last executing test programs: 14m18.939817905s ago: executing program 2 (id=3652): r0 = syz_create_resource$binfmt(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) unlink(&(0x7f0000000000)='./file0\x00') write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0x509) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) r2 = gettid() r3 = socket$inet6(0xa, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x239, &(0x7f0000000240)={0x0, 0x1c2a, 0x10100, 0x4, 0x0, 0x0, r5}, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1}) openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendmsg$nl_generic(r5, 0x0, 0xc084) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="01000000400000000600", @ANYRES32, @ANYBLOB='\x00'/20, @ANYBLOB="73ec23ebab816ab29df5c83cdb1bd9195dba67d6729eda75f2446dcc67eb2da3ac75f160eafb4e3cf1b5e2ba65a63f7ca133de0e96060adf218713d9e8d31f8781c94bf8082ffebb56629fad6cf2762a2881080467abb0c6490c655a1097dc10f5091f6e91951f0b93485c2695efd09933a90a6b88d9b9222957135f2e635d85064d9bdadd4585b67f8d76906630dcf905f1e6813823df44958b2abec551d3a25d72bda575173a23300ef4cd93183f54bf493a96d10da2196a35b05f1ef4b654d599d44d378a631534b27f8557fe8dd05cdbc712a31dc6ab546f8d91df02239755e53141787a5d86cc124af09cf4e6113446482468dd96fad8de4dbd2c6c1c6e8a98176561ea623eaa148540df1bb4564313761377d6eece373e855552c55ce9aec797df4dba13abebffda4e6c693c6145b3de406a1a6a652021db33d8f09ffbbd33fd425dfc1b9a33ceac0abe078ba1b08ba1e8d9ecd42b48a33ae6e7b9d85eeb5e8fbf2f630b8bb1ae11ad9100932cf24fbc78b2b5d0992d1d54f7805596dbb215737b5f988cda1cc042629108b09d0926831ad5050404060e645b24dce4600c272c3638923de04cc2ae51ef1509559fcea15f05f9a418b7e493b2d127913021cac441633f94adba633441e800fc94ed00250bd31486ba1914f06ae168a8119f96be7d6f07ac4383473f562f1f7c8ab7da9aeed25397dde6abfcc72890bb664828329c17c06b9f59f72c0421e29cb7c9ea7c019d9015ed4e6a0e798df611c67c243cb2c65799b05707eab50186b206e46d901151adc53d0ebb511e6876d3ee8550893937d563ab99aa3ca921df589690a2b03e6a809cb8d3bb40865dd245ff8ed3764c69439f722010e01502c0d236185335025e0ad8fdd01e7a7899bea340a2e4b0a67301f1c24f0fd7b99dc0d2370f90240a816978ad62309a2a36b18f3167551f8c4ad3c15b66a5bbd14d9a060ce2142c93e1e85986edb11cbfe9cb25fe5fbe3c32f425043760140b28a2a2c0c4da2c354d1b1d61bd05cdc362a5468603e188db035059cb064790a4569abe62ad038618f7a04f4c41cfae0505a803c2d9fc757f0f060c76c8ebdb798fe067e57bb082be04a9b9dad6d409564bf9d73772509d37b48b00a6499fceef66771ac66ea14336e0cf8c03ed1fe598c9b7241e07eb15ae098cae34914f59aced124f870734ce75f116cdcf3b89e66769153e4de32ea7071129ccbe47cd59fb20a11228891304e6ee225812d6b0a66632db5eaa81fdaf3282bc71b5c3fdaa6ce6e2d520e8f380251ac1dd6612e42a43b0aa3cbb906b0dd381069d04ac7c0e3a5932c1523fbd083ef8791efe0afea18ca28a26f8f16b72d45bf6ed740a34fe5faebf7df8184e1b36efe7c5bf3255b40b8b7e387d73da4ea895e5a7f77e7e4730556a55e3902a64a3b008555dd114acebc9327e1f6ed52fbc508ade3098037efff41ab25962a79ed48509aa242eac7f8d4ab77198074674c322433e679439094b3f4bf66c247276a90bc812bac05e8f38d1ce1f2b660560c0a6e77cd086355e3cc8e933aed5e18504805c238b1b3c4c21d57eceb5cf30676b8cb2826c2933b5eb884cb2f616cdaaa8a4a23eb90cb1dbd28816b3d8a4ad4fb7ad45bc0869dd9a5b67b88d658eee8ec0833081afc37f4fc8d45db5c4a6397cba5cef2489ffbc21d3658f02d34b321c4b3d02a355d867bd94982b78c1e0133355a83b18901f1adeb78e635c5c1144a0743265ceeb4429af77f96c63bd9afdfec2aaf0d9880e412d6ea84c51708c03fe5829ff5d555aae19726606fa874ae649f1ee83cab1c476d07d3963388b018202c39e39e3641d4a203de9c040b0b820e4d1c9ab0ee28542b8a72fec783673347cc2df3fa5fc6c62fd6bf085d2f94dad4d79fa649318025003e6d28f30cd2eec1d5761f633bd9f343a63e4ccac0dab4b61950b8dd2ec77f6b5dc013d634a6552ef6b14468c5841338900e460832446b4055e33a4498859dba1414aa3dd227ae8e430873a49aa274e7664128bd69450a49d974d326413fe1d2c3cdb23e4bdf874ae6dd12abf6012e6238ae9a3dde501f2392e750ac0eb223163dd36ab5401d4e5f92278004eef41c5811192ed0ede59c0772331a41b92e9ef959659ce8c4bb01b2218838857eb6d3984dd19e507e1db9ad7805fc6040ad169e972a4285939445324416a0d82d4b0650373075f5c2af673565eb98cadee981ba9cefc66b858ffd456d3b88e6a40373a4d4326686aeb10c1dc11a78737237ab49353d645696224b151fe8250c2642dae3bcc1850ae9ea35ea96ee13f26ccc01d342f7e96250eb5491fe69fb5b20099f684009373d56b91da1611af52ae21924a7ec94cdacca897bc5d1127455f09e7e813721069ce4327daa88b18030ad0df868a3f4e463aac75d6a91df371be804f4a3e01baaad9b4ee60df3b1f5496e993c8d2abd79b99f4b3ac9bded0b3c3cd9dfe04ecf3ea83f9ae249ca7683409b7cddc20e8ca1f529ccce781fb53b253df1138b76af30f9232852cd57e08a81157a88e0ce96d1bb85313f8e61482031cdc718efe829e1ce93a4c78a8cd7d839da1ef8f1c92d764bb6d6f97e889c48877f2174893a23a5f235356fd9600c49217798265a8f68f77d8f7ef0f1a051005dc92d19426f959d1ccb3486da23f814c0186dbfe2c743051dcb021a52148a8c5a34316e05b1df0be47de2e991be992ae983743519eb4ed0ba9489f0d9cf550544f1b8490b66e4e1ed41955e5365876ba5e6159eacee5024037fd3045320a814bc0aa0519ea6f0bfa54e6f8d76cb4abc65d35760526403e1ef53e07ddccf482acacd81c1dc9b60c5bc0e0a8b90bce82193c1ca83e404e8fd00cfee1935424e1b1de310644403374a0b4a341697fcf2db8c551fc3d74938ed7cd8ba73399a7a8c708233dcb19f68d4a01b9464d265b1f43ee3f0ed56c352df21dbe1f469a21cecb72df6670a0af80e542152ee6ba192ddf1a60e1addeed71c7abd36e781519881c7e84b30642c1db9759b491c68f79cc1510adfbbb07cb21b30a11076daf0d4c0421b2ebdf7234d48c7cd3247704dbd456b43c5fc0af5784a91746b2856dd377fdefd0719095c51c57f7ba0a7b1e447c8877cacf17e38db4b781f8cba6e3b8a8381f8c1095b7e736b0deda5bdab41349a71881c8394868053009093018bd0c6a5dc7f62cfa05bab4148986181dee7b4730cd3f229be61691d903579d06cb3214e2232305bcb150b85e1433d88a1e6c27eb81bdb891838e7aae4d2a7aea877240ec38159c3b3f2f3e678cbbec876fb9fb3fb09bec0f77f191273eb566e12bf70fe2118b3d12c15f1fb1ebcce2bced0256d7833fbb87586acfd2820ffdb0e10ecb81be2c999917d1fd04f9300043f71dc299732612bff0afdd94eb6dac77db127ce8f1813cf93ea6e70bed5789b03a2c90eaa51041087249988ffaeb6a0c01c8634b48cb85f263e9b7a7fc6d43488532668f7771351a87243df54fe6c924812f4a581a495ef6113d5e806bc9666ee56505a9bffb8a3c0ae7391361ff807d225cd9edea2e62235738264d0f38a34b0150ba02940a47cbaef3c65e5c2993b5123fd0964b51cfd80a353466f2593cd35e41ed73447c0ed4a1b390ef5b45790b949fb8e79687d7a2008e89ce954501e69e32389d22ae1bc37c7d4e34a59399b87bf165a717cdb9b5c6844c5207e66f71b0ae104bffb9ca7d6150302cafcd5f37e0ceb434098a83fcbbcd0b8376c3797c800fc691d3bb690d2da5a9cb90a0649aeb9fe5cabdb1f22cb57dfadf4e32bbd3d3fa566b280057a82e6b9805c90d9e24d108f802c90c81e2b7f22edba429d125252ea77eac297863e0d4b0637b6ae559620e4ee5132a7777dc62bc96a9e0ad599d4d445a06160566c132f069927336157b3269275cabdafd70de74b5e685778458f6b28d2a49ef117adbe13e94c1bd111f794da9d2069bdc90cb4abd1867a4b2fa8fc847601b69b266beedb55fbe00208c067a0dff5412c6bcd8646fcab71f2d1ede46d1695ec01f0b06bf93d8c55dbff2098fff944ea9207d3092d8babeb08734c22133e63a689fcb585d4fa9a4ec3aa3c591336f05757bce19ae456088577da407ba35f2c11b078b357b59aef0ae00efc0fbfea76ff6a83d6b0c35877c28d353e6df9566a9c16a1d47a43895b414e6cae2dd67f7651318084e1d84d1acc98c2627e07c428593da4d86c5b0eba2dab333f1b066aa45c28f34ded8aa947baedd7724a8c20c26ea6727baf7a8035658896c1a3636dc430f430ca93edec11b2370410c1c0f379db34c46096e6fa05192794dbc42fa58af3c52fb3283deabd80a43448508c41a07202201cdc09aa4e28b26e144e8e291be117aefc43f587fc52de68592b039088a911cadf5ebc56f4b344289f7cc3100cb8118583254cecb7b105e0fad0b240adb1a5813438fef014e74c3c704596d85b61373d500be50a8e6784b7b9138d5b07eda172e5e090a8ad993eb1c5def51bcc9631c951503109fafd74d33275e1dadc23273268c9fb2c92035a3c4b98ef6621f5f87ee6999ac1f0426c495db2edd21c1e37469387acc5130e4aa5bdb5ce906c6814fa7580a3b74641e5ac2fa8383211453ef35dda9694bf815997c5def6573fe52a0e5219a45dabf292b84c2865e3633eb3eafa4ae08eb5f3ff5793a0ee61bb97f6b3f74e512997276b7a8f43aee24d1131d26ab95fe4891326d51926b1bee927ffd85be646a7b523c2974269feef89625d3ade02dd1cbb5daa918eeb90ce4e38702fb22abd24be7cf8c383c84f67aefdcfcf43a70e890898d2fd75d56dd2ba5b8ab245e01a756a6006e528f4cb988ee687931c2b61d0ea9060451f69e3829c24497f092ced3c1aa06b2ca632e58af7de96f2354a8dbd6fc6fca56c327f26c57e3afa4b8645a717aa86966e6ec7431cbbf2ae04bb943500c3ec989260e9de3963db18d187eda54a8ad88b216104faa22cd0d8423b2b82c22650d1bbef82bf218bc915b411330e573cb687f5cf2550f34686fe78a5a2ffaeea5f30e62297dc4494cf48dcc297fb4b5ec661c59b6516baf93cdf10425d1b57325aaa9585be534e66147fbff562979f66ea992fa547741d8faa7b77c6668c0d3dba843aa5d7b3208da317debbeeeedef261cb534fdf1a99830ce0c69924c23dd601d487b37dda6b741d72f77181bc09accd1b5e02171e54bc7b979e4f9a58ae1cce2b33b72dd789a69583d711b35e23c8f8b96012fa7c2bbdff28ddb583d1ff5ec90aa96942e24319642a178237357e65b7f7761e831ce86b0f7f333a766a8e53d6f6ec054712b443e942a9e9b6229c857ba5bc2fbbf1cbdae6b10972208b4e894cae5a267cd180e3f622287345168046f99357adba6ed258be31dfaf4dc501a1790220d5355756fbc56d98136793320b33bcf3c3f4a3fa8beb62d08987bb0986047417943bd17edfe3a25fc3f9936d3cee8a42cdb7cf987d69625a469a2228e8feb07825fc8769378dfc851c24127eaff5f6aca0993af1e4789d62bf4aa4e2de49f56c41a19aa29036f42f17c2bbe9a940811836a5bafb9d46883c57561acf2081e6420fb0f0364494d78dd4f74f7c60a410852296b749d6e16386b43e7ebbde5a77a4f0e148a4abdda1538aea325ef8225cc2f8d0f1d002d8a7d1160b3fce41633dcce3f13d78732d456f4dafd0ca85490ffba79dc5f93bd7057e1bcaa0b2fcda9b0f9fa258260549efede6be3b2ba9a5e2e13fa164b027d62b7ca630a4ed7cec55c5d6d48fdd1d52f9b82556556f984", @ANYRES32=0xffffffffffffffff, @ANYBLOB="00000000000000000000000000000000f300"/28], 0x48) r10 = fanotify_init(0x200, 0x101000) readv(r10, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/136, 0x88}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYRES32=r8, @ANYRESOCT=0x0, @ANYRESDEC=r9, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000459c4f039ab06608"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x7, 0x80000001, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x2, 0x0, 0x0, 0x0, 0x2, 0x80, 0x8000000000001, 0xffffffffffffffff}, 0x0, 0x0) ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e24, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0xffffffff}, 0x1c) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r11 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r11, &(0x7f0000000080)=ANY=[@ANYBLOB='ekec :'], 0x7) 14m18.105774392s ago: executing program 2 (id=3661): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x7, 0x1000, 0x6}, 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106000000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350602000fff07201706000020191800160600000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x422002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r4 = socket$unix(0x1, 0x1, 0x0) ioctl(r4, 0x8b09, &(0x7f0000000040)) syz_open_dev$tty1(0xc, 0x4, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 14m17.148665039s ago: executing program 2 (id=3672): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3, 0x0, 0xd, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, 0x0, 0x0) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000240)={0x13, 0x10, 0xfa00, {0x0, r2}}, 0x18) 14m16.84963399s ago: executing program 2 (id=3673): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0x0, 0xfffffffd, 0x8}, 0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x5, 0x1, 0x7, 0x1100, 0xffffffffffffffff, 0x7fffffff, '\x00', r1}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x1c, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000000000828500000017000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x2100, 0x2000, 0x0, 0x0, 0x0, 0x0}, 0x4c) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(0x0, 0x0, 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x5}}}}, @m_ife={0x48, 0x1d, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000200)={0x1, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r7 = dup(r6) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f00000000c0)=0xffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_RUN(r7, 0xae80, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x293900a, 0x0) 14m15.656943976s ago: executing program 2 (id=3682): r0 = openat$6lowpan_enable(0xffffff9c, 0x0, 0x2, 0x0) write$6lowpan_enable(r0, 0x0, 0x0) 14m15.038266358s ago: executing program 2 (id=3686): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x7, 0x1000, 0x6}, 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106000000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350602000fff07201706000020191800160600000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x422002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r4 = socket$unix(0x1, 0x1, 0x0) ioctl(r4, 0x8b09, &(0x7f0000000040)) syz_open_dev$tty1(0xc, 0x4, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 14m14.969209402s ago: executing program 32 (id=3686): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x7, 0x1000, 0x6}, 0x1c) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106000000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350602000fff07201706000020191800160600000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x422002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r4 = socket$unix(0x1, 0x1, 0x0) ioctl(r4, 0x8b09, &(0x7f0000000040)) syz_open_dev$tty1(0xc, 0x4, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4m32.052716998s ago: executing program 4 (id=6684): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$KDFONTOP_SET(r1, 0x4b72, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000080)={'pimreg1\x00', 0x400}) ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000000)={0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}}) r7 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_G_FMT(r7, 0xc0d05604, &(0x7f0000000140)={0x1, @sliced={0x4, [0x6, 0x9, 0xb, 0x1e0d, 0xd, 0x7, 0xfffa, 0xd40, 0xfff6, 0x5c, 0x7, 0x1, 0xfff7, 0x8, 0x6, 0x5, 0x8, 0xb, 0x773d, 0xf51, 0x9, 0x5, 0x7, 0xb, 0x5, 0x0, 0x7, 0x5, 0xff, 0x3d, 0x40, 0x7, 0x401, 0xfffd, 0x9, 0x3, 0x8, 0xab8, 0x8001, 0x61fb, 0x10, 0x400, 0x3, 0x7, 0x4, 0x400, 0xfffc, 0x1000], 0x180}}) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGETMODE(r8, 0x4b3b, &(0x7f0000000000)) openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x800, 0x0) io_uring_setup(0x566a, &(0x7f00000000c0)={0x0, 0x3215, 0x10000, 0x2, 0x4a}) 4m29.724446017s ago: executing program 4 (id=6694): openat$ptmx(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8000c, 0x62}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00'}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x840) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) syz_emit_ethernet(0x7e, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x14, 0x0, &(0x7f0000001140)="b3185d7bb56f70f003360fa8bf71ac3086aedebf"}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, 0x0) 4m28.757548885s ago: executing program 4 (id=6698): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0xa0, 0x258, 0x690, 0x384, 0xda, 0x10000, 0x20, 0x0, {0x6, 0x7}, {0x401, 0x1}, {0xfffffffe, 0x2, 0x1}, {0x800, 0x5, 0x1}, 0x5, 0x2, 0x3ff, 0x1000, 0x1, 0x7, 0x63, 0x10002, 0x5, 0x7fff, 0x10001, 0x7, 0x24, 0x100, 0x0, 0xa}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) gettid() r3 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000000000009be57f585c23a9a408429251156e9b0095d9cbe79fa6cd35c16f2c9b335071765f003c36c8b02f9f25bf01f2a02a952d17d7de6f4babc040565f1865a8b8eec8ad4d924b99ec6211741c100492c51543d83ea12018ca49b2e2a1b16983bbf0b7009fbe5d875a9e6b64c06ad87a92476e22ac6faa7d63ca3e7cafb0a3889d2492f546e82ee26515cdb187b82af563994a50fbfd1349c3dc8d3f6bb7635cc0142acb4e622ecf8fcc9e5aaed80a7ce5fbd22ab21bbbb42cab0f1963d3d34d18990ff6aee77800000000a8b3d32db1f5d848a921ea2802dd3e2aae71965d8be0e63ae527c372067357a4f18f10a3ec713f46624dbbb27548561fa6ae5e4b9228186e4bdee8f24dbf2581305006dcac6ff86534b61d2cda49d5be3c7b275d12ccb7b658361bbc0f17a167c53764b1e6bfdf4e5d49e222b0420127fe5d0a55e1b193e895014f9244152e2770f2e6d9030e06d5349f8efb26ec6642e4fa64db3a0c726c79f8d7cadf85819aa8953dce44cb9639f4d4d79605c45e14918fbc79a0c725b69c5c0596cb8957011b51f7204c"], &(0x7f0000000100)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r3, 0xc1205531, &(0x7f0000000540)={0x8001, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddbe29c94337"}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a000000000000", @ANYRES32, @ANYBLOB="00000000000000000500", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) close(0x3) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="00000010000000000000000000000000000000000000000000000000a4acb8e0df94fc30f3f469aff88ba2f34f"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r5, &(0x7f00000004c0), &(0x7f0000000000), 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffec4, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="7a0a00b2108e5b2c3b0763b819d30d19da6269ff00000000711041000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) syz_emit_ethernet(0x56, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 4m27.824594063s ago: executing program 4 (id=6700): r0 = syz_open_procfs(0x0, &(0x7f00000005c0)='cgroup\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) r3 = openat$kvm(0x0, &(0x7f0000000040), 0x20940, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) r5 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r5, 0x0) setpgid(0x0, r5) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xf6ff, 0x0) r6 = eventfd2(0x0, 0x80000) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000000)={0x7c, 0x3000, 0x4, r6}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) r8 = syz_genetlink_get_family_id$smc(&(0x7f0000000100), r6) sendmsg$SMC_PNETID_GET(r7, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r8, 0x400, 0x70bd27, 0x25dfdbff, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'wg0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x24000000) ioctl$KVM_IOEVENTFD(r4, 0x4040ae79, &(0x7f0000000340)={0x7fffffffffffffff, 0x3000, 0x4, r6}) lseek(r0, 0x10001, 0x0) 4m27.579868129s ago: executing program 4 (id=6704): socket$nl_route(0x10, 0x3, 0x0) ioprio_get$pid(0x2, 0xffffffffffffffff) r0 = socket(0x200000000000011, 0x3, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaa01080006040001ffffffffffffe0000002bbbbbbbbbbbb0000000acc58213eeb47fffb4103ec4ff1340d155e986ea811619d5629a38ec999792fec792ef0d159b83094c52d3bd7368bbb26c55736c8cc6367b2cac47747f3b62bbab3fd6aa100cf907594144e9643e4fa3022d8edc65251bbcda367988260ae2c67e7f547bdb734c8084fccf242d6d6db2655f4d0e47b652c6dced502c5982aff"], 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0x541b, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) sched_setaffinity(0x0, 0xfffffffffffffdb0, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) r5 = gettid() timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r7 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182) ioctl$CEC_RECEIVE(r7, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe}) 4m26.98952807s ago: executing program 4 (id=6707): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680)) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x800002, 0x10, 0xffffffffffffffff, 0x61083000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0) write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder1\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000400), 0x2, 0x161102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000001c0)={'wg2\x00', 0x200}) r4 = signalfd(r2, &(0x7f0000000240)={[0x7, 0x6]}, 0x8) getsockopt$inet6_tcp_int(r4, 0x6, 0x17, &(0x7f00000003c0), &(0x7f0000000280)=0x4) syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') io_setup(0x6, &(0x7f0000001380)=0x0) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x4c) io_submit(r6, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x8001, r5, 0x0}]) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) eventfd(0x1a52) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1e3b02, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce8500000004000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000500)='global_dirty_state\x00', r8}, 0x18) capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x80}) openat$vhost_vsock(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) 4m26.805163864s ago: executing program 33 (id=6707): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680)) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x800002, 0x10, 0xffffffffffffffff, 0x61083000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0) write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder1\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000400), 0x2, 0x161102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000001c0)={'wg2\x00', 0x200}) r4 = signalfd(r2, &(0x7f0000000240)={[0x7, 0x6]}, 0x8) getsockopt$inet6_tcp_int(r4, 0x6, 0x17, &(0x7f00000003c0), &(0x7f0000000280)=0x4) syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') io_setup(0x6, &(0x7f0000001380)=0x0) r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x4c) io_submit(r6, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x1000000, 0x0, 0x0, 0x5, 0x8001, r5, 0x0}]) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) eventfd(0x1a52) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1e3b02, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce8500000004000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000500)='global_dirty_state\x00', r8}, 0x18) capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x80}) openat$vhost_vsock(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) 3m49.745634673s ago: executing program 3 (id=6874): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, 0x0, 0x50) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x3802, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3m48.61822725s ago: executing program 3 (id=6879): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000e80)={0x0, 0x30000, &(0x7f0000000e40)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fbdbdf252100000008000300", @ANYRES32=r1, @ANYBLOB="0a00f7ff080211000001000004002a0008009e0008"], 0x34}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000) 3m48.551771875s ago: executing program 3 (id=6881): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='nv\x00', 0x3) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@mss={0x2, 0x6d}, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x44}, @window={0x3, 0x8, 0x6}, @timestamp, @mss={0x2, 0xd56}, @sack_perm], 0x8) sendmmsg$inet(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="94", 0x1}], 0x1}}], 0x1, 0x20040010) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0xfdef, 0x805, 0x0, 0x0) 3m48.548676288s ago: executing program 3 (id=6882): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff0, 0xe}, {0x700}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0x9}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) 3m48.167591761s ago: executing program 3 (id=6884): sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000800)={0x1a8, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x94, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @empty}}, {0x14, 0x2, @in={0x2, 0x4e21, @multicast1}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x40, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x80000000}}, {0x14, 0x2, @in={0x2, 0x4e21, @rand_addr=0x64010100}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_SOCK={0xe0, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x925d}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x40}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xea0}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x82}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa21b}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4e}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2cf}]}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xd1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffff9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7e}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffffff56}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffff903a}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffff9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfea}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x81}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x51}]}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x4000064}, 0xc010) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000810500"/20, @ANYRES32, @ANYBLOB="0000000000000000280012800a00010063616e"], 0x48}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100000000000800154000000000080008"], 0x48}}, 0x4000000) r3 = socket$igmp(0x2, 0x3, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0xffffffffffffffff}]}, &(0x7f0000000200)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x5}, 0x94) setsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f0000000140)={@multicast1, @empty}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="20000000ab05000002000000ffffff7f00280000", @ANYRES32=0x1, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000020000000100000000000000000000000000000000000000fb4d37a55b785125a916c7cf7519eaf9919b8ca99958aec95994f736fd05f49ddd4a4c2c4f5aaecd6c6d25015e2f3ccbac1cfea6c5e3eb1f7f215bd997220bfefe324809006b3d1ee6542bcd76229391499d5fb343fe34e5b9bf19995294288146fe09f9da0ff65678d4230843d2da6daee6e390173f589d6f9ab457a7979cf3728d672fada34ea721d39fa5a2a5dbd9cf25c142273b3e810f17de5670a5bc61edcc3ed66f8f756198ba7c9429e09e29d5dabab189cde38a0e0059d59e4348b1d8e10b745ef8e652d4dbe55b9314989e16db4e2e944138eb38ef353a3c313fc9"], 0x50) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x2, @loopback, 0xfffffffd}}, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6}, 0x9c) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000002140)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x4000}}) lstat(0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2145c99, 0x0) r8 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r8, 0x40049366, 0x0) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) 3m47.907061567s ago: executing program 3 (id=6888): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000080)=0x4, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000004bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x4, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4c041) syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}, 0x1, 0x0, 0x0, 0x48850}, 0x0) sendmsg$can_bcm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0xc4}, 0x40094) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f27, 0x5, 0x10000, 0x4, 0x5, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]}) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000e0a070600000000000000000a00000a0900020073797a31000000000900010073797a31000000001400038010000080080003400000000004000180140000001100010000000000000000000100000ae2414f922e533ebe31e0f739eb6e3a51e774af177aab08cb9af8db9a79d0f5be120dfe186f963c5e1af4b2edbf1a989d67ea6c18b745534fdd0d913c608a13634b8ffedb8bf65110bf1b10193d41"], 0xa4}, 0x1, 0x0, 0x0, 0x4000851}, 0x40) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 3m32.891979622s ago: executing program 34 (id=6888): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000080)=0x4, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000) socket$inet6(0xa, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000004bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x4, 0x6, 0x5, 0x0, 0x0, {0x7, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4c041) syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}, 0x1, 0x0, 0x0, 0x48850}, 0x0) sendmsg$can_bcm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0xc4}, 0x40094) r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f27, 0x5, 0x10000, 0x4, 0x5, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]}) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000e0a070600000000000000000a00000a0900020073797a31000000000900010073797a31000000001400038010000080080003400000000004000180140000001100010000000000000000000100000ae2414f922e533ebe31e0f739eb6e3a51e774af177aab08cb9af8db9a79d0f5be120dfe186f963c5e1af4b2edbf1a989d67ea6c18b745534fdd0d913c608a13634b8ffedb8bf65110bf1b10193d41"], 0xa4}, 0x1, 0x0, 0x0, 0x4000851}, 0x40) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 8.627426147s ago: executing program 5 (id=7806): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) write$khugepaged_scan(r0, &(0x7f0000000280), 0x8) syz_open_dev$hidraw(&(0x7f0000000080), 0x6, 0x48000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 6.904866373s ago: executing program 5 (id=7816): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f0000001140)=""/4086, &(0x7f0000000180)=0xff6) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000110000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0) sendmsg$OSF_MSG_REMOVE(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000021c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5c1700000105010800000000000001000200000009000000090703002c07000073797a3000000000000000000000000000000000000000000000000000000000c1f2eb036bb979372e109a5da5116c2c7890d9ff26fcf6c759720cb91860219c0ca28119df5bb290dda89f25ef2778dc817bda777c878825847f02250f28e45a0001fcff02000000020000000000000800000000020000000001b6cb03000000b80f00001000020001000000360000000000000001000000070000000200f9ff02000000270000000800fe01020000003d0000000300be2a02000000040000000104ffff000000005b0400000700cc0100000000040000000500ff7f01000000950000000500f8ff000000000100000009000100dbab3436010400000200000003000000f6c70000ff00020001000000100000000010050005000000ff0100000800ff0700000000060000000104010002000000010000000200010003000000660000006003fdff03000000c50000000104060000000000400000000a00060001000000f3ffffff0180080000000000fc00000001800d0002000000060000008100010401000000d2ffffff00000b0002000000d12500000600040002000000010000000600010001000000fbffffff01040b000100000003000000f5cf06000000000002000000000801000200000020050000002008000300000001800000ea9709000100000009000000d005020003000000ffffffff080000000300000004000000e505070002000000040000000200090003000000f8ffffff00000010020000007e000000ff0007000300000000f8ffff0700ff070300000004000000540201000200000008000000040101000c001b0073797a31000000000000000000000000000000000000000000000000000000002c2ab4d3dd31b49cf02ce9427abfe4621f75102e271e84246d9a56f9942b2dcd0160d107ad0330e39d3639a9419c926192c56afe282eee7e7d8094fef80304e5fdffa014010000000900000003000000000000000000000009002000000000000400000003000000010000000400000009000200020000000200000001006a6903000000080000000000060001000000ff0f0000f689010007000000050000000600080003000000040000000104050003000000060000000b00a0b0000000000300000003000900020000008e0d00000400090003000000030000000200ff7f02000000030000000e000200000000000c0000000400090003000000000000000300010003000000080000000101050002000000060000000700001002000000600400000e02050000000000ff7f0000c90b0b0001000000ff00000000000100020000000b0000000700010403000000050000000500100000000000010001000800000003000000ae000000800009000200000006000000c07f070002000000030000000101010102000000030000000100f9ff02000000040000000700000402000000000000000900b0000100000004000000ff0738b400000000010000000600030000000000050000000e0a060001000000020000000400070002000000030000000900000000000000050000008f760d000000000001000000000200000200000004000000060002000000000008000000d8a800080200000001000100540201000000000001000000020539000008060073797a31000000000000000000000000000000000000000000000000000000009fc52f6daecb2651ede80bfbaf0169f27357dfaf59e3f49647fda1a9d37843fc559bbf6debe2ebfdd525ea32a68c5783d8996045641a1172c381199cf4a1a5d10018020003000000f18b000004000500000000000000000008000200030000000000000003000800010000000d00000006000200000000000500000008007f000300000001000000ffff070003000000020000000000090000000000010000000700080001000000030000000300030002000000ffffff7f000006000000000003000000000800000100000008000000ffff01000100000001000000c260030001000000ff01000003000600020000000d0a0000040006000000000006000000060040000300000008000000030006000300000005000000b3000800020000002fd032430300290001000000faffffff020000000100000000010000070002000000000001010000f8ff0600010000000c000000ff03060000000000020000000d0005000000000007000000020007000100000000008000a200040003000000ff0100005600070001000000b2870000050005000200000000000000ffff000800000000000100000500010002000000010100000000050002000000707e00000400889003000000310b0000ff7f0200000000000200000002003505010000000700000081009f0000000000d2280000a0255bfc02000000010000000001fbff0100000000000000090080000000000002000000090008000200000001000000540201000000000049b200000e03ffffe13f1e0073797a31000000000000000000000000000000000000000000000000000000009adaa18042571dea59f5204a8800ce87b0b7e7afb9f4dc385a5a8ebf9f8dce8a79f5a09f8ca8fec775d971787dc27a5510fa497f9c6fbd78cc2f86f2f3a27f3b0800070001000000002c00000001804103000000001000000400090000000000810000000001030000000000040000009a0000000100000000000000ff07ff0f0300000000010000002c000003000000090000000300bf3b00000000090000000700170102000000ffffff7f02000400000000000700000076000000000000000004000081002101030000008e000000010000000300000006000000000004000300000009000000fdff20410000000000000000ff018ca1010000000a000000090000000200000001000100833100040100000008000000fffff51700000000458c00006b04ff03000000000200000001000200000000000100000007000800030000000000800002000002010000000300000007000a00010000000600000001000500030000006a92000005000000030000006707000006007f0003000000030000000500010002000000000000000600090001000000060000000500080001000000070000000300020500000000050000000900800003000000090000000600be000000000004000000000804000300000000800000ff7f0c0000000000000000000b00f8ff01000000020000000700070000000000030000000900df0003000000030000000800010003000000ffffffff030000040000000004000000540201000300000001000000fe03259c0800260073797a30000000000000000000000000000000000000000000000000000000004886d29e77655b438621e28bc67f52dab4cc155bac1840a853b099076563ea732dac0df0cdd4197241fab61e2c24aa339c6bdcbc99501e276caf677cd82587c80008ff07020000000100000008000700010000000500000068ff7f21030000007f0000005c000500000000000600000001800300010000000000000006000a0001000000000000f08100fdff02000000050000000100000002000000ae0f000009000800194488d104000000a25000000000000006000000090005000300000006000000e51c010001000000080000000100ce04010000000100000017e30600010000001a0000009d76000000000000ff7f00000500000000000000c9b400007f08400003000000000000000200000103000000050000000800090002000000050000000101060001000000060000000200010103000000400000005e48070000000000040000000500008003000000123700000300d800010000000c0000000000030000000000750800000c00000203000000080000000500faff00000000ff0700000000c10c0200000002000000fc90090002000000ffffffff0700010002000000010000000a000000030000000d0000000900fdff02000000010000000900000089fc7684fdffffffce00000003000000090000000500040003000000070000002e005a20000000000100000002000300030000000c00000008000800030000000700000004000b000100000004000000f9ff00000300000002000000540201000000000001000000050704000d000e0073797a3100000000000000000000000000000000000000000000000000000000378c9251613448636ec37d8d9dd05e6ec1013de1c3ad37742b3ae1f74d7a483d16b067138357e0909d50f56156f63a1595678155f0da62a386d9e43d80cc7ea10101040000000000010000007f00ad000200000007000000faff03000000000001000000ff030a00020000000900000002000600030000007f0000000900090000000000090000000000090002000000050000000500030000000000050000000101ff0f03000000ffffff7f0300090003000000070000000400f20b02fffa0008000000a000090001000000ff03000004000300030000000300000007000104010000003100000002000500030000009f6a000009000200010000000900000008000200000000000e000000f9ff82f902000000010000000600090001000000e9080000eb0001900000000006000000ffffe1008dc6daf9000000007f000300000000000306000006000400030000000008000005008100030000000800000008003e5203000000020000000800b60900000000c04e0000050003000000000000020000cf0e040002000500000000000800ffff0000000000080000060000c000000000122400000900050000000000800000000900010002000000020000000100fcff010000000d0000000700030001000000810000000a00040002000000000800000fde03000000000001000000030008000100000026ea000099b900088eef1963080000000200070002000000080000000000ff0104000000ff0f0000540201000100000003000000ff030100c075120073797a310000000000000000000000000000000000000000000000000000000027c357d600d6e0ce33e318b4a9445dc21dd01a1a893f7cafddf3ab22c7654ac5cb21d07510000000000000e3ffffff000000feffffffffffffff000000000000ff07008001000000030000000600070000000000008000008000030003000000020000000900100003000000080000000400050002000000d20f00000200ff7f0200000003000000ffff0f000300000004000000db070180000000004000000008000001000000000300000007000f0802000000ff0100000900020003000000beffffff66cc0600079e7a7c04000000050006000300000003000000fbff060000000000001000000b00010000000000040000000f00ff0002000000000000800200080003000000faffffff0c000010020000000900000008009895030000000500000005001000010000000101000009000200010000003d0700006ebfff07000000008e00000003000a0001000000f7ffffff030001000200000009000000000400f802000000070000000400008000000000060000000100010002000000060000000400835f03000000030000000000030003000000c8000000dc09dc0b0200000007000000fa410f00010000009a000000030005000200000044010000fdff0e00030000000100010009000c00020000000b0000000000f8ff01000000010000000a00010103000000ff0f00000800070002000000010000000e00000002000000ff070000177f060001000000810000009502110002000000060000005402010002000000b4400000400b02000800150073797a3000000000000000000000000000000000000000000000000000000000d87f3eba32db69e75efbee28a08cc128db73a387206beb408720a810453e964723e26a05842faf629ba616fe3e6072d5c3f9d05ecf26692ec898ccda1575db650600008000000000050000000500090000000000e0000000060000020200000005000000d66c010401000000090000000000030002000000fcffffffe16f0600000000000600000000009400020000000100000001000600030000000004000000f8000100000000060000000800000201000000000000000300830003000000020000001b83050001000000d8c5000002000f0003000000070000000e00ff01010000000900000005000900000000000000000001040300030000000f0000001000050000000000ff00000054d400100100000005000000720706000300000004000000ff07008003000000090000006ede010002000000800000000000010000000000040000000400050000000000ffffff7f04000200020000000900000082bd0000020000000900000001fc0600030000000800000001001c5b03000000d0cfffff0500080001000000060000000900050001000000fdffffffff0307000200000001010000ff7f020000000000070000007f00040000000000050000003a0007000100000000002000ff7f050000000000060000000800080002000000080000000f00cf5a03000000000000000500050000000000ec0b00000200010002000000ff0300003e0096ff030000006e0a00000a000400010000000001000054020100000000000900000005f791060100240073797a30000000000000000000000000000000000000000000000000000000000ce49199bc82ed5d11140ca6c16756c2ac9e589211c032479334e80446a05786ca162a19c3255c23dca9a13f911ce4bb9a195787ca0713d9e9a9c7e8efc7ec5a010007000300000002000000060001040200000006000000eb02279d030000000800000003005600010000000400000004009da501000000460e0000fdff7cf7000000000a000000fcffef3e02000000040000000700090001000000090000000200ff0f01000000f7ffffff0500ffff010000003ab00000ff07ff0000000000080000000500080000000000018000000300020001000000040000000700010400000000ffffff7f0100050001000000070000004901060000000000000000000180080001000000ff7f0000000004000300000000000000040006000100000000000000030009000200000002000000e308ff7f0200000038000000faff010000000000080000000200030001000000770000000001c40e8f24935f090000000300020001000000090000000400040003000000ff0f000004000100020000000000000001010a0002000000000100000600080002000000080000005e36ffff02000000070000000400030003000000090000000700d10b02000000070000000200008003000000050000000600ff0002000000070000004002070001000000c30000008740100003000000020000000c0000080000000067030000f7ff0f000200000001000000060001000300000025c5000000000000000000000f000000540201000300000003000000080109000700260073797a310000000000000000000000000000000000000000000000000000000001b022b776924a7d9f233f423e0033e91c9774478cabe0f0514b59a9e1580c129e2f42fbe6c1937e283d9f0581250ffe2b1e2c9e7055e984c83887ff46ba5fbf0400432102000000070000005a06400003000000000001001197070000000000ff00000009004000010000000600000000000900030000000300000000080000020000000700000003000080020000000000ffff0600bee902000000fbffffff50420500000000001f0000000500018000000000070000000500020000000000ffffffff07000d0003000000f9ffffff50019a08010000000900000006000500010000000600000005000c0002000000f7ffffff010481000100000001010000ff070300020000007c000000ae6a0100020000000200000005008100040000000200000002008f0903000000c10200000000090001000000ff0100007f0007000000000008000000ff008000030000000500000008000600010000000500000040000700010000000004000000100700010000000b00000006000101010000000f0000000800bb0f03000000010000000800060002000000008000000900060003000000ff0300000f00fcff02000000c20200000900020002000000040000009dff090003000000030000000500cc0d020000000e00000009000000020000000e0000000b00000001000000010100004000040001000000060000000900080002000000ff000000090009000200000081000000030003000200000000200020"], 0x175c}, 0x1, 0x0, 0x0, 0x4000}, 0x4050) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000000000020000000900020073797a310000000008000340000000010900010073797a3000"/52], 0x34}}, 0x0) ioctl$COMEDI_LOCK(r0, 0x6405) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000000080)=ANY=[@ANYBLOB="2800000003080102000000000000000000fa1a000000000000040000000000000000031c06000000"], 0x28}}, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000380), 0x800) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r4, 0xc0bc5351, &(0x7f0000000480)={0x119, 0x0, 'client1\x00', 0x0, "238ce6e7702b9338", "a62585ae77772caa7965bb840c7f2db4f3b148f5dc746d2d46fc3b04b44115e0", 0xfffffffe, 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000002700)=ANY=[@ANYBLOB="ecca50f79fcbb2f94716c0d133cf9c2f5c1d9f41946c512248d69812f82c9be3c9a6459e9400e033e6432528f52d1768bf53ba902b3cc140b042580f5c9efcfc4188d0a3fde91c219cc59c5602376b734277f6ec84610716a6f10371670efe0d44f03f721aef20f33e174f2acd2b100c9b39d4f1912ba2238530e5ba2d04c0b6d580893b86895a8522166b5a8957c60d5e625da9bdd5a70936af537454689981e98da1cf3da0a0fa87d99d04366ee29c99debc7ff1d9e02f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r6, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="c94768a13aebc062b76fad227ba5b16dd61e402d1d3ce7547da3", @ANYRES32=r5], 0x10}, 0x0) recvmmsg$unix(r5, &(0x7f0000000f40)=[{{&(0x7f0000002340)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146, 0x92}], 0x1, &(0x7f0000000280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}], 0xb0}}, {{&(0x7f0000000340), 0x6e, &(0x7f0000002600)=[{&(0x7f0000002400)=""/66, 0x42}, {&(0x7f0000002300)=""/45, 0x2d}, {&(0x7f0000002580)=""/105, 0x69}], 0x3, &(0x7f0000002980)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}], 0x190}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000002640)=""/29, 0x1d}, {&(0x7f0000000680)=""/18, 0x12}], 0x2, &(0x7f0000000700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x78}}, {{&(0x7f0000000780), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000800)=""/190, 0xbe}, {&(0x7f00000008c0)=""/64, 0x40}, {&(0x7f0000000900)=""/85, 0x55}, {&(0x7f0000000980)=""/222, 0xde}, {&(0x7f0000000a80)=""/224, 0xe0}, {&(0x7f0000000b80)=""/4, 0x4}, {&(0x7f0000002880)=""/237, 0xed}, {&(0x7f0000002680)=""/75, 0x4b}, {&(0x7f0000000d00)=""/226, 0xe2}], 0x9, &(0x7f0000000e80)=[@cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xa0}}], 0x4, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r4, 0xc0505350, &(0x7f0000002140)={{0x7, 0x8}, {0x8, 0x8}, 0x8, 0x3, 0x8}) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x82) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r7, 0xc0105303, &(0x7f0000000240)={0x0, 0x0, 0xcb}) syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') r8 = bpf$PROG_LOAD(0x5, &(0x7f00000024c0)={0x1c, 0x6, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000005c0)='sys_enter\x00', r8}, 0xe) close(0x3) close(0x4) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r9, 0x84, 0x20, 0x0, &(0x7f0000000080)) 6.021285756s ago: executing program 5 (id=7818): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x80) fchdir(r2) symlink(&(0x7f0000001780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00') getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000480)) r3 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0x1, 0x89}, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780}) io_uring_enter(r3, 0x3518, 0xaddf, 0x2, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 5.776217056s ago: executing program 5 (id=7822): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0xa0, 0x258, 0x690, 0x384, 0xda, 0x10000, 0x20, 0x0, {0x6, 0x7}, {0x401, 0x1}, {0xfffffffe, 0x2, 0x1}, {0x800, 0x5, 0x1}, 0x5, 0x2, 0x3ff, 0x1000, 0x1, 0x7, 0x63, 0x10002, 0x5, 0x7fff, 0x10001, 0x7, 0x24, 0x100, 0x0, 0xa}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) gettid() r3 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000000000009be57f585c23a9a408429251156e9b0095d9cbe79fa6cd35c16f2c9b335071765f003c36c8b02f9f25bf01f2a02a952d17d7de6f4babc040565f1865a8b8eec8ad4d924b99ec6211741c100492c51543d83ea12018ca49b2e2a1b16983bbf0b7009fbe5d875a9e6b64c06ad87a92476e22ac6faa7d63ca3e7cafb0a3889d2492f546e82ee26515cdb187b82af563994a50fbfd1349c3dc8d3f6bb7635cc0142acb4e622ecf8fcc9e5aaed80a7ce5fbd22ab21bbbb42cab0f1963d3d34d18990ff6aee77800000000a8b3d32db1f5d848a921ea2802dd3e2aae71965d8be0e63ae527c372067357a4f18f10a3ec713f46624dbbb27548561fa6ae5e4b9228186e4bdee8f24dbf2581305006dcac6ff86534b61d2cda49d5be3c7b275d12ccb7b658361bbc0f17a167c53764b1e6bfdf4e5d49e222b0420127fe5d0a55e1b193e895014f9244152e2770f2e6d9030e06d5349f8efb26ec6642e4fa64db3a0c726c79f8d7cadf85819aa8953dce44cb9639f4d4d79605c45e14918fbc79a0c725b69c5c0596cb8957011b51f7204c"], &(0x7f0000000100)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r3, 0xc1205531, &(0x7f0000000540)={0x8001, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddbe29c94337"}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a000000000000", @ANYRES32, @ANYBLOB="00000000000000000500", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) close(0x3) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000010000000000000000000000000000000000000000000000000a4acb8e0df94fc30f3f469aff88ba2f34f"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r5, &(0x7f00000004c0), &(0x7f0000000000), 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffec4, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f00000001c0)=ANY=[], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) syz_emit_ethernet(0x56, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 4.859914855s ago: executing program 5 (id=7824): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) write$khugepaged_scan(r0, &(0x7f0000000280), 0x8) syz_open_dev$hidraw(&(0x7f0000000080), 0x6, 0x48000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 4.101462733s ago: executing program 1 (id=7831): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0x90, 0x30, 0xb, 0x0, 0x0, {}, [{0x7c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xb}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}}, 0x4000) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000040), 0x4) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) 4.100221401s ago: executing program 1 (id=7832): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$rxrpc(0x21, 0x2, 0xa) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r5, r5, 0x8, 0x0, 0x0, 0x9, 0x1, 0xc45, 0x1012, 0xc7, 0x2, 0x7, 'syz0\x00'}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@private2, 0x800, 0x0, 0x2, 0x1}, 0x20) socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth1_vlan\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0) 3.44564062s ago: executing program 6 (id=7834): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000240)={0x400, 0x0, 0x8}, 0x18) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @val={0x3a, [0x2c, 0x30]}}}}]}) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0xc) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000140)=@assoc_value={r2, 0x1}, 0x8) pipe2(&(0x7f0000001440), 0x0) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r3, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r3, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 3.440516928s ago: executing program 6 (id=7835): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) openat$comedi(0xffffffffffffff9c, 0x0, 0x8080, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffd, 0x106, 0x1, @buffer={0x0, 0x0, 0x0}, &(0x7f00000002c0)="851666ce20db96ab0c7d83e114e7c41762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5bc6752639bf37ab325c16dc2f1c4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc807543ddff977834d8740fabc6db21e011079ec7baa1ef03a3b", 0x0, 0x10, 0x16, 0x1, 0x0}) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x40) fcntl$setflags(r0, 0x2, 0x0) r2 = openat$vicodec1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_EDID(r2, 0xc0245628, &(0x7f0000000100)={0x3, 0x0, 0x100, '\x00', &(0x7f0000000040)=0xff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040805}, 0x8000) socket$nl_route(0x10, 0x3, 0x0) socket(0x200000000000011, 0x3, 0x0) 2.94166667s ago: executing program 0 (id=7836): setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) mq_getsetattr(0xffffffffffffffff, &(0x7f0000000300)={0xb0000000, 0x6, 0x6, 0x8}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x20, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x6d}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008002}, 0xc040) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r3, 0x103, 0x6, &(0x7f0000001a40)=0xb, 0x4) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) setsockopt$sock_int(r1, 0x1, 0x13, &(0x7f0000000000)=0x3, 0x4) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') 2.941489242s ago: executing program 1 (id=7837): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) fcntl$setstatus(r0, 0x4, 0xc00) 2.940576926s ago: executing program 1 (id=7838): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r3, 0x0, 0x0, 0x0) shutdown(r3, 0x1) getsockopt$bt_hci(r3, 0x84, 0x7d, 0x0, &(0x7f0000000000)) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000280)={0x7, 0x100, "77c638b05041a0115f44304807e55536b7fc5ae52727d800", 0x1ff, 0x5, 0x79, 0xdf4, 0x100}) r7 = dup(r6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) syz_io_uring_setup(0xecb, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000440)}) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000, 0xf800}) 2.301391903s ago: executing program 6 (id=7839): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) openat$comedi(0xffffffffffffff9c, 0x0, 0x8080, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffd, 0x106, 0x1, @buffer={0x0, 0x0, 0x0}, &(0x7f00000002c0)="851666ce20db96ab0c7d83e114e7c41762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5bc6752639bf37ab325c16dc2f1c4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc807543ddff977834d8740fabc6db21e011079ec7baa1ef03a3b", 0x0, 0x10, 0x16, 0x1, 0x0}) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x40) fcntl$setflags(r0, 0x2, 0x0) r2 = openat$vicodec1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_EDID(r2, 0xc0245628, &(0x7f0000000100)={0x3, 0x0, 0x100, '\x00', &(0x7f0000000040)=0xff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040805}, 0x8000) socket$nl_route(0x10, 0x3, 0x0) getpid() 1.951977706s ago: executing program 0 (id=7840): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f00000000c0)=@generic={0x0, 0x1000, 0x5}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c0002800800040000000000060006"], 0x4c}}, 0x0) 1.916703679s ago: executing program 0 (id=7841): r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r1 = socket(0x2, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x26202) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x200) ioctl$NBD_DO_IT(r2, 0xab03) ioctl$NBD_DISCONNECT(r2, 0xab08) syz_open_dev$ndb(&(0x7f0000000240), 0x0, 0x42000) (fail_nth: 2) 1.908637206s ago: executing program 1 (id=7842): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$rxrpc(0x21, 0x2, 0xa) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0) pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00') 1.801180762s ago: executing program 0 (id=7843): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f0000001140)=""/4086, &(0x7f0000000180)=0xff6) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000110000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0) sendmsg$OSF_MSG_REMOVE(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000021c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5c1700000105010800000000000001000200000009000000090703002c07000073797a3000000000000000000000000000000000000000000000000000000000c1f2eb036bb979372e109a5da5116c2c7890d9ff26fcf6c759720cb91860219c0ca28119df5bb290dda89f25ef2778dc817bda777c878825847f02250f28e45a0001fcff02000000020000000000000800000000020000000001b6cb03000000b80f00001000020001000000360000000000000001000000070000000200f9ff02000000270000000800fe01020000003d0000000300be2a02000000040000000104ffff000000005b0400000700cc0100000000040000000500ff7f01000000950000000500f8ff000000000100000009000100dbab3436010400000200000003000000f6c70000ff00020001000000100000000010050005000000ff0100000800ff0700000000060000000104010002000000010000000200010003000000660000006003fdff03000000c50000000104060000000000400000000a00060001000000f3ffffff0180080000000000fc00000001800d0002000000060000008100010401000000d2ffffff00000b0002000000d12500000600040002000000010000000600010001000000fbffffff01040b000100000003000000f5cf06000000000002000000000801000200000020050000002008000300000001800000ea9709000100000009000000d005020003000000ffffffff080000000300000004000000e505070002000000040000000200090003000000f8ffffff00000010020000007e000000ff0007000300000000f8ffff0700ff070300000004000000540201000200000008000000040101000c001b0073797a31000000000000000000000000000000000000000000000000000000002c2ab4d3dd31b49cf02ce9427abfe4621f75102e271e84246d9a56f9942b2dcd0160d107ad0330e39d3639a9419c926192c56afe282eee7e7d8094fef80304e5fdffa014010000000900000003000000000000000000000009002000000000000400000003000000010000000400000009000200020000000200000001006a6903000000080000000000060001000000ff0f0000f689010007000000050000000600080003000000040000000104050003000000060000000b00a0b0000000000300000003000900020000008e0d00000400090003000000030000000200ff7f02000000030000000e000200000000000c0000000400090003000000000000000300010003000000080000000101050002000000060000000700001002000000600400000e02050000000000ff7f0000c90b0b0001000000ff00000000000100020000000b0000000700010403000000050000000500100000000000010001000800000003000000ae000000800009000200000006000000c07f070002000000030000000101010102000000030000000100f9ff02000000040000000700000402000000000000000900b0000100000004000000ff0738b400000000010000000600030000000000050000000e0a060001000000020000000400070002000000030000000900000000000000050000008f760d000000000001000000000200000200000004000000060002000000000008000000d8a800080200000001000100540201000000000001000000020539000008060073797a31000000000000000000000000000000000000000000000000000000009fc52f6daecb2651ede80bfbaf0169f27357dfaf59e3f49647fda1a9d37843fc559bbf6debe2ebfdd525ea32a68c5783d8996045641a1172c381199cf4a1a5d10018020003000000f18b000004000500000000000000000008000200030000000000000003000800010000000d00000006000200000000000500000008007f000300000001000000ffff070003000000020000000000090000000000010000000700080001000000030000000300030002000000ffffff7f000006000000000003000000000800000100000008000000ffff01000100000001000000c260030001000000ff01000003000600020000000d0a0000040006000000000006000000060040000300000008000000030006000300000005000000b3000800020000002fd032430300290001000000faffffff020000000100000000010000070002000000000001010000f8ff0600010000000c000000ff03060000000000020000000d0005000000000007000000020007000100000000008000a200040003000000ff0100005600070001000000b2870000050005000200000000000000ffff000800000000000100000500010002000000010100000000050002000000707e00000400889003000000310b0000ff7f0200000000000200000002003505010000000700000081009f0000000000d2280000a0255bfc02000000010000000001fbff0100000000000000090080000000000002000000090008000200000001000000540201000000000049b200000e03ffffe13f1e0073797a31000000000000000000000000000000000000000000000000000000009adaa18042571dea59f5204a8800ce87b0b7e7afb9f4dc385a5a8ebf9f8dce8a79f5a09f8ca8fec775d971787dc27a5510fa497f9c6fbd78cc2f86f2f3a27f3b0800070001000000002c00000001804103000000001000000400090000000000810000000001030000000000040000009a0000000100000000000000ff07ff0f0300000000010000002c000003000000090000000300bf3b00000000090000000700170102000000ffffff7f02000400000000000700000076000000000000000004000081002101030000008e000000010000000300000006000000000004000300000009000000fdff20410000000000000000ff018ca1010000000a000000090000000200000001000100833100040100000008000000fffff51700000000458c00006b04ff03000000000200000001000200000000000100000007000800030000000000800002000002010000000300000007000a00010000000600000001000500030000006a92000005000000030000006707000006007f0003000000030000000500010002000000000000000600090001000000060000000500080001000000070000000300020500000000050000000900800003000000090000000600be000000000004000000000804000300000000800000ff7f0c0000000000000000000b00f8ff01000000020000000700070000000000030000000900df0003000000030000000800010003000000ffffffff030000040000000004000000540201000300000001000000fe03259c0800260073797a30000000000000000000000000000000000000000000000000000000004886d29e77655b438621e28bc67f52dab4cc155bac1840a853b099076563ea732dac0df0cdd4197241fab61e2c24aa339c6bdcbc99501e276caf677cd82587c80008ff07020000000100000008000700010000000500000068ff7f21030000007f0000005c000500000000000600000001800300010000000000000006000a0001000000000000f08100fdff02000000050000000100000002000000ae0f000009000800194488d104000000a25000000000000006000000090005000300000006000000e51c010001000000080000000100ce04010000000100000017e30600010000001a0000009d76000000000000ff7f00000500000000000000c9b400007f08400003000000000000000200000103000000050000000800090002000000050000000101060001000000060000000200010103000000400000005e48070000000000040000000500008003000000123700000300d800010000000c0000000000030000000000750800000c00000203000000080000000500faff00000000ff0700000000c10c0200000002000000fc90090002000000ffffffff0700010002000000010000000a000000030000000d0000000900fdff02000000010000000900000089fc7684fdffffffce00000003000000090000000500040003000000070000002e005a20000000000100000002000300030000000c00000008000800030000000700000004000b000100000004000000f9ff00000300000002000000540201000000000001000000050704000d000e0073797a3100000000000000000000000000000000000000000000000000000000378c9251613448636ec37d8d9dd05e6ec1013de1c3ad37742b3ae1f74d7a483d16b067138357e0909d50f56156f63a1595678155f0da62a386d9e43d80cc7ea10101040000000000010000007f00ad000200000007000000faff03000000000001000000ff030a00020000000900000002000600030000007f0000000900090000000000090000000000090002000000050000000500030000000000050000000101ff0f03000000ffffff7f0300090003000000070000000400f20b02fffa0008000000a000090001000000ff03000004000300030000000300000007000104010000003100000002000500030000009f6a000009000200010000000900000008000200000000000e000000f9ff82f902000000010000000600090001000000e9080000eb0001900000000006000000ffffe1008dc6daf9000000007f000300000000000306000006000400030000000008000005008100030000000800000008003e5203000000020000000800b60900000000c04e0000050003000000000000020000cf0e040002000500000000000800ffff0000000000080000060000c000000000122400000900050000000000800000000900010002000000020000000100fcff010000000d0000000700030001000000810000000a00040002000000000800000fde03000000000001000000030008000100000026ea000099b900088eef1963080000000200070002000000080000000000ff0104000000ff0f0000540201000100000003000000ff030100c075120073797a310000000000000000000000000000000000000000000000000000000027c357d600d6e0ce33e318b4a9445dc21dd01a1a893f7cafddf3ab22c7654ac5cb21d07510000000000000e3ffffff000000feffffffffffffff000000000000ff07008001000000030000000600070000000000008000008000030003000000020000000900100003000000080000000400050002000000d20f00000200ff7f0200000003000000ffff0f000300000004000000db070180000000004000000008000001000000000300000007000f0802000000ff0100000900020003000000beffffff66cc0600079e7a7c04000000050006000300000003000000fbff060000000000001000000b00010000000000040000000f00ff0002000000000000800200080003000000faffffff0c000010020000000900000008009895030000000500000005001000010000000101000009000200010000003d0700006ebfff07000000008e00000003000a0001000000f7ffffff030001000200000009000000000400f802000000070000000400008000000000060000000100010002000000060000000400835f03000000030000000000030003000000c8000000dc09dc0b0200000007000000fa410f00010000009a000000030005000200000044010000fdff0e00030000000100010009000c00020000000b0000000000f8ff01000000010000000a00010103000000ff0f00000800070002000000010000000e00000002000000ff070000177f060001000000810000009502110002000000060000005402010002000000b4400000400b02000800150073797a3000000000000000000000000000000000000000000000000000000000d87f3eba32db69e75efbee28a08cc128db73a387206beb408720a810453e964723e26a05842faf629ba616fe3e6072d5c3f9d05ecf26692ec898ccda1575db650600008000000000050000000500090000000000e0000000060000020200000005000000d66c010401000000090000000000030002000000fcffffffe16f0600000000000600000000009400020000000100000001000600030000000004000000f8000100000000060000000800000201000000000000000300830003000000020000001b83050001000000d8c5000002000f0003000000070000000e00ff01010000000900000005000900000000000000000001040300030000000f0000001000050000000000ff00000054d400100100000005000000720706000300000004000000ff07008003000000090000006ede010002000000800000000000010000000000040000000400050000000000ffffff7f04000200020000000900000082bd0000020000000900000001fc0600030000000800000001001c5b03000000d0cfffff0500080001000000060000000900050001000000fdffffffff0307000200000001010000ff7f020000000000070000007f00040000000000050000003a0007000100000000002000ff7f050000000000060000000800080002000000080000000f00cf5a03000000000000000500050000000000ec0b00000200010002000000ff0300003e0096ff030000006e0a00000a000400010000000001000054020100000000000900000005f791060100240073797a30000000000000000000000000000000000000000000000000000000000ce49199bc82ed5d11140ca6c16756c2ac9e589211c032479334e80446a05786ca162a19c3255c23dca9a13f911ce4bb9a195787ca0713d9e9a9c7e8efc7ec5a010007000300000002000000060001040200000006000000eb02279d030000000800000003005600010000000400000004009da501000000460e0000fdff7cf7000000000a000000fcffef3e02000000040000000700090001000000090000000200ff0f01000000f7ffffff0500ffff010000003ab00000ff07ff0000000000080000000500080000000000018000000300020001000000040000000700010400000000ffffff7f0100050001000000070000004901060000000000000000000180080001000000ff7f0000000004000300000000000000040006000100000000000000030009000200000002000000e308ff7f0200000038000000faff010000000000080000000200030001000000770000000001c40e8f24935f090000000300020001000000090000000400040003000000ff0f000004000100020000000000000001010a0002000000000100000600080002000000080000005e36ffff02000000070000000400030003000000090000000700d10b02000000070000000200008003000000050000000600ff0002000000070000004002070001000000c30000008740100003000000020000000c0000080000000067030000f7ff0f000200000001000000060001000300000025c5000000000000000000000f000000540201000300000003000000080109000700260073797a310000000000000000000000000000000000000000000000000000000001b022b776924a7d9f233f423e0033e91c9774478cabe0f0514b59a9e1580c129e2f42fbe6c1937e283d9f0581250ffe2b1e2c9e7055e984c83887ff46ba5fbf0400432102000000070000005a06400003000000000001001197070000000000ff00000009004000010000000600000000000900030000000300000000080000020000000700000003000080020000000000ffff0600bee902000000fbffffff50420500000000001f0000000500018000000000070000000500020000000000ffffffff07000d0003000000f9ffffff50019a08010000000900000006000500010000000600000005000c0002000000f7ffffff010481000100000001010000ff070300020000007c000000ae6a0100020000000200000005008100040000000200000002008f0903000000c10200000000090001000000ff0100007f0007000000000008000000ff008000030000000500000008000600010000000500000040000700010000000004000000100700010000000b00000006000101010000000f0000000800bb0f03000000010000000800060002000000008000000900060003000000ff0300000f00fcff02000000c20200000900020002000000040000009dff090003000000030000000500cc0d020000000e00000009000000020000000e0000000b00000001000000010100004000040001000000060000000900080002000000ff000000090009000200000081000000030003000200000000200020"], 0x175c}, 0x1, 0x0, 0x0, 0x4000}, 0x4050) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000000000020000000900020073797a310000000008000340000000010900010073797a3000"/52], 0x34}}, 0x0) ioctl$COMEDI_LOCK(r0, 0x6405) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000000080)=ANY=[@ANYBLOB="2800000003080102000000000000000000fa1a000000000000040000000000000000031c06000000"], 0x28}}, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000380), 0x800) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r4, 0xc0bc5351, &(0x7f0000000480)={0x119, 0x0, 'client1\x00', 0x0, "238ce6e7702b9338", "a62585ae77772caa7965bb840c7f2db4f3b148f5dc746d2d46fc3b04b44115e0", 0xfffffffe, 0x2}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000002700)=ANY=[@ANYBLOB="ecca50f79fcbb2f94716c0d133cf9c2f5c1d9f41946c512248d69812f82c9be3c9a6459e9400e033e6432528f52d1768bf53ba902b3cc140b042580f5c9efcfc4188d0a3fde91c219cc59c5602376b734277f6ec84610716a6f10371670efe0d44f03f721aef20f33e174f2acd2b100c9b39d4f1912ba2238530e5ba2d04c0b6d580893b86895a8522166b5a8957c60d5e625da9bdd5a70936af537454689981e98da1cf3da0a0fa87d99d04366ee29c99debc7ff1d9e02f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r6, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="c94768a13aebc062b76fad227ba5b16dd61e402d1d3ce7547da3", @ANYRES32=r5], 0x10}, 0x0) recvmmsg$unix(r5, &(0x7f0000000f40)=[{{&(0x7f0000002340)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000180)=""/146, 0x92}], 0x1, &(0x7f0000000280)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0xc}}], 0xb0}}, {{&(0x7f0000000340), 0x6e, &(0x7f0000002600)=[{&(0x7f0000002400)=""/66, 0x42}, {&(0x7f0000002300)=""/45, 0x2d}, {&(0x7f0000002580)=""/105, 0x69}], 0x3, &(0x7f0000002980)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}, @rights={{0xc}}], 0x190}}, {{&(0x7f0000000540)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000002640)=""/29, 0x1d}, {&(0x7f0000000680)=""/18, 0x12}], 0x2, &(0x7f0000000700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x78}}, {{&(0x7f0000000780), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000800)=""/190, 0xbe}, {&(0x7f00000008c0)=""/64, 0x40}, {&(0x7f0000000900)=""/85, 0x55}, {&(0x7f0000000980)=""/222, 0xde}, {&(0x7f0000000a80)=""/224, 0xe0}, {&(0x7f0000000b80)=""/4, 0x4}, {&(0x7f0000002880)=""/237, 0xed}, {&(0x7f0000002680)=""/75, 0x4b}, {&(0x7f0000000d00)=""/226, 0xe2}], 0x9, &(0x7f0000000e80)=[@cred={{0x18}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0xa0}}], 0x4, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r4, 0xc0505350, &(0x7f0000002140)={{0x7, 0x8}, {0x8, 0x8}, 0x8, 0x3, 0x8}) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x82) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r7, 0xc0105303, &(0x7f0000000240)={0x0, 0x0, 0xcb}) syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') r8 = bpf$PROG_LOAD(0x5, &(0x7f00000024c0)={0x1c, 0x6, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000005c0)='sys_enter\x00', r8}, 0xe) close(0x3) close(0x4) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r9, 0x84, 0x20, 0x0, &(0x7f0000000080)) 1.752470308s ago: executing program 6 (id=7844): socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_sctp(0xa, 0x1, 0x84) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_GET_MSRS_cpu(r4, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x8b}]}) socket$kcm(0xa, 0x922000000003, 0x11) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='inet_sk_error_report\x00', r5}, 0x18) r6 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) unshare(0x2040400) r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r8 = dup(r7) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x118d, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0xc2}, &(0x7f0000000400), &(0x7f0000000140)) epoll_create1(0x0) 952.738406ms ago: executing program 0 (id=7845): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000040)={0xa0, 0x258, 0x690, 0x384, 0xda, 0x10000, 0x20, 0x0, {0x6, 0x7}, {0x401, 0x1}, {0xfffffffe, 0x2, 0x1}, {0x800, 0x5, 0x1}, 0x5, 0x2, 0x3ff, 0x1000, 0x1, 0x7, 0x63, 0x10002, 0x5, 0x7fff, 0x10001, 0x7, 0x24, 0x100, 0x0, 0xa}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) gettid() r3 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="18000000000000009be57f585c23a9a408429251156e9b0095d9cbe79fa6cd35c16f2c9b335071765f003c36c8b02f9f25bf01f2a02a952d17d7de6f4babc040565f1865a8b8eec8ad4d924b99ec6211741c100492c51543d83ea12018ca49b2e2a1b16983bbf0b7009fbe5d875a9e6b64c06ad87a92476e22ac6faa7d63ca3e7cafb0a3889d2492f546e82ee26515cdb187b82af563994a50fbfd1349c3dc8d3f6bb7635cc0142acb4e622ecf8fcc9e5aaed80a7ce5fbd22ab21bbbb42cab0f1963d3d34d18990ff6aee77800000000a8b3d32db1f5d848a921ea2802dd3e2aae71965d8be0e63ae527c372067357a4f18f10a3ec713f46624dbbb27548561fa6ae5e4b9228186e4bdee8f24dbf2581305006dcac6ff86534b61d2cda49d5be3c7b275d12ccb7b658361bbc0f17a167c53764b1e6bfdf4e5d49e222b0420127fe5d0a55e1b193e895014f9244152e2770f2e6d9030e06d5349f8efb26ec6642e4fa64db3a0c726c79f8d7cadf85819aa8953dce44cb9639f4d4d79605c45e14918fbc79a0c725b69c5c0596cb8957011b51f7204c"], &(0x7f0000000100)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r3, 0xc1205531, &(0x7f0000000540)={0x8001, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddbe29c94337"}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a000000000000", @ANYRES32, @ANYBLOB="00000000000000000500", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) close(0x3) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000010000000000000000000000000000000000000000000000000a4acb8e0df94fc30f3f469aff88ba2f34f"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r5, &(0x7f00000004c0), &(0x7f0000000000), 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffec4, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="7a0a00b2108e5b2c3b0763b819d30d19da"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) syz_emit_ethernet(0x56, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 371.042287ms ago: executing program 6 (id=7846): r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r1 = socket(0x2, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x26202) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_LABELS={0x4}]}, 0x98}}, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x200) ioctl$NBD_DO_IT(r2, 0xab03) ioctl$NBD_DISCONNECT(r2, 0xab08) syz_open_dev$ndb(&(0x7f0000000240), 0x0, 0x42000) 368.441061ms ago: executing program 5 (id=7847): socket$nl_route(0x10, 0x3, 0x0) ioprio_get$pid(0x2, 0xffffffffffffffff) r0 = socket(0x200000000000011, 0x3, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaa01080006040001ffffffffffffe0000002bbbbbbbbbbbb0000000acc58213eeb47fffb4103ec4ff1340d155e986ea811619d5629a38ec999792fec792ef0d159b83094c52d3bd7368bbb26c55736c8cc6367b2cac47747f3b62bbab3fd6aa100cf907594144e9643e4fa3022d8edc65251bbcda367988260ae2c67e7f547bdb734c8084fccf242d6d6db2655f4d0e47b652c6dced502c598"], 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0x541b, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) sched_setaffinity(0x0, 0xfffffffffffffdb0, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) r5 = gettid() timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r6 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182) ioctl$CEC_RECEIVE(r6, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe}) 326.037064ms ago: executing program 1 (id=7848): socket$nl_route(0x10, 0x3, 0x0) ioprio_get$pid(0x2, 0xffffffffffffffff) r0 = socket(0x200000000000011, 0x3, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaa01080006040001ffffffffffffe0000002bbbbbbbbbbbb0000000acc58213eeb47fffb4103ec4ff1340d155e986ea811619d5629a38ec999792fec792ef0d159b83094c52d3bd7368bbb26c55736c8cc6367b2cac47747f3b62bbab3fd6aa100cf907594144e9643e4fa3022d8edc65251bbcda367988260ae2c67e7f547bdb734c8084fccf242d6d6db2655f4d0e47b652c6dced5"], 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0x541b, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) sched_setaffinity(0x0, 0xfffffffffffffdb0, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) r5 = gettid() timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r6 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182) ioctl$CEC_RECEIVE(r6, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe}) 51.723413ms ago: executing program 0 (id=7849): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) openat$comedi(0xffffffffffffff9c, 0x0, 0x8080, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffd, 0x106, 0x1, @buffer={0x0, 0x0, 0x0}, &(0x7f00000002c0)="851666ce20db96ab0c7d83e114e7c41762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5bc6752639bf37ab325c16dc2f1c4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc807543ddff977834d8740fabc6db21e011079ec7baa1ef03a3b", 0x0, 0x10, 0x16, 0x1, 0x0}) writev(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x40) fcntl$setflags(r0, 0x2, 0x0) r2 = openat$vicodec1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_EDID(r2, 0xc0245628, &(0x7f0000000100)={0x3, 0x0, 0x100, '\x00', &(0x7f0000000040)=0xff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040805}, 0x8000) socket$nl_route(0x10, 0x3, 0x0) socket(0x200000000000011, 0x3, 0x0) 0s ago: executing program 6 (id=7850): openat2$dir(0xffffff9c, &(0x7f00000003c0)='./cgroup\x00', &(0x7f0000000480)={0x302, 0x39}, 0x18) syz_usb_connect(0x4, 0x0, 0x0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xf0ff}}]}) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x6, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x82, 0x3, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000580000/0x3000)=nil, 0x3000, 0xb635773f04ebbeef, 0x810, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000700)="42002339e6d3430604c7efc24c2b97747e272d8869310f4a77cf5c4fa0afea0b892a9b4597e877a2ad1dd0d394f826da615408f43332e8a4c2c5aa6f4cef43a2a2cd0531045454bb2ee3308633823ad30b37f6084703b9b48001b1f4e1e4ddbf509679e9b706a669b084ee15153772a216feb60df79838de0aeef661412c90b9710679acc357c9796cf0f7113578f77c4e308ca98bdb99170926b4d741f517d397feefc8e639c673bbf74f698e859c7742bc7c0ca2fad3c73c166b111fdb", 0xbe}, {&(0x7f00000007c0)="f32f5baf24b55712e58bcb69ad4952c2752d1247a160dbfbe725452e74d599c2fb1f1af95519592a0008f3f84e255f1895b16edcaa0bd0c2c560f496a83c8033b75c9eda3d305a059aacf2bd7f13590578b7f73beeb72a289f5a732ff810fd68e3278558669cb579cbcac139c1ab8cfbbb55c6d43253d3dc2ed8a5350619c07601eadb5c5cf591184ea9e558407e5800a366684132b9fc309ff23cbc5e4ed7473bb98e63e4ba8e2546cabe81795450bb", 0xb0}, {&(0x7f0000000880)="8f4750ce00c5426c54fe54021b1da1f62cbf046701da75d4e0894d97c50ed05b146ff3e755fec98be69989fc440fdee3ba672374c2f425027bdcbd46870336790dcdc0", 0x43}, {&(0x7f0000000900)="df635e090239f7b615e151768243831bd640163f1928c484fee8acab921f22bdda780f5a5863bfb6", 0x28}, {&(0x7f00000009c0)="17a98fcdf98cb7497b1312c801a1536ce8db829147f61e6d34dc9bb6cd3082811e615517aaf349d3bb0e5927e3e6671cda1182263b9ac3896c87c376343e783ee828cc90c72307a410d15dbdd157749cae82ec6aba1d6602e342c909fc7e67ad215179b4271351e0dce0fde24ac78e4257c685373f1e1d58f9fec05824dc4c3b8538bdc31f613e6753d3cdff75c323c0732e325d82966a6e6c85de7a578d742c06e9fdebd098d6657bd9b6562411d5291563c62dac4ac1c3232bf065ca40d5b0682b21cb8585fd0d206d95343a1825e7741ca37574e807e6599b0ddd01ecee7fb336718fd03df49bd0ac1937aec40c7a89558d327a7c18", 0xf7}], 0x5, &(0x7f0000000b80)=ANY=[@ANYBLOB="180000000100000002000000", @ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1001492b9a54668ef724ce1de59221286c7f30000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="240000000100000001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYBLOB="180000000100000002000000", @ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=0x0], 0x84, 0x40}}], 0x1, 0x0) sched_setaffinity(r2, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r3 = open(&(0x7f0000000000)='./file0\x00', 0x502, 0x98) fcntl$setlease(r3, 0x400, 0x1) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x2, 0x70000) ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000200)={&(0x7f0000000080)=[{0x0, 0x0, 0x8a, &(0x7f0000000300)="2deaffc73cb7584e859f066b8e43ebb15e337d54db51e8f447957f9cc20f8cb71d2e9dc6156bd0f1d9bf1adc2a430dd7d168991299e1f284e402f1791f2753afe9c609f9c3d3abbbae2cf2e4c7783ba8b42fed4e08c8fca128104a385e2164876abffeebce0e7a4527b55301f7da8c8375f8919be4800c1cf3ac90a4a7fa99da928e406886d92cd723da"}, {0x2, 0x5000, 0x8e, &(0x7f0000000ac0)="cecbc2df341b7b5d0ed0a801a31bb86a1844d17285b07f9f6b5b810a33f596b76e8dad706136d5f403fdbc8a5388de9aaaf3959c5ab76711cd611040d403f025e2"}, {0x9, 0x4011, 0xfd, &(0x7f0000000440)="4fd7461bf2d8c8fdd468c510f3f5fa4220ccb3503debb3a02ce320304e7bb3a60984e0889534a216ab781d0037034367b4281b3112ffbd4e5a2fd04fe2e12c85775ccde2c688b921f99b0440a224333a376deb3ac557cfecd945e42b71c941432c7ce54d5c9081a1f780f8dfe9f92c3bdc3d1c82611ea331acab394a979670f3c969924db38bbe950b77bfdebe93a24a994ab68276ff97ec3932c0730f6983624b10fa01fefdf20af7f4417c215288a66c18559175bb5e917f09a37552a82173de15242bf517192c78b523550fec4535a7bc07168b24df876bd71acf6c14c2099ccda828df013aba7b0b3d0b90d0a3855bfe00ca596cbf32100285e51f"}, {0x0, 0x8800, 0xfe, &(0x7f0000000540)="dfc6e402236e9bff8147685ff84fc08d9eb91fb621e0878c1b09537c302b106b2646c4e298f4933eb62d9c1e141049f89815da776770324135eef1ffe0ef2922f8894a3cec11b1608dcf6f6f6427734540772f71f1cba0fcb85c1475bbade3ff546f2d2c432205b5de0640fdeb8723d4ab8a6e5992f8d44913ebc62c47fc5a234e8e226730a7b8837c97552553ea21cc6b73b3325d506368847cef2aace09b63196c29540abed5aab9a036e9d808f45dfa3cd65a665e5a725d87a2ca410197b72f8b32dc01f339705d41e2cbb71a2f9b70ba2e3857ec979740d333fc7cc1ca05ef5497dc352e020bd95e95b76ae6223a0432adb04975c2426c3e73dfcd48"}, {0x7, 0x201, 0xba, &(0x7f0000000640)="3864ae5e654f5da478cef417ffd7eda6c022c373ae22b3de6bda15faa3fd6fc5c76a238d589244a8356741a6527ebf0cc6d927b2e45905b5e99288c087f266b964ce2047609158dee97a5e6137357f571c6d886144e3c22eb7549ce54034a50a2997a55df30eb4d957a7cb8a7f5efe238a663c5fb28a8ba5f791976d1a977c2ade87a8c5ebef49f73072a576335965f60f5406a3e19f6d23a733555dc1d3551eaadda646e90fa2674e564bb0202fc9c1012199d67af2ddc87cfd"}], 0x5}) kernel console output (not intermixed with test programs): 0000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1522.024341][T30550] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1522.024355][T30550] [ 1522.091176][T30552] FAULT_INJECTION: forcing a failure. [ 1522.091176][T30552] name failslab, interval 1, probability 0, space 0, times 0 [ 1522.096100][T30552] CPU: 0 UID: 0 PID: 30552 Comm: syz.6.7178 Not tainted syzkaller #0 PREEMPT(full) [ 1522.096117][T30552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1522.096124][T30552] Call Trace: [ 1522.096128][T30552] [ 1522.096133][T30552] dump_stack_lvl+0x16c/0x1f0 [ 1522.096152][T30552] should_fail_ex+0x512/0x640 [ 1522.096167][T30552] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1522.096182][T30552] should_failslab+0xc2/0x120 [ 1522.096196][T30552] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1522.096209][T30552] ? getname_flags.part.0+0x4c/0x550 [ 1522.096228][T30552] getname_flags.part.0+0x4c/0x550 [ 1522.096246][T30552] getname_flags+0x93/0xf0 [ 1522.096258][T30552] __ia32_sys_linkat+0xd8/0x130 [ 1522.096273][T30552] __do_fast_syscall_32+0x7c/0x3a0 [ 1522.096289][T30552] do_fast_syscall_32+0x32/0x80 [ 1522.096304][T30552] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1522.096318][T30552] RIP: 0023:0xf7f88579 [ 1522.096327][T30552] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1522.096338][T30552] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 000000000000012f [ 1522.096349][T30552] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000500 [ 1522.096356][T30552] RDX: 00000000ffffff9c RSI: 0000000080000540 RDI: 0000000000000000 [ 1522.096362][T30552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1522.096368][T30552] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1522.096374][T30552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1522.096387][T30552] [ 1523.034049][ T7002] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1523.477219][T30580] serio: Serial port ptm0 [ 1524.001422][T30595] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7189'. [ 1525.232040][ T7011] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1525.236701][ T7011] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1525.263459][ T5986] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1525.271956][ T5986] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1525.284677][ T5986] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1525.291138][ T5986] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1525.295155][ T5986] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1525.392411][ T7011] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1525.396537][ T7011] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1525.425996][T30618] lo speed is unknown, defaulting to 1000 [ 1525.431471][T30618] lo speed is unknown, defaulting to 1000 [ 1525.593054][T30621] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7197'. [ 1525.623966][ T7011] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1525.649914][ T7011] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1525.751139][ T7011] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1525.754700][ T7011] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1525.907491][T30618] chnl_net:caif_netlink_parms(): no params data found [ 1525.919469][ T7011] veth0_to_team: left allmulticast mode [ 1525.921536][ T7011] veth0_to_team: left promiscuous mode [ 1525.923665][ T7011] bridge0: port 1(veth0_to_team) entered disabled state [ 1526.403199][ T7011] bond0 (unregistering): Released all slaves [ 1526.410779][ T7011] bond1 (unregistering): Released all slaves [ 1526.474800][T30618] bridge0: port 1(bridge_slave_0) entered blocking state [ 1526.477113][T30618] bridge0: port 1(bridge_slave_0) entered disabled state [ 1526.479400][T30618] bridge_slave_0: entered allmulticast mode [ 1526.482320][T30618] bridge_slave_0: entered promiscuous mode [ 1526.491370][ T7011] tipc: Left network mode [ 1526.491872][T30618] bridge0: port 2(bridge_slave_1) entered blocking state [ 1526.500029][T30618] bridge0: port 2(bridge_slave_1) entered disabled state [ 1526.502421][T30618] bridge_slave_1: entered allmulticast mode [ 1526.505235][T30618] bridge_slave_1: entered promiscuous mode [ 1526.542617][T30618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1526.547506][T30618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1526.581649][T30618] team0: Port device team_slave_0 added [ 1526.594780][T30618] team0: Port device team_slave_1 added [ 1526.613638][T18489] usb 11-1: new high-speed USB device number 5 using dummy_hcd [ 1526.628427][T30618] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1526.630659][T30618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1526.640100][T30618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1526.644678][T30618] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1526.646903][T30618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1526.655819][T30618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1526.711655][T30618] hsr_slave_0: entered promiscuous mode [ 1526.714087][T30618] hsr_slave_1: entered promiscuous mode [ 1526.716285][T30618] debugfs: 'hsr0' already exists in 'hsr' [ 1526.718197][T30618] Cannot create hsr debugfs directory [ 1526.763745][T18489] usb 11-1: Using ep0 maxpacket: 8 [ 1526.768735][T18489] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1526.772140][T18489] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1526.775052][T18489] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1526.778623][T18489] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1526.782460][T18489] usb 11-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1526.786204][T18489] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1526.794711][T18489] hub 11-1:1.0: bad descriptor, ignoring hub [ 1526.796685][T18489] hub 11-1:1.0: probe with driver hub failed with error -5 [ 1526.799251][T18489] cdc_wdm 11-1:1.0: skipping garbage [ 1526.800960][T18489] cdc_wdm 11-1:1.0: skipping garbage [ 1526.805753][T18489] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 1526.807698][T18489] cdc_wdm 11-1:1.0: Unknown control protocol [ 1527.050270][T30633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1527.073304][T30633] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1527.095605][ T6062] usb 11-1: USB disconnect, device number 5 [ 1527.156273][ T7011] hsr_slave_0: left promiscuous mode [ 1527.159491][ T7011] hsr_slave_1: left promiscuous mode [ 1527.175944][ T7011] veth1_macvtap: left promiscuous mode [ 1527.178053][ T7011] veth0_macvtap: left promiscuous mode [ 1527.180365][ T7011] veth1_vlan: left promiscuous mode [ 1527.182231][ T7011] veth0_vlan: left promiscuous mode [ 1527.354350][ T5986] Bluetooth: hci2: command tx timeout [ 1527.504061][ T7031] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1527.844754][T30642] FAULT_INJECTION: forcing a failure. [ 1527.844754][T30642] name failslab, interval 1, probability 0, space 0, times 0 [ 1527.851473][T30642] CPU: 1 UID: 0 PID: 30642 Comm: syz.5.7201 Not tainted syzkaller #0 PREEMPT(full) [ 1527.851512][T30642] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1527.851524][T30642] Call Trace: [ 1527.851551][T30642] [ 1527.851559][T30642] dump_stack_lvl+0x16c/0x1f0 [ 1527.851590][T30642] should_fail_ex+0x512/0x640 [ 1527.851613][T30642] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1527.851635][T30642] should_failslab+0xc2/0x120 [ 1527.851657][T30642] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1527.851675][T30642] ? binder_get_thread+0x1eb/0x8c0 [ 1527.851701][T30642] ? binder_get_thread+0x225/0x8c0 [ 1527.851728][T30642] ? __pfx_binder_poll+0x10/0x10 [ 1527.851753][T30642] binder_get_thread+0x225/0x8c0 [ 1527.851782][T30642] ? __pfx_binder_poll+0x10/0x10 [ 1527.851808][T30642] binder_poll+0x3f/0x400 [ 1527.851834][T30642] ? __pfx_binder_poll+0x10/0x10 [ 1527.851856][T30642] do_select+0xd3d/0x17e0 [ 1527.851892][T30642] ? __pfx_do_select+0x10/0x10 [ 1527.851909][T30642] ? trace_mm_page_alloc+0x11f/0x1a0 [ 1527.851936][T30642] ? __pfx___pollwait+0x10/0x10 [ 1527.851957][T30642] ? __pfx_pollwake+0x10/0x10 [ 1527.851975][T30642] ? __pfx_pollwake+0x10/0x10 [ 1527.852002][T30642] ? __pfx_pollwake+0x10/0x10 [ 1527.852022][T30642] ? __pfx_pollwake+0x10/0x10 [ 1527.852068][T30642] ? find_held_lock+0x2b/0x80 [ 1527.852087][T30642] ? compat_core_sys_select+0x1dd/0x880 [ 1527.852109][T30642] ? compat_core_sys_select+0x685/0x880 [ 1527.852126][T30642] compat_core_sys_select+0x685/0x880 [ 1527.852151][T30642] ? __pfx_compat_core_sys_select+0x10/0x10 [ 1527.852174][T30642] ? proc_fail_nth_write+0x9f/0x220 [ 1527.852204][T30642] ? set_compat_user_sigmask+0x213/0x2a0 [ 1527.852223][T30642] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 1527.852247][T30642] __ia32_compat_sys_pselect6_time32+0x2d1/0x390 [ 1527.852269][T30642] ? __pfx___ia32_compat_sys_pselect6_time32+0x10/0x10 [ 1527.852292][T30642] ? ksys_write+0x1ac/0x250 [ 1527.852311][T30642] ? __pfx_ksys_write+0x10/0x10 [ 1527.852333][T30642] ? rcu_is_watching+0x12/0xc0 [ 1527.852356][T30642] __do_fast_syscall_32+0x7c/0x3a0 [ 1527.852384][T30642] do_fast_syscall_32+0x32/0x80 [ 1527.852407][T30642] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1527.852429][T30642] RIP: 0023:0xf703e579 [ 1527.852443][T30642] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1527.852461][T30642] RSP: 002b:00000000f540d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000134 [ 1527.852479][T30642] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000800001c0 [ 1527.852490][T30642] RDX: 0000000000000000 RSI: 00000000800002c0 RDI: 0000000000000000 [ 1527.852501][T30642] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1527.852511][T30642] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1527.852521][T30642] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1527.852544][T30642] [ 1528.233767][T30655] serio: Serial port ptm0 [ 1529.425625][ T5986] Bluetooth: hci2: command tx timeout [ 1529.698394][T30618] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1529.703156][T30618] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1529.709901][T30618] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1529.729138][T30618] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1529.795913][ T7011] IPVS: stop unused estimator thread 0... [ 1529.871899][T30618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1529.889111][T30618] 8021q: adding VLAN 0 to HW filter on device team0 [ 1529.897249][ T7024] bridge0: port 1(bridge_slave_0) entered blocking state [ 1529.900307][ T7024] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1529.904996][T30676] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7207'. [ 1529.922640][ T7051] bridge0: port 2(bridge_slave_1) entered blocking state [ 1529.925118][ T7051] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1529.972219][T30618] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1529.976947][T30618] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1530.202948][T30618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1530.242889][T30618] veth0_vlan: entered promiscuous mode [ 1530.255400][T30618] veth1_vlan: entered promiscuous mode [ 1530.290250][T30618] veth0_macvtap: entered promiscuous mode [ 1530.298357][T30618] veth1_macvtap: entered promiscuous mode [ 1530.321063][T30618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1530.349071][T30618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1530.361054][ T7024] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1530.365741][ T7024] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1530.371652][ T7024] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1530.376331][ T7024] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1530.423339][ T7024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1530.429258][ T7024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1530.445344][ T7024] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1530.447932][ T7024] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1530.981791][T30694] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7210'. [ 1531.504071][ T5986] Bluetooth: hci2: command tx timeout [ 1531.578337][T30712] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3 [ 1532.548231][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1533.583628][ T5986] Bluetooth: hci2: command tx timeout [ 1534.748690][T30769] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7232'. [ 1535.574375][T30794] hub 1-0:1.0: USB hub found [ 1535.583786][T30794] hub 1-0:1.0: 6 ports detected [ 1535.624438][T30792] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1535.774638][ T34] usb 1-1: new high-speed USB device number 3 using ehci-pci [ 1535.981757][ T34] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 1535.987088][ T34] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 1535.990504][ T34] usb 1-1: Product: QEMU USB Tablet [ 1535.992815][ T34] usb 1-1: Manufacturer: QEMU [ 1535.995728][ T34] usb 1-1: SerialNumber: 28754-0000:00:1d.7-1 [ 1536.084035][ T34] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb1/1-1/1-1:1.0/0003:0627:0001.0005/input/input42 [ 1536.159650][ T34] hid-generic 0003:0627:0001.0005: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 1536.389200][T30807] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7244'. [ 1536.401087][T30809] FAULT_INJECTION: forcing a failure. [ 1536.401087][T30809] name failslab, interval 1, probability 0, space 0, times 0 [ 1536.401129][T30809] CPU: 3 UID: 0 PID: 30809 Comm: syz.6.7245 Not tainted syzkaller #0 PREEMPT(full) [ 1536.401143][T30809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1536.401152][T30809] Call Trace: [ 1536.401158][T30809] [ 1536.401163][T30809] dump_stack_lvl+0x16c/0x1f0 [ 1536.401186][T30809] should_fail_ex+0x512/0x640 [ 1536.401208][T30809] ? bit_cursor+0x885/0x17e0 [ 1536.401226][T30809] should_failslab+0xc2/0x120 [ 1536.401246][T30809] __kmalloc_noprof+0xd2/0x510 [ 1536.401266][T30809] bit_cursor+0x885/0x17e0 [ 1536.401284][T30809] ? __pfx_bit_cursor+0x10/0x10 [ 1536.401303][T30809] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1536.401321][T30809] ? get_color+0x1da/0x450 [ 1536.401334][T30809] ? __pfx_bit_cursor+0x10/0x10 [ 1536.401348][T30809] fbcon_cursor+0x40c/0x5f0 [ 1536.401363][T30809] hide_cursor+0x84/0x220 [ 1536.401377][T30809] do_con_write+0x23f7/0x8280 [ 1536.401392][T30809] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1536.401408][T30809] ? __pfx___might_resched+0x10/0x10 [ 1536.401420][T30809] ? rcu_is_watching+0x12/0xc0 [ 1536.401431][T30809] ? trace_contention_end+0xdd/0x130 [ 1536.401446][T30809] ? __mutex_lock+0x1c5/0x1060 [ 1536.401460][T30809] ? n_tty_write+0x44e/0x11e0 [ 1536.401472][T30809] ? __pfx_do_con_write+0x10/0x10 [ 1536.401489][T30809] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1536.401507][T30809] con_write+0x23/0xb0 [ 1536.401521][T30809] do_output_char+0x5d9/0x840 [ 1536.401539][T30809] n_tty_write+0x4ff/0x11e0 [ 1536.401555][T30809] ? __pfx_n_tty_write+0x10/0x10 [ 1536.401565][T30809] ? rcu_is_watching+0x12/0xc0 [ 1536.401575][T30809] ? __pfx_woken_wake_function+0x10/0x10 [ 1536.401593][T30809] ? kfree+0x24f/0x4d0 [ 1536.401602][T30809] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 1536.401618][T30809] ? __pfx_n_tty_write+0x10/0x10 [ 1536.401629][T30809] file_tty_write.constprop.0+0x504/0x9b0 [ 1536.401647][T30809] vfs_write+0x7d0/0x11d0 [ 1536.401660][T30809] ? __pfx_tty_write+0x10/0x10 [ 1536.401676][T30809] ? __pfx_vfs_write+0x10/0x10 [ 1536.401687][T30809] ? find_held_lock+0x2b/0x80 [ 1536.401706][T30809] ksys_write+0x12a/0x250 [ 1536.401718][T30809] ? __pfx_ksys_write+0x10/0x10 [ 1536.401732][T30809] ? rcu_is_watching+0x12/0xc0 [ 1536.401763][T30809] __do_fast_syscall_32+0x7c/0x3a0 [ 1536.401781][T30809] do_fast_syscall_32+0x32/0x80 [ 1536.401795][T30809] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1536.401809][T30809] RIP: 0023:0xf7f88579 [ 1536.401819][T30809] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1536.401830][T30809] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 1536.401840][T30809] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002080 [ 1536.401847][T30809] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000 [ 1536.401853][T30809] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1536.401859][T30809] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1536.401865][T30809] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1536.401880][T30809] [ 1536.539734][T30815] loop8: detected capacity change from 0 to 7 [ 1536.545278][T29968] Dev loop8: unable to read RDB block 7 [ 1536.547350][T29968] loop8: unable to read partition table [ 1536.549384][T29968] loop8: partition table beyond EOD, truncated [ 1536.556086][T30815] Dev loop8: unable to read RDB block 7 [ 1536.558640][T30815] loop8: unable to read partition table [ 1536.560627][T30815] loop8: partition table beyond EOD, truncated [ 1536.562695][T30815] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1536.613779][T30815] FAULT_INJECTION: forcing a failure. [ 1536.613779][T30815] name failslab, interval 1, probability 0, space 0, times 0 [ 1536.618464][T30815] CPU: 2 UID: 0 PID: 30815 Comm: syz.1.7247 Not tainted syzkaller #0 PREEMPT(full) [ 1536.618480][T30815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1536.618487][T30815] Call Trace: [ 1536.618491][T30815] [ 1536.618496][T30815] dump_stack_lvl+0x16c/0x1f0 [ 1536.618515][T30815] should_fail_ex+0x512/0x640 [ 1536.618530][T30815] ? fs_reclaim_acquire+0xae/0x150 [ 1536.618548][T30815] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1536.618564][T30815] should_failslab+0xc2/0x120 [ 1536.618579][T30815] __kmalloc_noprof+0xd2/0x510 [ 1536.618595][T30815] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1536.618612][T30815] ? tomoyo_profile+0x47/0x60 [ 1536.618623][T30815] tomoyo_path_perm+0x274/0x460 [ 1536.618635][T30815] ? tomoyo_path_perm+0x260/0x460 [ 1536.618649][T30815] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 1536.618668][T30815] ? finish_task_switch.isra.0+0x2fa/0xc10 [ 1536.618693][T30815] security_inode_getattr+0x116/0x290 [ 1536.618707][T30815] vfs_getattr+0x25/0x60 [ 1536.618724][T30815] loop_query_min_dio_size.isra.0+0x117/0x250 [ 1536.618742][T30815] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 1536.618754][T30815] ? mark_held_locks+0x49/0x80 [ 1536.618779][T30815] ? blk_freeze_queue_start+0xec/0x140 [ 1536.618793][T30815] lo_ioctl+0x144b/0x1cc0 [ 1536.618808][T30815] ? __pfx_lo_ioctl+0x10/0x10 [ 1536.618823][T30815] ? kasan_quarantine_put+0x10a/0x240 [ 1536.618835][T30815] ? lockdep_hardirqs_on+0x7c/0x110 [ 1536.618850][T30815] ? blk_get_meta_cap+0x482/0x700 [ 1536.618864][T30815] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 1536.618880][T30815] ? blkdev_common_ioctl+0x1d6/0x2470 [ 1536.618893][T30815] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1536.618907][T30815] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 1536.618922][T30815] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1536.618940][T30815] ? do_vfs_ioctl+0x128/0x14f0 [ 1536.618957][T30815] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1536.618979][T30815] lo_compat_ioctl+0xb9/0x170 [ 1536.618991][T30815] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 1536.619003][T30815] compat_blkdev_ioctl+0x2eb/0x7a0 [ 1536.619017][T30815] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 1536.619031][T30815] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 1536.619045][T30815] __ia32_compat_sys_ioctl+0x242/0x370 [ 1536.619063][T30815] __do_fast_syscall_32+0x7c/0x3a0 [ 1536.619080][T30815] do_fast_syscall_32+0x32/0x80 [ 1536.619095][T30815] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1536.619108][T30815] RIP: 0023:0xf7fa8579 [ 1536.619117][T30815] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1536.619128][T30815] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1536.619139][T30815] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c06 [ 1536.619146][T30815] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 1536.619152][T30815] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1536.619158][T30815] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1536.619164][T30815] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1536.619178][T30815] [ 1536.619182][T30815] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1536.719521][T30815] Dev loop8: unable to read RDB block 7 [ 1536.721301][T30815] loop8: unable to read partition table [ 1536.723126][T30815] loop8: partition table beyond EOD, truncated [ 1536.725197][T30815] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1536.998910][T30829] lo speed is unknown, defaulting to 1000 [ 1537.001531][T30829] lo speed is unknown, defaulting to 1000 [ 1538.384888][ T7002] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1539.543332][T30865] macsec1: entered allmulticast mode [ 1539.632444][ T40] audit: type=1326 audit(1756129692.981:15384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1539.642935][ T40] audit: type=1326 audit(1756129692.981:15385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1539.659707][ T40] audit: type=1326 audit(1756129692.981:15386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1539.679342][ T40] audit: type=1326 audit(1756129692.981:15387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1539.695324][ T40] audit: type=1326 audit(1756129692.981:15388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1539.702422][ T40] audit: type=1326 audit(1756129692.981:15389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1539.713412][ T40] audit: type=1326 audit(1756129692.981:15390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1539.724640][ T40] audit: type=1326 audit(1756129692.981:15391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf703e5a7 code=0x7ffc0000 [ 1539.731750][ T40] audit: type=1326 audit(1756129692.981:15392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1539.741324][ T40] audit: type=1326 audit(1756129692.991:15393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30863 comm="syz.5.7262" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf703e5a7 code=0x7ffc0000 [ 1540.301495][T30871] netlink: 'syz.1.7264': attribute type 13 has an invalid length. [ 1540.329091][T30871] gretap0: refused to change device tx_queue_len [ 1540.331223][T30871] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1540.922332][T30873] lo speed is unknown, defaulting to 1000 [ 1540.932026][T30873] lo speed is unknown, defaulting to 1000 [ 1541.089406][T30879] loop8: detected capacity change from 0 to 7 [ 1541.092351][T29968] Dev loop8: unable to read RDB block 7 [ 1541.094295][T29968] loop8: unable to read partition table [ 1541.096301][T29968] loop8: partition table beyond EOD, truncated [ 1541.260143][T30879] Dev loop8: unable to read RDB block 7 [ 1541.366886][T30879] loop8: unable to read partition table [ 1541.368967][T30879] loop8: partition table beyond EOD, truncated [ 1541.371225][T30879] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1541.390264][T29968] Dev loop8: unable to read RDB block 7 [ 1541.392189][T29968] loop8: unable to read partition table [ 1541.395317][T29968] loop8: partition table beyond EOD, truncated [ 1541.401287][T30882] Dev loop8: unable to read RDB block 7 [ 1541.402917][T30882] loop8: unable to read partition table [ 1541.406278][T30882] loop8: partition table beyond EOD, truncated [ 1541.408334][T30882] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1541.719971][T30900] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7273'. [ 1542.547852][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1542.891792][T30922] usb 1-1: USB disconnect, device number 3 [ 1543.000978][T30922] hub 1-0:1.0: USB hub found [ 1543.002696][T30922] hub 1-0:1.0: 6 ports detected [ 1543.173700][ T6056] usb 1-1: new high-speed USB device number 4 using ehci-pci [ 1543.358207][ T6056] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00 [ 1543.361361][ T6056] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10 [ 1543.364205][ T6056] usb 1-1: Product: QEMU USB Tablet [ 1543.366041][ T6056] usb 1-1: Manufacturer: QEMU [ 1543.368349][ T6056] usb 1-1: SerialNumber: 28754-0000:00:1d.7-1 [ 1543.393961][ T6056] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb1/1-1/1-1:1.0/0003:0627:0001.0006/input/input43 [ 1543.406232][ T6056] hid-generic 0003:0627:0001.0006: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0 [ 1543.436310][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1543.834497][T30944] FAULT_INJECTION: forcing a failure. [ 1543.834497][T30944] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1543.841976][T30944] CPU: 0 UID: 0 PID: 30944 Comm: syz.1.7286 Not tainted syzkaller #0 PREEMPT(full) [ 1543.842006][T30944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1543.842017][T30944] Call Trace: [ 1543.842025][T30944] [ 1543.842032][T30944] dump_stack_lvl+0x16c/0x1f0 [ 1543.842060][T30944] should_fail_ex+0x512/0x640 [ 1543.842089][T30944] strncpy_from_user+0x3b/0x2e0 [ 1543.842114][T30944] getname_flags.part.0+0x8f/0x550 [ 1543.842143][T30944] getname_flags+0x93/0xf0 [ 1543.842164][T30944] __ia32_sys_mknod+0x72/0xb0 [ 1543.842185][T30944] __do_fast_syscall_32+0x7c/0x3a0 [ 1543.842211][T30944] do_fast_syscall_32+0x32/0x80 [ 1543.842235][T30944] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1543.842257][T30944] RIP: 0023:0xf7fa8579 [ 1543.842270][T30944] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1543.842288][T30944] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 000000000000000e [ 1543.842304][T30944] RAX: ffffffffffffffda RBX: 00000000800001c0 RCX: 0000000000000400 [ 1543.842315][T30944] RDX: 0000000000000702 RSI: 0000000000000000 RDI: 0000000000000000 [ 1543.842325][T30944] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1543.842336][T30944] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1543.842346][T30944] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1543.842369][T30944] [ 1544.301205][T30950] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7287'. [ 1544.304533][T30950] netlink: 'syz.6.7287': attribute type 5 has an invalid length. [ 1544.307148][T30950] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7287'. [ 1544.320397][T30950] geneve2: entered promiscuous mode [ 1544.322200][T30950] geneve2: entered allmulticast mode [ 1544.327634][ T46] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 1544.335442][ T46] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 1544.338641][ T46] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 1544.344092][ T46] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 1544.716260][T30957] loop8: detected capacity change from 0 to 7 [ 1544.720713][T29968] Dev loop8: unable to read RDB block 7 [ 1544.722704][T29968] loop8: unable to read partition table [ 1544.725095][T29968] loop8: partition table beyond EOD, truncated [ 1544.752432][T30957] Dev loop8: unable to read RDB block 7 [ 1544.754648][T30957] loop8: unable to read partition table [ 1544.757082][T30957] loop8: partition table beyond EOD, truncated [ 1544.759265][T30957] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1544.855632][T30957] Dev loop8: unable to read RDB block 7 [ 1544.864317][T30957] loop8: unable to read partition table [ 1544.868791][T30957] loop8: partition table beyond EOD, truncated [ 1544.879855][T30957] loop_reread_partitions: partition scan of loop8 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1545.437255][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 1545.564843][T30974] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1546.011021][T30982] lo speed is unknown, defaulting to 1000 [ 1546.014959][T30982] lo speed is unknown, defaulting to 1000 [ 1546.623613][ C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1547.000242][T30990] FAULT_INJECTION: forcing a failure. [ 1547.000242][T30990] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1547.004581][T30990] CPU: 2 UID: 0 PID: 30990 Comm: syz.5.7299 Not tainted syzkaller #0 PREEMPT(full) [ 1547.004596][T30990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1547.004603][T30990] Call Trace: [ 1547.004607][T30990] [ 1547.004614][T30990] dump_stack_lvl+0x16c/0x1f0 [ 1547.004633][T30990] should_fail_ex+0x512/0x640 [ 1547.004651][T30990] _copy_to_user+0x32/0xd0 [ 1547.004663][T30990] simple_read_from_buffer+0xcb/0x170 [ 1547.004675][T30990] proc_fail_nth_read+0x197/0x240 [ 1547.004688][T30990] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1547.004700][T30990] ? rw_verify_area+0xcf/0x6c0 [ 1547.004711][T30990] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1547.004723][T30990] vfs_read+0x1e4/0xcf0 [ 1547.004751][T30990] ? __pfx_vfs_read+0x10/0x10 [ 1547.004762][T30990] ? find_held_lock+0x2b/0x80 [ 1547.004777][T30990] ? __fget_files+0x20e/0x3c0 [ 1547.004793][T30990] ksys_read+0x12a/0x250 [ 1547.004806][T30990] ? __pfx_ksys_read+0x10/0x10 [ 1547.004819][T30990] ? rcu_is_watching+0x12/0xc0 [ 1547.004833][T30990] __do_fast_syscall_32+0x7c/0x3a0 [ 1547.004849][T30990] do_fast_syscall_32+0x32/0x80 [ 1547.004863][T30990] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1547.004877][T30990] RIP: 0023:0xf703e579 [ 1547.004886][T30990] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1547.004897][T30990] RSP: 002b:00000000f542e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1547.004908][T30990] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542e620 [ 1547.004915][T30990] RDX: 000000000000000f RSI: 00000000f73a4ff4 RDI: 0000000000000000 [ 1547.004922][T30990] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1547.004928][T30990] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1547.004934][T30990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1547.004948][T30990] [ 1547.419096][T30996] ubi: mtd0 is already attached to ubi31 [ 1547.448800][T30999] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.456391][T30999] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1547.596201][T30999] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.601599][T30999] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1547.713931][T30999] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.718229][T30999] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1547.803590][T30999] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1547.808104][T30999] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1547.934940][ T7051] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 1547.938417][ T7051] netdevsim netdevsim6 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 1547.941632][ T7051] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 1547.945065][ T7051] netdevsim netdevsim6 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 1547.958920][ T7004] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 1547.961670][ T7004] netdevsim netdevsim6 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 1547.969321][ T7051] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 1547.972024][ T7051] netdevsim netdevsim6 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 1547.984425][ T7024] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1548.283780][ T10] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 1548.443786][ T10] usb 11-1: Using ep0 maxpacket: 8 [ 1548.451142][ T10] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1548.456129][ T10] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1548.459089][ T10] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1548.462704][ T10] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1548.467567][ T10] usb 11-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1548.471130][ T10] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1548.483124][ T10] hub 11-1:1.0: bad descriptor, ignoring hub [ 1548.485546][ T10] hub 11-1:1.0: probe with driver hub failed with error -5 [ 1548.489271][ T10] cdc_wdm 11-1:1.0: skipping garbage [ 1548.491017][ T10] cdc_wdm 11-1:1.0: skipping garbage [ 1548.496042][ T10] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 1548.500291][ T10] cdc_wdm 11-1:1.0: Unknown control protocol [ 1548.746094][T31039] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1548.749952][T31039] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1549.265303][ T7024] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1549.514329][T31047] FAULT_INJECTION: forcing a failure. [ 1549.514329][T31047] name failslab, interval 1, probability 0, space 0, times 0 [ 1549.519283][T31047] CPU: 1 UID: 0 PID: 31047 Comm: syz.0.7316 Not tainted syzkaller #0 PREEMPT(full) [ 1549.519305][T31047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1549.519316][T31047] Call Trace: [ 1549.519322][T31047] [ 1549.519329][T31047] dump_stack_lvl+0x16c/0x1f0 [ 1549.519379][T31047] should_fail_ex+0x512/0x640 [ 1549.519403][T31047] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1549.519427][T31047] should_failslab+0xc2/0x120 [ 1549.519449][T31047] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1549.519470][T31047] ? alloc_empty_file+0x55/0x1e0 [ 1549.519496][T31047] alloc_empty_file+0x55/0x1e0 [ 1549.519520][T31047] path_openat+0xda/0x2cb0 [ 1549.519538][T31047] ? do_fast_syscall_32+0x32/0x80 [ 1549.519560][T31047] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1549.519593][T31047] ? __pfx_path_openat+0x10/0x10 [ 1549.519621][T31047] ? __lock_acquire+0xb97/0x1ce0 [ 1549.519654][T31047] do_filp_open+0x20b/0x470 [ 1549.519674][T31047] ? __pfx_do_filp_open+0x10/0x10 [ 1549.519709][T31047] ? _raw_spin_unlock+0x28/0x50 [ 1549.519728][T31047] ? alloc_fd+0x471/0x7d0 [ 1549.519754][T31047] do_sys_openat2+0x11b/0x1d0 [ 1549.519777][T31047] ? __pfx_do_sys_openat2+0x10/0x10 [ 1549.519808][T31047] ? __fget_files+0x20e/0x3c0 [ 1549.519824][T31047] ? handle_mm_fault+0x200/0xd10 [ 1549.519845][T31047] __ia32_compat_sys_openat+0x16d/0x210 [ 1549.519861][T31047] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 1549.519876][T31047] ? ksys_write+0x1ac/0x250 [ 1549.519899][T31047] ? rcu_is_watching+0x12/0xc0 [ 1549.519920][T31047] __do_fast_syscall_32+0x7c/0x3a0 [ 1549.519949][T31047] do_fast_syscall_32+0x32/0x80 [ 1549.519973][T31047] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1549.519994][T31047] RIP: 0023:0xf703e579 [ 1549.520008][T31047] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1549.520024][T31047] RSP: 002b:00000000f542e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127 [ 1549.520041][T31047] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000040 [ 1549.520052][T31047] RDX: 00000000000a2f00 RSI: 00000000000000a3 RDI: 0000000000000000 [ 1549.520063][T31047] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1549.520073][T31047] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1549.520083][T31047] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1549.520106][T31047] [ 1549.618587][T31020] cdc_wdm 11-1:1.0: Error autopm - -16 [ 1549.621217][T18489] usb 11-1: USB disconnect, device number 6 [ 1550.802830][T31080] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7325'. [ 1551.560073][T31088] FAULT_INJECTION: forcing a failure. [ 1551.560073][T31088] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1551.564307][T31088] CPU: 1 UID: 0 PID: 31088 Comm: syz.6.7327 Not tainted syzkaller #0 PREEMPT(full) [ 1551.564322][T31088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1551.564329][T31088] Call Trace: [ 1551.564332][T31088] [ 1551.564337][T31088] dump_stack_lvl+0x16c/0x1f0 [ 1551.564356][T31088] should_fail_ex+0x512/0x640 [ 1551.564386][T31088] _copy_to_user+0x32/0xd0 [ 1551.564398][T31088] simple_read_from_buffer+0xcb/0x170 [ 1551.564411][T31088] proc_fail_nth_read+0x197/0x240 [ 1551.564423][T31088] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1551.564435][T31088] ? rw_verify_area+0xcf/0x6c0 [ 1551.564446][T31088] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1551.564458][T31088] vfs_read+0x1e4/0xcf0 [ 1551.564473][T31088] ? __pfx_vfs_read+0x10/0x10 [ 1551.564483][T31088] ? find_held_lock+0x2b/0x80 [ 1551.564500][T31088] ? __fget_files+0x20e/0x3c0 [ 1551.564528][T31088] ksys_read+0x12a/0x250 [ 1551.564542][T31088] ? __pfx_ksys_read+0x10/0x10 [ 1551.564555][T31088] ? rcu_is_watching+0x12/0xc0 [ 1551.564568][T31088] __do_fast_syscall_32+0x7c/0x3a0 [ 1551.564584][T31088] do_fast_syscall_32+0x32/0x80 [ 1551.564599][T31088] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1551.564613][T31088] RIP: 0023:0xf7f88579 [ 1551.564622][T31088] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1551.564632][T31088] RSP: 002b:00000000f54a6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1551.564644][T31088] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54a6620 [ 1551.564650][T31088] RDX: 000000000000000f RSI: 00000000f7414ff4 RDI: 0000000000000000 [ 1551.564657][T31088] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1551.564663][T31088] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1551.564669][T31088] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1551.564682][T31088] [ 1551.671808][T31092] FAULT_INJECTION: forcing a failure. [ 1551.671808][T31092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1551.678185][T31092] CPU: 1 UID: 0 PID: 31092 Comm: syz.1.7329 Not tainted syzkaller #0 PREEMPT(full) [ 1551.678210][T31092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1551.678220][T31092] Call Trace: [ 1551.678227][T31092] [ 1551.678235][T31092] dump_stack_lvl+0x16c/0x1f0 [ 1551.678262][T31092] should_fail_ex+0x512/0x640 [ 1551.678289][T31092] _copy_to_user+0x32/0xd0 [ 1551.678308][T31092] simple_read_from_buffer+0xcb/0x170 [ 1551.678329][T31092] proc_fail_nth_read+0x197/0x240 [ 1551.678350][T31092] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1551.678372][T31092] ? rw_verify_area+0xcf/0x6c0 [ 1551.678391][T31092] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1551.678410][T31092] vfs_read+0x1e4/0xcf0 [ 1551.678437][T31092] ? __pfx_vfs_read+0x10/0x10 [ 1551.678453][T31092] ? find_held_lock+0x2b/0x80 [ 1551.678477][T31092] ? __fget_files+0x20e/0x3c0 [ 1551.678493][T31092] ? handle_mm_fault+0x200/0xd10 [ 1551.678517][T31092] ksys_read+0x12a/0x250 [ 1551.678536][T31092] ? __pfx_ksys_read+0x10/0x10 [ 1551.678557][T31092] ? rcu_is_watching+0x12/0xc0 [ 1551.678579][T31092] __do_fast_syscall_32+0x7c/0x3a0 [ 1551.678605][T31092] do_fast_syscall_32+0x32/0x80 [ 1551.678629][T31092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1551.678653][T31092] RIP: 0023:0xf7fa8579 [ 1551.678666][T31092] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1551.678683][T31092] RSP: 002b:00000000f54c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1551.678704][T31092] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f54c6620 [ 1551.678715][T31092] RDX: 000000000000000f RSI: 00000000f7434ff4 RDI: 0000000000000000 [ 1551.678725][T31092] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1551.678735][T31092] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1551.678745][T31092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1551.678773][T31092] [ 1551.781693][T31096] lo speed is unknown, defaulting to 1000 [ 1551.784555][T31096] lo speed is unknown, defaulting to 1000 [ 1551.875664][T31100] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1552.973908][T31114] netlink: 'syz.6.7336': attribute type 3 has an invalid length. [ 1552.987947][T31114] 9pnet_fd: Insufficient options for proto=fd [ 1552.988391][T31118] FAULT_INJECTION: forcing a failure. [ 1552.988391][T31118] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1552.994620][T31118] CPU: 0 UID: 0 PID: 31118 Comm: syz.0.7338 Not tainted syzkaller #0 PREEMPT(full) [ 1552.994636][T31118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1552.994643][T31118] Call Trace: [ 1552.994647][T31118] [ 1552.994652][T31118] dump_stack_lvl+0x16c/0x1f0 [ 1552.994670][T31118] should_fail_ex+0x512/0x640 [ 1552.994689][T31118] _copy_to_user+0x32/0xd0 [ 1552.994700][T31118] simple_read_from_buffer+0xcb/0x170 [ 1552.994714][T31118] proc_fail_nth_read+0x197/0x240 [ 1552.994727][T31118] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1552.994744][T31118] ? rw_verify_area+0xcf/0x6c0 [ 1552.994755][T31118] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1552.994766][T31118] vfs_read+0x1e4/0xcf0 [ 1552.994781][T31118] ? __pfx_vfs_read+0x10/0x10 [ 1552.994792][T31118] ? find_held_lock+0x2b/0x80 [ 1552.994807][T31118] ? __fget_files+0x20e/0x3c0 [ 1552.994822][T31118] ksys_read+0x12a/0x250 [ 1552.994835][T31118] ? __pfx_ksys_read+0x10/0x10 [ 1552.994848][T31118] ? rcu_is_watching+0x12/0xc0 [ 1552.994861][T31118] __do_fast_syscall_32+0x7c/0x3a0 [ 1552.994877][T31118] do_fast_syscall_32+0x32/0x80 [ 1552.994892][T31118] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1552.994906][T31118] RIP: 0023:0xf703e579 [ 1552.994915][T31118] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1552.994926][T31118] RSP: 002b:00000000f542e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1552.994937][T31118] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542e620 [ 1552.994944][T31118] RDX: 000000000000000f RSI: 00000000f73a4ff4 RDI: 0000000000000000 [ 1552.994950][T31118] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1552.994956][T31118] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1552.994962][T31118] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1552.994975][T31118] [ 1553.466881][T31136] FAULT_INJECTION: forcing a failure. [ 1553.466881][T31136] name failslab, interval 1, probability 0, space 0, times 0 [ 1553.470980][T31136] CPU: 3 UID: 0 PID: 31136 Comm: syz.0.7343 Not tainted syzkaller #0 PREEMPT(full) [ 1553.470997][T31136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1553.471004][T31136] Call Trace: [ 1553.471009][T31136] [ 1553.471014][T31136] dump_stack_lvl+0x16c/0x1f0 [ 1553.471032][T31136] should_fail_ex+0x512/0x640 [ 1553.471047][T31136] ? fs_reclaim_acquire+0xae/0x150 [ 1553.471065][T31136] ? tomoyo_encode2+0x100/0x3e0 [ 1553.471080][T31136] should_failslab+0xc2/0x120 [ 1553.471095][T31136] __kmalloc_noprof+0xd2/0x510 [ 1553.471107][T31136] ? d_absolute_path+0x136/0x1a0 [ 1553.471125][T31136] tomoyo_encode2+0x100/0x3e0 [ 1553.471142][T31136] tomoyo_encode+0x29/0x50 [ 1553.471156][T31136] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1553.471205][T31136] tomoyo_path_number_perm+0x245/0x580 [ 1553.471218][T31136] ? tomoyo_path_number_perm+0x237/0x580 [ 1553.471233][T31136] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1553.471260][T31136] ? find_held_lock+0x2b/0x80 [ 1553.471271][T31136] ? hook_file_ioctl_common+0x145/0x410 [ 1553.471291][T31136] ? __fget_files+0x20e/0x3c0 [ 1553.471326][T31136] security_file_ioctl_compat+0x9b/0x240 [ 1553.471342][T31136] __ia32_compat_sys_ioctl+0xc3/0x370 [ 1553.471360][T31136] __do_fast_syscall_32+0x7c/0x3a0 [ 1553.471377][T31136] do_fast_syscall_32+0x32/0x80 [ 1553.471392][T31136] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1553.471406][T31136] RIP: 0023:0xf703e579 [ 1553.471415][T31136] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1553.471425][T31136] RSP: 002b:00000000f542e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1553.471436][T31136] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72 [ 1553.471443][T31136] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 1553.471449][T31136] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1553.471456][T31136] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1553.471462][T31136] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1553.471475][T31136] [ 1553.471527][T31136] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1553.684019][ T10] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 1553.744105][ T7004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1553.848369][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1553.853198][ T10] usb 6-1: config 6 has an invalid interface number: 200 but max is 0 [ 1553.856946][ T10] usb 6-1: config 6 has no interface number 0 [ 1553.859098][ T10] usb 6-1: config 6 interface 200 has no altsetting 0 [ 1553.865094][ T10] usb 6-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 1553.868098][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1553.870663][ T10] usb 6-1: Product: syz [ 1553.872394][ T10] usb 6-1: Manufacturer: syz [ 1553.874109][ T10] usb 6-1: SerialNumber: syz [ 1554.111233][ T10] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 1554.115710][ T10] dvb-usb: bulk message failed: -71 (3/0) [ 1554.121048][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1554.125507][ T10] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 1554.128426][ T10] usb 6-1: media controller created [ 1554.140710][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1554.158004][ T10] dvb-usb: bulk message failed: -71 (6/0) [ 1554.161428][ T10] dvb-usb: bulk message failed: -71 (6/0) [ 1554.163656][ T10] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 1554.168620][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input44 [ 1554.174482][ T10] dvb-usb: schedule remote query interval to 150 msecs. [ 1554.176810][ T10] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 1554.183477][ T10] usb 6-1: USB disconnect, device number 75 [ 1554.227847][ T10] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 1554.321852][T31154] Bluetooth: MGMT ver 1.23 [ 1554.385297][ T60] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1554.910616][T31164] 9pnet_virtio: no channels available for device syz [ 1555.590655][T31182] FAULT_INJECTION: forcing a failure. [ 1555.590655][T31182] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1555.596913][T31182] CPU: 3 UID: 0 PID: 31182 Comm: syz.1.7358 Not tainted syzkaller #0 PREEMPT(full) [ 1555.596933][T31182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1555.596943][T31182] Call Trace: [ 1555.596948][T31182] [ 1555.596953][T31182] dump_stack_lvl+0x16c/0x1f0 [ 1555.596972][T31182] should_fail_ex+0x512/0x640 [ 1555.596989][T31182] _copy_from_user+0x2e/0xd0 [ 1555.597007][T31182] do_handle_open+0x5ca/0xc50 [ 1555.597020][T31182] ? __pfx_do_handle_open+0x10/0x10 [ 1555.597034][T31182] ? ksys_write+0x1ac/0x250 [ 1555.597046][T31182] ? __pfx_ksys_write+0x10/0x10 [ 1555.597062][T31182] ? __do_fast_syscall_32+0x7c/0x3a0 [ 1555.597077][T31182] __do_fast_syscall_32+0x7c/0x3a0 [ 1555.597093][T31182] do_fast_syscall_32+0x32/0x80 [ 1555.597108][T31182] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1555.597122][T31182] RIP: 0023:0xf7fa8579 [ 1555.597131][T31182] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1555.597142][T31182] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000156 [ 1555.597167][T31182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 1555.597175][T31182] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1555.597181][T31182] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1555.597187][T31182] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1555.597194][T31182] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1555.597209][T31182] [ 1555.945802][ T10] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 1556.094197][ T10] usb 10-1: Using ep0 maxpacket: 32 [ 1556.098386][ T10] usb 10-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 1556.101966][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1556.106768][ T10] usb 10-1: config 0 descriptor?? [ 1556.119747][ T10] as10x_usb: device has been detected [ 1556.125425][ T10] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 1556.151882][ T10] usb 10-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 1556.178356][ T10] as10x_usb: error during firmware upload part1 [ 1556.182428][ T10] Registered device nBox DVB-T Dongle [ 1556.318326][T19804] usb 10-1: USB disconnect, device number 6 [ 1556.344932][T19804] Unregistered device nBox DVB-T Dongle [ 1556.346138][T19804] as10x_usb: device has been disconnected [ 1556.858564][T31210] random: crng reseeded on system resumption [ 1558.128127][T31231] FAULT_INJECTION: forcing a failure. [ 1558.128127][T31231] name failslab, interval 1, probability 0, space 0, times 0 [ 1558.128160][T31231] CPU: 0 UID: 0 PID: 31231 Comm: syz.1.7376 Not tainted syzkaller #0 PREEMPT(full) [ 1558.128178][T31231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1558.128190][T31231] Call Trace: [ 1558.128196][T31231] [ 1558.128203][T31231] dump_stack_lvl+0x16c/0x1f0 [ 1558.128231][T31231] should_fail_ex+0x512/0x640 [ 1558.128255][T31231] ? fs_reclaim_acquire+0xae/0x150 [ 1558.128282][T31231] should_failslab+0xc2/0x120 [ 1558.128305][T31231] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1558.128322][T31231] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1558.128346][T31231] ? kobject_uevent_env+0x265/0x1870 [ 1558.128377][T31231] kobject_uevent_env+0x265/0x1870 [ 1558.128402][T31231] ? __pfx_dev_uevent_name+0x10/0x10 [ 1558.128427][T31231] ? bus_to_subsys+0x131/0x160 [ 1558.128450][T31231] device_del+0x623/0x9f0 [ 1558.128476][T31231] ? __pfx_device_del+0x10/0x10 [ 1558.128514][T31231] device_unregister+0x1d/0xc0 [ 1558.128536][T31231] device_destroy+0x99/0xe0 [ 1558.128559][T31231] ? __pfx_device_destroy+0x10/0x10 [ 1558.128588][T31231] vcs_remove_sysfs+0x21/0x50 [ 1558.128606][T31231] vc_deallocate+0x1a9/0x470 [ 1558.128627][T31231] ? __pfx_vc_deallocate+0x10/0x10 [ 1558.128649][T31231] ? rcu_is_watching+0x12/0xc0 [ 1558.128674][T31231] vt_disallocate_all+0x291/0x4d0 [ 1558.128694][T31231] ? __pfx_vt_disallocate_all+0x10/0x10 [ 1558.128710][T31231] ? kasan_save_stack+0x42/0x60 [ 1558.128767][T31231] ? apparmor_capable+0x114/0x1d0 [ 1558.128791][T31231] ? bpf_lsm_capable+0x9/0x10 [ 1558.128807][T31231] ? security_capable+0x7e/0x260 [ 1558.128828][T31231] vt_ioctl+0x132d/0x30a0 [ 1558.128848][T31231] ? __pfx_vt_ioctl+0x10/0x10 [ 1558.128866][T31231] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1558.128895][T31231] ? rcu_is_watching+0x12/0xc0 [ 1558.128914][T31231] ? aa_get_newest_label+0xd2/0x250 [ 1558.128934][T31231] ? apparmor_capable+0x114/0x1d0 [ 1558.128955][T31231] ? bpf_lsm_capable+0x9/0x10 [ 1558.128971][T31231] ? security_capable+0x7e/0x260 [ 1558.128990][T31231] vt_compat_ioctl+0x237/0x4e0 [ 1558.129008][T31231] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 1558.129024][T31231] ? hook_file_ioctl_common+0x145/0x410 [ 1558.129050][T31231] ? __fget_files+0x20e/0x3c0 [ 1558.129063][T31231] ? __pfx_vt_compat_ioctl+0x10/0x10 [ 1558.129075][T31231] tty_compat_ioctl+0x2ee/0x4d0 [ 1558.129089][T31231] ? __pfx_tty_compat_ioctl+0x10/0x10 [ 1558.129104][T31231] __ia32_compat_sys_ioctl+0x242/0x370 [ 1558.129123][T31231] __do_fast_syscall_32+0x7c/0x3a0 [ 1558.129163][T31231] do_fast_syscall_32+0x32/0x80 [ 1558.129180][T31231] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1558.129194][T31231] RIP: 0023:0xf7fa8579 [ 1558.129204][T31231] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1558.129214][T31231] RSP: 002b:00000000f54a555c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1558.129225][T31231] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000005608 [ 1558.129232][T31231] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1558.129238][T31231] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1558.129244][T31231] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1558.129251][T31231] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1558.129264][T31231] [ 1558.438692][T31250] lo speed is unknown, defaulting to 1000 [ 1558.448619][T31250] lo speed is unknown, defaulting to 1000 [ 1558.866806][ T60] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1559.170594][T31270] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 1559.473312][T31279] FAULT_INJECTION: forcing a failure. [ 1559.473312][T31279] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1559.478775][T31279] CPU: 1 UID: 0 PID: 31279 Comm: syz.6.7391 Not tainted syzkaller #0 PREEMPT(full) [ 1559.478795][T31279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1559.478802][T31279] Call Trace: [ 1559.478806][T31279] [ 1559.478810][T31279] dump_stack_lvl+0x16c/0x1f0 [ 1559.478829][T31279] should_fail_ex+0x512/0x640 [ 1559.478846][T31279] _copy_to_user+0x32/0xd0 [ 1559.478858][T31279] simple_read_from_buffer+0xcb/0x170 [ 1559.478871][T31279] proc_fail_nth_read+0x197/0x240 [ 1559.478883][T31279] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1559.478896][T31279] ? rw_verify_area+0xcf/0x6c0 [ 1559.478907][T31279] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1559.478918][T31279] vfs_read+0x1e4/0xcf0 [ 1559.478945][T31279] ? __pfx_vfs_read+0x10/0x10 [ 1559.478958][T31279] ? find_held_lock+0x2b/0x80 [ 1559.478980][T31279] ? __fget_files+0x20e/0x3c0 [ 1559.479005][T31279] ksys_read+0x12a/0x250 [ 1559.479020][T31279] ? __pfx_ksys_read+0x10/0x10 [ 1559.479034][T31279] ? fput+0x9b/0xd0 [ 1559.479055][T31279] ? rcu_is_watching+0x12/0xc0 [ 1559.479071][T31279] __do_fast_syscall_32+0x7c/0x3a0 [ 1559.479088][T31279] do_fast_syscall_32+0x32/0x80 [ 1559.479103][T31279] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1559.479116][T31279] RIP: 0023:0xf7f88579 [ 1559.479125][T31279] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1559.479136][T31279] RSP: 002b:00000000f5485590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1559.479148][T31279] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5485620 [ 1559.479154][T31279] RDX: 000000000000000f RSI: 00000000f7414ff4 RDI: 0000000000000000 [ 1559.479161][T31279] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1559.479167][T31279] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1559.479173][T31279] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1559.479187][T31279] [ 1559.555837][ T7011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1561.663853][T15250] Bluetooth: hci4: command 0x1003 tx timeout [ 1561.666485][ T5986] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1563.747755][T31363] sctp: [Deprecated]: syz.0.7417 (pid 31363) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1563.747755][T31363] Use struct sctp_sack_info instead [ 1563.795248][T31365] veth1_macvtap: left promiscuous mode [ 1564.088796][T31374] overlayfs: missing 'lowerdir' [ 1564.313029][T31378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7422'. [ 1564.624055][ T7051] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1565.264517][ T7011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1566.457639][T31410] netlink: 'syz.5.7432': attribute type 1 has an invalid length. [ 1566.726562][T31414] overlayfs: missing 'lowerdir' [ 1567.078723][T31421] syzkaller0: entered promiscuous mode [ 1567.080671][T31421] syzkaller0: entered allmulticast mode [ 1567.088402][T31421] binder: 31420:31421 ioctl c00c620f 800003c0 returned -22 [ 1567.647394][T31434] FAULT_INJECTION: forcing a failure. [ 1567.647394][T31434] name failslab, interval 1, probability 0, space 0, times 0 [ 1567.653274][T31434] CPU: 0 UID: 0 PID: 31434 Comm: syz.6.7439 Not tainted syzkaller #0 PREEMPT(full) [ 1567.653296][T31434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1567.653308][T31434] Call Trace: [ 1567.653315][T31434] [ 1567.653322][T31434] dump_stack_lvl+0x16c/0x1f0 [ 1567.653347][T31434] should_fail_ex+0x512/0x640 [ 1567.653369][T31434] ? fs_reclaim_acquire+0xae/0x150 [ 1567.653396][T31434] ? tomoyo_encode2+0x100/0x3e0 [ 1567.653417][T31434] should_failslab+0xc2/0x120 [ 1567.653437][T31434] __kmalloc_noprof+0xd2/0x510 [ 1567.653455][T31434] ? d_absolute_path+0x136/0x1a0 [ 1567.653481][T31434] tomoyo_encode2+0x100/0x3e0 [ 1567.653525][T31434] tomoyo_encode+0x29/0x50 [ 1567.653549][T31434] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1567.653580][T31434] tomoyo_path_number_perm+0x245/0x580 [ 1567.653599][T31434] ? tomoyo_path_number_perm+0x237/0x580 [ 1567.653621][T31434] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1567.653671][T31434] ? find_held_lock+0x2b/0x80 [ 1567.653688][T31434] ? hook_file_ioctl_common+0x145/0x410 [ 1567.653712][T31434] ? __fget_files+0x20e/0x3c0 [ 1567.653734][T31434] security_file_ioctl_compat+0x9b/0x240 [ 1567.653758][T31434] __ia32_compat_sys_ioctl+0xc3/0x370 [ 1567.653788][T31434] __do_fast_syscall_32+0x7c/0x3a0 [ 1567.653816][T31434] do_fast_syscall_32+0x32/0x80 [ 1567.653840][T31434] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1567.653862][T31434] RIP: 0023:0xf7f88579 [ 1567.653875][T31434] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1567.653893][T31434] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1567.653911][T31434] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000090009427 [ 1567.653923][T31434] RDX: 0000000080012b80 RSI: 0000000000000000 RDI: 0000000000000000 [ 1567.653935][T31434] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1567.653944][T31434] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1567.653953][T31434] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1567.653975][T31434] [ 1567.740479][T31434] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1567.993697][ T5986] Bluetooth: hci3: command 0x0406 tx timeout [ 1568.566899][T31448] pim6reg: entered allmulticast mode [ 1569.309348][T31461] overlayfs: missing 'lowerdir' [ 1570.020038][T31470] FAULT_INJECTION: forcing a failure. [ 1570.020038][T31470] name failslab, interval 1, probability 0, space 0, times 0 [ 1570.020060][T31470] CPU: 1 UID: 0 PID: 31470 Comm: syz.0.7449 Not tainted syzkaller #0 PREEMPT(full) [ 1570.020073][T31470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1570.020080][T31470] Call Trace: [ 1570.020085][T31470] [ 1570.020090][T31470] dump_stack_lvl+0x16c/0x1f0 [ 1570.020107][T31470] should_fail_ex+0x512/0x640 [ 1570.020126][T31470] ? bit_cursor+0x885/0x17e0 [ 1570.020139][T31470] should_failslab+0xc2/0x120 [ 1570.020155][T31470] __kmalloc_noprof+0xd2/0x510 [ 1570.020171][T31470] bit_cursor+0x885/0x17e0 [ 1570.020189][T31470] ? __pfx_bit_cursor+0x10/0x10 [ 1570.020208][T31470] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1570.020226][T31470] ? get_color+0x1da/0x450 [ 1570.020239][T31470] ? __pfx_bit_cursor+0x10/0x10 [ 1570.020252][T31470] fbcon_cursor+0x40c/0x5f0 [ 1570.020268][T31470] hide_cursor+0x84/0x220 [ 1570.020282][T31470] do_con_write+0x23f7/0x8280 [ 1570.020297][T31470] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1570.020314][T31470] ? __pfx___might_resched+0x10/0x10 [ 1570.020326][T31470] ? rcu_is_watching+0x12/0xc0 [ 1570.020343][T31470] ? trace_contention_end+0xdd/0x130 [ 1570.020357][T31470] ? __mutex_lock+0x1c5/0x1060 [ 1570.020372][T31470] ? n_tty_write+0x44e/0x11e0 [ 1570.020383][T31470] ? __pfx_do_con_write+0x10/0x10 [ 1570.020401][T31470] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1570.020419][T31470] con_write+0x23/0xb0 [ 1570.020433][T31470] do_output_char+0x5d9/0x840 [ 1570.020451][T31470] n_tty_write+0x4ff/0x11e0 [ 1570.020467][T31470] ? __pfx_n_tty_write+0x10/0x10 [ 1570.020477][T31470] ? rcu_is_watching+0x12/0xc0 [ 1570.020487][T31470] ? __pfx_woken_wake_function+0x10/0x10 [ 1570.020505][T31470] ? kfree+0x24f/0x4d0 [ 1570.020514][T31470] ? file_tty_write.constprop.0+0x6ef/0x9b0 [ 1570.020530][T31470] ? __pfx_n_tty_write+0x10/0x10 [ 1570.020540][T31470] file_tty_write.constprop.0+0x504/0x9b0 [ 1570.020559][T31470] vfs_write+0x7d0/0x11d0 [ 1570.020572][T31470] ? __pfx_tty_write+0x10/0x10 [ 1570.020588][T31470] ? __pfx_vfs_write+0x10/0x10 [ 1570.020599][T31470] ? find_held_lock+0x2b/0x80 [ 1570.020618][T31470] ksys_write+0x12a/0x250 [ 1570.020630][T31470] ? __pfx_ksys_write+0x10/0x10 [ 1570.020644][T31470] ? rcu_is_watching+0x12/0xc0 [ 1570.020657][T31470] __do_fast_syscall_32+0x7c/0x3a0 [ 1570.020674][T31470] do_fast_syscall_32+0x32/0x80 [ 1570.020688][T31470] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1570.020702][T31470] RIP: 0023:0xf703e579 [ 1570.020711][T31470] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1570.020722][T31470] RSP: 002b:00000000f542e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 1570.020732][T31470] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002080 [ 1570.020739][T31470] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000 [ 1570.020745][T31470] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1570.020751][T31470] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1570.020757][T31470] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1570.020771][T31470] [ 1570.154534][T31475] 9pnet_fd: Insufficient options for proto=fd [ 1570.155295][T31474] 9pnet_fd: Insufficient options for proto=fd [ 1570.185640][T31475] netlink: 'syz.5.7451': attribute type 1 has an invalid length. [ 1570.185690][T31474] netlink: 'syz.5.7451': attribute type 1 has an invalid length. [ 1570.216160][T31475] netlink: 'syz.5.7451': attribute type 1 has an invalid length. [ 1570.216182][T31475] netlink: 224 bytes leftover after parsing attributes in process `syz.5.7451'. [ 1570.243207][T31474] netlink: 'syz.5.7451': attribute type 1 has an invalid length. [ 1570.244117][T31474] netlink: 224 bytes leftover after parsing attributes in process `syz.5.7451'. [ 1570.309259][T31475] bond1: entered promiscuous mode [ 1570.383994][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1573.244037][T29123] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1573.415033][T29123] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1573.418106][T29123] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1573.421577][T29123] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1573.425201][T29123] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1573.430733][T29123] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1573.434258][T29123] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1573.437098][T29123] usb 10-1: Product: syz [ 1573.438648][T29123] usb 10-1: Manufacturer: syz [ 1573.455807][T29123] cdc_wdm 10-1:1.0: skipping garbage [ 1573.457638][T29123] cdc_wdm 10-1:1.0: skipping garbage [ 1573.464398][T29123] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device [ 1573.466577][T29123] cdc_wdm 10-1:1.0: Unknown control protocol [ 1573.658303][T31528] overlayfs: invalid origin (00000079000000030000008016008000000000800000800000000000000000000000000000000000000000001104006000000000000000000000000000000000) [ 1573.674668][ T6056] usb 10-1: USB disconnect, device number 7 [ 1574.433493][T31546] futex_wake_op: syz.1.7467 tries to shift op by 32; fix this program [ 1574.864385][ T7004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1575.191655][T31561] futex_wake_op: syz.5.7473 tries to shift op by 32; fix this program [ 1576.155502][ T7004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1576.715291][T31589] overlayfs: missing 'lowerdir' [ 1577.380827][T31600] overlay: filesystem on ./bus not supported as upperdir [ 1577.657682][T31610] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7488'. [ 1577.661442][T31610] netlink: 5948 bytes leftover after parsing attributes in process `syz.1.7488'. [ 1577.668233][T31610] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7488'. [ 1577.880458][T31613] overlayfs: missing 'lowerdir' [ 1578.722052][ T40] kauditd_printk_skb: 1726 callbacks suppressed [ 1578.722064][ T40] audit: type=1326 audit(1756129732.071:17120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.731803][ T40] audit: type=1326 audit(1756129732.081:17121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.740813][ T40] audit: type=1326 audit(1756129732.081:17122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.749361][ T40] audit: type=1326 audit(1756129732.081:17123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.757087][ T40] audit: type=1326 audit(1756129732.081:17124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.765735][ T40] audit: type=1326 audit(1756129732.081:17125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.773678][ T40] audit: type=1326 audit(1756129732.081:17126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.781984][ T40] audit: type=1326 audit(1756129732.081:17127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.789532][ T40] audit: type=1326 audit(1756129732.081:17128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1578.798189][ T40] audit: type=1326 audit(1756129732.081:17129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31629 comm="syz.0.7495" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e579 code=0x7ffc0000 [ 1579.395213][T31658] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7503'. [ 1579.399637][T31658] netlink: 5948 bytes leftover after parsing attributes in process `syz.6.7503'. [ 1579.403808][T31658] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7503'. [ 1579.983943][ T7002] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1580.567590][T31684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7511'. [ 1580.570979][T31684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7511'. [ 1580.573870][T31684] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7511'. [ 1580.985567][T31690] FAULT_INJECTION: forcing a failure. [ 1580.985567][T31690] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1580.991197][T31690] CPU: 3 UID: 0 PID: 31690 Comm: syz.1.7512 Not tainted syzkaller #0 PREEMPT(full) [ 1580.991223][T31690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1580.991234][T31690] Call Trace: [ 1580.991241][T31690] [ 1580.991249][T31690] dump_stack_lvl+0x16c/0x1f0 [ 1580.991276][T31690] should_fail_ex+0x512/0x640 [ 1580.991304][T31690] strncpy_from_user+0x3b/0x2e0 [ 1580.991330][T31690] getname_flags.part.0+0x8f/0x550 [ 1580.991362][T31690] getname_flags+0x93/0xf0 [ 1580.991383][T31690] __ia32_sys_rename+0x64/0xa0 [ 1580.991407][T31690] __do_fast_syscall_32+0x7c/0x3a0 [ 1580.991435][T31690] do_fast_syscall_32+0x32/0x80 [ 1580.991459][T31690] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1580.991481][T31690] RIP: 0023:0xf7fa8579 [ 1580.991496][T31690] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1580.991519][T31690] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000026 [ 1580.991538][T31690] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 0000000080000240 [ 1580.991549][T31690] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1580.991559][T31690] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1580.991569][T31690] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1580.991580][T31690] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1580.991602][T31690] [ 1581.470939][T31700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7516'. [ 1581.904021][ T7031] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1583.782879][T31747] __nla_validate_parse: 2 callbacks suppressed [ 1583.782897][T31747] netlink: 27 bytes leftover after parsing attributes in process `syz.0.7533'. [ 1583.821102][ T40] kauditd_printk_skb: 47 callbacks suppressed [ 1583.821120][ T40] audit: type=1326 audit(1756129737.171:17177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31745 comm="syz.0.7533" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x0 [ 1583.848820][T31750] tun0: tun_chr_ioctl cmd 1074025675 [ 1583.850992][T31750] tun0: persist disabled [ 1583.923464][T31755] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7533'. [ 1584.963784][ T29] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 1585.193683][ T29] usb 11-1: Using ep0 maxpacket: 8 [ 1585.200245][ T29] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1585.204186][ T29] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1585.207560][ T29] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1585.211571][ T29] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1585.215556][ T29] usb 11-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1585.218801][ T29] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1585.228495][T31784] overlayfs: missing 'lowerdir' [ 1585.251128][ T29] hub 11-1:1.0: bad descriptor, ignoring hub [ 1585.253141][ T29] hub 11-1:1.0: probe with driver hub failed with error -5 [ 1585.258664][ T29] cdc_wdm 11-1:1.0: skipping garbage [ 1585.260590][ T29] cdc_wdm 11-1:1.0: skipping garbage [ 1585.271903][ T29] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 1585.274026][ T29] cdc_wdm 11-1:1.0: Unknown control protocol [ 1585.498301][T31788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1585.501535][T31788] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1585.744830][T31790] overlayfs: missing 'lowerdir' [ 1585.746732][ T7011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1586.014813][T31792] netlink: 'syz.1.7548': attribute type 1 has an invalid length. [ 1586.101845][T31792] could not allocate digest TFM handle sha1-ssse3 [ 1586.294436][T31771] cdc_wdm 11-1:1.0: Error autopm - -16 [ 1586.443991][T29122] usb 11-1: USB disconnect, device number 7 [ 1587.137427][T31806] overlayfs: missing 'lowerdir' [ 1587.673836][ T7051] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1589.128583][T31835] 9pnet_virtio: no channels available for device syz [ 1590.200549][T31853] overlayfs: missing 'lowerdir' [ 1590.297107][T31856] netlink: 'syz.5.7566': attribute type 4 has an invalid length. [ 1590.302321][T31856] netlink: 'syz.5.7566': attribute type 10 has an invalid length. [ 1590.309825][T31856] netlink: 'syz.5.7566': attribute type 11 has an invalid length. [ 1590.607911][T31862] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input45 [ 1591.294199][T31864] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1591.296510][T31864] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1591.299253][T31864] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1591.318784][T31864] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1591.321540][T31864] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1591.373961][T31864] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1591.504939][ T7031] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1591.898527][T31887] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 1591.900705][T31887] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1591.903168][T31887] vhci_hcd vhci_hcd.0: Device attached [ 1592.163584][T12168] usb 37-1: new high-speed USB device number 18 using vhci_hcd [ 1592.271386][T31888] vhci_hcd: connection reset by peer [ 1592.273790][ T80] vhci_hcd: stop threads [ 1592.275427][ T80] vhci_hcd: release socket [ 1592.277043][ T80] vhci_hcd: disconnect device [ 1592.633869][ T5986] Bluetooth: hci1: command 0x0419 tx timeout [ 1593.191115][T31904] FAULT_INJECTION: forcing a failure. [ 1593.191115][T31904] name failslab, interval 1, probability 0, space 0, times 0 [ 1593.195241][T31904] CPU: 2 UID: 0 PID: 31904 Comm: syz.1.7579 Not tainted syzkaller #0 PREEMPT(full) [ 1593.195257][T31904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1593.195264][T31904] Call Trace: [ 1593.195268][T31904] [ 1593.195273][T31904] dump_stack_lvl+0x16c/0x1f0 [ 1593.195298][T31904] should_fail_ex+0x512/0x640 [ 1593.195316][T31904] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1593.195329][T31904] should_failslab+0xc2/0x120 [ 1593.195343][T31904] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1593.195354][T31904] ? sync_file_alloc+0x3c/0x160 [ 1593.195370][T31904] sync_file_alloc+0x3c/0x160 [ 1593.195383][T31904] sync_file_create+0x17/0xf0 [ 1593.195397][T31904] sw_sync_ioctl+0x8a2/0xfd0 [ 1593.195414][T31904] ? __pfx_sw_sync_ioctl+0x10/0x10 [ 1593.195428][T31904] ? hook_file_ioctl_common+0x145/0x410 [ 1593.195493][T31904] ? __fget_files+0x20e/0x3c0 [ 1593.195511][T31904] ? __pfx_sw_sync_ioctl+0x10/0x10 [ 1593.195527][T31904] compat_ptr_ioctl+0x6e/0xa0 [ 1593.195544][T31904] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 1593.195561][T31904] __ia32_compat_sys_ioctl+0x242/0x370 [ 1593.195580][T31904] __do_fast_syscall_32+0x7c/0x3a0 [ 1593.195598][T31904] do_fast_syscall_32+0x32/0x80 [ 1593.195613][T31904] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1593.195627][T31904] RIP: 0023:0xf7fa8579 [ 1593.195637][T31904] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1593.195648][T31904] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1593.195659][T31904] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0285700 [ 1593.195666][T31904] RDX: 00000000800007c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1593.195673][T31904] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1593.195680][T31904] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1593.195686][T31904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1593.195700][T31904] [ 1593.353824][ T5986] Bluetooth: hci2: command 0x0c1a tx timeout [ 1593.353834][T15250] Bluetooth: hci3: command 0x0406 tx timeout [ 1593.427332][ T7002] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1594.086529][T31917] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7583'. [ 1595.423732][T15250] Bluetooth: hci2: command 0x0c1a tx timeout [ 1595.423741][ T5986] Bluetooth: hci3: command 0x0406 tx timeout [ 1596.363725][ T1326] usb 11-1: new high-speed USB device number 8 using dummy_hcd [ 1596.496655][ T1326] usb 11-1: device descriptor read/64, error -71 [ 1596.733874][ T1326] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 1597.044978][T31977] overlayfs: missing 'lowerdir' [ 1597.208800][T31980] netlink: 5948 bytes leftover after parsing attributes in process `syz.0.7601'. [ 1597.216887][T31980] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7601'. [ 1597.274159][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1597.274397][T12168] vhci_hcd: vhci_device speed not set [ 1597.503733][ T5986] Bluetooth: hci2: command 0x0c1a tx timeout [ 1597.693766][ T1326] usb 11-1: device descriptor read/64, error -71 [ 1597.767044][T31989] FAULT_INJECTION: forcing a failure. [ 1597.767044][T31989] name failslab, interval 1, probability 0, space 0, times 0 [ 1597.771666][T31989] CPU: 0 UID: 0 PID: 31989 Comm: syz.1.7605 Not tainted syzkaller #0 PREEMPT(full) [ 1597.771683][T31989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1597.771691][T31989] Call Trace: [ 1597.771697][T31989] [ 1597.771702][T31989] dump_stack_lvl+0x16c/0x1f0 [ 1597.771721][T31989] should_fail_ex+0x512/0x640 [ 1597.771737][T31989] ? fs_reclaim_acquire+0xae/0x150 [ 1597.771754][T31989] ? tomoyo_encode2+0x100/0x3e0 [ 1597.771769][T31989] should_failslab+0xc2/0x120 [ 1597.771787][T31989] __kmalloc_noprof+0xd2/0x510 [ 1597.771803][T31989] tomoyo_encode2+0x100/0x3e0 [ 1597.771820][T31989] tomoyo_encode+0x29/0x50 [ 1597.771839][T31989] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1597.771856][T31989] ? tomoyo_profile+0x47/0x60 [ 1597.771868][T31989] tomoyo_path_number_perm+0x245/0x580 [ 1597.771881][T31989] ? tomoyo_path_number_perm+0x237/0x580 [ 1597.771895][T31989] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1597.771922][T31989] ? find_held_lock+0x2b/0x80 [ 1597.771933][T31989] ? hook_file_ioctl_common+0x145/0x410 [ 1597.771951][T31989] ? __fget_files+0x20e/0x3c0 [ 1597.771966][T31989] security_file_ioctl_compat+0x9b/0x240 [ 1597.771981][T31989] __ia32_compat_sys_ioctl+0xc3/0x370 [ 1597.772000][T31989] __do_fast_syscall_32+0x7c/0x3a0 [ 1597.772016][T31989] do_fast_syscall_32+0x32/0x80 [ 1597.772031][T31989] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1597.772045][T31989] RIP: 0023:0xf7fa8579 [ 1597.772053][T31989] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1597.772064][T31989] RSP: 002b:00000000f54c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1597.772079][T31989] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004140aecd [ 1597.772086][T31989] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1597.772092][T31989] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1597.772098][T31989] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1597.772105][T31989] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1597.772121][T31989] [ 1597.772136][T31989] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1597.814019][ T1326] usb usb11-port1: attempt power cycle [ 1598.183860][ T1326] usb 11-1: new high-speed USB device number 10 using dummy_hcd [ 1598.205680][ T1326] usb 11-1: device descriptor read/8, error -71 [ 1598.463904][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1598.463915][ T1326] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 1598.484504][ T1326] usb 11-1: device descriptor read/8, error -71 [ 1598.594571][ T1326] usb usb11-port1: unable to enumerate USB device [ 1599.089165][T32013] tipc: Enabled bearer , priority 0 [ 1599.095239][T32013] syzkaller0: MTU too low for tipc bearer [ 1599.097649][T32013] tipc: Disabling bearer [ 1599.210306][T32018] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7613'. [ 1599.253440][T32019] netlink: 'syz.6.7612': attribute type 10 has an invalid length. [ 1599.406567][T32028] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7616'. [ 1599.411762][T32028] netlink: 5948 bytes leftover after parsing attributes in process `syz.1.7616'. [ 1599.419077][T32028] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7616'. [ 1599.511870][T32024] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1599.521182][T32024] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1599.527716][T32024] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1601.451649][T15250] Bluetooth: hci1: command 0x0419 tx timeout [ 1601.594540][T15250] Bluetooth: hci2: command 0x0c1a tx timeout [ 1601.605996][ T5986] Bluetooth: hci3: command 0x0406 tx timeout [ 1602.303628][ T34] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 1602.513710][ T34] usb 10-1: Using ep0 maxpacket: 8 [ 1602.516655][ T34] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1602.520755][ T34] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1602.524190][ T34] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1602.527986][ T34] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1602.531533][ T34] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1602.534797][ T34] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1602.540611][ T34] hub 10-1:1.0: bad descriptor, ignoring hub [ 1602.542674][ T34] hub 10-1:1.0: probe with driver hub failed with error -5 [ 1602.546052][ T34] cdc_wdm 10-1:1.0: skipping garbage [ 1602.547887][ T34] cdc_wdm 10-1:1.0: skipping garbage [ 1602.550546][ T34] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device [ 1602.552471][ T34] cdc_wdm 10-1:1.0: Unknown control protocol [ 1602.726332][T32087] overlayfs: missing 'lowerdir' [ 1602.794658][T32088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1602.800913][T32088] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1602.824116][ T34] usb 10-1: USB disconnect, device number 8 [ 1603.024306][ T7031] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1603.673951][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1604.076267][T32102] overlayfs: missing 'lowerdir' [ 1605.023684][ T1326] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 1605.175196][ T1326] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1605.178566][ T1326] usb 6-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config [ 1605.182873][ T1326] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1605.186667][ T1326] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1605.193720][ T1326] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1605.196880][ T1326] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1605.199842][ T1326] usb 6-1: Product: syz [ 1605.201477][ T1326] usb 6-1: Manufacturer: syz [ 1605.206094][T32110] netlink: 5948 bytes leftover after parsing attributes in process `syz.0.7640'. [ 1605.208072][ T1326] cdc_wdm 6-1:1.0: skipping garbage [ 1605.210710][T32110] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7640'. [ 1605.211570][ T1326] cdc_wdm 6-1:1.0: skipping garbage [ 1605.211589][ T1326] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1606.085652][T32093] cdc_wdm 10-1:1.0: Error autopm - -16 [ 1606.089567][T32094] cdc_wdm 10-1:1.0: Error autopm - -16 [ 1606.091874][T32108] cdc_wdm 10-1:1.0: Error autopm - -16 [ 1606.098735][T12168] usb 6-1: USB disconnect, device number 76 [ 1606.131063][T32119] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7643'. [ 1606.246717][T32119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1606.252123][ T40] audit: type=1326 audit(1756129759.601:17178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.256413][T32119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1606.268008][ T40] audit: type=1326 audit(1756129759.601:17179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.277276][ T7004] Bluetooth: hci4: Frame reassembly failed (-84) [ 1606.277998][ T40] audit: type=1326 audit(1756129759.601:17180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.289147][ T40] audit: type=1326 audit(1756129759.601:17181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.296647][ T40] audit: type=1326 audit(1756129759.601:17182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.308252][ T40] audit: type=1326 audit(1756129759.601:17183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.317470][ T40] audit: type=1326 audit(1756129759.601:17184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.321837][T32119] vlan1: left promiscuous mode [ 1606.326036][T32119] vlan1: left allmulticast mode [ 1606.327634][T32119] veth0_vlan: left allmulticast mode [ 1606.339757][ T40] audit: type=1326 audit(1756129759.601:17185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=286 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.347656][ T40] audit: type=1326 audit(1756129759.601:17186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.355873][ T40] audit: type=1326 audit(1756129759.601:17187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32121 comm="syz.6.7644" exe="/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7f88579 code=0x7ffc0000 [ 1606.397732][T32119] vlan2: left promiscuous mode [ 1606.399305][T32119] dummy0: left promiscuous mode [ 1606.400920][T32119] vlan2: left allmulticast mode [ 1606.402488][T32119] dummy0: left allmulticast mode [ 1606.407421][T32119] bridge1: left promiscuous mode [ 1606.410281][T32119] bond1: left promiscuous mode [ 1606.412277][ T46] netdevsim netdevsim5 : unset [1, 0] type 2 family 0 port 6081 - 0 [ 1606.415524][ T46] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1606.418282][ T46] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1606.421061][ T46] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1606.878418][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.107282][T32136] netlink: 'syz.0.7647': attribute type 7 has an invalid length. [ 1607.310405][T32139] netlink: 'syz.5.7648': attribute type 1 has an invalid length. [ 1607.322395][T32139] bond2: entered promiscuous mode [ 1607.326253][T32139] bond2: entered allmulticast mode [ 1607.337874][T32139] bond2: (slave erspan1): making interface the new active one [ 1607.341188][T32139] erspan1: entered promiscuous mode [ 1607.342968][T32139] erspan1: entered allmulticast mode [ 1607.347597][T32139] bond2: (slave erspan1): Enslaving as an active interface with an up link [ 1608.128138][T32152] overlayfs: missing 'lowerdir' [ 1608.303747][ T5986] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1608.306621][T15250] Bluetooth: hci4: command 0x1003 tx timeout [ 1608.713641][ T5983] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 1608.793975][ T7002] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1608.798154][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1608.873664][ T5983] usb 10-1: Using ep0 maxpacket: 8 [ 1609.153735][ T5983] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1609.258744][ T5983] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1609.262130][ T5983] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1609.266430][ T5983] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1609.270384][ T5983] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1609.273391][ T5983] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1609.291532][ T5983] hub 10-1:1.0: bad descriptor, ignoring hub [ 1609.293816][ T5983] hub 10-1:1.0: probe with driver hub failed with error -5 [ 1609.296483][ T5983] cdc_wdm 10-1:1.0: skipping garbage [ 1609.298186][ T5983] cdc_wdm 10-1:1.0: skipping garbage [ 1609.308614][ T5983] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device [ 1609.311062][ T5983] cdc_wdm 10-1:1.0: Unknown control protocol [ 1609.322625][T32170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7656'. [ 1609.333024][T32170] netlink: 5948 bytes leftover after parsing attributes in process `syz.1.7656'. [ 1609.341298][T32170] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7656'. [ 1609.547587][T32174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1609.552266][T32174] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1610.347864][T13584] usb 10-1: USB disconnect, device number 9 [ 1610.350855][T32157] cdc_wdm 10-1:1.0: Error autopm - -16 [ 1612.670624][T32208] 9pnet_virtio: no channels available for device syz [ 1613.273343][T32220] overlayfs: missing 'lowerdir' [ 1614.179710][T32234] overlayfs: missing 'lowerdir' [ 1614.313658][ T1326] usb 6-1: new high-speed USB device number 77 using dummy_hcd [ 1614.358200][T32235] overlayfs: missing 'lowerdir' [ 1614.473892][ T1326] usb 6-1: Using ep0 maxpacket: 8 [ 1614.476898][ T1326] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1614.480241][ T1326] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1614.483480][ T1326] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1614.487095][ T1326] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1614.491158][ T1326] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1614.494254][ T1326] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1614.501264][ T1326] hub 6-1:1.0: bad descriptor, ignoring hub [ 1614.503239][ T1326] hub 6-1:1.0: probe with driver hub failed with error -5 [ 1614.507013][ T1326] cdc_wdm 6-1:1.0: skipping garbage [ 1614.508740][ T1326] cdc_wdm 6-1:1.0: skipping garbage [ 1614.511532][ T1326] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 1614.513481][ T1326] cdc_wdm 6-1:1.0: Unknown control protocol [ 1614.543877][ T7004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1614.544806][ T7051] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1614.755724][T32237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1614.759400][T32237] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1614.784295][T29122] usb 6-1: USB disconnect, device number 77 [ 1615.010211][T32244] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7685'. [ 1615.013457][T32244] netlink: 5948 bytes leftover after parsing attributes in process `syz.5.7685'. [ 1615.017660][T32244] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7685'. [ 1616.264543][T32257] overlayfs: missing 'lowerdir' [ 1618.169114][T32279] overlayfs: missing 'lowerdir' [ 1618.859882][T32289] overlayfs: missing 'lowerdir' [ 1619.403489][T28893] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1619.412164][T28893] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1619.416852][T28893] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1619.421021][T28893] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1619.425221][T28893] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1619.449247][T32293] lo speed is unknown, defaulting to 1000 [ 1619.451736][T32293] lo speed is unknown, defaulting to 1000 [ 1619.585931][T32296] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7688'. [ 1619.604309][T32296] netlink: 5948 bytes leftover after parsing attributes in process `syz.5.7688'. [ 1619.610133][T32296] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7688'. [ 1619.731569][T32293] chnl_net:caif_netlink_parms(): no params data found [ 1619.889528][T32293] bridge0: port 1(bridge_slave_0) entered blocking state [ 1619.892238][T32293] bridge0: port 1(bridge_slave_0) entered disabled state [ 1619.894891][T32293] bridge_slave_0: entered allmulticast mode [ 1619.901506][T32293] bridge_slave_0: entered promiscuous mode [ 1619.910342][T32293] bridge0: port 2(bridge_slave_1) entered blocking state [ 1619.913943][T32293] bridge0: port 2(bridge_slave_1) entered disabled state [ 1619.917956][T32293] bridge_slave_1: entered allmulticast mode [ 1619.922201][T32293] bridge_slave_1: entered promiscuous mode [ 1620.001576][T32293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1620.010784][T32293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1620.089203][T32293] team0: Port device team_slave_0 added [ 1620.102721][T32293] team0: Port device team_slave_1 added [ 1620.180016][T32293] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1620.182207][T32293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1620.190676][T32293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1620.196804][T32293] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1620.199166][T32293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1620.207396][T32293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1620.292083][T32293] hsr_slave_0: entered promiscuous mode [ 1620.294967][T32293] hsr_slave_1: entered promiscuous mode [ 1620.297837][T32293] debugfs: 'hsr0' already exists in 'hsr' [ 1620.299804][T32293] Cannot create hsr debugfs directory [ 1620.304764][ T7004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1620.308865][ T7051] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1620.498996][T32293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1620.503092][T32293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1620.682130][T32293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1620.686415][T32293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1620.822241][T32293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1620.831180][T32293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1620.861713][T32320] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input46 [ 1620.950030][T32293] netdevsim netdevsim0  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1620.953462][T32293] netdevsim netdevsim0  (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1621.279860][T32293] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1621.285362][T32293] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1621.290294][T32293] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1621.297766][T32293] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1621.435998][T32293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1621.457722][T32293] 8021q: adding VLAN 0 to HW filter on device team0 [ 1621.466480][ T7002] bridge0: port 1(bridge_slave_0) entered blocking state [ 1621.468591][ T7002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1621.486912][ T80] bridge0: port 2(bridge_slave_1) entered blocking state [ 1621.489067][ T80] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1621.504307][T15250] Bluetooth: hci4: command tx timeout [ 1621.770499][T32293] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1621.800338][T32293] veth0_vlan: entered promiscuous mode [ 1621.805428][T32293] veth1_vlan: entered promiscuous mode [ 1621.821627][T32293] veth0_macvtap: entered promiscuous mode [ 1621.825915][T32293] veth1_macvtap: entered promiscuous mode [ 1621.837216][T32293] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1621.845690][T32293] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1621.852243][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1621.855888][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1621.858656][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1621.861373][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1621.909473][ T7031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1621.911968][ T7031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1621.929431][ T7031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1621.931900][ T7031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1622.858522][T32347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7700'. [ 1622.862596][T32347] netlink: 5948 bytes leftover after parsing attributes in process `syz.1.7700'. [ 1622.867908][T32347] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7700'. [ 1623.583774][T15250] Bluetooth: hci4: command tx timeout [ 1624.054955][T32359] 9pnet_virtio: no channels available for device syz [ 1625.344231][ T7004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1625.663653][T15250] Bluetooth: hci4: command tx timeout [ 1626.064906][ T80] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1626.529022][T32401] FAULT_INJECTION: forcing a failure. [ 1626.529022][T32401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1626.539345][T32401] CPU: 3 UID: 0 PID: 32401 Comm: syz.6.7716 Not tainted syzkaller #0 PREEMPT(full) [ 1626.539371][T32401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1626.539383][T32401] Call Trace: [ 1626.539390][T32401] [ 1626.539397][T32401] dump_stack_lvl+0x16c/0x1f0 [ 1626.539451][T32401] should_fail_ex+0x512/0x640 [ 1626.539486][T32401] _copy_from_user+0x2e/0xd0 [ 1626.539514][T32401] get_compat_msghdr+0xa7/0x170 [ 1626.539538][T32401] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1626.539562][T32401] ? ____sys_recvmsg+0x348/0x6b0 [ 1626.539583][T32401] ___sys_recvmsg+0x191/0x1a0 [ 1626.539608][T32401] ? __pfx____sys_recvmsg+0x10/0x10 [ 1626.539635][T32401] ? find_held_lock+0x2b/0x80 [ 1626.539662][T32401] ? __pfx___might_resched+0x10/0x10 [ 1626.539685][T32401] do_recvmmsg+0x55d/0x750 [ 1626.539728][T32401] ? __pfx_do_recvmmsg+0x10/0x10 [ 1626.539769][T32401] ? __fget_files+0x20e/0x3c0 [ 1626.539788][T32401] ? handle_mm_fault+0x200/0xd10 [ 1626.539809][T32401] __sys_recvmmsg+0x21c/0x280 [ 1626.539833][T32401] ? __pfx___sys_recvmmsg+0x10/0x10 [ 1626.539859][T32401] ? __pfx_ksys_write+0x10/0x10 [ 1626.539884][T32401] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 1626.539913][T32401] ? lockdep_hardirqs_on+0x7c/0x110 [ 1626.539936][T32401] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1626.539961][T32401] __do_fast_syscall_32+0x7c/0x3a0 [ 1626.539988][T32401] do_fast_syscall_32+0x32/0x80 [ 1626.540013][T32401] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1626.540035][T32401] RIP: 0023:0xf7f88579 [ 1626.540049][T32401] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1626.540066][T32401] RSP: 002b:00000000f548555c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1626.540084][T32401] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0 [ 1626.540096][T32401] RDX: 0000000000000f02 RSI: 00000000000000f0 RDI: 0000000000000000 [ 1626.540107][T32401] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1626.540118][T32401] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1626.540128][T32401] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1626.540151][T32401] [ 1627.085421][T32408] overlayfs: missing 'lowerdir' [ 1627.317513][T18489] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 1627.468317][T18489] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1627.471211][T18489] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1627.478358][T18489] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1627.482367][T18489] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1627.493584][T18489] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1627.504738][T18489] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1627.507907][T18489] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1627.510472][T18489] usb 10-1: Product: syz [ 1627.511931][T18489] usb 10-1: Manufacturer: syz [ 1627.520458][T18489] cdc_wdm 10-1:1.0: skipping garbage [ 1627.522163][T18489] cdc_wdm 10-1:1.0: skipping garbage [ 1627.529993][T18489] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device [ 1627.531996][T18489] cdc_wdm 10-1:1.0: Unknown control protocol [ 1627.744028][T15250] Bluetooth: hci4: command tx timeout [ 1627.775308][T32404] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1627.778284][T32404] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1629.014186][T32432] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input47 [ 1629.865926][T19804] usb 10-1: USB disconnect, device number 10 [ 1630.137312][T32444] overlayfs: missing 'lowerdir' [ 1631.184073][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1631.825167][ T7051] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1632.756359][T32476] 9pnet_fd: Insufficient options for proto=fd [ 1632.809867][T32475] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1632.813109][T32483] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7740'. [ 1632.823828][T32483] netlink: 5948 bytes leftover after parsing attributes in process `syz.1.7740'. [ 1632.831659][T32483] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7740'. [ 1635.337766][T32529] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7755'. [ 1635.341070][T32529] netlink: 5948 bytes leftover after parsing attributes in process `syz.1.7755'. [ 1635.344522][T32529] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7755'. [ 1635.855745][T32534] syzkaller0: entered promiscuous mode [ 1635.857561][T32534] syzkaller0: entered allmulticast mode [ 1636.056629][T32536] FAULT_INJECTION: forcing a failure. [ 1636.056629][T32536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1636.061793][T32536] CPU: 0 UID: 0 PID: 32536 Comm: syz.0.7759 Not tainted syzkaller #0 PREEMPT(full) [ 1636.061811][T32536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1636.061817][T32536] Call Trace: [ 1636.061822][T32536] [ 1636.061827][T32536] dump_stack_lvl+0x16c/0x1f0 [ 1636.061846][T32536] should_fail_ex+0x512/0x640 [ 1636.061864][T32536] _copy_from_iter+0x29f/0x1720 [ 1636.061883][T32536] ? __alloc_skb+0x200/0x380 [ 1636.061898][T32536] ? __pfx__copy_from_iter+0x10/0x10 [ 1636.061916][T32536] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1636.061937][T32536] netlink_sendmsg+0x829/0xdd0 [ 1636.061955][T32536] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1636.061973][T32536] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1636.061996][T32536] ____sys_sendmsg+0xa95/0xc70 [ 1636.062016][T32536] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1636.062028][T32536] ? get_compat_msghdr+0x11a/0x170 [ 1636.062050][T32536] ___sys_sendmsg+0x134/0x1d0 [ 1636.062067][T32536] ? __pfx____sys_sendmsg+0x10/0x10 [ 1636.062088][T32536] ? find_held_lock+0x2b/0x80 [ 1636.062109][T32536] __sys_sendmsg+0x16d/0x220 [ 1636.062124][T32536] ? __pfx___sys_sendmsg+0x10/0x10 [ 1636.062145][T32536] ? rcu_is_watching+0x12/0xc0 [ 1636.062166][T32536] __do_fast_syscall_32+0x7c/0x3a0 [ 1636.062192][T32536] do_fast_syscall_32+0x32/0x80 [ 1636.062215][T32536] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1636.062235][T32536] RIP: 0023:0xf705e579 [ 1636.062249][T32536] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1636.062266][T32536] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1636.062283][T32536] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 1636.062294][T32536] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1636.062304][T32536] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1636.062314][T32536] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1636.062324][T32536] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1636.062341][T32536] [ 1636.957491][ T7011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1637.585452][ T7051] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1639.087244][T32577] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input48 [ 1639.484347][T32590] overlayfs: missing 'lowerdir' [ 1640.420085][T32599] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1640.537311][ T7051] Bluetooth: hci1: Frame reassembly failed (-84) [ 1640.605533][T32599] Process accounting resumed [ 1641.871295][T32625] overlayfs: missing 'lowerdir' [ 1642.063887][ T7004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1642.294666][ T34] usb 11-1: new high-speed USB device number 12 using dummy_hcd [ 1642.443604][ T34] usb 11-1: Using ep0 maxpacket: 8 [ 1642.446916][ T34] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1642.450169][ T34] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1642.453018][ T34] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1642.456427][ T34] usb 11-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1642.459423][ T34] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1642.469418][ T34] hub 11-1:1.0: bad descriptor, ignoring hub [ 1642.472216][ T34] hub 11-1:1.0: probe with driver hub failed with error -5 [ 1642.475505][ T34] cdc_wdm 11-1:1.0: skipping garbage [ 1642.477706][ T34] cdc_wdm 11-1:1.0: skipping garbage [ 1642.479585][ T34] cdc_wdm 11-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1642.543888][T15250] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1642.544008][T28893] Bluetooth: hci1: command 0x1003 tx timeout [ 1642.704469][ T7031] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1642.805202][T32642] overlayfs: missing 'lowerdir' [ 1642.968242][ T34] usb 11-1: USB disconnect, device number 12 [ 1642.999138][T32645] netlink: 'syz.0.7787': attribute type 1 has an invalid length. [ 1643.003198][T32645] netlink: 224 bytes leftover after parsing attributes in process `syz.0.7787'. [ 1643.027749][T32645] overlayfs: failed to set uuid (25/file0, err=-1); falling back to uuid=null. [ 1643.030937][T32645] overlayfs: failed to verify upper root origin [ 1644.619614][T32684] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7794'. [ 1644.623324][T32684] netlink: 5948 bytes leftover after parsing attributes in process `syz.6.7794'. [ 1644.646608][T32684] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7794'. [ 1644.972035][ T80] Bluetooth: hci1: Frame reassembly failed (-84) [ 1645.529424][T32710] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7796'. [ 1645.534397][T32710] netlink: 5948 bytes leftover after parsing attributes in process `syz.6.7796'. [ 1645.541912][T32710] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7796'. [ 1646.410684][T32724] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7800'. [ 1646.414079][T32724] netlink: 5948 bytes leftover after parsing attributes in process `syz.6.7800'. [ 1646.417698][T32724] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7800'. [ 1647.023691][T15250] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1647.133468][T32750] lo speed is unknown, defaulting to 1000 [ 1647.136268][T32750] lo speed is unknown, defaulting to 1000 [ 1647.184030][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1647.267790][T32754] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input49 [ 1647.323600][ T10] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 1647.505343][ T10] usb 10-1: Using ep0 maxpacket: 8 [ 1647.511499][ T10] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1647.516289][ T10] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1647.520035][ T10] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1647.527465][ T10] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1647.530984][ T10] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1647.534348][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1648.008942][ T10] hub 10-1:1.0: bad descriptor, ignoring hub [ 1648.010925][ T10] hub 10-1:1.0: probe with driver hub failed with error -5 [ 1648.023118][ T10] cdc_wdm 10-1:1.0: skipping garbage [ 1648.025125][ T10] cdc_wdm 10-1:1.0: skipping garbage [ 1648.029410][ T10] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device [ 1648.031365][ T10] cdc_wdm 10-1:1.0: Unknown control protocol [ 1648.054037][ T10] usb 10-1: USB disconnect, device number 11 [ 1648.465564][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1648.827803][ T319] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7816'. [ 1648.831384][ T319] netlink: 5948 bytes leftover after parsing attributes in process `syz.5.7816'. [ 1648.839933][ T319] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7816'. [ 1649.728186][ T333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7819'. [ 1649.731477][ T333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7819'. [ 1649.793129][ T336] ubi: mtd0 is already attached to ubi31 [ 1649.795836][ T336] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 1649.801592][ T336] sp0: Synchronizing with TNC [ 1651.035032][ T358] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7828'. [ 1651.039080][ T358] netlink: 5948 bytes leftover after parsing attributes in process `syz.6.7828'. [ 1651.044632][ T358] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7828'. [ 1651.073615][T18489] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 1651.223614][T18489] usb 10-1: Using ep0 maxpacket: 8 [ 1651.230248][T18489] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1651.236959][T18489] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1651.240740][T18489] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1651.245177][T18489] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1651.249312][T18489] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1651.253226][T18489] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1651.265504][T18489] hub 10-1:1.0: bad descriptor, ignoring hub [ 1651.273598][T18489] hub 10-1:1.0: probe with driver hub failed with error -5 [ 1651.276120][T18489] cdc_wdm 10-1:1.0: skipping garbage [ 1651.277777][T18489] cdc_wdm 10-1:1.0: skipping garbage [ 1651.281521][T18489] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device [ 1651.286578][T18489] cdc_wdm 10-1:1.0: Unknown control protocol [ 1651.370592][ T366] tipc: Failed to remove unknown binding: 66,1,1/0:1368925221/1368925223 [ 1651.376000][ T366] tipc: Failed to remove unknown binding: 66,1,1/0:1368925221/1368925223 [ 1652.305017][ T7004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1653.758873][ T396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7840'. [ 1653.792974][ T399] FAULT_INJECTION: forcing a failure. [ 1653.792974][ T399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1653.797823][ T399] CPU: 1 UID: 0 PID: 399 Comm: syz.0.7841 Not tainted syzkaller #0 PREEMPT(full) [ 1653.797839][ T399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1653.797846][ T399] Call Trace: [ 1653.797850][ T399] [ 1653.797855][ T399] dump_stack_lvl+0x16c/0x1f0 [ 1653.797874][ T399] should_fail_ex+0x512/0x640 [ 1653.797891][ T399] strncpy_from_user+0x3b/0x2e0 [ 1653.797913][ T399] getname_flags.part.0+0x8f/0x550 [ 1653.797931][ T399] getname_flags+0x93/0xf0 [ 1653.797944][ T399] do_sys_openat2+0xb8/0x1d0 [ 1653.797960][ T399] ? __pfx_do_sys_openat2+0x10/0x10 [ 1653.797977][ T399] ? __fget_files+0x20e/0x3c0 [ 1653.797988][ T399] ? handle_mm_fault+0x200/0xd10 [ 1653.798002][ T399] __ia32_compat_sys_openat+0x16d/0x210 [ 1653.798013][ T399] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 1653.798022][ T399] ? ksys_write+0x1ac/0x250 [ 1653.798037][ T399] ? rcu_is_watching+0x12/0xc0 [ 1653.798050][ T399] __do_fast_syscall_32+0x7c/0x3a0 [ 1653.798067][ T399] do_fast_syscall_32+0x32/0x80 [ 1653.798081][ T399] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1653.798095][ T399] RIP: 0023:0xf705e579 [ 1653.798104][ T399] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1653.798115][ T399] RSP: 002b:00000000f544e100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 1653.798125][ T399] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f544e150 [ 1653.798132][ T399] RDX: 0000000000042000 RSI: 0000000000000000 RDI: 00000000f73c4ff4 [ 1653.798139][ T399] RBP: 0000000000042000 R08: 0000000000000000 R09: 0000000000000000 [ 1653.798145][ T399] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1653.798151][ T399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1653.798164][ T399] [ 1653.889284][ T404] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7843'. [ 1653.892827][ T404] netlink: 5948 bytes leftover after parsing attributes in process `syz.0.7843'. [ 1653.897598][ T404] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7843'. [ 1654.975253][ T347] cdc_wdm 10-1:1.0: Error autopm - -16 [ 1655.123758][T18489] usb 10-1: USB disconnect, device number 12 [ 1655.404018][ T415] nbd6: detected capacity change from 0 to 1024 [ 1655.407131][T32564] block nbd6: Send control failed (result -89) [ 1655.409999][T32564] block nbd6: Request send failed, requeueing [ 1655.413398][T15250] block nbd6: Receive control failed (result -32) [ 1655.415558][T12081] block nbd6: Dead connection, failed to find a fallback [ 1655.419228][T12081] block nbd6: shutting down sockets [ 1655.419644][ T418] block nbd6: NBD_DISCONNECT [ 1655.421505][T12081] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.423098][ T418] block nbd6: Send disconnect failed -89 [ 1655.427250][T12081] buffer_io_error: 43 callbacks suppressed [ 1655.427269][T12081] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.435438][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.439371][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.442680][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.447153][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.451190][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.455169][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.462797][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.467159][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.470699][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.475334][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.484026][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.493470][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.497574][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.507091][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.514600][T32564] ldm_validate_partition_table(): Disk read failed. [ 1655.517613][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.521756][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.536723][T32564] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1655.543980][T32564] Buffer I/O error on dev nbd6, logical block 0, async page read [ 1655.552198][T32564] Dev nbd6: unable to read RDB block 0 [ 1655.555426][T32564] nbd6: unable to read partition table [ 1655.617809][ T415] ldm_validate_partition_table(): Disk read failed. [ 1655.621375][ T415] Dev nbd6: unable to read RDB block 0 [ 1655.624783][ T415] nbd6: unable to read partition table [ 1655.632101][T32564] ldm_validate_partition_table(): Disk read failed. [ 1655.648719][T32564] Dev nbd6: unable to read RDB block 0 [ 1655.657045][T32564] nbd6: unable to read partition table [ 1655.713138][ T428] [ 1655.713985][ T428] ===================================================== [ 1655.716498][ T428] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1655.719766][ T428] syzkaller #0 Not tainted [ 1655.721415][ T428] ----------------------------------------------------- [ 1655.725446][ T428] syz.6.7850/428 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1655.727973][ T428] ffff888073096c90 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 1655.730743][ T428] [ 1655.730743][ T428] and this task is already holding: [ 1655.733044][ T428] ffff88802477e028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 1655.736238][ T428] which would create a new lock dependency: [ 1655.738229][ T428] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1655.740758][ T428] [ 1655.740758][ T428] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1655.743679][ T428] (&dev->event_lock#2){..-.}-{3:3} [ 1655.743698][ T428] [ 1655.743698][ T428] ... which became SOFTIRQ-irq-safe at: [ 1655.748972][ T428] lock_acquire+0x179/0x350 [ 1655.750855][ T428] _raw_spin_lock_irqsave+0x3a/0x60 [ 1655.752982][ T428] input_inject_event+0x9f/0x3b0 [ 1655.755036][ T428] kd_sound_helper+0x17a/0x280 [ 1655.756683][ T428] input_handler_for_each_handle+0xd4/0x250 [ 1655.759201][ T428] call_timer_fn+0x197/0x620 [ 1655.761097][ T428] __run_timers+0x6ef/0x960 [ 1655.762966][ T428] run_timer_base+0x114/0x190 [ 1655.764960][ T428] run_timer_softirq+0x1a/0x40 [ 1655.766914][ T428] handle_softirqs+0x219/0x8e0 [ 1655.768910][ T428] __irq_exit_rcu+0x109/0x170 [ 1655.770720][ T428] irq_exit_rcu+0x9/0x30 [ 1655.772120][ T428] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1655.774229][ T428] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1655.776676][ T428] __sanitizer_cov_trace_pc+0x8/0x70 [ 1655.778880][ T428] pfn_valid+0x18/0x4d0 [ 1655.780528][ T428] page_table_check_clear+0x21/0x740 [ 1655.782728][ T428] __page_table_check_pte_clear+0xf1/0x100 [ 1655.785120][ T428] unmap_page_range+0x24fc/0x42c0 [ 1655.787233][ T428] unmap_single_vma.constprop.0+0x153/0x240 [ 1655.789365][ T428] unmap_vmas+0x218/0x470 [ 1655.791188][ T428] exit_mmap+0x1b9/0xb90 [ 1655.792947][ T428] __mmput+0x12a/0x410 [ 1655.794651][ T428] mmput+0x62/0x70 [ 1655.796216][ T428] do_exit+0x7c7/0x2bf0 [ 1655.797846][ T428] do_group_exit+0xd3/0x2a0 [ 1655.799638][ T428] get_signal+0x2673/0x26d0 [ 1655.801499][ T428] arch_do_signal_or_restart+0x8f/0x790 [ 1655.803801][ T428] exit_to_user_mode_loop+0x84/0x110 [ 1655.805951][ T428] __do_fast_syscall_32+0x2ac/0x3a0 [ 1655.807844][ T428] do_fast_syscall_32+0x32/0x80 [ 1655.809807][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1655.812353][ T428] [ 1655.812353][ T428] to a SOFTIRQ-irq-unsafe lock: [ 1655.815132][ T428] (tasklist_lock){.+.+}-{3:3} [ 1655.815154][ T428] [ 1655.815154][ T428] ... which became SOFTIRQ-irq-unsafe at: [ 1655.820045][ T428] ... [ 1655.820053][ T428] lock_acquire+0x179/0x350 [ 1655.823094][ T428] _raw_read_lock+0x5f/0x70 [ 1655.824977][ T428] __do_wait+0x105/0x890 [ 1655.826664][ T428] do_wait+0x21e/0x5a0 [ 1655.828278][ T428] kernel_wait+0x9f/0x160 [ 1655.830097][ T428] call_usermodehelper_exec_work+0xf1/0x170 [ 1655.832512][ T428] process_one_work+0x9cf/0x1b70 [ 1655.834566][ T428] worker_thread+0x6c8/0xf10 [ 1655.836496][ T428] kthread+0x3c5/0x780 [ 1655.838114][ T428] ret_from_fork+0x5d4/0x6f0 [ 1655.839630][ T428] ret_from_fork_asm+0x1a/0x30 [ 1655.841217][ T428] [ 1655.841217][ T428] other info that might help us debug this: [ 1655.841217][ T428] [ 1655.844459][ T428] Chain exists of: [ 1655.844459][ T428] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 1655.844459][ T428] [ 1655.848702][ T428] Possible interrupt unsafe locking scenario: [ 1655.848702][ T428] [ 1655.851287][ T428] CPU0 CPU1 [ 1655.852976][ T428] ---- ---- [ 1655.854713][ T428] lock(tasklist_lock); [ 1655.856424][ T428] local_irq_disable(); [ 1655.859086][ T428] lock(&dev->event_lock#2); [ 1655.861379][ T428] lock(&client->buffer_lock); [ 1655.863712][ T428] [ 1655.864907][ T428] lock(&dev->event_lock#2); [ 1655.866524][ T428] [ 1655.866524][ T428] *** DEADLOCK *** [ 1655.866524][ T428] [ 1655.869113][ T428] 7 locks held by syz.6.7850/428: [ 1655.870756][ T428] #0: ffff888028aab118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440 [ 1655.873602][ T428] #1: ffff888021449230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 1655.876751][ T428] #2: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 1655.879778][ T428] #3: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 1655.882734][ T428] #4: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 1655.885660][ T428] #5: ffff88802477e028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 1655.888897][ T428] #6: ffffffff8e5c10a0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 1655.891776][ T428] [ 1655.891776][ T428] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1655.894974][ T428] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1655.896768][ T428] IN-SOFTIRQ-W at: [ 1655.898092][ T428] lock_acquire+0x179/0x350 [ 1655.900309][ T428] _raw_spin_lock_irqsave+0x3a/0x60 [ 1655.902523][ T428] input_inject_event+0x9f/0x3b0 [ 1655.904658][ T428] kd_sound_helper+0x17a/0x280 [ 1655.906733][ T428] input_handler_for_each_handle+0xd4/0x250 [ 1655.909145][ T428] call_timer_fn+0x197/0x620 [ 1655.911292][ T428] __run_timers+0x6ef/0x960 [ 1655.913309][ T428] run_timer_base+0x114/0x190 [ 1655.915358][ T428] run_timer_softirq+0x1a/0x40 [ 1655.917477][ T428] handle_softirqs+0x219/0x8e0 [ 1655.919541][ T428] __irq_exit_rcu+0x109/0x170 [ 1655.921586][ T428] irq_exit_rcu+0x9/0x30 [ 1655.923514][ T428] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1655.925837][ T428] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1655.928169][ T428] __sanitizer_cov_trace_pc+0x8/0x70 [ 1655.930363][ T428] pfn_valid+0x18/0x4d0 [ 1655.932278][ T428] page_table_check_clear+0x21/0x740 [ 1655.934482][ T428] __page_table_check_pte_clear+0xf1/0x100 [ 1655.936847][ T428] unmap_page_range+0x24fc/0x42c0 [ 1655.939020][ T428] unmap_single_vma.constprop.0+0x153/0x240 [ 1655.941435][ T428] unmap_vmas+0x218/0x470 [ 1655.943374][ T428] exit_mmap+0x1b9/0xb90 [ 1655.945302][ T428] __mmput+0x12a/0x410 [ 1655.947236][ T428] mmput+0x62/0x70 [ 1655.948993][ T428] do_exit+0x7c7/0x2bf0 [ 1655.950899][ T428] do_group_exit+0xd3/0x2a0 [ 1655.952916][ T428] get_signal+0x2673/0x26d0 [ 1655.954913][ T428] arch_do_signal_or_restart+0x8f/0x790 [ 1655.957228][ T428] exit_to_user_mode_loop+0x84/0x110 [ 1655.959506][ T428] __do_fast_syscall_32+0x2ac/0x3a0 [ 1655.961706][ T428] do_fast_syscall_32+0x32/0x80 [ 1655.963803][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1655.966309][ T428] INITIAL USE at: [ 1655.967639][ T428] lock_acquire+0x179/0x350 [ 1655.969539][ T428] _raw_spin_lock_irqsave+0x3a/0x60 [ 1655.971726][ T428] input_inject_event+0x9f/0x3b0 [ 1655.973833][ T428] led_set_brightness+0x217/0x290 [ 1655.975971][ T428] kbd_led_trigger_activate+0xcb/0x110 [ 1655.978292][ T428] led_trigger_set+0x59a/0xc50 [ 1655.980325][ T428] led_trigger_set_default+0x1e0/0x2e0 [ 1655.982601][ T428] led_classdev_register_ext+0x7b8/0xa10 [ 1655.984906][ T428] input_leds_connect+0x552/0x8e0 [ 1655.986930][ T428] input_attach_handler.isra.0+0x173/0x250 [ 1655.989304][ T428] input_register_device+0xab9/0x1180 [ 1655.991540][ T428] atkbd_connect+0x5f8/0xa40 [ 1655.993513][ T428] serio_driver_probe+0x7f/0xd0 [ 1655.995603][ T428] really_probe+0x241/0xa90 [ 1655.997626][ T428] __driver_probe_device+0x1de/0x440 [ 1655.999819][ T428] driver_probe_device+0x4c/0x1b0 [ 1656.001917][ T428] __driver_attach+0x283/0x580 [ 1656.003919][ T428] bus_for_each_dev+0x13e/0x1d0 [ 1656.005962][ T428] serio_handle_event+0x335/0xc30 [ 1656.008122][ T428] process_one_work+0x9cf/0x1b70 [ 1656.010422][ T428] worker_thread+0x6c8/0xf10 [ 1656.012697][ T428] kthread+0x3c5/0x780 [ 1656.014572][ T428] ret_from_fork+0x5d4/0x6f0 [ 1656.016573][ T428] ret_from_fork_asm+0x1a/0x30 [ 1656.018905][ T428] } [ 1656.019988][ T428] ... key at: [] __key.7+0x0/0x40 [ 1656.022621][ T428] -> (&client->buffer_lock){....}-{3:3} { [ 1656.024457][ T428] INITIAL USE at: [ 1656.025700][ T428] lock_acquire+0x179/0x350 [ 1656.027658][ T428] _raw_spin_lock+0x2e/0x40 [ 1656.029604][ T428] evdev_pass_values+0x10e/0x9b0 [ 1656.031677][ T428] evdev_events+0x1bb/0x390 [ 1656.033583][ T428] input_pass_values+0x74b/0x880 [ 1656.035638][ T428] input_handle_event+0xb29/0x14d0 [ 1656.037825][ T428] input_inject_event+0x1e8/0x3b0 [ 1656.039943][ T428] kd_sound_helper+0x17a/0x280 [ 1656.041936][ T428] input_handler_for_each_handle+0xd4/0x250 [ 1656.044298][ T428] kd_mksound+0x88/0x130 [ 1656.046150][ T428] do_con_write+0x3241/0x8280 [ 1656.048132][ T428] con_write+0x23/0xb0 [ 1656.049909][ T428] n_tty_write+0x41f/0x11e0 [ 1656.051828][ T428] file_tty_write.constprop.0+0x504/0x9b0 [ 1656.054124][ T428] vfs_write+0x7d0/0x11d0 [ 1656.056018][ T428] ksys_write+0x12a/0x250 [ 1656.057901][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.060003][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.062008][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.064480][ T428] } [ 1656.065303][ T428] ... key at: [] __key.1+0x0/0x40 [ 1656.067580][ T428] ... acquired at: [ 1656.068800][ T428] _raw_spin_lock+0x2e/0x40 [ 1656.070288][ T428] evdev_pass_values+0x10e/0x9b0 [ 1656.071888][ T428] evdev_events+0x1bb/0x390 [ 1656.073376][ T428] input_pass_values+0x74b/0x880 [ 1656.075216][ T428] input_handle_event+0xb29/0x14d0 [ 1656.077124][ T428] input_inject_event+0x1e8/0x3b0 [ 1656.078773][ T428] kd_sound_helper+0x17a/0x280 [ 1656.080334][ T428] input_handler_for_each_handle+0xd4/0x250 [ 1656.082239][ T428] kd_mksound+0x88/0x130 [ 1656.083679][ T428] do_con_write+0x3241/0x8280 [ 1656.085452][ T428] con_write+0x23/0xb0 [ 1656.087157][ T428] n_tty_write+0x41f/0x11e0 [ 1656.088654][ T428] file_tty_write.constprop.0+0x504/0x9b0 [ 1656.090682][ T428] vfs_write+0x7d0/0x11d0 [ 1656.092126][ T428] ksys_write+0x12a/0x250 [ 1656.093568][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.095257][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.097137][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.099346][ T428] [ 1656.100112][ T428] [ 1656.100112][ T428] the dependencies between the lock to be acquired [ 1656.100118][ T428] and SOFTIRQ-irq-unsafe lock: [ 1656.104484][ T428] -> (tasklist_lock){.+.+}-{3:3} { [ 1656.106163][ T428] HARDIRQ-ON-R at: [ 1656.107530][ T428] lock_acquire+0x179/0x350 [ 1656.109572][ T428] _raw_read_lock+0x5f/0x70 [ 1656.111635][ T428] __do_wait+0x105/0x890 [ 1656.113597][ T428] do_wait+0x21e/0x5a0 [ 1656.115551][ T428] kernel_wait+0x9f/0x160 [ 1656.117554][ T428] call_usermodehelper_exec_work+0xf1/0x170 [ 1656.120022][ T428] process_one_work+0x9cf/0x1b70 [ 1656.122248][ T428] worker_thread+0x6c8/0xf10 [ 1656.124363][ T428] kthread+0x3c5/0x780 [ 1656.126221][ T428] ret_from_fork+0x5d4/0x6f0 [ 1656.128328][ T428] ret_from_fork_asm+0x1a/0x30 [ 1656.130447][ T428] SOFTIRQ-ON-R at: [ 1656.131768][ T428] lock_acquire+0x179/0x350 [ 1656.133811][ T428] _raw_read_lock+0x5f/0x70 [ 1656.135859][ T428] __do_wait+0x105/0x890 [ 1656.137895][ T428] do_wait+0x21e/0x5a0 [ 1656.139815][ T428] kernel_wait+0x9f/0x160 [ 1656.141794][ T428] call_usermodehelper_exec_work+0xf1/0x170 [ 1656.144264][ T428] process_one_work+0x9cf/0x1b70 [ 1656.146487][ T428] worker_thread+0x6c8/0xf10 [ 1656.148980][ T428] kthread+0x3c5/0x780 [ 1656.150864][ T428] ret_from_fork+0x5d4/0x6f0 [ 1656.152908][ T428] ret_from_fork_asm+0x1a/0x30 [ 1656.155091][ T428] INITIAL USE at: [ 1656.156378][ T428] lock_acquire+0x179/0x350 [ 1656.158421][ T428] _raw_write_lock_irq+0x36/0x50 [ 1656.160552][ T428] copy_process+0x4caf/0x7690 [ 1656.162635][ T428] kernel_clone+0xfc/0x930 [ 1656.164862][ T428] user_mode_thread+0xc7/0x110 [ 1656.167333][ T428] rest_init+0x23/0x2b0 [ 1656.169597][ T428] start_kernel+0x3ee/0x4d0 [ 1656.172040][ T428] x86_64_start_reservations+0x18/0x30 [ 1656.174581][ T428] x86_64_start_kernel+0x130/0x190 [ 1656.177286][ T428] common_startup_64+0x13e/0x148 [ 1656.179541][ T428] INITIAL READ USE at: [ 1656.181069][ T428] lock_acquire+0x179/0x350 [ 1656.183664][ T428] _raw_read_lock+0x5f/0x70 [ 1656.186229][ T428] __do_wait+0x105/0x890 [ 1656.188314][ T428] do_wait+0x21e/0x5a0 [ 1656.190826][ T428] kernel_wait+0x9f/0x160 [ 1656.193140][ T428] call_usermodehelper_exec_work+0xf1/0x170 [ 1656.195963][ T428] process_one_work+0x9cf/0x1b70 [ 1656.198319][ T428] worker_thread+0x6c8/0xf10 [ 1656.200444][ T428] kthread+0x3c5/0x780 [ 1656.202440][ T428] ret_from_fork+0x5d4/0x6f0 [ 1656.204588][ T428] ret_from_fork_asm+0x1a/0x30 [ 1656.206843][ T428] } [ 1656.207739][ T428] ... key at: [] tasklist_lock+0x18/0x40 [ 1656.210161][ T428] ... acquired at: [ 1656.211410][ T428] _raw_read_lock+0x5f/0x70 [ 1656.212949][ T428] send_sigio+0xb8/0x3e0 [ 1656.214348][ T428] dnotify_handle_event+0x15e/0x2b0 [ 1656.216020][ T428] fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0 [ 1656.218045][ T428] fsnotify+0x13d6/0x1dc0 [ 1656.219610][ T428] path_openat+0x1b50/0x2cb0 [ 1656.221108][ T428] do_filp_open+0x20b/0x470 [ 1656.222588][ T428] do_sys_openat2+0x11b/0x1d0 [ 1656.224149][ T428] __ia32_compat_sys_openat+0x16d/0x210 [ 1656.225947][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.227622][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.229552][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.231955][ T428] [ 1656.232734][ T428] -> (&f_owner->lock){....}-{3:3} { [ 1656.234691][ T428] INITIAL USE at: [ 1656.236231][ T428] lock_acquire+0x179/0x350 [ 1656.238185][ T428] _raw_write_lock_irq+0x36/0x50 [ 1656.240268][ T428] __f_setown+0x61/0x3c0 [ 1656.242120][ T428] generic_setlease+0xef2/0x1300 [ 1656.244206][ T428] kernel_setlease+0x106/0x140 [ 1656.246721][ T428] vfs_setlease+0x258/0x2d0 [ 1656.248655][ T428] fcntl_setlease+0x3ed/0x5a0 [ 1656.250632][ T428] do_fcntl+0x751/0x15a0 [ 1656.252475][ T428] do_compat_fcntl64+0x367/0x710 [ 1656.254549][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.256860][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.258925][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.261395][ T428] INITIAL READ USE at: [ 1656.262792][ T428] lock_acquire+0x179/0x350 [ 1656.264866][ T428] _raw_read_lock_irqsave+0x74/0x90 [ 1656.267171][ T428] send_sigio+0x31/0x3e0 [ 1656.269157][ T428] dnotify_handle_event+0x15e/0x2b0 [ 1656.271479][ T428] fsnotify_handle_inode_event.isra.0+0x1e2/0x3f0 [ 1656.274071][ T428] fsnotify+0x13d6/0x1dc0 [ 1656.276526][ T428] vfs_mknod+0x748/0x8e0 [ 1656.278653][ T428] do_mknodat+0x30f/0x5d0 [ 1656.281039][ T428] __ia32_sys_mknod+0x85/0xb0 [ 1656.283184][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.285507][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.287785][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.290426][ T428] } [ 1656.291271][ T428] ... key at: [] __key.1+0x0/0x40 [ 1656.293559][ T428] ... acquired at: [ 1656.294844][ T428] _raw_read_lock_irqsave+0x74/0x90 [ 1656.296518][ T428] send_sigio+0x31/0x3e0 [ 1656.297955][ T428] kill_fasync+0x214/0x510 [ 1656.299438][ T428] lease_break_callback+0x23/0x30 [ 1656.301069][ T428] __break_lease+0x671/0x1810 [ 1656.302659][ T428] vfs_truncate+0x4d3/0x6e0 [ 1656.304178][ T428] __ia32_compat_sys_truncate+0x171/0x1e0 [ 1656.306342][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.308084][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.309665][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.311708][ T428] [ 1656.312486][ T428] -> (&new->fa_lock){....}-{3:3} { [ 1656.314142][ T428] INITIAL USE at: [ 1656.315402][ T428] lock_acquire+0x179/0x350 [ 1656.317295][ T428] _raw_write_lock_irq+0x36/0x50 [ 1656.319340][ T428] fasync_remove_entry+0xb2/0x1e0 [ 1656.321894][ T428] fasync_helper+0xaf/0xd0 [ 1656.324269][ T428] lease_modify+0x232/0x500 [ 1656.326643][ T428] locks_remove_file+0x29e/0x5c0 [ 1656.329173][ T428] __fput+0x351/0xb70 [ 1656.331278][ T428] task_work_run+0x14d/0x240 [ 1656.333712][ T428] exit_to_user_mode_loop+0xeb/0x110 [ 1656.336411][ T428] __do_fast_syscall_32+0x2ac/0x3a0 [ 1656.338788][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.341287][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.344443][ T428] INITIAL READ USE at: [ 1656.346110][ T428] lock_acquire+0x179/0x350 [ 1656.348716][ T428] _raw_read_lock_irqsave+0x74/0x90 [ 1656.351484][ T428] kill_fasync+0x138/0x510 [ 1656.353618][ T428] lease_break_callback+0x23/0x30 [ 1656.355901][ T428] __break_lease+0x671/0x1810 [ 1656.357989][ T428] vfs_truncate+0x4d3/0x6e0 [ 1656.360014][ T428] __ia32_compat_sys_truncate+0x171/0x1e0 [ 1656.362397][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.364595][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.366701][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.369270][ T428] } [ 1656.370118][ T428] ... key at: [] __key.0+0x0/0x40 [ 1656.372301][ T428] ... acquired at: [ 1656.373496][ T428] lock_acquire+0x179/0x350 [ 1656.375017][ T428] _raw_read_lock_irqsave+0x74/0x90 [ 1656.376690][ T428] kill_fasync+0x138/0x510 [ 1656.378182][ T428] evdev_pass_values+0x619/0x9b0 [ 1656.379846][ T428] evdev_events+0x1bb/0x390 [ 1656.381301][ T428] input_pass_values+0x74b/0x880 [ 1656.382914][ T428] input_handle_event+0xf00/0x14d0 [ 1656.384557][ T428] input_inject_event+0x1e8/0x3b0 [ 1656.386181][ T428] evdev_write+0x2e1/0x440 [ 1656.387677][ T428] vfs_write+0x2a0/0x11d0 [ 1656.389099][ T428] ksys_write+0x1f8/0x250 [ 1656.390904][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.392770][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.394690][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.397346][ T428] [ 1656.398272][ T428] [ 1656.398272][ T428] stack backtrace: [ 1656.400123][ T428] CPU: 3 UID: 0 PID: 428 Comm: syz.6.7850 Not tainted syzkaller #0 PREEMPT(full) [ 1656.400137][ T428] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1656.400144][ T428] Call Trace: [ 1656.400148][ T428] [ 1656.400153][ T428] dump_stack_lvl+0x116/0x1f0 [ 1656.400169][ T428] check_irq_usage+0x7dc/0x920 [ 1656.400183][ T428] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 1656.400202][ T428] ? check_path.constprop.0+0x24/0x50 [ 1656.400216][ T428] ? __lock_acquire+0x12bc/0x1ce0 [ 1656.400229][ T428] __lock_acquire+0x12bc/0x1ce0 [ 1656.400244][ T428] lock_acquire+0x179/0x350 [ 1656.400258][ T428] ? kill_fasync+0x138/0x510 [ 1656.400276][ T428] _raw_read_lock_irqsave+0x74/0x90 [ 1656.400289][ T428] ? kill_fasync+0x138/0x510 [ 1656.400303][ T428] kill_fasync+0x138/0x510 [ 1656.400319][ T428] evdev_pass_values+0x619/0x9b0 [ 1656.400331][ T428] evdev_events+0x1bb/0x390 [ 1656.400342][ T428] input_pass_values+0x74b/0x880 [ 1656.400354][ T428] input_handle_event+0xf00/0x14d0 [ 1656.400364][ T428] ? _copy_from_user+0x59/0xd0 [ 1656.400382][ T428] input_inject_event+0x1e8/0x3b0 [ 1656.400394][ T428] evdev_write+0x2e1/0x440 [ 1656.400404][ T428] ? __pfx_evdev_write+0x10/0x10 [ 1656.400414][ T428] ? common_file_perm+0x1a9/0x340 [ 1656.400427][ T428] ? bpf_lsm_file_permission+0x9/0x10 [ 1656.400443][ T428] ? security_file_permission+0x71/0x210 [ 1656.400458][ T428] ? rw_verify_area+0xcf/0x6c0 [ 1656.400469][ T428] ? __pfx_evdev_write+0x10/0x10 [ 1656.400479][ T428] vfs_write+0x2a0/0x11d0 [ 1656.400491][ T428] ? __pfx_vfs_write+0x10/0x10 [ 1656.400503][ T428] ? find_held_lock+0x2b/0x80 [ 1656.400514][ T428] ? __fget_files+0x204/0x3c0 [ 1656.400526][ T428] ? __fget_files+0x20e/0x3c0 [ 1656.400538][ T428] ksys_write+0x1f8/0x250 [ 1656.400550][ T428] ? __pfx_ksys_write+0x10/0x10 [ 1656.400566][ T428] ? rcu_is_watching+0x12/0xc0 [ 1656.400578][ T428] __do_fast_syscall_32+0x7c/0x3a0 [ 1656.400593][ T428] do_fast_syscall_32+0x32/0x80 [ 1656.400607][ T428] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1656.400620][ T428] RIP: 0023:0xf7f88579 [ 1656.400629][ T428] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1656.400640][ T428] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 1656.400651][ T428] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 1656.400658][ T428] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000 [ 1656.400664][ T428] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1656.400670][ T428] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1656.400677][ T428] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1656.400686][ T428] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1657.028703][ T80] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1657.032157][ T80] netdevsim netdevsim6 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1657.086631][ T80] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1657.090463][ T80] netdevsim netdevsim6 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1657.152053][ T80] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1657.163615][ T80] netdevsim netdevsim6 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1657.237049][ T80] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 1657.240372][ T80] netdevsim netdevsim6 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1657.344588][ T7011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1657.363496][ T80] bridge_slave_1: left allmulticast mode [ 1657.365962][ T80] bridge_slave_1: left promiscuous mode [ 1657.368516][ T80] bridge0: port 2(bridge_slave_1) entered disabled state [ 1657.372924][ T80] bridge_slave_0: left allmulticast mode [ 1657.375697][ T80] bridge_slave_0: left promiscuous mode [ 1657.378169][ T80] bridge0: port 1(bridge_slave_0) entered disabled state [ 1657.514018][ T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1657.526008][ T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1657.530012][ T80] bond0 (unregistering): Released all slaves [ 1657.809664][ T80] hsr_slave_0: left promiscuous mode [ 1657.811847][ T80] hsr_slave_1: left promiscuous mode [ 1657.813846][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1657.816185][ T80] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1657.818838][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1657.821169][ T80] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1657.825923][ T80] veth1_macvtap: left promiscuous mode [ 1657.827786][ T80] veth0_macvtap: left promiscuous mode [ 1657.829549][ T80] veth1_vlan: left promiscuous mode [ 1657.831250][ T80] veth0_vlan: left promiscuous mode [ 1658.050002][ T80] team0 (unregistering): Port device team_slave_1 removed [ 1658.100803][ T80] team0 (unregistering): Port device team_slave_0 removed [ 1658.566709][ T80] IPVS: stop unused estimator thread 0... [ 1658.639226][ T80] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1658.710313][ T80] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1658.789145][ T80] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1658.871189][ T80] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1658.948568][ T80] bridge_slave_1: left allmulticast mode [ 1658.950388][ T80] bridge_slave_1: left promiscuous mode [ 1658.952206][ T80] bridge0: port 2(bridge_slave_1) entered disabled state [ 1658.955558][ T80] bridge_slave_0: left allmulticast mode [ 1658.957418][ T80] bridge_slave_0: left promiscuous mode [ 1658.959282][ T80] bridge0: port 1(bridge_slave_0) entered disabled state [ 1659.158292][ T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1659.163954][ T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1659.167505][ T80] bond0 (unregistering): Released all slaves [ 1659.512911][ T80] hsr_slave_0: left promiscuous mode [ 1659.516045][ T80] hsr_slave_1: left promiscuous mode [ 1659.518274][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1659.520680][ T80] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1659.523250][ T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1659.525705][ T80] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1659.530983][ T80] veth1_macvtap: left promiscuous mode [ 1659.532826][ T80] veth0_macvtap: left promiscuous mode [ 1659.534796][ T80] veth1_vlan: left promiscuous mode [ 1659.536328][ T80] veth0_vlan: left promiscuous mode [ 1659.784531][ T80] team0 (unregistering): Port device team_slave_1 removed [ 1659.844462][ T80] team0 (unregistering): Port device team_slave_0 removed [ 1662.543956][ T46] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration VM DIAGNOSIS: 13:42:31 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000000 RBX=ffffffff9b0cd110 RCX=0000000000000000 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff9b0cd114 RBP=1ffff920007dff48 RSP=ffffc90003effa38 R8 =0000000000000001 R9 =0000000000000000 R10=ffffffff90ab8197 R11=0000000000000001 R12=dffffc0000000000 R13=ffff888061360000 R14=ffffffff9b0cd108 R15=00000000000039d5 RIP=ffffffff8197a9d1 RFL=00000807 [-O---PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f329f978880 ffffffff 00c00000 GS =0000 ffff8880974c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f5ca7ba8 CR3=00000000771b4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000084000000 Opmask01=0000000000010101 Opmask02=000000007bffffff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7269762f73656369 7665642f7379732f ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6b636f6c622f6c61 75747269762f7365 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c8aca92210 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c8aca912b8 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f329f3f1b20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000000000 ffff000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff000000ff0000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 427340071d160573 431e161e035c1810 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1c1f115c435d4316 10120300161e121d ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5b746f6f00366462 6e006b636f6c622f 6c6175747269762f 736563697665642f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 520a534041500a4b 50570a0041494a0b 4d465144520a5340 41500a4b50570a00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055c8aca7f340 000055c8acaa40a0 000055c8acaa40e0 000055c8aca8d280 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e617020343d7372 6f6e696d5f796361 67656c5f6d756e5f 6964656d6f632e69 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 64656d6f63203233 3d78616d5f736462 6e2032333d706f6f 6c5f78616d203233 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d756e2e646368 5f796d6d75642030 34313d736365735f 74756f656d69745f ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7265747369676572 6e755f7665647465 6e2e65726f632e74 656e2e6c74637379 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000001 RBX=ffff88802b23a440 RCX=0000000000000100 RDX=0000000000000001 RSI=0000000000000002 RDI=ffff88802b23a442 RBP=dffffc0000000000 RSP=ffffc90004be7b48 R8 =0000000000000001 R9 =ffff88802b33b3d4 R10=ffff88802b23a443 R11=0000000000000002 R12=0000000000007e6d R13=0000000000000000 R14=ffff88802b33b3c0 R15=ffffed1005647488 RIP=ffffffff8b936b0d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880975c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000062638000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=0000000000000001 RCX=ffffffff8182a913 RDX=0000000000000000 RSI=ffffffff8182a920 RDI=ffff888024f32884 RBP=ffff888024f32440 RSP=ffffc90003aa7b58 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=ffff88801b887000 R14=ffff8880412ff318 R15=ffff88801b887000 RIP=ffffffff81a0369c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880976c3000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055c5efe85f40 CR3=000000004b64a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000feeff800 Opmask01=000000000000ffff Opmask02=00000000ff7fefbf Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=698dd04b4a89584d 4da1acbfdf3ba534 698dd04b4a89584d 4da1acbfdf3ba534 698dd04b4a89584d 4da1acbfdf3ba534 698dd04b4a89584d 4da1acbfdf3ba534 ZMM18=6192461d626d9e7b f3f1d0b304800544 6192461d626d9e7b f3f1d0b304800544 6192461d626d9e7b f3f1d0b304800544 6192461d626d9e7b f3f1d0b304800544 ZMM19=ce0c000000000000 0000000000000004 ce0c000000000000 0000000000000003 ce0c000000000000 0000000000000002 ce0c000000000000 0000000000000001 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d600307265646e69 622f73667265646e 69622f2e01ffffff ffffffffffd9080e ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8003200800060800 200800060171960a 08000380021a0800 0c08000100000008 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 060a016cf2006f6e 657601ffffffffff fffffff508038003 0008000208001408 ZMM24=0480054404800544 0480054404800544 0480054404800544 0480054404800544 0480054404800544 0480054404800544 0480054404800544 0480054404800544 ZMM25=f3f1d0b3f3f1d0b3 f3f1d0b3f3f1d0b3 f3f1d0b3f3f1d0b3 f3f1d0b3f3f1d0b3 f3f1d0b3f3f1d0b3 f3f1d0b3f3f1d0b3 f3f1d0b3f3f1d0b3 f3f1d0b3f3f1d0b3 ZMM26=626d9e7b626d9e7b 626d9e7b626d9e7b 626d9e7b626d9e7b 626d9e7b626d9e7b 626d9e7b626d9e7b 626d9e7b626d9e7b 626d9e7b626d9e7b 626d9e7b626d9e7b ZMM27=6192461d6192461d 6192461d6192461d 6192461d6192461d 6192461d6192461d 6192461d6192461d 6192461d6192461d 6192461d6192461d 6192461d6192461d ZMM28=000000300000002f 0000002e0000002d 0000002c0000002b 0000002a00000029 0000002800000027 0000002600000025 0000002400000023 0000002200000021 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=cd0c0000cd0c0000 cd0c0000cd0c0000 cd0c0000cd0c0000 cd0c0000cd0c0000 cd0c0000cd0c0000 cd0c0000cd0c0000 cd0c0000cd0c0000 cd0c0000cd0c0000 info registers vcpu 3 CPU#3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff85617100 RDI=ffffffff9b0f9700 RBP=ffffffff9b0f96c0 RSP=ffffc900044bf298 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=fffffbfff361f332 R15=dffffc0000000000 RIP=ffffffff85617127 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880977c3000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f740d6f0 CR3=000000005b50d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000