409486d37e0205c597b5ec19243ab547da051dee03f18e079af60dcb2095fe86f292a4b4bba8682ed8b220c0b48958882aaa7e93448bfecebfba6ca3ef28e0752080cbc9f752d6da814a9dc5bc552d9fe73b8a1df8eb0158df58810fce8719f11b04c4e157ac8ae3692f825a4569ff859273775c45eb999fff7a47ca461b2fda6edfe8ed8371ed29c4f7499448cfff0bc47ca1d8fc9eb35f79db389781c36e89541b686edc21f088463b2d26fd9b650eaf5ed1cda0f00040000000000009b0c527ba655252f77b77c2f4cc0f7741c52a57629fe511c5f9c17ee44fec35da363f5356343037b2705a393115062719e6bd87bbff2472a7833be6d2270fe5ff4cc9f0439a53adb91fe1520ff4841c120e80c99fcc2d0ee794fa8c91dc9c4227ef9f9ac784ce41abefa69b84acb285e385b74501ea137be765172d90738f201497cb7c992dcc2f17341c9b6a0ef3dcb14350669802e3295b5a133142df7bc5645bbf222d2da033ee4cc4f225f248ad88782945869c29943eb6498c87c2b125fb2d4067118c2b417308a1703fd9f48c48ee2a9c5af44df473e3b99b8a941fc4967060b4960864bc97e4f2bf53e7a5c2ec3d47e7bf8345b56a4df5f84d0523c1b6cf9399110e393474b3ece22c4923f531ff12242d5e2b293846a7ed06e3e7f062cb173431a2b680188fb46d2cb74d4a0d9dae59e2be485aabbb54c26406e6e77de3031e049bd8a49139fa62151716a665fb9f1966cf6c57f4185f7cffbbc43341f3b69a3ae0a4dcfd9b37f0035a69ac552830f0ca56069c8f69162280bced2ec30c6789f32cd38d7f97953f0989b65cf90f01206b20b0111a3d22f3d2f85104b03283f4fd7b80e53f20f1c91d5bf3b67aac25c4300b3191c1f5d7bb0fe112deac0f6acbea3b57c20c5d8f0bad48873a7e7347ead5a4d0b73041c86bdcd3b91d6cbe0ebb5824fb90cb4e74f439505074f236679c4ea4015fbdf0c44b4063b62cdced485cbca0eae2404da7158a974b7dc14c5207107d5424de14a35739f68f3f151c6de20d0ad19d06521baf26ab2cb7ff7e8f83d60a9f554367f99fa5c44910b886e1c9c2418a7a4b33f19fff9af4724c7c8251ffc24cc4464b8804b6704bc0572b23498ec92263d37bdb54490f3316087c5b192a20027ad6cf1a2c3fef8043e2847b8734fa8dc91ce992474796e3f71580841379279f8b10ab8e6766196fb5a9b2ff44cabece6930fb9f32e867047313410c13b11a8a788a29ad93a5b9ae1b960a46fd48fe5cdd7168815c67b267065453547cb60db74f37238b2f7f3c78abc249ffe118a1d3e7eb5cdd326ad0a07a50bd24a6be4b5e56fade7fb7c3b515b4d0b16884c9eee7ef9c82f2ea4d89113e950622cee8e63519a899da3ee83bcd369b01b373934bbed73d8f94e3312e72d82d3fb8b8e65b0f5580cffda633467fc3285023159c3ac7273a46275d874b87254df07ea15d0806f4b8312c4e95235cab31e015a3603906c188233db45dea658dcf694f5097a9e26aba8b58e248210fa5e12fa08cbbe0a01afa9b2c36d38d298dd180ee6e358d45397471bc064e2e8e51da189e98bf41cc30b50b0d937e8cbfc5b138dc66143716b27190689efebcaa5676c9eb370465f77803b219b0ee1f65f343d70b01435f9adc46979b121944e13a02cbdd47a9898b26d6cc5294a9358971bad37a6b01d8b2ee251e50b02acbd560bcd4a212124f308d87eca79d13c77b90510675989ffb70a9d5643df2db6067bd4e0fd21d0a40b84177279587777f763bb9e2fc99186402ff1905eb61b6ea3bef862beb10ede1fbca93f5b426f683bb72099ffc61c99d8a7527fe9167b13d786402864d2b4237fa47426f46b6d5e0911de793f73610b46de4e62b8a67aaed298a9a2d5b5c5b7936f8bcc62a8f9d64d8ff1470a386974b35f382f42ad1fb2c9de214b35aa0afcff7806d7601ab9142a0dade5c7a9e6b0c16027c4d0fc413ba5d16f0d4826b3f469afa6e5ce4a19e21d2a2c2c1e3055706d0ce371dee59a06e534887cf5e300bd118b7c5e8eee2a8fd4bf6ca96df566f49049bd25533c8ae08eb2334ba183529c041f3d9b45139173f3ee8b1b8f8633c9cb7caa735805d56b1e3119a97f3ce86ecd8f21256c0a5a542681c00927c881ac18fef64f25704b3f01b4885a9c4053ae45bfe5be638563267548cacbad2a95c3c48e6a913bd87ec0c489c236214b650a17d27081ae8def0d27c0d6a25553601875192d18685a7bbd4b206af9b07900"}) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000feffffff0000000000000000850000002800000018010000646c6c2500000000002020207b1af8ff00000000bfa10000000000000701000001ffffffb702000008000000b7030000feffffff850000009b00000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0bb547ed3f7ffe9abc89b6f0458", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) write$apparmor_exec(r3, &(0x7f0000000180)={'stack ', ':\x00~\x1c-\x90\x14\x05\x00\x8fQhj\x1b\x04\xe5g\xcc\xd5\v-\xc7g\x80\x9e/\x19{S\x15\xfe\xbaO\xae\xa1z,\xde-\x8fKN\x86g\x93\xe4\xfe\xae/\x90\xd8^O\x86\x81\x84\xab \x00\x00\x00F\xd8\xee\xc8\xd1\xb4Q\x05\x14\xe7\xa9c(0D7[\xccB\xe1Y\x99\x05\xae\xba\x00\xc4\b1\x84\xd6\b\xb0\xf0\x9a\x98\x85;\xffUq9:\xaf\xa2\x834}\x02\xb9\xb1\x85\x7fx\xe6\'\x8c\x898\'ej\xde;+\n1\xd4\x15\xf9Q\xacw\xcfS\x9a\x90\xf3-\xedkt\xed\x10\a\x00\xf1\x94\x99\xe1?\x10\xda\xc7\xed[\x00'/173}, 0xb3) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0) readv(r3, &(0x7f0000000380)=[{&(0x7f0000000040)=""/11, 0xb}], 0x1) openat$ptmx(0xffffff9c, &(0x7f00000023c0), 0x301000, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) 1m2.807560126s ago: executing program 1 (id=273): madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = syz_open_dev$amidi(&(0x7f0000000180), 0x0, 0x420c03) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0xc0305720, &(0x7f0000002780)) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1be) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x31001, 0x0) mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x2205080, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x4}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_pressure(r1, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES32=r1, @ANYBLOB="a72b2cbd700000000000", @ANYRES32=r4, @ANYBLOB="0800a000b209000008009f00050000000800260080090000"], 0x34}, 0x1, 0x0, 0x0, 0x8001}, 0x0) umount2(&(0x7f0000000100)='./file0/file0\x00', 0x2) 1m2.807333232s ago: executing program 1 (id=274): fsopen(&(0x7f0000000100)='udf\x00', 0x0) syz_open_dev$video4linux(&(0x7f00000001c0), 0xff, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_setup(0xd2, &(0x7f0000000200)={0x0, 0x83ae, 0x800, 0x2}, 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000040)=@e={0xff, 0xc, 0xfe, 0x0, @SEQ_NOTEON=@special}) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) syz_open_dev$sndctrl(&(0x7f0000000080), 0x7, 0x48a00) socket$packet(0x11, 0x3, 0x300) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) memfd_secret(0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc01000000"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m2.506391983s ago: executing program 1 (id=276): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) sendmsg$netlink(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{0x0, 0x1b8}], 0x1}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x68, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x80}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}, @IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x7}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x68}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r9, 0x0, r7, 0x0, 0x10000008ebc, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) write$eventfd(0xffffffffffffffff, 0x0, 0x0) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r10, 0x405c5503, &(0x7f0000000940)={{0xfffc, 0x8001}, 'syz1\x00', 0x2e}) r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/bus/input/devices\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r10, 0x40045564, 0x12) ioctl$UI_DEV_CREATE(r10, 0x5501) read$FUSE(r11, &(0x7f00000010c0)={0x2020}, 0x2020) chroot(&(0x7f0000000000)='./file0/../file0\x00') ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00000000c0)={'virt_wifi0\x00', 0xff}) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 1m2.462122263s ago: executing program 32 (id=276): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) sendmsg$netlink(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{0x0, 0x1b8}], 0x1}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x68, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x80}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}, @IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x7}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x68}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r9, 0x0, r7, 0x0, 0x10000008ebc, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) write$eventfd(0xffffffffffffffff, 0x0, 0x0) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r10, 0x405c5503, &(0x7f0000000940)={{0xfffc, 0x8001}, 'syz1\x00', 0x2e}) r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/bus/input/devices\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r10, 0x40045564, 0x12) ioctl$UI_DEV_CREATE(r10, 0x5501) read$FUSE(r11, &(0x7f00000010c0)={0x2020}, 0x2020) chroot(&(0x7f0000000000)='./file0/../file0\x00') ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f00000000c0)={'virt_wifi0\x00', 0xff}) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 4.830950718s ago: executing program 2 (id=709): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x20086}], 0x1}}], 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f00000071c0)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000080)='H', 0x1}], 0x1}}], 0x1, 0x0) 4.506941075s ago: executing program 2 (id=712): pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4) fcntl$setpipe(r0, 0x407, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x14, 0x0, 0x0) connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa) 3.694304726s ago: executing program 0 (id=714): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) futex_waitv(0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80146, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_simple_pair_complete={{0x36, 0x7}, {0xb, @none}}}, 0xa) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000240)={0xf0003, 0x0, [0x680, 0x3, 0x7, 0x0, 0x0, 0x0, 0x2b, 0x40000000]}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000012c0)={0x14, 0x25, 0x301, 0x70bd25, 0x25dfdbff, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x8083}, 0x4000) ioctl$KVM_RUN(r3, 0xae80, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58d04"]) ioctl$SCSI_IOCTL_STOP_UNIT(0xffffffffffffffff, 0x6) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r5 = socket(0x400000000010, 0x2, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) r7 = socket$qrtr(0x2a, 0x2, 0x0) sendto(r7, 0x0, 0x0, 0x0, &(0x7f0000000000)=@qipcrtr={0x2a, 0x6}, 0x6) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002000)=@newtfilter={0x474, 0x2c, 0xd27, 0x70bd29, 0x2, {0x0, 0x0, 0x0, r8, {0xffff, 0xf}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_fw={{0x7}, {0x448, 0x2, [@TCA_FW_POLICE={0x444, 0x2, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0xe5e, 0x10000, 0x7, 0xf, 0x8001, 0x5, 0x9, 0x14, 0x1, 0x0, 0x9, 0xb, 0x5, 0x0, 0xd2, 0x7, 0x6, 0x8, 0x5, 0x0, 0x8, 0x8559, 0x8, 0x421bec9f, 0x0, 0x7, 0x7, 0x0, 0x3, 0x101, 0x5, 0x4, 0x4, 0x9, 0x0, 0x1000, 0x3, 0xc3, 0x5, 0x5, 0x8cd, 0x3, 0x0, 0x3, 0x7, 0x1, 0x5, 0x1, 0x4, 0xb0, 0x5, 0xe, 0x998, 0x1ff, 0x7fffffff, 0x1000, 0x6dfd, 0x5, 0x10001, 0xeffe, 0x82, 0x97, 0x6, 0x2, 0x33cf, 0x1, 0x6, 0x82, 0x967c, 0x7, 0x5, 0x2, 0xffff, 0x4, 0x0, 0x4, 0x9dad, 0x6f, 0x3, 0x6b3, 0xfffffffc, 0x8b8, 0x400, 0x3, 0x9, 0xffffffff, 0x0, 0xf, 0x9, 0x8, 0x7, 0x7fff, 0x1, 0x81, 0x5, 0x7ff, 0xb, 0x40, 0x7644, 0x1, 0x2, 0x4, 0xff, 0xffffffc0, 0xb, 0x3, 0xfffffffe, 0xfffffff3, 0x3, 0x3, 0x7ff, 0x3, 0x1, 0x5, 0x5, 0x0, 0x9, 0x1ff, 0x3, 0x7, 0x5, 0x8, 0x1, 0x6, 0x8, 0x8000, 0xdd, 0x58, 0x2, 0x5, 0x1baa4268, 0x8, 0x3, 0xff, 0xb6, 0xd, 0x8, 0xb702, 0x7bf, 0x3, 0xfffffff7, 0xf, 0xe0, 0x5, 0x9, 0x6, 0x3e6, 0x6, 0x5, 0xfe32, 0x9, 0x7, 0x2, 0x3, 0x1, 0x9, 0x9, 0x9, 0x800009, 0xa3d, 0x9, 0x2, 0x2, 0x6, 0x4b, 0x5, 0x4, 0xa, 0x80000001, 0x2, 0x4c05ece9, 0x8, 0x2, 0x6c3, 0x9, 0x484e, 0x1, 0x6, 0x2, 0x42e, 0x3, 0xd3b, 0x9, 0x401, 0xb, 0x3, 0xc5, 0x0, 0x0, 0x3db, 0x68b, 0x10001, 0x1, 0x0, 0x300000, 0x8, 0x6, 0x3ff, 0x7fff, 0x8, 0x40, 0x6, 0x6, 0x5, 0xf0b, 0x7, 0x4, 0xfe, 0x1bfff86e, 0x50, 0x5, 0x400, 0x3, 0x800, 0x8, 0x6, 0x1, 0x8, 0x9, 0x64d5, 0x200, 0x7, 0x61c, 0x800, 0xfffffffc, 0x3ff, 0x9, 0x7, 0x3, 0x45de, 0x0, 0xa, 0x4, 0x0, 0x9, 0x10000, 0x4000007, 0x6, 0x9, 0xf, 0x4, 0xffff, 0x10000, 0x4, 0x952, 0x6, 0xffff, 0xfffffff7, 0x5, 0x7, 0x8000, 0xcaf, 0x5b, 0x6]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x9, 0x4, 0x81, 0xfffff9bf, 0x6, {0x91, 0x1, 0x3, 0x6, 0x1, 0xfffffff5}, {0x0, 0x0, 0x9, 0xffff, 0x2, 0x2}, 0x10002, 0x5, 0xfc}}]}]}}]}, 0x474}, 0x1, 0x0, 0x0, 0x40091}, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000000)={r0}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e23, 0x9, @loopback, 0x4}}, 0x1, 0x8, 0x3, 0x10001, 0x5d}, &(0x7f0000000040)=0x98) 3.436796622s ago: executing program 3 (id=719): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) unshare(0x66000080) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="5800000010000104000020000000000000000000", @ANYRES32=0x0, @ANYBLOB="2b12020000000000280012800b00010067656e6576650000"], 0x58}}, 0x0) 3.374543778s ago: executing program 3 (id=722): socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0xfffffffffffffead, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x3}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) 3.214892323s ago: executing program 0 (id=723): r0 = fsopen(&(0x7f0000000700)='affs\x00', 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000100), &(0x7f0000000140), 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000300), 0xffffffffffffffff) r3 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x800) socket$inet6_sctp(0xa, 0x1, 0x84) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) sendmsg$NL80211_CMD_DEL_PMKSA(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0x4054) sendmsg$nl_generic(r4, 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), r2) sendmsg$TIPC_NL_BEARER_SET(r4, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000880)=ANY=[@ANYBLOB="770100008eb803b1289b0fafb285cea8fed474d53d1a266c9c0cc3942e4352a3dac3f53c273faba71e5d9ac3f38cfcb48c29da375291ab6dd158624cd88f0f6aa9ddb0b1c54a5cee6423b80be3354b7ca7ac89becb", @ANYRES16=r5, @ANYBLOB="01002dbd7000fcdbdf2505000000f80004800900010073797a30000000003c0007800800030001000000080004000700000008000200ff030000080001000b0000000800010002000000080003000a00000008000400aab400004c00078008000200090000000800020009000000080003000000000008000100100000000800030000fcffff08000200010000000800030049f8ffff080003003300000008000300050000001300010062726f6164636173742d6c696e6b00000900010073797a30000000001300010062726f6164636173742d6c696e6b00001300010062726f6164636173742d6c696e6b00000900010073797a30000000000900010073797a3100000000"], 0x10c}, 0x1, 0x0, 0x0, 0x40000}, 0x20000044) socket$inet6(0xa, 0x4, 0x4) ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000380)={"00000004", 0x3, 0x5, 0x2, 0x0, 0x0, 'c\x00', '\x00\x00\x00@', "0300", "f3fd8000", ["8b09a907edff220aac00", "c2fed600ddff9aabeab0cbc7", '\x00', "0000000b0400"]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000100)='./file0\x00') symlink(0x0, &(0x7f0000000280)='./file0/file0\x00') bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x13, 0x4, 0x8, 0x8, 0x0, 0x1, 0x4, '\x00', 0x0, r1, 0x0, 0x0, 0x800000, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x1108, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0xb, r6}, 0x38) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000400)) chdir(&(0x7f00000001c0)='./bus\x00') rename(0x0, &(0x7f0000000200)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101f40, 0xd2) 3.045102706s ago: executing program 0 (id=725): syz_open_dev$sndpcmp(0x0, 0x0, 0xa0202) syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="34f3c28180890144af45e6672f5158f58b", @ANYRES32=r2, @ANYBLOB="1400020000000000000000000000ffff000000000800080081070000"], 0x34}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x39, '\x00', r2, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x4, 0x1000085}, 0x0) read$midi(0xffffffffffffffff, &(0x7f0000000f80)=""/251, 0xfb) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x845, 0x400}, @ramp={0x81, 0x0, {0x4, 0x7ff, 0x4, 0x4}}}) r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'veth0_to_hsr\x00', 0x1000}) write$char_usb(r4, &(0x7f0000000040)="e2", 0x12d8) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r3, &(0x7f0000019680)=""/102384, 0x18ff0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r5, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000040)=0x9) ioctl$SNDCTL_DSP_RESET(r5, 0x5000, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000000000000085000000750000"], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x71ba, @void, @value}, 0x94) dup2(0xffffffffffffffff, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f030000000000002e100200000000002604fdffff02000017010000030000001d133fffffff00007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 2.946735017s ago: executing program 4 (id=727): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x0, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c18e8438ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d2000000000100", "24431a1e77a68e174f000000000000000010e200"}}) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) 2.734811554s ago: executing program 4 (id=728): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000f0000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c1400001e0a05010000000000000000070000000900020073797a31000000000900010073797a300000000000140380300000802c000180250001007bb0c03ce8ed22d039cce454fd98ae614b08a9f3d4ddf1f742d55995afac076948000000cc1300800c00054000000000000000000c00054000000000000000000c0004400000000000000000e0000a80480002800800034000000003080003400000000308000340000000020900020073797a31000000000800034000000001080003400000000108000180fffffffb08000180fffffffe3a000100d5867498a18a515bfa0df242b8dd5cc3eb5106a4f3109f9909cb0aa08db584ba5ee6d4bbb45478287310a5b3a2d6b9d7dcb8abfa1d100000580002800900020073797a3200000000080003400000000408000180fffffffc080003400000000408000180ffffffff0900020073797a320000000008000180fffffffe08000340000000030900020073797a30000000000600064019d20000040201802400028008000340000000000800034000000000080003400000000008000180000000003800028008000340000000000800018000000000080003400000000008000340000000000900020073797a300000000008000340000000002c00028008000340000000000900020073797a31000000000900020073797a320000000008000340000000003400028008000180000000000900020073797a310000000008000340000000000900020073797a3200000000080003400000000004000280440002800900020073797a310000000008000340000000000900020073797a32000000000900020073797a320000000008000180000000000900020073797a3200000000fc000100789be1642f8430c460e8692a8f8c45aaf3118316539052ba181a60f03707ec8179fd143ed6c4db73977b77f68686d2ec94b25435ecec60f6ac23db96833cbf99779e33db32e62fe3a078933d3c1122022952988b9550db169ecb6e39fd8720a05d3eeb5d40a7ab91f9b5565dc2b48c9ac61eefd9d0aab86e58ea1940d2240a851dbeabcf0b6cefba164663ad87cbcdb6aa1468529d1206b1fa3aa39118b45ab882df7fb2c6e9c25a706f99002cc42ee9b894b4bbfe66ce8fa1038566ae3407d5c80e28dc3911476785933d1ef923697a44a9cd4271d539e2ecc14d37a5e2074116425f0766b49a6febf9f1b8405ee9de1363b262f1be283904000180080003"], 0x14b0}, 0x1, 0x0, 0x0, 0x4008091}, 0x4) 2.676489096s ago: executing program 4 (id=729): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x1e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x1, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) lsm_list_modules(&(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={0x0}, &(0x7f00000003c0)=0xc) prlimit64(r0, 0x9, &(0x7f0000000440)={0xdb5, 0x8d}, 0x0) r1 = getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) close(0x3) r3 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)}], 0x1}, 0x0) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) syz_open_dev$vcsu(&(0x7f0000000000), 0x800, 0x40) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, 0x6e) r6 = socket(0x2, 0x2, 0x1) bind$unix(r6, &(0x7f0000000000)=@abs, 0x6e) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00') preadv(r7, &(0x7f0000000840)=[{&(0x7f0000000880)=""/192, 0xc0}], 0x1, 0x180, 0x0) ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, &(0x7f0000000100)={0x5}) socket$igmp6(0xa, 0x3, 0x2) 2.323618068s ago: executing program 3 (id=730): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffd) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001000), 0x581, 0x40000000, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x1, 0x2, 0xff, 0xa4, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2, 0x20}, 0xe) 2.194796914s ago: executing program 3 (id=731): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x4, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {0x0, 0xfffffffffffffffc}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYBLOB="38010000160033060000000000000080e0000002000000000000000000000000ff020000000000000100000000000000000a00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb000000000000000000000000000004d2320000000000000000000000000000001800000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000003000000000000000000000000000000050000000000000004000000000000000000000002000000020000000a000418000000000000000048000200656362286369706865725f6e756c6c2900"/233], 0x138}}, 0x0) 1.752872032s ago: executing program 3 (id=732): fsopen(&(0x7f0000000100)='udf\x00', 0x0) syz_open_dev$video4linux(&(0x7f00000001c0), 0xff, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_setup(0xd2, &(0x7f0000000200)={0x0, 0x83ae, 0x800, 0x2}, 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000040)=@e={0xff, 0xc, 0xfe, 0x0, @SEQ_NOTEON=@special}) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) syz_open_dev$sndctrl(&(0x7f0000000080), 0x7, 0x48a00) socket$packet(0x11, 0x3, 0x300) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) memfd_secret(0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0xf5) 1.595226683s ago: executing program 4 (id=733): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700b00008ffffffd503010017740040950000000000000069163a0000000000bf67100018000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 1.536259563s ago: executing program 3 (id=734): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a0b0400000000000000000200000058000480240001800b000100736f636b65740000140002800800024000000003080001400000000230000180080001006e6174002400028008000640000000030800054000000003080001400000000008000240000000020900010073797a30000000000900020073797a32"], 0xac}}, 0x0) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) openat2(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)={0x591003, 0x0, 0x9}, 0x18) prctl$PR_SET_KEEPCAPS(0x8, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@host}) syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) prctl$PR_SET_KEEPCAPS(0x8, 0x1) mkdirat(0xffffffffffffff9c, 0x0, 0x10) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x7, 0x1, 0x1}}]}}]}}, 0x0) syz_usb_control_io$printer(r3, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r4, 0x60b, 0x0) write$char_usb(r4, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x402, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x20000000) unshare(0x62040200) fsopen(&(0x7f0000000140)='nfsd\x00', 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) readlinkat(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 1.536048344s ago: executing program 4 (id=735): mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=virtio,', {[{@loose}], [{@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@hash}, {@appraise}, {@subj_type={'subj_type', 0x3d, '}'}}]}}) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000240), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x9, 0x0, @vifc_lcl_addr=@local, @multicast1=0xe0000300}, 0x10) 1.476914483s ago: executing program 2 (id=736): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000500)=ANY=[@ANYRESOCT], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x1, 0x1000000}}}}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)}) r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) inotify_init1(0x80800) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0xc) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r8, 0x47f6, 0x0, 0x4, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000180)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/69}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000e40)) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) getsockopt$inet_dccp_buf(r3, 0x21, 0x2, &(0x7f00000001c0)=""/188, &(0x7f00000002c0)=0xbc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000e30900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x40820}, 0x0) 1.396772644s ago: executing program 0 (id=737): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000ff00"/20], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea111f000005000000", 0x29}], 0x1) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="01002ebd700000000000140000001800018014000a006e657464657673696d30000000000000080016000500000005"], 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380"], 0x44}}, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='GPL\x00', 0x7c, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) r7 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0) r8 = syz_init_net_socket$ax25(0x3, 0x3, 0xcb) bind$ax25(r8, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) connect$ax25(r8, &(0x7f00000002c0)={{0x3, @bcast}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default]}, 0x48) ptrace$getregset(0x4204, r7, 0x201, &(0x7f0000000440)={0x0}) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c230010) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18009ef1652600003200ff0f0000005b004e6f145ccb5c4761d1fb4da467880000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x8040) r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000240)=0xa) 1.396578782s ago: executing program 4 (id=738): mkdirat(0xffffffffffffff9c, 0x0, 0x4) r0 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2) socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x30313953, 0x0, 0xa, [{}, {0x10}, {}, {0xfffffffe}, {}, {}, {0x0, 0xfffffffd}]}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000207b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b705000000000000850000000400000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1.036106375s ago: executing program 2 (id=739): bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c80010000bfff8"], 0x15) syz_open_dev$vim2m(0x0, 0xbfb, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3c, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8000}, &(0x7f0000000240), 0x0) setitimer(0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0xea60}}, 0x0) setitimer(0x2, 0x0, 0x0) r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0) r4 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f0000001000), 0x581, 0x40000000, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x1, 0x2, 0xff, 0xa4, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2, 0x20}, 0xe) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 916.171343ms ago: executing program 0 (id=740): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000481100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e2200489078030000000200000088c73b21f267636d01dbe5712c1c941e1cdafbbb43f09c70e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b41183a1cb63731150145d4ca2fb049ba764a32b793bf509088ea721712bca79b25db633dd03b841664418c5334039bf74b78b116a96b00d6a8c8fc806d267028c5f95f532175079b603f5087f954ced9d8d52e50c3b1d6928f1ca159e4a"], 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) unshare(0x6a040000) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x228, &(0x7f0000000380)={0x0, 0xdf91, 0x10100, 0x80, 0x0, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000080)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) read(r7, &(0x7f00000000c0)=""/14, 0xe) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000040)={r3, 0x58, &(0x7f00000002c0)}, 0x10) r8 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r8, 0xc06c4124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) mount$9p_virtio(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000240)={'trans=virtio,', {[{@access_any}]}}) 96.456968ms ago: executing program 2 (id=741): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010000104000000000000000000007fff", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c00028014001800000000000000000000000000000000010500160002000000040012000500170009"], 0x60}}, 0x0) 95.349845ms ago: executing program 2 (id=742): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000100)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2a, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x1d, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r8 = accept4(r7, 0x0, 0x0, 0x0) read$alg(r8, &(0x7f0000000780)=""/4110, 0x100e) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='timer_start\x00', r10}, 0x10) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\"\x00\x00\x00', @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB="e2b85dd4cb8c7723", @ANYRES64=0x0], 0x20) r11 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r11, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e) 0s ago: executing program 0 (id=743): fsopen(&(0x7f0000000100)='udf\x00', 0x0) syz_open_dev$video4linux(&(0x7f00000001c0), 0xff, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_setup(0xd2, &(0x7f0000000200)={0x0, 0x83ae, 0x800, 0x2}, 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000000040)=@e={0xff, 0xc, 0xfe, 0x0, @SEQ_NOTEON=@special}) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) syz_open_dev$sndctrl(&(0x7f0000000080), 0x7, 0x48a00) socket$packet(0x11, 0x3, 0x300) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) memfd_secret(0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x10a) kernel console output (not intermixed with test programs): arding state [ 49.187718][ T1233] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.190452][ T1233] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.212801][ T5968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.235685][ T5968] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.248308][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.250556][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.262682][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.265743][ T1170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.332577][ T5962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.360372][ T5956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.405453][ T5962] veth0_vlan: entered promiscuous mode [ 49.409513][ T5956] veth0_vlan: entered promiscuous mode [ 49.414142][ T5962] veth1_vlan: entered promiscuous mode [ 49.424388][ T5956] veth1_vlan: entered promiscuous mode [ 49.429191][ T5961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.444947][ T5968] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.455150][ T5962] veth0_macvtap: entered promiscuous mode [ 49.464023][ T5962] veth1_macvtap: entered promiscuous mode [ 49.467478][ T5956] veth0_macvtap: entered promiscuous mode [ 49.471738][ T5956] veth1_macvtap: entered promiscuous mode [ 49.486571][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.492236][ T5956] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.496919][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.500276][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.505306][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.511321][ T5962] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.514865][ T5962] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.518694][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.531739][ T5956] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.535153][ T5956] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.537890][ T5956] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.540637][ T5956] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.553125][ T5962] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.558229][ T5962] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.568681][ T5962] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.571524][ T5962] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.579856][ T5961] veth0_vlan: entered promiscuous mode [ 49.589484][ T5968] veth0_vlan: entered promiscuous mode [ 49.600765][ T5961] veth1_vlan: entered promiscuous mode [ 49.619803][ T5968] veth1_vlan: entered promiscuous mode [ 49.658021][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.660462][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.663102][ T5961] veth0_macvtap: entered promiscuous mode [ 49.664213][ T1170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.667921][ T1170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.681297][ T5968] veth0_macvtap: entered promiscuous mode [ 49.685033][ T5961] veth1_macvtap: entered promiscuous mode [ 49.702627][ T5968] veth1_macvtap: entered promiscuous mode [ 49.719043][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.719042][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.719059][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.721857][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.721887][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.733490][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.736531][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.739758][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.743733][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.749236][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.752475][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.755702][ T5961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.758936][ T5961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.763123][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.776994][ T5961] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.779678][ T5961] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.782379][ T5961] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.785768][ T5961] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.801057][ T5968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.804703][ T5968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.807707][ T5968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.810926][ T5968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.814633][ T5968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 49.817884][ T5968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.822000][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 49.829217][ T5968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.831080][ T5956] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 49.832478][ T5968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.832485][ T5968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.832493][ T5968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.832498][ T5968] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 49.858981][ T5968] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 49.864864][ T5968] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 49.872708][ T5968] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.876727][ T5968] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.880270][ T5968] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.884299][ T5968] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.913862][ T1170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.917119][ T1170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.952683][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 49.953587][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.958500][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 49.959242][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 49.965319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.024028][ T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.026568][ T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.028970][ T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 50.031383][ T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 50.089519][ T6037] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.101947][ T6037] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5'. [ 50.103553][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 50.105105][ T6037] netlink: 'syz.0.5': attribute type 7 has an invalid length. [ 50.110583][ T6037] netlink: 'syz.0.5': attribute type 8 has an invalid length. [ 50.112895][ T6037] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5'. [ 50.266357][ T6050] netlink: 292 bytes leftover after parsing attributes in process `syz.2.8'. [ 51.064021][ T5973] Bluetooth: hci2: command tx timeout [ 51.064382][ T5967] Bluetooth: hci0: command tx timeout [ 51.066239][ T5973] Bluetooth: hci3: command tx timeout [ 51.068548][ T5960] Bluetooth: hci1: command tx timeout [ 51.115404][ T6063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.127347][ T6063] bond0: (slave rose0): Enslaving as an active interface with an up link [ 51.423431][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 51.784306][ T6091] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13'. [ 51.788385][ T6091] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13'. [ 51.792019][ T6091] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13'. [ 51.797191][ T6091] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13'. [ 52.029897][ T6100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14'. [ 52.035212][ T6100] FAULT_INJECTION: forcing a failure. [ 52.035212][ T6100] name failslab, interval 1, probability 0, space 0, times 1 [ 52.039590][ T6100] CPU: 1 UID: 0 PID: 6100 Comm: syz.1.14 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 52.039615][ T6100] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 52.039621][ T6100] Call Trace: [ 52.039625][ T6100] [ 52.039629][ T6100] dump_stack_lvl+0x16c/0x1f0 [ 52.039648][ T6100] should_fail_ex+0x512/0x640 [ 52.039660][ T6100] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 52.039675][ T6100] should_failslab+0xc2/0x120 [ 52.039688][ T6100] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 52.039700][ T6100] ? trace_sched_exit_tp+0xde/0x130 [ 52.039713][ T6100] ? getname_flags.part.0+0x4c/0x550 [ 52.039730][ T6100] getname_flags.part.0+0x4c/0x550 [ 52.039745][ T6100] getname_flags+0x93/0xf0 [ 52.039754][ T6100] do_sys_openat2+0xb8/0x1d0 [ 52.039768][ T6100] ? __pfx_do_sys_openat2+0x10/0x10 [ 52.039783][ T6100] ? __pfx___schedule+0x10/0x10 [ 52.039796][ T6100] ? __fget_files+0x20e/0x3c0 [ 52.039808][ T6100] __ia32_compat_sys_openat+0x16d/0x210 [ 52.039823][ T6100] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 52.039839][ T6100] ? rcu_is_watching+0x12/0xc0 [ 52.039855][ T6100] ? rcu_is_watching+0x12/0xc0 [ 52.039866][ T6100] __do_fast_syscall_32+0x73/0x120 [ 52.039883][ T6100] do_fast_syscall_32+0x32/0x80 [ 52.039898][ T6100] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 52.039910][ T6100] RIP: 0023:0xf70ee579 [ 52.039918][ T6100] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 52.039928][ T6100] RSP: 002b:00000000f509c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 52.039937][ T6100] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100 [ 52.039943][ T6100] RDX: 0000000000000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 52.039949][ T6100] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 52.039954][ T6100] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 52.039960][ T6100] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 52.039972][ T6100] [ 52.375822][ T6107] capability: warning: `syz.3.16' uses deprecated v2 capabilities in a way that may be insecure [ 52.526063][ T6110] netlink: 12 bytes leftover after parsing attributes in process `syz.2.19'. [ 52.924345][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 53.004507][ T6118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20'. [ 53.020814][ C3] Unknown status report in ack skb [ 53.064743][ T6122] loop6: detected capacity change from 0 to 524287999 [ 53.092958][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.096726][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.102594][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.106466][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.112364][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.116063][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.119839][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.122960][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.125790][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.128661][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.131424][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.134888][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.142529][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.146214][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.149078][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.151893][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.153586][ T5967] Bluetooth: hci3: command tx timeout [ 53.154539][ T6122] ldm_validate_partition_table(): Disk read failed. [ 53.156522][ T5967] Bluetooth: hci1: command tx timeout [ 53.158791][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.160753][ T5960] Bluetooth: hci2: command tx timeout [ 53.160785][ T5960] Bluetooth: hci0: command tx timeout [ 53.163830][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.166595][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 53.173814][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 53.177031][ T6122] Dev loop6: unable to read RDB block 0 [ 53.180289][ T6122] loop6: unable to read partition table [ 53.182772][ T6122] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 53.245474][ T6124] ldm_validate_partition_table(): Disk read failed. [ 53.248555][ T6124] Dev loop6: unable to read RDB block 0 [ 53.251391][ T6124] loop6: unable to read partition table [ 53.254369][ T6124] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 53.271479][ T5367] ldm_validate_partition_table(): Disk read failed. [ 53.275739][ T5367] Dev loop6: unable to read RDB block 0 [ 53.278042][ T5367] loop6: unable to read partition table [ 53.500119][ T6144] Cannot find map_set index 0 as target [ 53.886474][ T6156] overlayfs: missing 'lowerdir' [ 53.892465][ T6156] FAULT_INJECTION: forcing a failure. [ 53.892465][ T6156] name failslab, interval 1, probability 0, space 0, times 0 [ 53.896771][ T6156] CPU: 2 UID: 0 PID: 6156 Comm: syz.1.27 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 53.896785][ T6156] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 53.896797][ T6156] Call Trace: [ 53.896800][ T6156] [ 53.896804][ T6156] dump_stack_lvl+0x16c/0x1f0 [ 53.896823][ T6156] should_fail_ex+0x512/0x640 [ 53.896836][ T6156] ? fs_reclaim_acquire+0xae/0x150 [ 53.896853][ T6156] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 53.896868][ T6156] should_failslab+0xc2/0x120 [ 53.896882][ T6156] __kmalloc_noprof+0xd2/0x510 [ 53.896897][ T6156] tomoyo_realpath_from_path+0xc2/0x6e0 [ 53.896912][ T6156] ? tomoyo_profile+0x47/0x60 [ 53.896929][ T6156] tomoyo_path_number_perm+0x245/0x580 [ 53.896941][ T6156] ? tomoyo_path_number_perm+0x237/0x580 [ 53.896954][ T6156] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 53.896978][ T6156] ? find_held_lock+0x2b/0x80 [ 53.896989][ T6156] ? hook_file_ioctl_common+0x145/0x410 [ 53.897001][ T6156] ? __fget_files+0x204/0x3c0 [ 53.897012][ T6156] ? __fget_files+0x20e/0x3c0 [ 53.897020][ T6156] ? fput+0x10/0xf0 [ 53.897034][ T6156] security_file_ioctl_compat+0x9b/0x240 [ 53.897049][ T6156] __ia32_compat_sys_ioctl+0xc3/0x360 [ 53.897066][ T6156] __do_fast_syscall_32+0x73/0x120 [ 53.897082][ T6156] do_fast_syscall_32+0x32/0x80 [ 53.897097][ T6156] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 53.897110][ T6156] RIP: 0023:0xf70ee579 [ 53.897118][ T6156] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 53.897127][ T6156] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 53.897136][ T6156] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c0145401 [ 53.897142][ T6156] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000 [ 53.897148][ T6156] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 53.897153][ T6156] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 53.897159][ T6156] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 53.897170][ T6156] [ 53.897174][ T6156] ERROR: Out of memory at tomoyo_realpath_from_path. [ 54.264665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.268096][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.271452][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.275064][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 54.492046][ T5999] libceph: connect (1)[c::]:6789 error -101 [ 54.496551][ T5999] libceph: mon0 (1)[c::]:6789 connect error [ 54.754502][ T5999] libceph: connect (1)[c::]:6789 error -101 [ 54.757240][ T5999] libceph: mon0 (1)[c::]:6789 connect error [ 55.218148][ T6177] ceph: No mds server is up or the cluster is laggy [ 55.233790][ T5960] Bluetooth: hci1: command tx timeout [ 55.234194][ T66] Bluetooth: hci3: command tx timeout [ 55.235983][ T5973] Bluetooth: hci0: command tx timeout [ 55.237830][ T5967] Bluetooth: hci2: command tx timeout [ 56.581489][ T6207] __nla_validate_parse: 2 callbacks suppressed [ 56.581499][ T6207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.39'. [ 56.599232][ T6214] bridge1: entered promiscuous mode [ 56.601057][ T6214] bridge1: entered allmulticast mode [ 56.609365][ T6214] team0: Port device bridge1 added [ 56.611744][ T6208] tipc: Started in network mode [ 56.613424][ T6208] tipc: Node identity ac14140f, cluster identity 4711 [ 56.615803][ T6208] tipc: New replicast peer: 255.255.255.255 [ 56.618078][ T6208] tipc: Enabled bearer , priority 10 [ 57.112071][ T837] libceph: connect (1)[c::]:6789 error -101 [ 57.117258][ T837] libceph: mon0 (1)[c::]:6789 connect error [ 57.373453][ T837] libceph: connect (1)[c::]:6789 error -101 [ 57.375521][ T837] libceph: mon0 (1)[c::]:6789 connect error [ 57.623897][ T5959] tipc: Node number set to 2886997007 [ 57.826677][ T6223] ceph: No mds server is up or the cluster is laggy [ 57.877957][ T6233] overlayfs: missing 'lowerdir' [ 57.905932][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.48'. [ 57.910581][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.48'. [ 57.920837][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.48'. [ 57.924200][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.48'. [ 57.951283][ T6237] netlink: 14 bytes leftover after parsing attributes in process `syz.3.47'. [ 59.074797][ T6253] netlink: 'syz.2.52': attribute type 24 has an invalid length. [ 59.303214][ T6263] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.56'. [ 59.378094][ T6268] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 59.772360][ T6259] syz.2.55: attempt to access beyond end of device [ 59.772360][ T6259] loop2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 59.776350][ T6259] isofs_fill_super: bread failed, dev=loop2, iso_blknum=16, block=32 [ 59.823899][ T6270] netlink: 8 bytes leftover after parsing attributes in process `syz.3.57'. [ 60.259791][ T6286] netlink: 8 bytes leftover after parsing attributes in process `syz.2.62'. [ 60.881967][ T6294] IPVS: set_ctl: invalid protocol: 59 172.20.20.187:20001 [ 60.891173][ T6294] exFAT-fs (nullb0): invalid boot record signature [ 60.893437][ T6294] exFAT-fs (nullb0): failed to read boot sector [ 60.895466][ T6294] exFAT-fs (nullb0): failed to recognize exfat type [ 60.970732][ T6297] syz.2.67 uses obsolete (PF_INET,SOCK_PACKET) [ 60.975455][ T6297] syzkaller1: entered promiscuous mode [ 60.977294][ T6297] syzkaller1: entered allmulticast mode [ 61.007361][ C1] Unknown status report in ack skb [ 61.147390][ T6302] overlayfs: missing 'lowerdir' [ 61.185476][ T6304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.70'. [ 61.495819][ T6315] netlink: 'syz.2.75': attribute type 24 has an invalid length. [ 62.778615][ C2] Unknown status report in ack skb [ 62.828030][ T6331] __nla_validate_parse: 1 callbacks suppressed [ 62.828041][ T6331] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.80'. [ 62.850050][ T6332] netlink: 32 bytes leftover after parsing attributes in process `syz.1.78'. [ 62.854236][ T6332] netlink: 'syz.1.78': attribute type 10 has an invalid length. [ 62.897865][ T6332] veth0_vlan: left promiscuous mode [ 62.906953][ T6332] veth0_vlan: entered promiscuous mode [ 63.038446][ T6332] team0: Device veth0_vlan failed to register rx_handler [ 63.131896][ T6335] bridge0: port 3(netdevsim0) entered blocking state [ 63.144334][ T6335] bridge0: port 3(netdevsim0) entered disabled state [ 63.147008][ T6335] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 63.151120][ T6335] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 63.154333][ T6335] bridge0: port 3(netdevsim0) entered blocking state [ 63.156667][ T6335] bridge0: port 3(netdevsim0) entered forwarding state [ 63.347526][ T6357] netlink: 68 bytes leftover after parsing attributes in process `syz.3.86'. [ 63.476004][ T6359] netlink: 32 bytes leftover after parsing attributes in process `syz.0.83'. [ 63.498480][ T6359] netlink: 'syz.0.83': attribute type 10 has an invalid length. [ 63.607564][ T6359] veth0_vlan: left promiscuous mode [ 63.634821][ T6359] veth0_vlan: entered promiscuous mode [ 63.639985][ T6359] team0: Device veth0_vlan failed to register rx_handler [ 64.267884][ T6382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.92'. [ 64.271749][ T6382] netlink: 28 bytes leftover after parsing attributes in process `syz.0.92'. [ 64.282644][ T6382] geneve2: entered promiscuous mode [ 64.285221][ T6382] geneve2: entered allmulticast mode [ 65.360181][ T6406] netlink: 8 bytes leftover after parsing attributes in process `syz.2.98'. [ 65.513779][ T6408] netlink: 32 bytes leftover after parsing attributes in process `syz.1.99'. [ 65.523665][ T6408] netlink: 'syz.1.99': attribute type 10 has an invalid length. [ 65.527252][ T6408] veth0_vlan: left promiscuous mode [ 65.531790][ T6408] veth0_vlan: entered promiscuous mode [ 65.537279][ T6408] team0: Device veth0_vlan failed to register rx_handler [ 65.999721][ T6413] netlink: 'syz.2.101': attribute type 24 has an invalid length. [ 66.044618][ T6415] capability: warning: `syz.2.102' uses 32-bit capabilities (legacy support in use) [ 66.100992][ T6417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.103'. [ 66.103933][ T6417] netlink: 28 bytes leftover after parsing attributes in process `syz.2.103'. [ 66.109465][ T6417] geneve2: entered promiscuous mode [ 66.111272][ T6417] geneve2: entered allmulticast mode [ 66.278615][ T6426] syz.1.106: attempt to access beyond end of device [ 66.278615][ T6426] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 66.283309][ T6426] vxfs: unable to read disk superblock at 1 [ 66.285318][ T6426] syz.1.106: attempt to access beyond end of device [ 66.285318][ T6426] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 66.289959][ T6426] vxfs: unable to read disk superblock at 8 [ 66.291906][ T6426] vxfs: can't find superblock. [ 66.335442][ T6426] Zero length message leads to an empty skb [ 66.541936][ T6432] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 66.551030][ T6432] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode 802.3ad(4) [ 67.111518][ T6440] overlayfs: missing 'lowerdir' [ 67.167522][ T6442] netlink: 'syz.2.111': attribute type 24 has an invalid length. [ 67.436962][ T6450] netlink: 'syz.2.112': attribute type 10 has an invalid length. [ 67.454032][ T6450] veth0_vlan: left promiscuous mode [ 67.460039][ T6450] veth0_vlan: entered promiscuous mode [ 67.468246][ T6450] team0: Device veth0_vlan failed to register rx_handler [ 68.210654][ C2] Unknown status report in ack skb [ 69.278128][ T6504] netlink: 'syz.3.129': attribute type 24 has an invalid length. [ 69.406503][ T6509] __nla_validate_parse: 4 callbacks suppressed [ 69.406520][ T6509] netlink: 16 bytes leftover after parsing attributes in process `syz.3.130'. [ 69.412830][ T6509] netlink: 20 bytes leftover after parsing attributes in process `syz.3.130'. [ 69.437665][ T6509] geneve2: entered allmulticast mode [ 69.605641][ T6513] infiniband syz0: set down [ 69.608063][ T6513] infiniband syz0: added ipvlan1 [ 69.637222][ T6513] RDS/IB: syz0: added [ 69.638754][ T6513] smc: adding ib device syz0 with port count 1 [ 69.640764][ T6513] smc: ib device syz0 port 1 has pnetid [ 69.775122][ T6521] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 70.129310][ T6530] x_tables: duplicate underflow at hook 3 [ 70.197311][ T6532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.135'. [ 70.200113][ T6532] netlink: 28 bytes leftover after parsing attributes in process `syz.2.135'. [ 70.205749][ T6507] ISOFS: Unable to identify CD-ROM format. [ 70.252422][ T836] IPVS: starting estimator thread 0... [ 70.353593][ T6535] IPVS: using max 47 ests per chain, 112800 per kthread [ 70.763958][ T12] IPVS: stop unused estimator thread 0... [ 70.781026][ T6555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.141'. [ 70.784840][ T6555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.141'. [ 70.789404][ T6555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.141'. [ 70.794059][ T6555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.141'. [ 70.842712][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.845428][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.183004][ T6563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.144'. [ 71.186070][ T6563] netlink: 28 bytes leftover after parsing attributes in process `syz.2.144'. [ 71.524470][ T6570] IPv6: sit1: Disabled Multicast RS [ 71.526983][ T6570] sit1: entered allmulticast mode [ 71.713694][ T6578] netlink: 'syz.1.150': attribute type 24 has an invalid length. [ 71.973309][ T5959] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 72.158450][ T5959] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 72.164753][ T5959] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 72.167975][ T5959] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 72.170927][ T5959] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 72.175074][ T5959] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 72.186446][ T5959] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 72.189358][ T5959] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 72.191898][ T5959] usb 5-1: Product: syz [ 72.193478][ T5959] usb 5-1: Manufacturer: syz [ 72.206359][ T5959] cdc_wdm 5-1:1.0: skipping garbage [ 72.208535][ T5959] cdc_wdm 5-1:1.0: skipping garbage [ 72.218294][ T5959] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 72.220375][ T5959] cdc_wdm 5-1:1.0: Unknown control protocol [ 72.411468][ T6576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.417284][ T6576] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.476006][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 72.478094][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 72.480568][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 72.482543][ T5999] usb 5-1: USB disconnect, device number 2 [ 72.482605][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 72.486954][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 72.572527][ T6601] overlayfs: missing 'lowerdir' [ 73.164956][ T6620] netlink: 'syz.1.164': attribute type 3 has an invalid length. [ 73.245491][ T5967] Bluetooth: Unexpected start frame (len 16) [ 75.087672][ T6651] __nla_validate_parse: 4 callbacks suppressed [ 75.087722][ T6651] netlink: 32 bytes leftover after parsing attributes in process `syz.3.171'. [ 75.093685][ T6651] netlink: 'syz.3.171': attribute type 10 has an invalid length. [ 75.106026][ T6651] veth0_vlan: left promiscuous mode [ 75.109875][ T6651] veth0_vlan: entered promiscuous mode [ 75.116027][ T6651] team0: Device veth0_vlan failed to register rx_handler [ 75.203940][ T6653] loop6: detected capacity change from 0 to 524287999 [ 75.206620][ C0] blk_print_req_error: 41 callbacks suppressed [ 75.206629][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.211347][ C0] buffer_io_error: 41 callbacks suppressed [ 75.211354][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.218598][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.221486][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.224744][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.227576][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.231530][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.235461][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.238772][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.241680][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.244517][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.247356][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.251509][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.258893][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.266934][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.269998][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.272716][ T6653] ldm_validate_partition_table(): Disk read failed. [ 75.325413][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.328618][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.333815][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 75.336809][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 75.343587][ T6653] Dev loop6: unable to read RDB block 0 [ 75.355784][ T6653] loop6: unable to read partition table [ 75.359047][ T6653] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 75.366053][ T6654] ldm_validate_partition_table(): Disk read failed. [ 75.371023][ T6654] Dev loop6: unable to read RDB block 0 [ 75.376095][ T6654] loop6: unable to read partition table [ 75.378692][ T6654] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 75.810040][ T6664] netlink: 40 bytes leftover after parsing attributes in process `syz.1.175'. [ 76.411029][ T6671] overlayfs: missing 'lowerdir' [ 76.667548][ T6677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.180'. [ 76.671117][ T6677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.180'. [ 76.675507][ T6677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.180'. [ 76.678715][ T6677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.180'. [ 77.455203][ T6701] netlink: 32 bytes leftover after parsing attributes in process `syz.1.185'. [ 77.460318][ T6701] netlink: 'syz.1.185': attribute type 10 has an invalid length. [ 77.463405][ T6701] veth0_vlan: left promiscuous mode [ 77.467021][ T6701] veth0_vlan: entered promiscuous mode [ 77.475589][ T6701] team0: Device veth0_vlan failed to register rx_handler [ 77.711740][ T6707] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.190'. [ 77.851072][ T6712] block device autoloading is deprecated and will be removed. [ 77.855332][ T6711] md: md2 stopped. [ 78.140612][ T6723] netlink: 68 bytes leftover after parsing attributes in process `syz.1.194'. [ 78.410115][ C2] vcan0: j1939_tp_rxtimer: 0xffff888025d5a800: rx timeout, send abort [ 78.414820][ C2] vcan0: j1939_xtp_rx_abort_one: 0xffff888025d5a800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 78.551316][ T6730] loop6: detected capacity change from 0 to 524287999 [ 78.558717][ T6730] ldm_validate_partition_table(): Disk read failed. [ 78.561699][ T6730] Dev loop6: unable to read RDB block 0 [ 78.566797][ T6730] loop6: unable to read partition table [ 78.568791][ T6730] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 78.602641][ T6732] Bluetooth: MGMT ver 1.23 [ 78.638528][ T6730] ldm_validate_partition_table(): Disk read failed. [ 78.641433][ T6730] Dev loop6: unable to read RDB block 0 [ 78.645283][ T6730] loop6: unable to read partition table [ 78.647421][ T6730] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 79.622271][ T6755] netlink: 16 bytes leftover after parsing attributes in process `syz.0.205'. [ 79.635262][ T6755] geneve3: entered allmulticast mode [ 79.712978][ T6759] geneve3: entered promiscuous mode [ 79.715228][ T6759] geneve3: entered allmulticast mode [ 80.323223][ T837] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 80.476903][ T837] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 80.480549][ T837] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 80.484212][ T837] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 80.487647][ T837] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 80.493843][ T837] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 80.497500][ T837] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.503116][ T837] usb 6-1: config 0 descriptor?? [ 80.507821][ T6771] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 80.918832][ T837] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd [ 80.923030][ T837] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 80.931329][ T837] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 81.093288][ T10] cfg80211: failed to load regulatory.db [ 81.212434][ T6780] __nla_validate_parse: 3 callbacks suppressed [ 81.212445][ T6780] netlink: 16 bytes leftover after parsing attributes in process `syz.0.214'. [ 81.217383][ T6780] netlink: 20 bytes leftover after parsing attributes in process `syz.0.214'. [ 81.618664][ T6785] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.216'. [ 81.708693][ T6788] netlink: 96 bytes leftover after parsing attributes in process `syz.3.217'. [ 81.711909][ T6789] netlink: 96 bytes leftover after parsing attributes in process `syz.3.217'. [ 82.050032][ T5967] Bluetooth: unknown link type 108 [ 82.052306][ T5967] Bluetooth: hci0: connection err: -111 [ 82.267771][ T6796] netlink: 68 bytes leftover after parsing attributes in process `syz.0.219'. [ 82.374283][ T10] usb 6-1: reset high-speed USB device number 2 using dummy_hcd [ 83.552355][ T6818] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.226'. [ 83.692258][ T6826] netlink: 68 bytes leftover after parsing attributes in process `syz.0.228'. [ 83.880164][ T6831] netlink: 8 bytes leftover after parsing attributes in process `syz.2.224'. [ 83.904249][ T6833] bridge_slave_0: left allmulticast mode [ 83.906163][ T6833] bridge_slave_0: left promiscuous mode [ 83.908701][ T6833] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.918888][ T6833] bridge_slave_1: left allmulticast mode [ 83.921013][ T6833] bridge_slave_1: left promiscuous mode [ 83.923444][ T6833] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.928942][ T6833] bond0: (slave bond_slave_0): Releasing backup interface [ 83.934784][ T6833] bond0: (slave bond_slave_1): Releasing backup interface [ 83.942700][ T6833] team0: Port device team_slave_0 removed [ 83.950509][ T6833] team0: Port device team_slave_1 removed [ 83.954114][ T6833] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 83.957570][ T6833] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 83.962179][ T6833] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 83.965008][ T6833] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 83.984648][ T6833] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 83.991821][ T6833] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 83.994869][ T6833] bridge0: port 3(netdevsim0) entered disabled state [ 84.015415][ T5959] usb 6-1: USB disconnect, device number 2 [ 84.928563][ T6845] exFAT-fs (nullb0): invalid boot record signature [ 84.931318][ T6845] exFAT-fs (nullb0): failed to read boot sector [ 84.934311][ T6845] exFAT-fs (nullb0): failed to recognize exfat type [ 87.551678][ T6912] process 'syz.2.240' launched '/dev/fd/9' with NULL argv: empty string added [ 87.627161][ T6901] exFAT-fs (nbd2): mounting with "discard" option, but the device does not support discard [ 87.631119][ T6901] syz.2.240: attempt to access beyond end of device [ 87.631119][ T6901] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 87.635558][ T6901] exFAT-fs (nbd2): unable to read boot sector [ 87.638075][ T6901] exFAT-fs (nbd2): failed to read boot sector [ 87.640022][ T6901] exFAT-fs (nbd2): failed to recognize exfat type [ 87.860835][ T6922] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.247'. [ 88.013775][ T6925] Invalid ELF header magic: != ELF [ 88.419385][ T6951] netlink: 16 bytes leftover after parsing attributes in process `syz.0.257'. [ 88.422224][ T6951] netlink: 20 bytes leftover after parsing attributes in process `syz.0.257'. [ 88.478749][ T6955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.259'. [ 88.481610][ T6955] netlink: 28 bytes leftover after parsing attributes in process `syz.0.259'. [ 88.488582][ T6955] geneve4: entered promiscuous mode [ 88.490923][ T6955] geneve4: entered allmulticast mode [ 88.964298][ T6958] tmpfs: Unknown parameter 'grpqua_inode_hardlimit' [ 88.977845][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.3.261'. [ 88.982848][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.3.261'. [ 88.987375][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.3.261'. [ 88.991743][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.3.261'. [ 89.056011][ T5967] Bluetooth: Unexpected start frame (len 16) [ 89.600243][ T6981] netlink: 32 bytes leftover after parsing attributes in process `syz.1.265'. [ 89.608953][ T6981] netlink: 'syz.1.265': attribute type 10 has an invalid length. [ 89.612058][ T6981] veth0_vlan: left promiscuous mode [ 89.616735][ T6981] veth0_vlan: entered promiscuous mode [ 89.624259][ T6981] team0: Device veth0_vlan failed to register rx_handler [ 90.097822][ T6995] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.230864][ T6995] bridge_slave_1 (unregistering): left allmulticast mode [ 90.236744][ T6995] bridge_slave_1 (unregistering): left promiscuous mode [ 90.239303][ T6995] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.416251][ T7000] CUSE: unknown device info "KJ éH+ßãÛ¤2Lh¸änLþ1Õ`†CcÝòn§õ†îì8­¨×0º©®(À3Õ¶ië®â>f¡Çè_Ù®,°ð<Ö_e¤FÀÆ" [ 90.420132][ T7000] CUSE: unknown device info "3ÜŸ•,²¥Ì˜õ" [ 90.422247][ T7000] CUSE: DEVNAME unspecified [ 90.432543][ T7000] warning: `syz.1.272' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 91.027049][ T66] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.030434][ T66] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.035137][ T66] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.039365][ T66] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.042932][ T66] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.286420][ T7009] chnl_net:caif_netlink_parms(): no params data found [ 91.384884][ T7009] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.387375][ T7009] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.389845][ T7009] bridge_slave_0: entered allmulticast mode [ 91.393046][ T7009] bridge_slave_0: entered promiscuous mode [ 91.398020][ T7009] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.400477][ T7009] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.403343][ T7009] bridge_slave_1: entered allmulticast mode [ 91.444262][ T7009] bridge_slave_1: entered promiscuous mode [ 91.507348][ T7009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.511810][ T7009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.532798][ T64] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.618025][ T64] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.631831][ T7009] team0: Port device team_slave_0 added [ 91.636697][ T7009] team0: Port device team_slave_1 added [ 91.709576][ T7009] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.712642][ T7009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.724646][ T7009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.746464][ T64] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.755728][ T7009] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.765010][ T7009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.787153][ T7009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.843019][ T64] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.885685][ T7009] hsr_slave_0: entered promiscuous mode [ 91.891421][ T7009] hsr_slave_1: entered promiscuous mode [ 91.895772][ T7009] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.898977][ T7009] Cannot create hsr debugfs directory [ 92.056135][ T64] bridge_slave_1: left allmulticast mode [ 92.058031][ T64] bridge_slave_1: left promiscuous mode [ 92.060435][ T64] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.085803][ T64] bridge_slave_0: left allmulticast mode [ 92.088127][ T64] bridge_slave_0: left promiscuous mode [ 92.090531][ T64] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.264716][ T7040] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 92.275943][ T40] audit: type=1400 audit(1744971379.391:2): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=7039 comm="syz.0.285" [ 92.491384][ T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 92.498041][ T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 92.501688][ T64] bond0 (unregistering): Released all slaves [ 92.684816][ T7049] loop6: detected capacity change from 0 to 524287999 [ 92.688188][ C0] blk_print_req_error: 58 callbacks suppressed [ 92.688200][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.694154][ C0] buffer_io_error: 58 callbacks suppressed [ 92.694165][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.702763][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.706574][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.710057][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.713816][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.717136][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.721086][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.724568][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.727803][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.730968][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.734207][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.737007][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.740486][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.787422][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.790533][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.793230][ T7049] ldm_validate_partition_table(): Disk read failed. [ 92.796897][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.799882][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.803770][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.807035][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 92.813713][ T7049] Dev loop6: unable to read RDB block 0 [ 92.825921][ T7049] loop6: unable to read partition table [ 92.828092][ T7049] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 92.833634][ T7052] ldm_validate_partition_table(): Disk read failed. [ 92.836054][ T7052] Dev loop6: unable to read RDB block 0 [ 92.838229][ T7052] loop6: unable to read partition table [ 92.839211][ T7009] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.840100][ T7052] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 92.848062][ T7009] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.852159][ T5367] ldm_validate_partition_table(): Disk read failed. [ 92.854991][ T5367] Dev loop6: unable to read RDB block 0 [ 92.857312][ T5367] loop6: unable to read partition table [ 92.863503][ T7009] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.874293][ T7009] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.953050][ T7009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.965700][ T7009] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.974659][ T216] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.976898][ T216] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.991729][ T216] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.994058][ T216] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.031759][ T64] hsr_slave_0: left promiscuous mode [ 93.036376][ T64] hsr_slave_1: left promiscuous mode [ 93.038718][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.041232][ T64] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.045934][ T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.048430][ T64] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.068375][ T64] veth1_macvtap: left promiscuous mode [ 93.073076][ T64] veth0_macvtap: left promiscuous mode [ 93.075097][ T64] veth1_vlan: left promiscuous mode [ 93.078054][ T66] Bluetooth: hci2: command tx timeout [ 93.333070][ T13] smc: removing ib device syz0 [ 93.588579][ T105] libceph: connect (1)[c::]:6789 error -101 [ 93.590779][ T105] libceph: mon0 (1)[c::]:6789 connect error [ 93.676454][ T7077] ceph: No mds server is up or the cluster is laggy [ 93.875210][ T7093] overlayfs: missing 'lowerdir' [ 93.937796][ T64] team0 (unregistering): Port device team_slave_1 removed [ 93.984503][ T7098] __nla_validate_parse: 5 callbacks suppressed [ 93.984518][ T7098] netlink: 16 bytes leftover after parsing attributes in process `syz.0.298'. [ 93.990595][ T7098] netlink: 20 bytes leftover after parsing attributes in process `syz.0.298'. [ 94.006794][ T64] team0 (unregistering): Port device team_slave_0 removed [ 94.513035][ T7097] netlink: 14 bytes leftover after parsing attributes in process `syz.3.297'. [ 94.824798][ T7009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.852277][ T7112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.300'. [ 94.868990][ T7112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.300'. [ 94.872332][ T7112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.300'. [ 94.887014][ T7112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.300'. [ 95.050254][ T7009] veth0_vlan: entered promiscuous mode [ 95.056191][ T7009] veth1_vlan: entered promiscuous mode [ 95.082389][ T7009] veth0_macvtap: entered promiscuous mode [ 95.092432][ T7009] veth1_macvtap: entered promiscuous mode [ 95.111846][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.123691][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.126716][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.132345][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.139866][ T7009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.143219][ T66] Bluetooth: hci2: command tx timeout [ 95.154346][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.162160][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.166672][ T7009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.169857][ T7009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.174036][ T7009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.177826][ T7009] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.181617][ T7009] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.193360][ T7009] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.195995][ T7009] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.336755][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.339994][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.367535][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.374265][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.460356][ T7137] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.277'. [ 95.466299][ T7137] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.277'. [ 95.916235][ T40] audit: type=1800 audit(1744971383.031:3): pid=7158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.305" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 96.322331][ T7170] netlink: 16 bytes leftover after parsing attributes in process `syz.3.307'. [ 96.893580][ T837] libceph: connect (1)[c::]:6789 error -101 [ 96.895708][ T837] libceph: mon0 (1)[c::]:6789 connect error [ 97.020095][ T7221] netlink: 'syz.0.321': attribute type 4 has an invalid length. [ 97.154915][ T6023] libceph: connect (1)[c::]:6789 error -101 [ 97.157180][ T6023] libceph: mon0 (1)[c::]:6789 connect error [ 97.223372][ T66] Bluetooth: hci2: command tx timeout [ 97.638925][ T7209] ceph: No mds server is up or the cluster is laggy [ 99.078895][ T66] Bluetooth: Frame is too long (len 16, expected len 15) [ 99.129571][ T7270] __nla_validate_parse: 10 callbacks suppressed [ 99.129582][ T7270] netlink: 8 bytes leftover after parsing attributes in process `syz.4.335'. [ 99.135725][ T7270] netlink: 28 bytes leftover after parsing attributes in process `syz.4.335'. [ 99.136299][ T7271] loop6: detected capacity change from 0 to 524287999 [ 99.141564][ C3] blk_print_req_error: 41 callbacks suppressed [ 99.141579][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.144594][ T7270] geneve2: entered promiscuous mode [ 99.147821][ C3] buffer_io_error: 41 callbacks suppressed [ 99.147833][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.148515][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.149603][ T7270] geneve2: entered allmulticast mode [ 99.151997][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.156706][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.166418][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.169554][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.172762][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.176844][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.180233][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.182832][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.185969][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.188679][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.191545][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.200395][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.204289][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.207535][ T7271] ldm_validate_partition_table(): Disk read failed. [ 99.254561][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.257408][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.260025][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.264054][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 99.270211][ T7271] Dev loop6: unable to read RDB block 0 [ 99.275299][ T7271] loop6: unable to read partition table [ 99.278201][ T7271] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 99.291463][ T7272] ldm_validate_partition_table(): Disk read failed. [ 99.295964][ T7272] Dev loop6: unable to read RDB block 0 [ 99.299273][ T7272] loop6: unable to read partition table [ 99.301688][ T7272] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 99.314089][ T66] Bluetooth: hci2: command tx timeout [ 99.320918][ T5367] ldm_validate_partition_table(): Disk read failed. [ 99.324825][ T5367] Dev loop6: unable to read RDB block 0 [ 99.327806][ T5367] loop6: unable to read partition table [ 99.396631][ T7283] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 99.899058][ T7285] netlink: 32 bytes leftover after parsing attributes in process `syz.2.340'. [ 99.903612][ T7285] netlink: 'syz.2.340': attribute type 10 has an invalid length. [ 99.907823][ T7285] veth0_vlan: left promiscuous mode [ 99.910734][ T7285] veth0_vlan: entered promiscuous mode [ 99.914788][ T7285] team0: Device veth0_vlan failed to register rx_handler [ 100.261532][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.343'. [ 100.272740][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.343'. [ 100.279166][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.343'. [ 100.282529][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.343'. [ 100.364208][ T7304] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.346'. [ 100.367232][ T7304] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.346'. [ 100.375829][ T7306] FAULT_INJECTION: forcing a failure. [ 100.375829][ T7306] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 100.379859][ T7306] CPU: 1 UID: 0 PID: 7306 Comm: syz.2.347 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 100.379873][ T7306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.379879][ T7306] Call Trace: [ 100.379884][ T7306] [ 100.379888][ T7306] dump_stack_lvl+0x16c/0x1f0 [ 100.379919][ T7306] should_fail_ex+0x512/0x640 [ 100.379938][ T7306] _copy_from_user+0x2e/0xd0 [ 100.379953][ T7306] get_compat_msghdr+0xa7/0x170 [ 100.379967][ T7306] ? __pfx_get_compat_msghdr+0x10/0x10 [ 100.379980][ T7306] ? __pfx__kstrtoull+0x10/0x10 [ 100.379999][ T7306] ___sys_sendmsg+0x1ae/0x1d0 [ 100.380014][ T7306] ? __pfx____sys_sendmsg+0x10/0x10 [ 100.380033][ T7306] ? find_held_lock+0x2b/0x80 [ 100.380052][ T7306] __sys_sendmmsg+0x2f9/0x420 [ 100.380067][ T7306] ? __pfx___sys_sendmmsg+0x10/0x10 [ 100.380084][ T7306] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 100.380105][ T7306] ? fput+0x70/0xf0 [ 100.380118][ T7306] ? ksys_write+0x1b9/0x240 [ 100.380128][ T7306] ? __pfx_ksys_write+0x10/0x10 [ 100.380140][ T7306] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 100.380154][ T7306] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 100.380169][ T7306] __do_fast_syscall_32+0x73/0x120 [ 100.380185][ T7306] do_fast_syscall_32+0x32/0x80 [ 100.380200][ T7306] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 100.380213][ T7306] RIP: 0023:0xf70de579 [ 100.380221][ T7306] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 100.380231][ T7306] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 100.380240][ T7306] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 100.380246][ T7306] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 100.380252][ T7306] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 100.380257][ T7306] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 100.380263][ T7306] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 100.380274][ T7306] [ 100.471819][ T7316] netlink: 'syz.0.350': attribute type 33 has an invalid length. [ 100.475476][ T7316] netlink: 152 bytes leftover after parsing attributes in process `syz.0.350'. [ 100.494641][ T7318] overlayfs: missing 'lowerdir' [ 101.496522][ T34] libceph: connect (1)[c::]:6789 error -101 [ 101.498357][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 101.756623][ T34] libceph: connect (1)[c::]:6789 error -101 [ 101.758601][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 101.767859][ T7360] netlink: 'syz.3.358': attribute type 10 has an invalid length. [ 101.771709][ T7360] veth0_vlan: left promiscuous mode [ 101.775529][ T7360] veth0_vlan: entered promiscuous mode [ 101.780673][ T7360] team0: Device veth0_vlan failed to register rx_handler [ 101.906501][ T7369] FAULT_INJECTION: forcing a failure. [ 101.906501][ T7369] name failslab, interval 1, probability 0, space 0, times 0 [ 101.911368][ T7369] CPU: 2 UID: 0 PID: 7369 Comm: syz.0.364 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 101.911390][ T7369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 101.911399][ T7369] Call Trace: [ 101.911406][ T7369] [ 101.911413][ T7369] dump_stack_lvl+0x16c/0x1f0 [ 101.911448][ T7369] should_fail_ex+0x512/0x640 [ 101.911467][ T7369] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 101.911490][ T7369] should_failslab+0xc2/0x120 [ 101.911511][ T7369] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 101.911530][ T7369] ? __alloc_skb+0x2b2/0x380 [ 101.911555][ T7369] __alloc_skb+0x2b2/0x380 [ 101.911575][ T7369] ? __pfx___alloc_skb+0x10/0x10 [ 101.911604][ T7369] tipc_buf_acquire+0x26/0xe0 [ 101.911623][ T7369] tipc_msg_build+0x112/0x1150 [ 101.911646][ T7369] ? __pfx_tipc_msg_build+0x10/0x10 [ 101.911676][ T7369] __tipc_sendmsg+0xa30/0x19a0 [ 101.911703][ T7369] ? __pfx___tipc_sendmsg+0x10/0x10 [ 101.911721][ T7369] ? __lock_acquire+0xaa4/0x1ba0 [ 101.911748][ T7369] ? __pfx___might_resched+0x10/0x10 [ 101.911768][ T7369] ? __pfx_woken_wake_function+0x10/0x10 [ 101.911798][ T7369] ? __local_bh_enable_ip+0xa4/0x120 [ 101.911821][ T7369] tipc_sendmsg+0x4f/0x70 [ 101.911840][ T7369] ____sys_sendmsg+0xa95/0xc70 [ 101.911860][ T7369] ? __pfx_____sys_sendmsg+0x10/0x10 [ 101.911877][ T7369] ? get_compat_msghdr+0x11a/0x170 [ 101.911903][ T7369] ? __pfx__kstrtoull+0x10/0x10 [ 101.911934][ T7369] ___sys_sendmsg+0x134/0x1d0 [ 101.911957][ T7369] ? __pfx____sys_sendmsg+0x10/0x10 [ 101.911989][ T7369] ? find_held_lock+0x2b/0x80 [ 101.912019][ T7369] __sys_sendmmsg+0x2f9/0x420 [ 101.912045][ T7369] ? __pfx___sys_sendmmsg+0x10/0x10 [ 101.912075][ T7369] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 101.912109][ T7369] ? fput+0x70/0xf0 [ 101.912130][ T7369] ? ksys_write+0x1b9/0x240 [ 101.912148][ T7369] ? __pfx_ksys_write+0x10/0x10 [ 101.912171][ T7369] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 101.912194][ T7369] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 101.912234][ T7369] __do_fast_syscall_32+0x73/0x120 [ 101.912261][ T7369] do_fast_syscall_32+0x32/0x80 [ 101.912286][ T7369] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 101.912304][ T7369] RIP: 0023:0xf7f34579 [ 101.912316][ T7369] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 101.912330][ T7369] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 101.912343][ T7369] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 101.912349][ T7369] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 101.912354][ T7369] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 101.912360][ T7369] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 101.912365][ T7369] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 101.912377][ T7369] [ 102.225302][ T7346] ceph: No mds server is up or the cluster is laggy [ 102.735994][ T66] Bluetooth: Unexpected start frame (len 16) [ 103.171841][ T7399] dlm: non-version read from control device 36 [ 103.554455][ T7420] pim6reg: entered allmulticast mode [ 104.478155][ T66] Bluetooth: Unexpected start frame (len 16) [ 104.583026][ T7438] __nla_validate_parse: 8 callbacks suppressed [ 104.583039][ T7438] netlink: 68 bytes leftover after parsing attributes in process `syz.4.380'. [ 104.814111][ T7444] netlink: 32 bytes leftover after parsing attributes in process `syz.0.381'. [ 104.824315][ T7444] netlink: 'syz.0.381': attribute type 10 has an invalid length. [ 104.828260][ T7444] veth0_vlan: left promiscuous mode [ 104.833791][ T7444] veth0_vlan: entered promiscuous mode [ 104.843340][ T7444] team0: Device veth0_vlan failed to register rx_handler [ 105.614627][ T7456] FAULT_INJECTION: forcing a failure. [ 105.614627][ T7456] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.618984][ T7456] CPU: 3 UID: 0 PID: 7456 Comm: syz.2.387 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 105.618998][ T7456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 105.619015][ T7456] Call Trace: [ 105.619019][ T7456] [ 105.619023][ T7456] dump_stack_lvl+0x16c/0x1f0 [ 105.619042][ T7456] should_fail_ex+0x512/0x640 [ 105.619057][ T7456] _copy_from_user+0x2e/0xd0 [ 105.619071][ T7456] get_compat_msghdr+0xa7/0x170 [ 105.619096][ T7456] ? __pfx_get_compat_msghdr+0x10/0x10 [ 105.619111][ T7456] ? rcu_is_watching+0x12/0xc0 [ 105.619124][ T7456] ___sys_sendmsg+0x1ae/0x1d0 [ 105.619139][ T7456] ? __pfx____sys_sendmsg+0x10/0x10 [ 105.619158][ T7456] ? find_held_lock+0x2b/0x80 [ 105.619173][ T7456] ? __pfx___might_resched+0x10/0x10 [ 105.619188][ T7456] __sys_sendmmsg+0x2f9/0x420 [ 105.619203][ T7456] ? __pfx___sys_sendmmsg+0x10/0x10 [ 105.619220][ T7456] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 105.619242][ T7456] ? fput+0x70/0xf0 [ 105.619255][ T7456] ? ksys_write+0x1b9/0x240 [ 105.619265][ T7456] ? __pfx_ksys_write+0x10/0x10 [ 105.619277][ T7456] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 105.619291][ T7456] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 105.619306][ T7456] __do_fast_syscall_32+0x73/0x120 [ 105.619323][ T7456] do_fast_syscall_32+0x32/0x80 [ 105.619339][ T7456] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 105.619352][ T7456] RIP: 0023:0xf70de579 [ 105.619360][ T7456] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 105.619369][ T7456] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 105.619379][ T7456] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 105.619385][ T7456] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 105.619390][ T7456] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 105.619395][ T7456] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 105.619401][ T7456] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 105.619412][ T7456] [ 105.973032][ T66] Bluetooth: Unexpected start frame (len 16) [ 106.239771][ T7453] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.242377][ T7453] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.372893][ T7469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.392'. [ 106.381762][ T7469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.392'. [ 106.386947][ T7469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.392'. [ 106.391206][ T7469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.392'. [ 106.746341][ T10] libceph: connect (1)[c::]:6789 error -101 [ 106.748884][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 106.780144][ T7453] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.790770][ T7453] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.931255][ T7453] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.936633][ T7453] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.940284][ T7453] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.944594][ T7453] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.013515][ T10] libceph: connect (1)[c::]:6789 error -101 [ 107.015542][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 107.076526][ T7490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.397'. [ 107.080285][ T7490] netlink: 28 bytes leftover after parsing attributes in process `syz.4.397'. [ 107.106567][ T7490] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.115014][ T7490] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.123113][ T7490] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.129228][ T7490] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.131961][ T7490] geneve3: entered promiscuous mode [ 107.133776][ T7490] geneve3: entered allmulticast mode [ 107.403914][ T7480] ceph: No mds server is up or the cluster is laggy [ 108.896737][ T66] Bluetooth: Unexpected start frame (len 16) [ 109.360682][ T7597] netlink: 20 bytes leftover after parsing attributes in process `syz.0.411'. [ 109.364110][ T7597] netlink: 2 bytes leftover after parsing attributes in process `syz.0.411'. [ 110.391115][ T7610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.415'. [ 110.395402][ T7610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.415'. [ 110.400119][ T7610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.415'. [ 110.403618][ T7610] netlink: 4 bytes leftover after parsing attributes in process `syz.0.415'. [ 111.227815][ T7632] FAULT_INJECTION: forcing a failure. [ 111.227815][ T7632] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 111.232263][ T7632] CPU: 2 UID: 0 PID: 7632 Comm: syz.2.421 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 111.232283][ T7632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 111.232309][ T7632] Call Trace: [ 111.232315][ T7632] [ 111.232321][ T7632] dump_stack_lvl+0x16c/0x1f0 [ 111.232347][ T7632] should_fail_ex+0x512/0x640 [ 111.232368][ T7632] _copy_from_user+0x2e/0xd0 [ 111.232387][ T7632] get_compat_msghdr+0xa7/0x170 [ 111.232407][ T7632] ? __pfx_get_compat_msghdr+0x10/0x10 [ 111.232428][ T7632] ? __pfx__kstrtoull+0x10/0x10 [ 111.232454][ T7632] ___sys_sendmsg+0x1ae/0x1d0 [ 111.232475][ T7632] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.232504][ T7632] ? find_held_lock+0x2b/0x80 [ 111.232527][ T7632] ? __pfx___might_resched+0x10/0x10 [ 111.232550][ T7632] __sys_sendmmsg+0x2f9/0x420 [ 111.232571][ T7632] ? __pfx___sys_sendmmsg+0x10/0x10 [ 111.232597][ T7632] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 111.232628][ T7632] ? fput+0x70/0xf0 [ 111.232646][ T7632] ? ksys_write+0x1b9/0x240 [ 111.232661][ T7632] ? __pfx_ksys_write+0x10/0x10 [ 111.232680][ T7632] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 111.232699][ T7632] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 111.232720][ T7632] __do_fast_syscall_32+0x73/0x120 [ 111.232743][ T7632] do_fast_syscall_32+0x32/0x80 [ 111.232763][ T7632] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 111.232782][ T7632] RIP: 0023:0xf70de579 [ 111.232793][ T7632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 111.232806][ T7632] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 111.232821][ T7632] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 111.232831][ T7632] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 111.232839][ T7632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 111.232847][ T7632] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 111.232856][ T7632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 111.232874][ T7632] [ 111.992920][ T7650] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.426'. [ 111.996330][ T7650] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.426'. [ 112.273048][ T66] Bluetooth: Unexpected start frame (len 16) [ 112.351397][ T7663] ntfs3(nullb0): Primary boot signature is not NTFS. [ 112.354047][ T7663] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 112.451961][ T7671] FAULT_INJECTION: forcing a failure. [ 112.451961][ T7671] name failslab, interval 1, probability 0, space 0, times 0 [ 112.460282][ T7671] CPU: 3 UID: 0 PID: 7671 Comm: syz.0.433 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 112.460305][ T7671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 112.460315][ T7671] Call Trace: [ 112.460321][ T7671] [ 112.460327][ T7671] dump_stack_lvl+0x16c/0x1f0 [ 112.460356][ T7671] should_fail_ex+0x512/0x640 [ 112.460376][ T7671] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 112.460399][ T7671] should_failslab+0xc2/0x120 [ 112.460421][ T7671] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 112.460442][ T7671] ? __alloc_skb+0x2b2/0x380 [ 112.460471][ T7671] __alloc_skb+0x2b2/0x380 [ 112.460492][ T7671] ? __pfx___alloc_skb+0x10/0x10 [ 112.460529][ T7671] tipc_buf_acquire+0x26/0xe0 [ 112.460550][ T7671] tipc_msg_build+0x112/0x1150 [ 112.460574][ T7671] ? __pfx_tipc_msg_build+0x10/0x10 [ 112.460605][ T7671] __tipc_sendmsg+0xa30/0x19a0 [ 112.460630][ T7671] ? __pfx___tipc_sendmsg+0x10/0x10 [ 112.460647][ T7671] ? __lock_acquire+0xaa4/0x1ba0 [ 112.460675][ T7671] ? __pfx___might_resched+0x10/0x10 [ 112.460695][ T7671] ? __pfx_woken_wake_function+0x10/0x10 [ 112.460725][ T7671] ? __local_bh_enable_ip+0xa4/0x120 [ 112.460763][ T7671] tipc_sendmsg+0x4f/0x70 [ 112.460782][ T7671] ____sys_sendmsg+0xa95/0xc70 [ 112.460801][ T7671] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.460816][ T7671] ? get_compat_msghdr+0x11a/0x170 [ 112.460840][ T7671] ? __pfx__kstrtoull+0x10/0x10 [ 112.460870][ T7671] ___sys_sendmsg+0x134/0x1d0 [ 112.460893][ T7671] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.460926][ T7671] ? find_held_lock+0x2b/0x80 [ 112.460951][ T7671] ? __pfx___might_resched+0x10/0x10 [ 112.460975][ T7671] __sys_sendmmsg+0x2f9/0x420 [ 112.461000][ T7671] ? __pfx___sys_sendmmsg+0x10/0x10 [ 112.461031][ T7671] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 112.461065][ T7671] ? fput+0x70/0xf0 [ 112.461086][ T7671] ? ksys_write+0x1b9/0x240 [ 112.461102][ T7671] ? __pfx_ksys_write+0x10/0x10 [ 112.461123][ T7671] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 112.461150][ T7671] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 112.461178][ T7671] __do_fast_syscall_32+0x73/0x120 [ 112.461204][ T7671] do_fast_syscall_32+0x32/0x80 [ 112.461228][ T7671] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 112.461249][ T7671] RIP: 0023:0xf7f34579 [ 112.461262][ T7671] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 112.461277][ T7671] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 112.461294][ T7671] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 112.461304][ T7671] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 112.461313][ T7671] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 112.461322][ T7671] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 112.461331][ T7671] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 112.461353][ T7671] [ 113.141117][ T66] Bluetooth: Unexpected start frame (len 16) [ 113.192650][ T7690] netlink: 4 bytes leftover after parsing attributes in process `syz.3.439'. [ 113.196382][ T7690] netlink: 4 bytes leftover after parsing attributes in process `syz.3.439'. [ 113.201154][ T7690] netlink: 4 bytes leftover after parsing attributes in process `syz.3.439'. [ 113.205509][ T7690] netlink: 4 bytes leftover after parsing attributes in process `syz.3.439'. [ 114.285824][ T66] Bluetooth: Unexpected start frame (len 16) [ 114.677363][ T34] libceph: connect (1)[c::]:6789 error -101 [ 114.679380][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 114.933439][ T34] libceph: connect (1)[c::]:6789 error -101 [ 114.942603][ T34] libceph: mon0 (1)[c::]:6789 connect error [ 115.405038][ T7736] netlink: 'syz.3.454': attribute type 24 has an invalid length. [ 115.440128][ T7724] ceph: No mds server is up or the cluster is laggy [ 115.513301][ T66] Bluetooth: Unexpected start frame (len 16) [ 116.584247][ T7759] netlink: 76 bytes leftover after parsing attributes in process `syz.0.461'. [ 116.736579][ T7768] netlink: 68 bytes leftover after parsing attributes in process `syz.3.463'. [ 117.038882][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.3.468'. [ 117.046911][ T838] libceph: connect (1)[c::]:6789 error -101 [ 117.049020][ T838] libceph: mon0 (1)[c::]:6789 connect error [ 117.053716][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.3.468'. [ 117.058704][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.3.468'. [ 117.061748][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.3.468'. [ 117.323530][ T838] libceph: connect (1)[c::]:6789 error -101 [ 117.329702][ T838] libceph: mon0 (1)[c::]:6789 connect error [ 117.423308][ T7791] netlink: 32 bytes leftover after parsing attributes in process `syz.2.470'. [ 117.430124][ T7791] netlink: 'syz.2.470': attribute type 10 has an invalid length. [ 117.434342][ T7791] veth0_vlan: left promiscuous mode [ 117.440049][ T7791] veth0_vlan: entered promiscuous mode [ 117.449770][ T7791] team0: Device veth0_vlan failed to register rx_handler [ 117.782410][ T7780] ceph: No mds server is up or the cluster is laggy [ 118.029864][ T7801] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.474'. [ 118.032936][ T7801] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.474'. [ 118.525482][ T66] Bluetooth: Unexpected start frame (len 16) [ 118.814395][ T5999] kernel read not supported for file /dsp1 (pid: 5999 comm: kworker/2:3) [ 119.177107][ T40] audit: type=1326 audit(1744971406.291:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.183985][ T40] audit: type=1326 audit(1744971406.291:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.190586][ T40] audit: type=1326 audit(1744971406.291:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.198053][ T40] audit: type=1326 audit(1744971406.291:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.199350][ T7839] netlink: 12 bytes leftover after parsing attributes in process `syz.0.488'. [ 119.204726][ T40] audit: type=1326 audit(1744971406.291:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.204749][ T40] audit: type=1326 audit(1744971406.291:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.204768][ T40] audit: type=1326 audit(1744971406.291:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.204788][ T40] audit: type=1326 audit(1744971406.291:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.225481][ T7839] 9pnet_fd: Insufficient options for proto=fd [ 119.228835][ T40] audit: type=1326 audit(1744971406.291:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 119.245424][ T40] audit: type=1326 audit(1744971406.291:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7836 comm="syz.3.487" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x7ffc0000 [ 120.021172][ T66] Bluetooth: Unexpected start frame (len 16) [ 120.319122][ T7865] sp0: Synchronizing with TNC [ 120.425495][ T7869] loop6: detected capacity change from 0 to 524287999 [ 120.428126][ C1] blk_print_req_error: 41 callbacks suppressed [ 120.428135][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.432935][ C1] buffer_io_error: 41 callbacks suppressed [ 120.432941][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.439078][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.441958][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.444687][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.447524][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.450230][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.453015][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.455828][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.458529][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.462827][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.466286][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.468863][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.471660][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.483945][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.486811][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.489494][ T7869] ldm_validate_partition_table(): Disk read failed. [ 120.501952][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.504597][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.632462][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 120.635423][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 120.641666][ T7869] Dev loop6: unable to read RDB block 0 [ 120.644973][ T7869] loop6: unable to read partition table [ 120.647612][ T7869] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 120.655442][ T7872] ldm_validate_partition_table(): Disk read failed. [ 120.665448][ T7872] Dev loop6: unable to read RDB block 0 [ 120.671275][ T7872] loop6: unable to read partition table [ 120.673383][ T7872] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 120.684547][ T5367] ldm_validate_partition_table(): Disk read failed. [ 120.688547][ T5367] Dev loop6: unable to read RDB block 0 [ 120.699317][ T5367] loop6: unable to read partition table [ 121.795019][ T7896] mmap: syz.4.506 (7896) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 122.706777][ T7915] netlink: 68 bytes leftover after parsing attributes in process `syz.4.511'. [ 123.505355][ T7923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 123.526792][ T7923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 123.544257][ T7923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 123.583419][ T7923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.513'. [ 124.766857][ T7955] loop6: detected capacity change from 0 to 524287999 [ 124.769911][ T7955] ldm_validate_partition_table(): Disk read failed. [ 124.772277][ T7955] Dev loop6: unable to read RDB block 0 [ 124.778701][ T7955] loop6: unable to read partition table [ 124.781299][ T7955] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 124.802373][ T7959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.522'. [ 124.807760][ T7959] netlink: 28 bytes leftover after parsing attributes in process `syz.2.522'. [ 124.816244][ T7959] geneve3: entered promiscuous mode [ 124.819926][ T7959] geneve3: entered allmulticast mode [ 124.854808][ T7955] ldm_validate_partition_table(): Disk read failed. [ 124.858091][ T7955] Dev loop6: unable to read RDB block 0 [ 124.861242][ T7955] loop6: unable to read partition table [ 124.863697][ T7955] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 125.003569][ T7973] loop6: detected capacity change from 0 to 524287999 [ 125.029310][ T7973] ldm_validate_partition_table(): Disk read failed. [ 125.031949][ T7973] Dev loop6: unable to read RDB block 0 [ 125.034803][ T7973] loop6: unable to read partition table [ 125.036721][ T7973] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 125.147580][ T7973] ldm_validate_partition_table(): Disk read failed. [ 125.150012][ T7973] Dev loop6: unable to read RDB block 0 [ 125.152284][ T7973] loop6: unable to read partition table [ 125.154542][ T7973] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 126.018432][ T7993] netlink: 'syz.0.534': attribute type 24 has an invalid length. [ 126.081925][ T7998] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.535'. [ 126.085946][ T7998] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.535'. [ 126.380055][ T8021] netlink: 8 bytes leftover after parsing attributes in process `syz.2.542'. [ 126.398763][ T8021] geneve4: entered promiscuous mode [ 126.400667][ T8021] geneve4: entered allmulticast mode [ 127.213754][ T8046] netlink: 'syz.4.551': attribute type 24 has an invalid length. [ 128.412563][ T8061] __nla_validate_parse: 4 callbacks suppressed [ 128.412579][ T8061] netlink: 32 bytes leftover after parsing attributes in process `syz.2.557'. [ 128.418053][ T8061] netlink: 'syz.2.557': attribute type 10 has an invalid length. [ 128.420669][ T8061] veth0_vlan: left promiscuous mode [ 128.426710][ T8061] veth0_vlan: entered promiscuous mode [ 128.429487][ T8061] team0: Device veth0_vlan failed to register rx_handler [ 128.429589][ T8069] netlink: 12 bytes leftover after parsing attributes in process `syz.4.558'. [ 128.445836][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.448294][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.450680][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.454525][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.459519][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.461916][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.465593][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.467993][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.470349][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.472740][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.475455][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.477773][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.480121][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.482399][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.484785][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.487176][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.489489][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.491961][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.494956][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.497329][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.499656][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.501968][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.504719][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.507061][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.509366][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.511688][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.517329][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.519663][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.521983][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.524478][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.526795][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.529099][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.531368][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.533881][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.536246][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.538567][ T105] hid-generic 0008:0000:0000.0003: unknown main item tag 0x0 [ 128.544895][ T105] hid-generic 0008:0000:0000.0003: hidraw1: HID v0.00 Device [syz1] on syz1 [ 128.720298][ T8084] netlink: 'syz.2.564': attribute type 8 has an invalid length. [ 128.811467][ T8086] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 128.819217][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 128.819231][ T40] audit: type=1400 audit(1744971415.931:27): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=8085 comm="syz.3.565" [ 129.120779][ T8099] loop6: detected capacity change from 0 to 524287999 [ 129.123529][ C3] blk_print_req_error: 109 callbacks suppressed [ 129.123537][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.129149][ C3] buffer_io_error: 109 callbacks suppressed [ 129.129156][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.134711][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.137580][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.141187][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.144816][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.147599][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.150528][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.153631][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.156554][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.159196][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.162015][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.164529][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.167717][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.170505][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.174421][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.177782][ T8099] ldm_validate_partition_table(): Disk read failed. [ 129.243578][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.246496][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.255980][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 129.258819][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 129.261654][ T8099] Dev loop6: unable to read RDB block 0 [ 129.267516][ T8099] loop6: unable to read partition table [ 129.269931][ T8099] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 129.279224][ T8101] ldm_validate_partition_table(): Disk read failed. [ 129.286840][ T8101] Dev loop6: unable to read RDB block 0 [ 129.294191][ T8101] loop6: unable to read partition table [ 129.296837][ T8101] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 130.337965][ T8119] netlink: 8 bytes leftover after parsing attributes in process `syz.3.574'. [ 130.341565][ T8119] netlink: 28 bytes leftover after parsing attributes in process `syz.3.574'. [ 130.348694][ T8119] geneve4: entered promiscuous mode [ 130.350401][ T8119] geneve4: entered allmulticast mode [ 130.953492][ T8129] tty tty21: ldisc open failed (-12), clearing slot 20 [ 130.981738][ T8134] netlink: 'syz.0.579': attribute type 24 has an invalid length. [ 131.361513][ T66] Bluetooth: Unexpected start frame (len 16) [ 131.665838][ T8152] FAULT_INJECTION: forcing a failure. [ 131.665838][ T8152] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.669938][ T8152] CPU: 3 UID: 0 PID: 8152 Comm: syz.3.585 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 131.669952][ T8152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 131.669958][ T8152] Call Trace: [ 131.669962][ T8152] [ 131.669966][ T8152] dump_stack_lvl+0x16c/0x1f0 [ 131.669984][ T8152] should_fail_ex+0x512/0x640 [ 131.669999][ T8152] _copy_from_user+0x2e/0xd0 [ 131.670018][ T8152] get_compat_msghdr+0xa7/0x170 [ 131.670036][ T8152] ? __pfx_get_compat_msghdr+0x10/0x10 [ 131.670056][ T8152] ? __pfx__kstrtoull+0x10/0x10 [ 131.670084][ T8152] ___sys_sendmsg+0x1ae/0x1d0 [ 131.670106][ T8152] ? __pfx____sys_sendmsg+0x10/0x10 [ 131.670135][ T8152] ? find_held_lock+0x2b/0x80 [ 131.670170][ T8152] ? __pfx___might_resched+0x10/0x10 [ 131.670189][ T8152] __sys_sendmmsg+0x2f9/0x420 [ 131.670204][ T8152] ? __pfx___sys_sendmmsg+0x10/0x10 [ 131.670221][ T8152] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 131.670241][ T8152] ? fput+0x70/0xf0 [ 131.670254][ T8152] ? ksys_write+0x1b9/0x240 [ 131.670264][ T8152] ? __pfx_ksys_write+0x10/0x10 [ 131.670277][ T8152] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 131.670291][ T8152] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 131.670306][ T8152] __do_fast_syscall_32+0x73/0x120 [ 131.670323][ T8152] do_fast_syscall_32+0x32/0x80 [ 131.670338][ T8152] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 131.670351][ T8152] RIP: 0023:0xf7fb6579 [ 131.670360][ T8152] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 131.670370][ T8152] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 131.670380][ T8152] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 131.670386][ T8152] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 131.670392][ T8152] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 131.670398][ T8152] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 131.670403][ T8152] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 131.670414][ T8152] [ 131.683435][ T8151] netlink: 32 bytes leftover after parsing attributes in process `syz.2.583'. [ 131.972842][ T8145] netlink: 'syz.2.583': attribute type 10 has an invalid length. [ 132.031597][ T8145] veth0_vlan: left promiscuous mode [ 132.035451][ T8145] veth0_vlan: entered promiscuous mode [ 132.038579][ T8145] team0: Device veth0_vlan failed to register rx_handler [ 132.111612][ T8161] netlink: 8 bytes leftover after parsing attributes in process `syz.0.588'. [ 132.116864][ T8161] netlink: 28 bytes leftover after parsing attributes in process `syz.0.588'. [ 132.123808][ T8161] geneve5: entered promiscuous mode [ 132.125697][ T8161] geneve5: entered allmulticast mode [ 132.172353][ T8163] netlink: 'syz.0.590': attribute type 24 has an invalid length. [ 132.236553][ T8167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.592'. [ 132.241369][ T8167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.592'. [ 132.244933][ T8167] netlink: 4 bytes leftover after parsing attributes in process `syz.0.592'. [ 132.268447][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.271198][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.342032][ T66] Bluetooth: Unexpected start frame (len 16) [ 132.505452][ T8181] FAULT_INJECTION: forcing a failure. [ 132.505452][ T8181] name failslab, interval 1, probability 0, space 0, times 0 [ 132.509599][ T8181] CPU: 3 UID: 0 PID: 8181 Comm: syz.0.597 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 132.509614][ T8181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.509621][ T8181] Call Trace: [ 132.509625][ T8181] [ 132.509629][ T8181] dump_stack_lvl+0x16c/0x1f0 [ 132.509647][ T8181] should_fail_ex+0x512/0x640 [ 132.509661][ T8181] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 132.509675][ T8181] should_failslab+0xc2/0x120 [ 132.509689][ T8181] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 132.509702][ T8181] ? __alloc_skb+0x2b2/0x380 [ 132.509717][ T8181] __alloc_skb+0x2b2/0x380 [ 132.509729][ T8181] ? __pfx___alloc_skb+0x10/0x10 [ 132.509746][ T8181] tipc_buf_acquire+0x26/0xe0 [ 132.509781][ T8181] tipc_msg_build+0x112/0x1150 [ 132.509798][ T8181] ? __pfx_tipc_msg_build+0x10/0x10 [ 132.509816][ T8181] __tipc_sendmsg+0xa30/0x19a0 [ 132.509831][ T8181] ? __pfx___tipc_sendmsg+0x10/0x10 [ 132.509841][ T8181] ? __lock_acquire+0xaa4/0x1ba0 [ 132.509858][ T8181] ? __pfx___might_resched+0x10/0x10 [ 132.509876][ T8181] ? __pfx_woken_wake_function+0x10/0x10 [ 132.509905][ T8181] ? __local_bh_enable_ip+0xa4/0x120 [ 132.509929][ T8181] tipc_sendmsg+0x4f/0x70 [ 132.509949][ T8181] ____sys_sendmsg+0xa95/0xc70 [ 132.509968][ T8181] ? __pfx_____sys_sendmsg+0x10/0x10 [ 132.509979][ T8181] ? get_compat_msghdr+0x11a/0x170 [ 132.509995][ T8181] ? __pfx__kstrtoull+0x10/0x10 [ 132.510014][ T8181] ___sys_sendmsg+0x134/0x1d0 [ 132.510028][ T8181] ? __pfx____sys_sendmsg+0x10/0x10 [ 132.510048][ T8181] ? find_held_lock+0x2b/0x80 [ 132.510062][ T8181] ? __pfx___might_resched+0x10/0x10 [ 132.510077][ T8181] __sys_sendmmsg+0x2f9/0x420 [ 132.510092][ T8181] ? __pfx___sys_sendmmsg+0x10/0x10 [ 132.510109][ T8181] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 132.510130][ T8181] ? fput+0x70/0xf0 [ 132.510143][ T8181] ? ksys_write+0x1b9/0x240 [ 132.510153][ T8181] ? __pfx_ksys_write+0x10/0x10 [ 132.510165][ T8181] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 132.510179][ T8181] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 132.510195][ T8181] __do_fast_syscall_32+0x73/0x120 [ 132.510211][ T8181] do_fast_syscall_32+0x32/0x80 [ 132.510226][ T8181] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.510240][ T8181] RIP: 0023:0xf7f34579 [ 132.510248][ T8181] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 132.510258][ T8181] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 132.510268][ T8181] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 132.510274][ T8181] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.510280][ T8181] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 132.510285][ T8181] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 132.510291][ T8181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 132.510303][ T8181] [ 132.794830][ T5999] libceph: connect (1)[c::]:6789 error -101 [ 132.797390][ T5999] libceph: mon0 (1)[c::]:6789 connect error [ 132.838372][ T8192] geneve5: entered promiscuous mode [ 132.840578][ T8192] geneve5: entered allmulticast mode [ 133.053604][ T5999] libceph: connect (1)[c::]:6789 error -101 [ 133.056169][ T5999] libceph: mon0 (1)[c::]:6789 connect error [ 133.175244][ T8201] netlink: 'syz.2.602': attribute type 32 has an invalid length. [ 133.178779][ T8201] netlink: 'syz.2.602': attribute type 32 has an invalid length. [ 133.555146][ T8188] ceph: No mds server is up or the cluster is laggy [ 133.563667][ T5999] libceph: connect (1)[c::]:6789 error -101 [ 133.567731][ T5999] libceph: mon0 (1)[c::]:6789 connect error [ 133.996975][ T8227] trusted_key: encrypted_key: master key parameter 'defasyz' is invalid [ 135.616169][ T66] Bluetooth: Unexpected start frame (len 16) [ 135.867887][ T8271] __nla_validate_parse: 5 callbacks suppressed [ 135.867903][ T8271] netlink: 8 bytes leftover after parsing attributes in process `syz.2.626'. [ 135.873751][ T8271] netlink: 28 bytes leftover after parsing attributes in process `syz.2.626'. [ 135.879657][ T8271] geneve6: entered promiscuous mode [ 135.881356][ T8271] geneve6: entered allmulticast mode [ 136.063360][ T836] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 136.070049][ T8276] syz_tun: entered allmulticast mode [ 136.090560][ T8276] lo: entered allmulticast mode [ 136.244666][ T836] usb 8-1: not running at top speed; connect to a high speed hub [ 136.250531][ T836] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 136.259646][ T836] usb 8-1: New USB device found, idVendor=056a, idProduct=00de, bcdDevice= 0.40 [ 136.264983][ T836] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.269886][ T836] usb 8-1: Product: syz [ 136.272458][ T836] usb 8-1: Manufacturer: syz [ 136.275850][ T836] usb 8-1: SerialNumber: syz [ 136.282371][ T8267] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 136.505785][ T836] usbhid 8-1:1.0: can't add hid device: -71 [ 136.507696][ T836] usbhid 8-1:1.0: probe with driver usbhid failed with error -71 [ 136.513039][ T836] usb 8-1: USB disconnect, device number 2 [ 136.567723][ T8280] netlink: 'syz.4.629': attribute type 24 has an invalid length. [ 136.808312][ T8284] netlink: 32 bytes leftover after parsing attributes in process `syz.4.630'. [ 136.823240][ T8284] netlink: 'syz.4.630': attribute type 10 has an invalid length. [ 136.825915][ T8284] veth0_vlan: left promiscuous mode [ 136.884368][ T8284] veth0_vlan: entered promiscuous mode [ 136.908707][ T8284] team0: Device veth0_vlan failed to register rx_handler [ 136.986326][ T8275] syz_tun: left allmulticast mode [ 136.989839][ T8275] lo: left allmulticast mode [ 137.066949][ T66] Bluetooth: Unexpected start frame (len 16) [ 137.072101][ T8294] syz.3.635 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 137.303268][ T836] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 137.695571][ T836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 137.698997][ T836] usb 7-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 137.701890][ T836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.707087][ T836] usb 7-1: config 0 descriptor?? [ 137.915373][ T8290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.919831][ T8290] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.925133][ T836] usb 7-1: USB disconnect, device number 2 [ 138.305647][ T8312] overlayfs: failed to resolve 'defcontext=system_u': -2 [ 138.837715][ T8333] FAULT_INJECTION: forcing a failure. [ 138.837715][ T8333] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 138.841974][ T8333] CPU: 2 UID: 0 PID: 8333 Comm: syz.4.645 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 138.841989][ T8333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 138.841995][ T8333] Call Trace: [ 138.841999][ T8333] [ 138.842003][ T8333] dump_stack_lvl+0x16c/0x1f0 [ 138.842022][ T8333] should_fail_ex+0x512/0x640 [ 138.842036][ T8333] _copy_from_user+0x2e/0xd0 [ 138.842050][ T8333] get_compat_msghdr+0xa7/0x170 [ 138.842069][ T8333] ? __pfx_get_compat_msghdr+0x10/0x10 [ 138.842082][ T8333] ? __pfx__kstrtoull+0x10/0x10 [ 138.842100][ T8333] ___sys_sendmsg+0x1ae/0x1d0 [ 138.842115][ T8333] ? __pfx____sys_sendmsg+0x10/0x10 [ 138.842134][ T8333] ? find_held_lock+0x2b/0x80 [ 138.842150][ T8333] ? __pfx___might_resched+0x10/0x10 [ 138.842164][ T8333] __sys_sendmmsg+0x2f9/0x420 [ 138.842179][ T8333] ? __pfx___sys_sendmmsg+0x10/0x10 [ 138.842197][ T8333] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 138.842218][ T8333] ? fput+0x70/0xf0 [ 138.842232][ T8333] ? ksys_write+0x1b9/0x240 [ 138.842242][ T8333] ? __pfx_ksys_write+0x10/0x10 [ 138.842254][ T8333] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 138.842268][ T8333] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 138.842283][ T8333] __do_fast_syscall_32+0x73/0x120 [ 138.842299][ T8333] do_fast_syscall_32+0x32/0x80 [ 138.842316][ T8333] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 138.842329][ T8333] RIP: 0023:0xf7fb3579 [ 138.842336][ T8333] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 138.842346][ T8333] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 138.842356][ T8333] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 138.842362][ T8333] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 138.842367][ T8333] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 138.842372][ T8333] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 138.842378][ T8333] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 138.842389][ T8333] [ 138.912667][ C2] vkms_vblank_simulate: vblank timer overrun [ 140.110587][ T8358] netlink: 224 bytes leftover after parsing attributes in process `syz.4.654'. [ 140.113762][ T8358] netlink: 224 bytes leftover after parsing attributes in process `syz.4.654'. [ 140.116632][ T8358] netlink: 224 bytes leftover after parsing attributes in process `syz.4.654'. [ 140.122204][ T8358] netlink: 224 bytes leftover after parsing attributes in process `syz.4.654'. [ 140.127168][ T8358] netlink: 224 bytes leftover after parsing attributes in process `syz.4.654'. [ 140.630012][ T66] Bluetooth: Unexpected start frame (len 16) [ 140.695984][ T8371] netlink: 16 bytes leftover after parsing attributes in process `syz.4.655'. [ 141.561315][ T66] Bluetooth: Unexpected start frame (len 16) [ 141.612900][ T8397] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.666'. [ 141.613411][ T837] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 141.615780][ T8397] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.666'. [ 141.793546][ T837] usb 9-1: Using ep0 maxpacket: 32 [ 141.802334][ T837] usb 9-1: config index 0 descriptor too short (expected 8978, got 18) [ 141.806042][ T837] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 141.813732][ T837] usb 9-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 141.817623][ T837] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.825428][ T837] usb 9-1: Product: syz [ 141.832072][ T837] usb 9-1: Manufacturer: syz [ 141.843738][ T837] usb 9-1: SerialNumber: syz [ 141.849098][ T837] usb 9-1: config 0 descriptor?? [ 142.419010][ T837] usb 9-1: USB disconnect, device number 2 [ 142.491026][ T8417] FAULT_INJECTION: forcing a failure. [ 142.491026][ T8417] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.498924][ T8417] CPU: 3 UID: 0 PID: 8417 Comm: syz.4.670 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 142.498948][ T8417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.498959][ T8417] Call Trace: [ 142.498964][ T8417] [ 142.498971][ T8417] dump_stack_lvl+0x16c/0x1f0 [ 142.498997][ T8417] should_fail_ex+0x512/0x640 [ 142.499018][ T8417] _copy_from_user+0x2e/0xd0 [ 142.499048][ T8417] get_compat_msghdr+0xa7/0x170 [ 142.499068][ T8417] ? __pfx_get_compat_msghdr+0x10/0x10 [ 142.499089][ T8417] ? __pfx__kstrtoull+0x10/0x10 [ 142.499116][ T8417] ___sys_sendmsg+0x1ae/0x1d0 [ 142.499138][ T8417] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.499168][ T8417] ? find_held_lock+0x2b/0x80 [ 142.499192][ T8417] ? __pfx___might_resched+0x10/0x10 [ 142.499214][ T8417] __sys_sendmmsg+0x2f9/0x420 [ 142.499236][ T8417] ? __pfx___sys_sendmmsg+0x10/0x10 [ 142.499270][ T8417] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 142.499301][ T8417] ? fput+0x70/0xf0 [ 142.499321][ T8417] ? ksys_write+0x1b9/0x240 [ 142.499336][ T8417] ? __pfx_ksys_write+0x10/0x10 [ 142.499356][ T8417] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 142.499376][ T8417] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 142.499397][ T8417] __do_fast_syscall_32+0x73/0x120 [ 142.499420][ T8417] do_fast_syscall_32+0x32/0x80 [ 142.499442][ T8417] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 142.499462][ T8417] RIP: 0023:0xf7fb3579 [ 142.499476][ T8417] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 142.499491][ T8417] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 142.499508][ T8417] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 142.499519][ T8417] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 142.499528][ T8417] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 142.499538][ T8417] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 142.499547][ T8417] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 142.499565][ T8417] [ 143.057424][ T8431] ======================================================= [ 143.057424][ T8431] WARNING: The mand mount option has been deprecated and [ 143.057424][ T8431] and is ignored by this kernel. Remove the mand [ 143.057424][ T8431] option from the mount to silence this warning. [ 143.057424][ T8431] ======================================================= [ 143.625413][ T8439] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.676'. [ 143.629211][ T8439] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.676'. [ 143.806847][ T40] audit: type=1804 audit(1744971430.921:28): pid=8442 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.677" name="/newroot/95/file0/file0" dev="9p" ino=38273064 res=1 errno=0 [ 143.877516][ T66] Bluetooth: Unexpected start frame (len 16) [ 143.982779][ T8454] FAULT_INJECTION: forcing a failure. [ 143.982779][ T8454] name failslab, interval 1, probability 0, space 0, times 0 [ 143.986861][ T8454] CPU: 0 UID: 0 PID: 8454 Comm: syz.0.681 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 143.986875][ T8454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 143.986882][ T8454] Call Trace: [ 143.986886][ T8454] [ 143.986890][ T8454] dump_stack_lvl+0x16c/0x1f0 [ 143.986921][ T8454] should_fail_ex+0x512/0x640 [ 143.986934][ T8454] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 143.986949][ T8454] should_failslab+0xc2/0x120 [ 143.986963][ T8454] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 143.986987][ T8454] ? __alloc_skb+0x2b2/0x380 [ 143.987003][ T8454] __alloc_skb+0x2b2/0x380 [ 143.987015][ T8454] ? __pfx___alloc_skb+0x10/0x10 [ 143.987033][ T8454] tipc_buf_acquire+0x26/0xe0 [ 143.987045][ T8454] tipc_msg_build+0x112/0x1150 [ 143.987060][ T8454] ? __pfx_tipc_msg_build+0x10/0x10 [ 143.987078][ T8454] __tipc_sendmsg+0xa30/0x19a0 [ 143.987094][ T8454] ? __pfx___tipc_sendmsg+0x10/0x10 [ 143.987104][ T8454] ? __lock_acquire+0xaa4/0x1ba0 [ 143.987121][ T8454] ? __pfx___might_resched+0x10/0x10 [ 143.987133][ T8454] ? __pfx_woken_wake_function+0x10/0x10 [ 143.987151][ T8454] ? __local_bh_enable_ip+0xa4/0x120 [ 143.987166][ T8454] tipc_sendmsg+0x4f/0x70 [ 143.987188][ T8454] ____sys_sendmsg+0xa95/0xc70 [ 143.987200][ T8454] ? __pfx_____sys_sendmsg+0x10/0x10 [ 143.987209][ T8454] ? get_compat_msghdr+0x11a/0x170 [ 143.987224][ T8454] ? __pfx__kstrtoull+0x10/0x10 [ 143.987243][ T8454] ___sys_sendmsg+0x134/0x1d0 [ 143.987258][ T8454] ? __pfx____sys_sendmsg+0x10/0x10 [ 143.987277][ T8454] ? find_held_lock+0x2b/0x80 [ 143.987292][ T8454] ? __pfx___might_resched+0x10/0x10 [ 143.987307][ T8454] __sys_sendmmsg+0x2f9/0x420 [ 143.987326][ T8454] ? __pfx___sys_sendmmsg+0x10/0x10 [ 143.987344][ T8454] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 143.987365][ T8454] ? fput+0x70/0xf0 [ 143.987378][ T8454] ? ksys_write+0x1b9/0x240 [ 143.987388][ T8454] ? __pfx_ksys_write+0x10/0x10 [ 143.987401][ T8454] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 143.987415][ T8454] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 143.987430][ T8454] __do_fast_syscall_32+0x73/0x120 [ 143.987447][ T8454] do_fast_syscall_32+0x32/0x80 [ 143.987462][ T8454] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 143.987475][ T8454] RIP: 0023:0xf7f34579 [ 143.987484][ T8454] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 143.987494][ T8454] RSP: 002b:00000000f505655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 143.987505][ T8454] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004400 [ 143.987511][ T8454] RDX: 0000000000000203 RSI: 0000000000000000 RDI: 0000000000000000 [ 143.987516][ T8454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 143.987522][ T8454] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 143.987528][ T8454] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 143.987540][ T8454] [ 145.002448][ T66] Bluetooth: Unexpected start frame (len 16) [ 145.073402][ T6018] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 145.138135][ T8486] netlink: 52 bytes leftover after parsing attributes in process `syz.0.691'. [ 145.142491][ T8486] bond0: entered promiscuous mode [ 145.204754][ T66] Bluetooth: Unexpected start frame (len 16) [ 145.223768][ T6018] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 145.227853][ T6018] usb 8-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 145.231594][ T6018] usb 8-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 145.237574][ T6018] usb 8-1: config 64 interface 0 has no altsetting 0 [ 145.241452][ T6018] usb 8-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 145.245442][ T6018] usb 8-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 145.250037][ T6018] usb 8-1: config 64 interface 0 has no altsetting 0 [ 145.254121][ T6018] usb 8-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 145.257945][ T6018] usb 8-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 145.262509][ T6018] usb 8-1: config 64 interface 0 has no altsetting 0 [ 145.269203][ T6018] usb 8-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 145.273124][ T6018] usb 8-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 145.278400][ T6018] usb 8-1: config 64 interface 0 has no altsetting 0 [ 145.282378][ T6018] usb 8-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 145.286311][ T6018] usb 8-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 145.290781][ T6018] usb 8-1: config 64 interface 0 has no altsetting 0 [ 145.294669][ T6018] usb 8-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 145.298392][ T6018] usb 8-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 145.302851][ T6018] usb 8-1: config 64 interface 0 has no altsetting 0 [ 145.307071][ T6018] usb 8-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 145.310328][ T6018] usb 8-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 145.314044][ T6018] usb 8-1: config 64 interface 0 has no altsetting 0 [ 145.316833][ T6018] usb 8-1: config 64 has 1 interface, different from the descriptor's value: 9 [ 145.319549][ T6018] usb 8-1: config 64 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 145.322864][ T6018] usb 8-1: config 64 interface 0 has no altsetting 0 [ 145.327693][ T6018] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 145.330453][ T6018] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 145.332979][ T6018] usb 8-1: Product: syz [ 145.334653][ T6018] usb 8-1: Manufacturer: syz [ 145.336233][ T6018] usb 8-1: SerialNumber: syz [ 145.347777][ T6018] yurex 8-1:64.0: USB YUREX device now attached to Yurex #0 [ 145.694432][ T838] usb 8-1: USB disconnect, device number 3 [ 145.704783][ T838] yurex 8-1:64.0: USB YUREX #0 now disconnected [ 146.563831][ T34] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 146.725085][ T34] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 146.728921][ T34] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 146.733338][ T34] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 146.736812][ T34] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 146.740217][ T34] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 146.746018][ T34] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 146.748990][ T34] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 146.751618][ T34] usb 8-1: Product: syz [ 146.752977][ T34] usb 8-1: Manufacturer: syz [ 146.762211][ T34] cdc_wdm 8-1:1.0: skipping garbage [ 146.763966][ T34] cdc_wdm 8-1:1.0: skipping garbage [ 146.766484][ T34] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 146.768344][ T34] cdc_wdm 8-1:1.0: Unknown control protocol [ 146.969345][ T8507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.977211][ T8507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 147.033247][ C3] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 147.034747][ T3233] usb 8-1: USB disconnect, device number 4 [ 147.035426][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 147.039908][ C3] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 147.173078][ T8517] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.699'. [ 147.176575][ T8517] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.699'. [ 147.497382][ T8521] mkiss: ax0: crc mode is auto. [ 147.498551][ T66] Bluetooth: Unexpected start frame (len 16) [ 148.180462][ T8535] netlink: 'syz.4.704': attribute type 24 has an invalid length. [ 148.440514][ T8543] x_tables: duplicate underflow at hook 1 [ 148.654125][ T8554] netlink: 16 bytes leftover after parsing attributes in process `syz.0.710'. [ 148.657702][ T8554] netlink: 24 bytes leftover after parsing attributes in process `syz.0.710'. [ 149.831858][ T8571] zonefs (nbd3) ERROR: Not a zoned block device [ 149.875028][ T8576] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.718'. [ 149.879040][ T8576] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.718'. [ 149.969081][ T8586] netlink: 16 bytes leftover after parsing attributes in process `syz.3.719'. [ 149.972948][ T8586] netlink: 24 bytes leftover after parsing attributes in process `syz.3.719'. [ 150.403685][ T8606] loop6: detected capacity change from 0 to 524287999 [ 150.406877][ C2] blk_print_req_error: 24 callbacks suppressed [ 150.406892][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.413054][ C2] buffer_io_error: 24 callbacks suppressed [ 150.413067][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.419544][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.422985][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.426130][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.429445][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.432851][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.436584][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.440660][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.444460][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.448220][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.450993][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.453922][ C3] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.456698][ C3] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.459538][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.463278][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.466622][ T8606] ldm_validate_partition_table(): Disk read failed. [ 150.513807][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.517557][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.525023][ C2] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.529008][ C2] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.532863][ T8606] Dev loop6: unable to read RDB block 0 [ 150.539064][ T8606] loop6: unable to read partition table [ 150.542917][ T8606] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 150.550245][ T8607] ldm_validate_partition_table(): Disk read failed. [ 150.554478][ T8607] Dev loop6: unable to read RDB block 0 [ 150.557698][ T8607] loop6: unable to read partition table [ 150.560235][ T8607] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 150.571231][ T5367] ldm_validate_partition_table(): Disk read failed. [ 150.575053][ T5367] Dev loop6: unable to read RDB block 0 [ 150.578113][ T5367] loop6: unable to read partition table [ 150.635125][ T8612] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.728'. [ 150.638854][ T8612] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.728'. [ 151.868228][ T8634] dvmrp8: entered allmulticast mode [ 151.875857][ T8633] dvmrp8: left allmulticast mode [ 151.959102][ T8640] netlink: 'syz.0.737': attribute type 6 has an invalid length. [ 152.073320][ T5999] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 152.235966][ T5999] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 152.240339][ T5999] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 152.244516][ T5999] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 152.252955][ T5999] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 152.257083][ T5999] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.263467][ T5999] usb 8-1: Product: syz [ 152.269086][ T5999] usb 8-1: Manufacturer: syz [ 152.271577][ T5999] usb 8-1: SerialNumber: syz [ 152.337192][ T66] Bluetooth: Unexpected start frame (len 16) [ 152.491428][ T5999] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 152.802512][ T8632] usblp0:failed reading printer status (-71) [ 152.810794][ T836] usb 8-1: USB disconnect, device number 5 [ 152.882118][ T836] usblp0: removed [ 152.907331][ T40] audit: type=1326 audit(1744971440.021:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8631 comm="syz.3.734" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb6579 code=0x0 [ 153.271114][ T8664] netlink: 'syz.2.741': attribute type 24 has an invalid length. [ 153.600687][ T8632] ================================================================== [ 153.603269][ T8632] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320 [ 153.605722][ T8632] Write of size 4064 at addr ffffc90002f86020 by task syz.3.734/8632 [ 153.611341][ T8632] [ 153.612396][ T8632] CPU: 0 UID: 0 PID: 8632 Comm: syz.3.734 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 153.612417][ T8632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 153.612428][ T8632] Call Trace: [ 153.612435][ T8632] [ 153.612441][ T8632] dump_stack_lvl+0x116/0x1f0 [ 153.612469][ T8632] print_report+0xc3/0x670 [ 153.612488][ T8632] ? __virt_addr_valid+0x5e/0x590 [ 153.612510][ T8632] ? vrealloc_noprof+0x132/0x320 [ 153.612525][ T8632] kasan_report+0xe0/0x110 [ 153.612546][ T8632] ? vrealloc_noprof+0x132/0x320 [ 153.612564][ T8632] kasan_check_range+0xef/0x1a0 [ 153.612587][ T8632] __asan_memset+0x23/0x50 [ 153.612603][ T8632] vrealloc_noprof+0x132/0x320 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 153.612620][ T8632] push_insn_history+0x2ae/0x6c0 [ 153.612640][ T8632] do_check_common+0xbd3/0xc2a0 [ 153.612668][ T8632] ? __pfx_do_check_common+0x10/0x10 [ 153.612686][ T8632] ? lockdep_hardirqs_on+0x7c/0x110 [ 153.612710][ T8632] ? kfree+0x2b6/0x4d0 [ 153.612725][ T8632] ? bpf_check+0x6c86/0xb460 [ 153.612743][ T8632] ? bpf_check+0x7b2f/0xb460 [ 153.612762][ T8632] bpf_check+0x7f51/0xb460 [ 153.612787][ T8632] ? __pfx_bpf_check+0x10/0x10 [ 153.612805][ T8632] ? pcpu_alloc_noprof+0x949/0x1470 [ 153.612830][ T8632] ? __lock_acquire+0xaa4/0x1ba0 [ 153.612857][ T8632] ? find_held_lock+0x2b/0x80 [ 153.612875][ T8632] ? __asan_memset+0x23/0x50 [ 153.612890][ T8632] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 153.612914][ T8632] bpf_prog_load+0xe41/0x2490 [ 153.612938][ T8632] ? __pfx_bpf_prog_load+0x10/0x10 [ 153.612961][ T8632] ? __pfx___futex_wait+0x10/0x10 [ 153.612989][ T8632] ? bpf_lsm_bpf+0x9/0x10 [ 153.613007][ T8632] __sys_bpf+0x433c/0x4d80 [ 153.613031][ T8632] ? __pfx___sys_bpf+0x10/0x10 [ 153.613053][ T8632] ? do_futex+0x122/0x350 [ 153.613067][ T8632] ? __pfx_do_futex+0x10/0x10 [ 153.613084][ T8632] ? xfd_validate_state+0x5d/0x180 [ 153.613102][ T8632] ? rcu_is_watching+0x12/0xc0 [ 153.613121][ T8632] __ia32_sys_bpf+0x76/0xe0 [ 153.613144][ T8632] __do_fast_syscall_32+0x73/0x120 [ 153.613169][ T8632] do_fast_syscall_32+0x32/0x80 [ 153.613194][ T8632] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 153.613214][ T8632] RIP: 0023:0xf7fb6579 [ 153.613228][ T8632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 153.613244][ T8632] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 153.613261][ T8632] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0 [ 153.613271][ T8632] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 153.613281][ T8632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 153.613291][ T8632] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 153.613301][ T8632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 153.613316][ T8632] [ 153.613322][ T8632] [ 153.732027][ T8632] The buggy address belongs to the virtual mapping at [ 153.732027][ T8632] [ffffc90002f66000, ffffc90002f88000) created by: [ 153.732027][ T8632] kvrealloc_noprof+0x7d/0xd0 [ 153.739307][ T8632] [ 153.740397][ T8632] The buggy address belongs to the physical page: [ 153.743106][ T8632] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88806495de00 pfn:0x6495c [ 153.747306][ T8632] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 153.750367][ T8632] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 153.753994][ T8632] raw: ffff88806495de00 0000000000000000 00000001ffffffff 0000000000000000 [ 153.757666][ T8632] page dumped because: kasan: bad access detected [ 153.760397][ T8632] page_owner tracks the page as allocated [ 153.762865][ T8632] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 8632, tgid 8631 (syz.3.734), ts 153600598191, free_ts 153434924449 [ 153.769961][ T8632] post_alloc_hook+0x181/0x1b0 [ 153.772026][ T8632] get_page_from_freelist+0x135c/0x3920 [ 153.774488][ T8632] __alloc_frozen_pages_noprof+0x5a8/0x23a0 [ 153.777011][ T8632] alloc_pages_mpol+0x1fb/0x550 [ 153.779115][ T8632] alloc_pages_noprof+0x131/0x390 [ 153.781334][ T8632] __vmalloc_node_range_noprof+0x732/0x1540 [ 153.783875][ T8632] __kvmalloc_node_noprof+0x2ff/0x600 [ 153.786110][ T8632] kvrealloc_noprof+0x7d/0xd0 [ 153.788104][ T8632] push_insn_history+0x2ae/0x6c0 [ 153.790154][ T8632] do_check_common+0xbd3/0xc2a0 [ 153.792237][ T8632] bpf_check+0x7f51/0xb460 [ 153.794179][ T8632] bpf_prog_load+0xe41/0x2490 [ 153.796213][ T8632] __sys_bpf+0x433c/0x4d80 [ 153.798154][ T8632] __ia32_sys_bpf+0x76/0xe0 [ 153.800135][ T8632] __do_fast_syscall_32+0x73/0x120 [ 153.802346][ T8632] do_fast_syscall_32+0x32/0x80 [ 153.804426][ T8632] page last free pid 8632 tgid 8631 stack trace: [ 153.807025][ T8632] __free_frozen_pages+0x69d/0xff0 [ 153.809157][ T8632] __put_partials+0x16d/0x1c0 [ 153.811118][ T8632] qlist_free_all+0x4e/0x120 [ 153.813032][ T8632] kasan_quarantine_reduce+0x195/0x1e0 [ 153.815388][ T8632] __kasan_slab_alloc+0x69/0x90 [ 153.817505][ T8632] __kmalloc_node_track_caller_noprof+0x1d3/0x510 [ 153.820149][ T8632] krealloc_noprof+0x1fb/0x380 [ 153.822171][ T8632] copy_array.constprop.0+0x88/0x110 [ 153.824431][ T8632] copy_verifier_state+0xaa3/0xfa0 [ 153.826612][ T8632] push_stack+0x1d2/0x550 [ 153.828490][ T8632] check_cond_jmp_op+0x34c/0x7a70 [ 153.830777][ T8632] do_check_common+0x83ff/0xc2a0 [ 153.832963][ T8632] bpf_check+0x7f51/0xb460 [ 153.834947][ T8632] bpf_prog_load+0xe41/0x2490 [ 153.836990][ T8632] __sys_bpf+0x433c/0x4d80 [ 153.838947][ T8632] __ia32_sys_bpf+0x76/0xe0 [ 153.840922][ T8632] [ 153.841979][ T8632] Memory state around the buggy address: [ 153.844383][ T8632] ffffc90002f85f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 153.847660][ T8632] ffffc90002f85f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 153.850935][ T8632] >ffffc90002f86000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 153.854287][ T8632] ^ [ 153.856505][ T8632] ffffc90002f86080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 153.859950][ T8632] ffffc90002f86100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 153.863357][ T8632] ================================================================== [ 153.868117][ T8632] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 153.870438][ T8632] CPU: 2 UID: 0 PID: 8632 Comm: syz.3.734 Not tainted 6.15.0-rc2-syzkaller-00257-gb5c6891b2c5b #0 PREEMPT(full) [ 153.874108][ T8632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 153.878023][ T8632] Call Trace: [ 153.879349][ T8632] [ 153.880579][ T8632] dump_stack_lvl+0x3d/0x1f0 [ 153.882471][ T8632] panic+0x71c/0x800 [ 153.883992][ T8632] ? __pfx_panic+0x10/0x10 [ 153.885413][ T8632] ? rcu_is_watching+0x12/0xc0 [ 153.886951][ T8632] ? preempt_schedule_thunk+0x16/0x30 [ 153.888864][ T8632] ? vrealloc_noprof+0x132/0x320 [ 153.890689][ T8632] ? preempt_schedule_common+0x44/0xc0 [ 153.892414][ T8632] ? vrealloc_noprof+0x132/0x320 [ 153.894012][ T8632] check_panic_on_warn+0xab/0xb0 [ 153.895578][ T8632] end_report+0x107/0x170 [ 153.896953][ T8632] kasan_report+0xee/0x110 [ 153.898389][ T8632] ? vrealloc_noprof+0x132/0x320 [ 153.899968][ T8632] kasan_check_range+0xef/0x1a0 [ 153.901514][ T8632] __asan_memset+0x23/0x50 [ 153.902953][ T8632] vrealloc_noprof+0x132/0x320 [ 153.904461][ T8632] push_insn_history+0x2ae/0x6c0 [ 153.906052][ T8632] do_check_common+0xbd3/0xc2a0 [ 153.907594][ T8632] ? __pfx_do_check_common+0x10/0x10 [ 153.909280][ T8632] ? lockdep_hardirqs_on+0x7c/0x110 [ 153.910963][ T8632] ? kfree+0x2b6/0x4d0 [ 153.912255][ T8632] ? bpf_check+0x6c86/0xb460 [ 153.913707][ T8632] ? bpf_check+0x7b2f/0xb460 [ 153.915288][ T8632] bpf_check+0x7f51/0xb460 [ 153.917062][ T8632] ? __pfx_bpf_check+0x10/0x10 [ 153.918955][ T8632] ? pcpu_alloc_noprof+0x949/0x1470 [ 153.921005][ T8632] ? __lock_acquire+0xaa4/0x1ba0 [ 153.922868][ T8632] ? find_held_lock+0x2b/0x80 [ 153.924341][ T8632] ? __asan_memset+0x23/0x50 [ 153.925802][ T8632] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 153.927410][ T8632] bpf_prog_load+0xe41/0x2490 [ 153.928905][ T8632] ? __pfx_bpf_prog_load+0x10/0x10 [ 153.930543][ T8632] ? __pfx___futex_wait+0x10/0x10 [ 153.932082][ T8632] ? bpf_lsm_bpf+0x9/0x10 [ 153.933435][ T8632] __sys_bpf+0x433c/0x4d80 [ 153.934858][ T8632] ? __pfx___sys_bpf+0x10/0x10 [ 153.936406][ T8632] ? do_futex+0x122/0x350 [ 153.937959][ T8632] ? __pfx_do_futex+0x10/0x10 [ 153.939875][ T8632] ? xfd_validate_state+0x5d/0x180 [ 153.941696][ T8632] ? rcu_is_watching+0x12/0xc0 [ 153.943232][ T8632] __ia32_sys_bpf+0x76/0xe0 [ 153.944687][ T8632] __do_fast_syscall_32+0x73/0x120 [ 153.946385][ T8632] do_fast_syscall_32+0x32/0x80 [ 153.947943][ T8632] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 153.950062][ T8632] RIP: 0023:0xf7fb6579 [ 153.951503][ T8632] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 153.957507][ T8632] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 153.960174][ T8632] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0 [ 153.962765][ T8632] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 153.965294][ T8632] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 153.967885][ T8632] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 153.970869][ T8632] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 153.973482][ T8632] [ 153.975182][ T8632] Kernel Offset: disabled [ 153.976507][ T8632] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:17:20 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854ad4e5 RDI=ffffffff9ae0eb40 RBP=ffffffff9ae0eb00 RSP=ffffc90003ccef00 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3039636666667257 R12=0000000000000000 R13=0000000000000066 R14=ffffffff9ae0eb00 R15=ffffffff854ad480 RIP=ffffffff854ad50f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977bd000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000030419ff8 CR3=0000000065b26000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=dffffc0000000000 RBX=ffff88802b33fa80 RCX=ffffc90004797034 RDX=0000000000000001 RSI=ffffffff8dbc4884 RDI=ffff88802b33fa80 RBP=ffff88802b33fa80 RSP=ffffc90004797058 R8 =0000000000000000 R9 =fffff9400005be0e R10=ffffea00002df077 R11=0000000000000000 R12=ffff88803fffbb80 R13=0000000000000070 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff8197f421 RFL=00000292 [--S-A--] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978bd000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f71e37f0 CR3=000000004a26a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000fee0000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff81f75033 RBX=ffffea000167b7c8 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff8e3c1440 RBP=ffffea000167b7c0 RSP=ffffc900010df1a0 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffffea000167b7d0 R13=ffffea000167b7c0 R14=ffffc900010df630 R15=0000000000000001 RIP=ffffffff8197a710 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979bd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000000c3d8e2f CR3=000000005108a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000fee0000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=050be185050be185 050be185050be185 050be185050be185 050be185050be185 050be185050be185 050be185050be185 050be185050be185 050be185050be185 ZMM22=44c163ad44c163ad 44c163ad44c163ad 44c163ad44c163ad 44c163ad44c163ad 44c163ad44c163ad 44c163ad44c163ad 44c163ad44c163ad 44c163ad44c163ad ZMM23=b93ce639b93ce639 b93ce639b93ce639 b93ce639b93ce639 b93ce639b93ce639 b93ce639b93ce639 b93ce639b93ce639 b93ce639b93ce639 b93ce639b93ce639 ZMM24=3fdfad813fdfad81 3fdfad813fdfad81 3fdfad813fdfad81 3fdfad813fdfad81 3fdfad813fdfad81 3fdfad813fdfad81 3fdfad813fdfad81 3fdfad813fdfad81 ZMM25=26f8fbe126f8fbe1 26f8fbe126f8fbe1 26f8fbe126f8fbe1 26f8fbe126f8fbe1 26f8fbe126f8fbe1 26f8fbe126f8fbe1 26f8fbe126f8fbe1 26f8fbe126f8fbe1 ZMM26=df1f76fbdf1f76fb df1f76fbdf1f76fb df1f76fbdf1f76fb df1f76fbdf1f76fb df1f76fbdf1f76fb df1f76fbdf1f76fb df1f76fbdf1f76fb df1f76fbdf1f76fb ZMM27=5ee57d125ee57d12 5ee57d125ee57d12 5ee57d125ee57d12 5ee57d125ee57d12 5ee57d125ee57d12 5ee57d125ee57d12 5ee57d125ee57d12 5ee57d125ee57d12 ZMM28=000000b0000000af 000000ae000000ad 000000ac000000ab 000000aa000000a9 000000a8000000a7 000000a6000000a5 000000a4000000a3 000000a2000000a1 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=f2050000f2050000 f2050000f2050000 f2050000f2050000 f2050000f2050000 f2050000f2050000 f2050000f2050000 f2050000f2050000 f2050000f2050000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88802b2414a0 RCX=ffffffff81ae9969 RDX=ffff8880234b4880 RSI=ffffffff81ae9943 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900031cf5b8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed1005648295 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b53b180 RIP=ffffffff81ae9945 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097abd000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7ef6e40 CR3=000000004eb04000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=00000000fee0000e DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7392ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000