last executing test programs: 4m35.911656171s ago: executing program 0 (id=801): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000006c0)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0xa0000, 0x122) r5 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) fcntl$setlease(r5, 0x400, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000009c0)={0x0, r4}, 0x8) name_to_handle_at(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)=@FILEID_NILFS_WITH_PARENT={0x20, 0x62, {0xd, 0x8, 0x5, 0xff, 0x3}}, &(0x7f0000000180), 0x1000) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000040)=0x90000) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@hyper, 0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000100)={{@hyper, 0x2}, @host, 0x0, 0x0, 0x20005e, 0x0, 0x9, 0x4}) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000200)={@hyper, 0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r7, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x20005e}) 4m35.802443145s ago: executing program 0 (id=802): r0 = socket(0x11, 0xa, 0x5) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff000000000a000000000000000400010008"], 0x50}}, 0x4000850) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7) sendmsg$can_bcm(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x0) 4m35.802215407s ago: executing program 0 (id=803): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x54}}, 0x0) 4m35.801084426s ago: executing program 0 (id=804): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41) chroot(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00') 4m35.732833967s ago: executing program 0 (id=805): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="be", 0x1}], 0x1}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r6 = dup(r5) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000040)=@x86={0x7, 0x4e, 0x8c, 0x0, 0x4, 0xeb, 0x1, 0x23, 0x7, 0xa0, 0xa, 0x1, 0x0, 0x7, 0x6, 0x5, 0x7, 0x2, 0xda, '\x00', 0x0, 0xaa}) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r5, 0xae80, 0x0) 4m35.461922867s ago: executing program 0 (id=806): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x401, 0x4002, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1d188}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0xe, 0xc}}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x5c}}, 0x0) 4m35.419416345s ago: executing program 32 (id=806): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newlink={0x5c, 0x10, 0x401, 0x4002, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1d188}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0xe, 0xc}}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}]}}}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x5c}}, 0x0) 3m19.530114041s ago: executing program 3 (id=1699): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=']) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x31008003, 0xfffe}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r4, 0x0) 3m19.529621138s ago: executing program 3 (id=1700): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000"], 0x48) r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x73, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000080)={0x0, 0x0, @stop_pts=0x6}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x7}]}}]}, 0x3c}}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x254, r7, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xc, 0x1, [0x18, 0x2, 0x2, 0xe, 0x36, 0x4, 0x24, 0x36]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x1, 0x2, 0x5, 0x48, 0x48, 0x4, 0x30, 0x24, 0x24]}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0xd0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x4, 0x2}, {0x3, 0x4}, {0x3, 0x2}, {0x4, 0x8}, {0x4, 0x2}, {0x4, 0x5}, {0x6, 0x3}, {0x4, 0x8}, {0x1, 0x2}, {0x5, 0x4}, {0x7, 0x8}, {0x6, 0x5}, {0x6, 0x7}, {0x0, 0x6}, {0x1, 0x8}, {0x6, 0x5}, {0x6, 0x3}, {0x3, 0x2}, {0x6, 0x8}, {0x6, 0x9}, {0x3, 0x6}, {0x4, 0x2}, {0x7, 0x6}, {0x3}, {0x3, 0x6}, {0x1, 0xa}, {0x7, 0x2}, {0x3, 0x6}, {0x0, 0x5}, {0x0, 0x8}, {0x1, 0x3}, {0x5, 0x8}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x5, 0x3}, {0x3, 0x4}, {0x5, 0x2}, {0x5, 0x3}, {0x1, 0x8}, {0x1, 0x6}, {0x4}, {0x4, 0x2}, {0x1, 0xa}, {0x7, 0x9}, {0x4, 0x1}, {0x0, 0x8}, {0x2, 0x5}, {0x0, 0x6}, {0x0, 0x3}, {0x2, 0x8}, {0x7, 0x2}, {0x6, 0x8}, {0x0, 0x1}, {0x7, 0x8}, {0x2, 0xa}, {0x6, 0x2}, {0x5, 0x1}, {0x3}, {0x2, 0x7}, {0x7, 0x4}, {0x3, 0x8}, {0x7, 0x8}, {0x2, 0x7}, {0x1, 0x3}, {0x3, 0x8}, {0x0, 0x6}, {0x2, 0x5}, {0x6, 0x4}, {0x7, 0x7}, {0x7, 0x6}, {0x1, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x2, 0x9}, {0x7, 0x5}, {0x6, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xd, 0x2, 0x4cb4, 0x7, 0x1ff, 0x3, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf802, 0x3, 0x2, 0x1, 0xcc96, 0x800, 0x72a, 0x200]}}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x5, 0x9}, {0x4, 0x1}, {}, {0x1, 0x5}, {0x0, 0x5}, {0x2, 0x7}, {0x5, 0x7}, {0x1, 0xa}, {0x0, 0x9}, {0x2, 0x4}, {0x6, 0x1}, {0x5, 0x1}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x4, 0x4, 0x4000, 0xf088, 0xff00, 0x2, 0xfe01]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3a3d, 0x8ed2, 0x8000, 0xfff2, 0x6, 0x8, 0x6, 0xa]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x6c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x8, 0x1, 0x3, 0x400, 0x9, 0x7, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x80a, 0x2, 0x7f, 0xbb2, 0x5, 0x80, 0x4]}}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x2, 0x7}, {0x5, 0x1}, {0x2, 0x8}, {0x1, 0x8}, {0x3, 0xa}, {0x7, 0x8}, {0x3, 0x9}, {0x1, 0x8}, {0x4, 0xa}, {0x5, 0x9}, {0x1, 0x9}, {0x1, 0x7}, {0x1, 0x6}, {0x3, 0x9}, {0x0, 0xa}, {0x7, 0x8}, {0x7, 0x4}, {0x2, 0x8}, {0x1, 0x1}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x3}, {0x2, 0x5}, {0x1, 0x1}, {0x4, 0x4}, {0x6, 0x9}, {0x2, 0x2}, {0x2, 0x2}, {0x1, 0x1}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x6}, {0x1, 0x9}, {0x3, 0xa}, {0x0, 0x6}, {0x3, 0x8}, {0x6, 0x7}, {0x4, 0x4}, {0x6, 0x9}, {0x4, 0x9}, {0x0, 0x3}, {0x3}, {0x1, 0x9}]}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x3, 0x4}, {0x5, 0x9}, {0x7}, {0x1, 0xa}, {0x6, 0x5}, {0x4, 0x6}, {0x4, 0x6}, {0x2, 0x2}, {0x1, 0x3}, {0x1, 0x1}, {0x7, 0xa}, {0x1}, {0x4, 0x2}, {0x6, 0x9}, {0x7, 0x3}, {0x4, 0x7}, {0x5, 0x3}, {0x3, 0x3}, {0x2, 0x9}, {0x0, 0x1}, {0x2, 0x2}, {0x2, 0x5}, {0x1, 0x4}, {0x4, 0x3}, {0x2, 0x2}, {0x3, 0x2}, {0x3}, {0x4}, {0x5, 0x7}, {0x7, 0x2}, {0x4, 0x1}, {0x7, 0x4}, {0x1, 0x7}, {0x1, 0x4}, {0x6, 0x3}, {0x3, 0x8}, {0x6, 0x7}, {0x3, 0x7}, {0x3, 0xa}, {0x0, 0x3}, {0x2, 0x6}, {0x3, 0x6}, {0x6, 0x1}, {0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x2, 0x3, 0xffe8, 0x401, 0x101, 0x5d3d, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x6, 0x2, 0x204, 0x7, 0x7, 0x2aa]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7d3e, 0xe7be, 0x8, 0x1, 0x1000, 0x1, 0x4, 0x7]}}]}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 3m19.441993044s ago: executing program 3 (id=1701): socket$inet_tcp(0x2, 0x1, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp6(0xa, 0x3, 0x2) socket(0x10, 0x80002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 3m19.341866761s ago: executing program 3 (id=1702): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdir(0x0, 0x83) keyctl$clear(0x3, 0xfffffffffffffffc) request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0), 0x0) (fail_nth: 1) 3m19.261224802s ago: executing program 3 (id=1703): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) 3m19.08242441s ago: executing program 3 (id=1706): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x40001, 0x0) writev(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000000c0)='3', 0x1}], 0x2) 3m4.079687456s ago: executing program 33 (id=1706): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x40001, 0x0) writev(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000000c0)='3', 0x1}], 0x2) 1m49.93453607s ago: executing program 1 (id=2289): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x7, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'macvlan1\x00'}}, 0x1e) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xe32b60fbedc7f0cc}, {0x7}, {0x0, 0xa}}}, 0x24}}, 0x0) sendmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000980), 0x1000000000000244, 0x0, 0x4a}}], 0x1, 0x24048084) 1m49.565979562s ago: executing program 1 (id=2291): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x20, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) 1m49.449983793s ago: executing program 1 (id=2292): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={&(0x7f0000000040)=[0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], 0x3, 0x4, 0x7, 0x4}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000001c0)={&(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000240)={r2, r4, 0x9, 0x9, 0x1}) r5 = openat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x4000, 0x10, 0x9}, 0x18) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000380)={0x0, r2, r1, 0x0, 0x0, 0x7, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={&(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x4, r6}) madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000440), 0x303800) close_range(r0, r8, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000004c0)={&(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], 0x4}) ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000500)={r9, r3, r7, 0x0, 0x5298, 0x5, 0x5, 0x5, 0xffff21f4, 0x80000001, 0x0, 0xfffffffe}) clock_gettime(0x0, &(0x7f0000000600)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000540)={0xd00, 0xfffffffffffffffa, 0x5, 0x3, 0xfffffffffffffffb, 0xc, 0x4, 0x9}, &(0x7f0000000580)={0x8000000000000000, 0x3, 0x5, 0x800, 0x3, 0x23, 0x100, 0x80000001}, &(0x7f00000005c0)={0x10, 0x1ff, 0x7, 0x5, 0xb2, 0x4, 0x1cc0000000, 0x5}, &(0x7f0000000640)={r10, r11+10000000}, &(0x7f00000006c0)={&(0x7f0000000680)={[0x800]}, 0x8}) ioctl$NBD_SET_SIZE_BLOCKS(r5, 0xab07, 0x1) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r5, 0xc0189378, &(0x7f0000000700)={{0x1, 0x1, 0x18, r5, {r5}}, './file0\x00'}) ioctl$CDROMPLAYTRKIND(r12, 0x5304, &(0x7f0000000740)={0xf3, 0xf4, 0x1, 0x3}) ioctl$HIDIOCGCOLLECTIONINFO(r5, 0xc0104811, &(0x7f0000000780)={0x1, 0x4, 0xfffffff4, 0x7f}) pipe2(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendto$phonet(r14, &(0x7f0000000800)="24e8e80e2acf233efde4895e2ce9f79f8e91108591097fac551cf475b9d4dec380578ed422913eb6d0d947d899752e2eb75485326e3af7b6e109328302cf879cf2de5e89f414a438ffbafc1b8923265ff0380c5f83b415988a9355a843f641dd27fdea23fc51cbd071fa47ef8c1cfb41bd9d2c9334fa189834043ea6cdff0b9d6a8f836cb0816a9f3e6ec3fd7c72526e6963a618925d50096700e801ebb6ab78a88e2c85cd849da82271e495e5431ec627fac502a1974cd477050137c845ca06d15c", 0xc2, 0x4008014, 0x0, 0x0) read$FUSE(r14, &(0x7f0000000900)={0x2020}, 0x2020) ioctl$DRM_IOCTL_MODE_GETGAMMA(r14, 0xc02064a4, &(0x7f0000002a00)={0x0, 0x1, &(0x7f0000002940)=[0x8], &(0x7f0000002980)=[0xdde, 0x5, 0x1, 0xfffe, 0x1000], &(0x7f00000029c0)=[0xfffd, 0xa323, 0x3]}) ioctl$DRM_IOCTL_MODE_SETGAMMA(r12, 0xc02064a5, &(0x7f0000002b00)={r6, 0x6, &(0x7f0000002a40)=[0x2a, 0x200, 0xff62, 0x0, 0x3, 0x9], &(0x7f0000002a80)=[0x0, 0x8000, 0x1000], &(0x7f0000002ac0)=[0x0, 0x9, 0x6, 0x9, 0x2, 0x8, 0xb9e7]}) accept4$inet(r5, 0x0, &(0x7f0000002b40), 0x80000) ioctl$DRM_IOCTL_MODE_GETFB2(r14, 0xc06864ce, &(0x7f0000002b80)={r7, 0x5, 0xffff0993, 0x3, 0x0, [], [0x4, 0x4, 0x33971f76, 0x3], [0xe0f, 0xb8c, 0x3cbb, 0x10000], [0x0, 0x2, 0x8000000000000000, 0x9f]}) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r12, 0x84, 0x1e, &(0x7f0000002c00), &(0x7f0000002c40)=0x4) clock_settime(0x5, &(0x7f0000002c80)={0x0, 0x3938700}) mount(&(0x7f0000002cc0)=@sg0, &(0x7f0000002d00)='./file0\x00', &(0x7f0000002d40)='reiserfs\x00', 0x3910020, &(0x7f0000002d80)='/dev/snd/timer\x00') ioctl$DRM_IOCTL_ADD_CTX(r13, 0xc0086420, &(0x7f0000002dc0)={0x0}) ioctl$DRM_IOCTL_DMA(r13, 0xc0406429, &(0x7f0000002f00)={r15, 0x2, &(0x7f0000002e00)=[0x1, 0xfff], &(0x7f0000002e40)=[0xf, 0x2, 0x9, 0xb5, 0x8a10, 0xff, 0x8001, 0x2, 0x3], 0x34, 0x5, 0x7, &(0x7f0000002e80)=[0x7ff, 0x3, 0xf, 0x3, 0xd], &(0x7f0000002ec0)=[0x2, 0x81, 0x5, 0x4, 0x745, 0x7fff]}) 1m49.400884079s ago: executing program 1 (id=2293): r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0) write$nci(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="71050901a7254502020607037efc0930ea56c4f61cab1d0ff3ff1afaeb118b4f02b892f5cb88"], 0x1a) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4) mount$bind(&(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x212409b, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1014, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000000000006a0a00ff00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2f01806fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c77f0979b34e1ad837ff0d10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c0ec0cb9bf4e418d076df4c7df0a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74135b29194e533583412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000000eb2e9c15b6c8f6198282df27badac8500bc7d202e0990"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0xffff0000, 0xf0, 0xe200, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000080)={0x9, 0x0, 0x0, {0x0, 0x300, 0xe7, 0x80000300}}) 1m49.211466619s ago: executing program 1 (id=2296): ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x400caed0, &(0x7f0000000000)={0x2, 0xffffffffffffffff, 0xffffffff}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00220f00000054b2000093"], 0x0}, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@int=0x4, 0x4) r2 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0) ioctl$HIDIOCSREPORT(r2, 0x400c4808, &(0x7f0000000080)={0x2, 0x100, 0x20a6}) ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1m48.879229262s ago: executing program 1 (id=2298): socket(0x10, 0x3, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300)) pipe2(&(0x7f0000000040), 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0, 0x500}}], 0x1, 0x0) 1m48.816525076s ago: executing program 34 (id=2298): socket(0x10, 0x3, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300)) pipe2(&(0x7f0000000040), 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0, 0x500}}], 0x1, 0x0) 1m23.48871387s ago: executing program 4 (id=2134): syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = dup(r3) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"]) 1m16.760798481s ago: executing program 4 (id=2134): syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = dup(r3) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"]) 1m9.687965917s ago: executing program 4 (id=2134): syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = dup(r3) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"]) 1m2.489545587s ago: executing program 2 (id=2568): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0xc0185500, &(0x7f0000000040)={0x80, 0x100000, "aa2fe1a243fcd9abf29cc3391c06b86f68e7f73d4f0bff9669a8e82040ccb44d75131fb06cade553a6bdc314438ce0af11c38cd724980b087a7a16f9295be0a69db51576e7a06ef6bcabc67b52ba82e73504fa842ec2f0c06bf006f3e5bcdd5057997bf171c60d96a538b02ee9f4b573457498ca09cb417b1fbe6dc3b0c27ab0693ac57aff136748f7740dfc33f3a902b670f8933aec28869e637c18379d6d0b4d844b732cb1932733dfcec2f69f8b6df76ba84e1f001ad29105230471f466b6f9d7d2b05a57fe16e7363e5ecebc2c74539ca55c7ce3a175061adedd20532a9de97379f4dd5baeeae835946311e6e4e2361355c54b3bd500"}) (async, rerun: 64) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (rerun: 64) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="12000000120001000200000000000000100000000c00001700000000000000000f"], 0x30}], 0x1, 0x0, 0x0, 0x20004000}, 0x0) r2 = dup(r1) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 32) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) (async, rerun: 32) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}], 0x1) (async) setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)='system_u:object_r:pam_exec_t:s0\x00', 0x20, 0x3) 1m2.489378117s ago: executing program 4 (id=2134): syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = dup(r3) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"]) 1m1.050452665s ago: executing program 2 (id=2569): bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000040)={[{0x400, 0x100, 0xc, 0x60, 0x4, 0x81, 0x0, 0xcd, 0x60, 0x1, 0xfa, 0x9}, {0x7, 0xc7, 0x7, 0x5, 0xd, 0x1, 0x0, 0x6, 0x3, 0x3b, 0xf, 0x4e, 0x2}, {0x1, 0xfbff, 0x4, 0x1, 0x8, 0x7f, 0x40, 0xdd, 0x95, 0xf9, 0x7, 0x9, 0x3}], 0xa1da}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="00006003ffffffffffffaaaaaaaaaa3308004500001c00000000bc2f907800001fe1ac1e0101a00086dd000890780f8f3fd8b5919ef39f670650033e54de9a853d7a0418b2e4d05b262a755bc151a560e86903125cbbb4cbb65a2ded594d677e9531f9669d9470ded575156ec89e558bc67a9938fb900720f2b6e651750cfa02c16268069d45886683540d62932b93ca454631e254f093bd95cb9057edca316dcb"], 0x2e) 1m0.937633578s ago: executing program 2 (id=2570): listen(0xffffffffffffffff, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x8000002, 0x2000}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x4002) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x800) 1m0.010177798s ago: executing program 2 (id=2578): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000280), 0x10) sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x7, 0x240, 0x9, {0x77359400}, {0x0, 0x2710}, {0x4, 0x0, 0x1}, 0x1, @can={{0x3, 0x1}, 0x3, 0x2, 0x0, 0x0, "a2b6c6e317f93def"}}, 0x48}}, 0x20000080) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r3, &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r3, &(0x7f00000002c0)='./file0\x00', 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00'}) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r4, &(0x7f0000000000), 0x6) r5 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000000)={r5}) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f00000000c0)={r6}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYRESOCT=r1, @ANYBLOB="53423a4b13900f66cc95289d38bea64151e346b057dfbfaebd539580918bd8517a82b2c493533efd09a3e9b5ebd07025470df81ea9462c7ac67fecdacc3b5fcf981fb2786c5e147af24a1bafd91511e4676386d4", @ANYBLOB="aa2f929420c4f119339ef9cc2501c07b4ca5b9283f39ed57bb768ac4d113abf11809fa55b25b0e14f964db178675d8c5260f1e0a390e6fe79c055a8a7c64826661ee65418adc2c3627", @ANYRES8=r0, @ANYBLOB="4e677d0f8225df25677355214d9705f4c51c7b8a0cb77160c1a956f7a67f0892fd5e77d7629b03af00e4d7f384bf066de46bca7f1b7db49052be8fc85f37b5be680e497c97a3992f2854673c1f2e60416822e81c944def70924fc38086131e355ddbb10158908f8858eaf49d79914bf04d7c3d7f3e507f8956117490f6", @ANYRESDEC=r4], 0x38}}, 0x4040) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) ptrace$poke(0x4, r7, &(0x7f0000001040), 0x282d) 59.910899322s ago: executing program 2 (id=2579): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x80) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x2010, r4, 0x7b363000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_COALESCE(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="00000000d360190be7a51d9c2d52aa0f3368ef04d597dcaf60161c06f909fa529beac6bf44db3aa04cd74725b63b3c1e937050814bba37a811a46982305ba7a71aa5cd928db2db686fc18a561df2af2887a84a3a", @ANYRES16=r6, @ANYBLOB="000827bd7000ffdbdf2564000000"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4) r7 = syz_open_dev$hiddev(&(0x7f0000000180), 0x4, 0x600801) ioctl$HIDIOCGREPORT(r7, 0x400c4807, &(0x7f00000001c0)={0x1, 0x2, 0xfffffff0}) syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="0403000000192007000000000000008a49480bc2ed8b6356899e3bc423c9a1a532a6644e38f83d4d2a647e8534d374549fa51afa5597eb10f6af3a64f9ed4d9883df981b44431cace8c9de705cef66cfb479d1c0ec31760a0ec07a18a8461fe20008000076c00a068ddd87b8847ffbda37962812610ddb62e489eb4dab7931c5140e95249ba63a61d3036c3ca0075bb7ca164515d8532df4bff8e2"], 0x7) symlinkat(0x0, 0xffffffffffffff9c, 0x0) r8 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x80000) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendto$packet(r8, &(0x7f0000000100)="e24730", 0x3, 0x10001, &(0x7f0000000440)={0x11, 0xf8, 0x0, 0x1, 0x80, 0x6, @local}, 0x14) r9 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000480), 0x10000, 0x0) pipe2$9p(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80040) r11 = syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) r12 = syz_pidfd_open(r11, 0x0) syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) ioctl$F2FS_IOC_GET_FEATURES(r12, 0xff06, 0x0) syz_emit_vhci(0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, r9) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r9, 0x0, 0x4000000) write$P9_RREADLINK(r10, 0x0, 0x0) ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, 0x0) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000300)={0x4000000, {0x2, 0x4e22}, {0x2, 0x0, @local}, {0x2, 0x0, @broadcast}, 0x201, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x10000000000003}) 59.377420709s ago: executing program 2 (id=2584): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x254, r3, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xc, 0x1, [0x18, 0x2, 0x2, 0xe, 0x36, 0x4, 0x24, 0x36]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x1, 0x2, 0x5, 0x48, 0x48, 0x4, 0x30, 0x24, 0x24]}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0xd0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x4, 0x2}, {0x3, 0x4}, {0x3, 0x2}, {0x4, 0x8}, {0x4, 0x2}, {0x4, 0x5}, {0x6, 0x3}, {0x4, 0x8}, {0x1, 0x2}, {0x5, 0x4}, {0x7, 0x8}, {0x6, 0x5}, {0x6, 0x7}, {0x0, 0x6}, {0x1, 0x8}, {0x6, 0x5}, {0x6, 0x3}, {0x3, 0x2}, {0x6, 0x8}, {0x6, 0x9}, {0x3, 0x6}, {0x4, 0x2}, {0x7, 0x6}, {0x3}, {0x3, 0x6}, {0x1, 0xa}, {0x7, 0x2}, {0x3, 0x6}, {0x0, 0x5}, {0x0, 0x8}, {0x1, 0x3}, {0x5, 0x8}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x5, 0x3}, {0x3, 0x4}, {0x5, 0x2}, {0x5, 0x3}, {0x1, 0x8}, {0x1, 0x6}, {0x4}, {0x4, 0x2}, {0x1, 0xa}, {0x7, 0x9}, {0x4, 0x1}, {0x0, 0x8}, {0x2, 0x5}, {0x0, 0x6}, {0x0, 0x3}, {0x2, 0x8}, {0x7, 0x2}, {0x6, 0x8}, {0x0, 0x1}, {0x7, 0x8}, {0x2, 0xa}, {0x6, 0x2}, {0x5, 0x1}, {0x3}, {0x2, 0x7}, {0x7, 0x4}, {0x3, 0x8}, {0x7, 0x8}, {0x2, 0x7}, {0x1, 0x3}, {0x3, 0x8}, {0x0, 0x6}, {0x2, 0x5}, {0x6, 0x4}, {0x7, 0x7}, {0x7, 0x6}, {0x1, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x2, 0x9}, {0x7, 0x5}, {0x6, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xd, 0x2, 0x4cb4, 0x7, 0x1ff, 0x3, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf802, 0x3, 0x2, 0x1, 0xcc96, 0x800, 0x72a, 0x200]}}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x5, 0x9}, {0x4, 0x1}, {}, {0x1, 0x5}, {0x0, 0x5}, {0x2, 0x7}, {0x5, 0x7}, {0x1, 0xa}, {0x0, 0x9}, {0x2, 0x4}, {0x6, 0x1}, {0x5, 0x1}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x4, 0x4, 0x4000, 0xf088, 0xff00, 0x2, 0xfe01]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3a3d, 0x8ed2, 0x8000, 0xfff2, 0x6, 0x8, 0x6, 0xa]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x6c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x8, 0x1, 0x3, 0x400, 0x9, 0x7, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x80a, 0x2, 0x7f, 0xbb2, 0x5, 0x80, 0x4]}}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x2, 0x7}, {0x5, 0x1}, {0x2, 0x8}, {0x1, 0x8}, {0x3, 0xa}, {0x7, 0x8}, {0x3, 0x9}, {0x1, 0x8}, {0x4, 0xa}, {0x5, 0x9}, {0x1, 0x9}, {0x1, 0x7}, {0x1, 0x6}, {0x3, 0x9}, {0x0, 0xa}, {0x7, 0x8}, {0x7, 0x4}, {0x2, 0x8}, {0x1, 0x1}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x3}, {0x2, 0x5}, {0x1, 0x1}, {0x4, 0x4}, {0x6, 0x9}, {0x2, 0x2}, {0x2, 0x2}, {0x1, 0x1}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x6}, {0x1, 0x9}, {0x3, 0xa}, {0x0, 0x6}, {0x3, 0x8}, {0x6, 0x7}, {0x4, 0x4}, {0x6, 0x9}, {0x4, 0x9}, {0x0, 0x3}, {0x3}, {0x1, 0x9}]}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x3, 0x4}, {0x5, 0x9}, {0x7}, {0x1, 0xa}, {0x6, 0x5}, {0x4, 0x6}, {0x4, 0x6}, {0x2, 0x2}, {0x1, 0x3}, {0x1, 0x1}, {0x7, 0xa}, {0x1}, {0x4, 0x2}, {0x6, 0x9}, {0x7, 0x3}, {0x4, 0x7}, {0x5, 0x3}, {0x3, 0x3}, {0x2, 0x9}, {0x0, 0x1}, {0x2, 0x2}, {0x2, 0x5}, {0x1, 0x4}, {0x4, 0x3}, {0x2, 0x2}, {0x3, 0x2}, {0x3}, {0x4}, {0x5, 0x7}, {0x7, 0x2}, {0x4, 0x1}, {0x7, 0x4}, {0x1, 0x7}, {0x1, 0x4}, {0x6, 0x3}, {0x3, 0x8}, {0x6, 0x7}, {0x3, 0x7}, {0x3, 0xa}, {0x0, 0x3}, {0x2, 0x6}, {0x3, 0x6}, {0x6, 0x1}, {0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x2, 0x3, 0xffe8, 0x401, 0x101, 0x5d3d, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x6, 0x2, 0x204, 0x7, 0x7, 0x2aa]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7d3e, 0xe7be, 0x8, 0x1, 0x1000, 0x1, 0x4, 0x7]}}]}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 59.309130548s ago: executing program 35 (id=2584): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000006c0)={0x254, r3, 0x100, 0x70bd26, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xc, 0x1, [0x18, 0x2, 0x2, 0xe, 0x36, 0x4, 0x24, 0x36]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x1, 0x2, 0x5, 0x48, 0x48, 0x4, 0x30, 0x24, 0x24]}]}, @NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0xd0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x4, 0x2}, {0x3, 0x4}, {0x3, 0x2}, {0x4, 0x8}, {0x4, 0x2}, {0x4, 0x5}, {0x6, 0x3}, {0x4, 0x8}, {0x1, 0x2}, {0x5, 0x4}, {0x7, 0x8}, {0x6, 0x5}, {0x6, 0x7}, {0x0, 0x6}, {0x1, 0x8}, {0x6, 0x5}, {0x6, 0x3}, {0x3, 0x2}, {0x6, 0x8}, {0x6, 0x9}, {0x3, 0x6}, {0x4, 0x2}, {0x7, 0x6}, {0x3}, {0x3, 0x6}, {0x1, 0xa}, {0x7, 0x2}, {0x3, 0x6}, {0x0, 0x5}, {0x0, 0x8}, {0x1, 0x3}, {0x5, 0x8}]}, @NL80211_TXRATE_HT={0x2e, 0x2, [{0x5, 0x3}, {0x3, 0x4}, {0x5, 0x2}, {0x5, 0x3}, {0x1, 0x8}, {0x1, 0x6}, {0x4}, {0x4, 0x2}, {0x1, 0xa}, {0x7, 0x9}, {0x4, 0x1}, {0x0, 0x8}, {0x2, 0x5}, {0x0, 0x6}, {0x0, 0x3}, {0x2, 0x8}, {0x7, 0x2}, {0x6, 0x8}, {0x0, 0x1}, {0x7, 0x8}, {0x2, 0xa}, {0x6, 0x2}, {0x5, 0x1}, {0x3}, {0x2, 0x7}, {0x7, 0x4}, {0x3, 0x8}, {0x7, 0x8}, {0x2, 0x7}, {0x1, 0x3}, {0x3, 0x8}, {0x0, 0x6}, {0x2, 0x5}, {0x6, 0x4}, {0x7, 0x7}, {0x7, 0x6}, {0x1, 0x3}, {0x4, 0x4}, {0x1, 0x9}, {0x2, 0x9}, {0x7, 0x5}, {0x6, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xd, 0x2, 0x4cb4, 0x7, 0x1ff, 0x3, 0x8]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf802, 0x3, 0x2, 0x1, 0xcc96, 0x800, 0x72a, 0x200]}}, @NL80211_TXRATE_HT={0x10, 0x2, [{0x5, 0x9}, {0x4, 0x1}, {}, {0x1, 0x5}, {0x0, 0x5}, {0x2, 0x7}, {0x5, 0x7}, {0x1, 0xa}, {0x0, 0x9}, {0x2, 0x4}, {0x6, 0x1}, {0x5, 0x1}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x4, 0x4, 0x4000, 0xf088, 0xff00, 0x2, 0xfe01]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3a3d, 0x8ed2, 0x8000, 0xfff2, 0x6, 0x8, 0x6, 0xa]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x6c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x8, 0x1, 0x3, 0x400, 0x9, 0x7, 0x5]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x80a, 0x2, 0x7f, 0xbb2, 0x5, 0x80, 0x4]}}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x2, 0x7}, {0x5, 0x1}, {0x2, 0x8}, {0x1, 0x8}, {0x3, 0xa}, {0x7, 0x8}, {0x3, 0x9}, {0x1, 0x8}, {0x4, 0xa}, {0x5, 0x9}, {0x1, 0x9}, {0x1, 0x7}, {0x1, 0x6}, {0x3, 0x9}, {0x0, 0xa}, {0x7, 0x8}, {0x7, 0x4}, {0x2, 0x8}, {0x1, 0x1}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x3}, {0x2, 0x5}, {0x1, 0x1}, {0x4, 0x4}, {0x6, 0x9}, {0x2, 0x2}, {0x2, 0x2}, {0x1, 0x1}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x6}, {0x1, 0x9}, {0x3, 0xa}, {0x0, 0x6}, {0x3, 0x8}, {0x6, 0x7}, {0x4, 0x4}, {0x6, 0x9}, {0x4, 0x9}, {0x0, 0x3}, {0x3}, {0x1, 0x9}]}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x3, 0x4}, {0x5, 0x9}, {0x7}, {0x1, 0xa}, {0x6, 0x5}, {0x4, 0x6}, {0x4, 0x6}, {0x2, 0x2}, {0x1, 0x3}, {0x1, 0x1}, {0x7, 0xa}, {0x1}, {0x4, 0x2}, {0x6, 0x9}, {0x7, 0x3}, {0x4, 0x7}, {0x5, 0x3}, {0x3, 0x3}, {0x2, 0x9}, {0x0, 0x1}, {0x2, 0x2}, {0x2, 0x5}, {0x1, 0x4}, {0x4, 0x3}, {0x2, 0x2}, {0x3, 0x2}, {0x3}, {0x4}, {0x5, 0x7}, {0x7, 0x2}, {0x4, 0x1}, {0x7, 0x4}, {0x1, 0x7}, {0x1, 0x4}, {0x6, 0x3}, {0x3, 0x8}, {0x6, 0x7}, {0x3, 0x7}, {0x3, 0xa}, {0x0, 0x3}, {0x2, 0x6}, {0x3, 0x6}, {0x6, 0x1}, {0x3}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x2, 0x3, 0xffe8, 0x401, 0x101, 0x5d3d, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x6, 0x2, 0x204, 0x7, 0x7, 0x2aa]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7d3e, 0xe7be, 0x8, 0x1, 0x1000, 0x1, 0x4, 0x7]}}]}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 52.46904316s ago: executing program 4 (id=2134): syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = dup(r3) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"]) 45.108645435s ago: executing program 4 (id=2134): syz_emit_ethernet(0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x0, {}, [{0x60, 0x1, [@m_ct={0x5c, 0x1, 0x0, 0x0, {{0x7}, {0x34, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x28}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) r4 = dup(r3) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82"]) 33.089685379s ago: executing program 5 (id=2843): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x7}}, {{@in=@dev={0xac, 0x14, 0x14, 0x1d}, 0x0, 0x6c}, 0x0, @in6=@empty}}, 0xe8) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @random="f368656e065b", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @time_exceeded={0x4, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev}}}}}}, 0x0) 33.089338391s ago: executing program 5 (id=2844): getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r0, @in={{0x2, 0x4e24, @multicast1}}, 0x6, 0x7, 0x4, 0x1, 0x0, 0x5, 0x2}, &(0x7f0000000140)=0x9c) r2 = dup(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000180)={0x9, 0x7ff, 0x4, 0x8, 0x7fff, 0x7, 0x6, 0x2, r1}, 0x20) bind$alg(r2, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000280)={@mcast2, 0x0}, &(0x7f00000002c0)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=@newtclass={0x38, 0x28, 0x8, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0xffff, 0x10}, {0xc, 0x4}, {0x8, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x28}}, @tclass_kind_options=@c_clsact={0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4004840) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x6c, 0x0, 0x1, 0x801, 0x0, 0x0, {0x5, 0x0, 0x2}, [@CTA_NAT_SRC={0x58, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @loopback}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}]}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast1}, @CTA_NAT_PROTO={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}]}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8880}, 0x24000000) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x54, 0x0, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x2211a334}, {0x6, 0x16, 0x100}, {0x5, 0x12, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x873a6357f7f83faf) getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000640)={'raw\x00', 0x0, [0x5, 0x2, 0x2, 0x5, 0x101]}, &(0x7f00000006c0)=0x54) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000700), 0x14f4c0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000740)={r4, r2}) close_range(r4, r4, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000780)={r0}, &(0x7f00000007c0)=0x8) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000840), 0xffffffffffffffff) sendmsg$NFC_CMD_FW_DOWNLOAD(r6, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x34, r7, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NFC_ATTR_FIRMWARE_NAME={0x6, 0x14, '%-'}, @NFC_ATTR_FIRMWARE_NAME={0x7, 0x14, '@@*'}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x8010}, 0x20000800) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24048800}, 0x100) r8 = pidfd_getfd(0xffffffffffffffff, r2, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r8, 0x4068aea3, &(0x7f0000000a40)={0xbc, 0x0, 0x3}) sendto$packet(r2, &(0x7f0000000ac0)="5e77630a3ecd6ce0827d521c9a39e019c4182a0e57dfeba1ce8758dfd5841b2537e9961e5e69034353713a020e0dabcd1e43d5acdd482059e16a88371aa52747b19ea442a1c1084f0aec2c17628e6d4da043d232a20fc21df3f91633f78712a63949b1c9ccf55671738d08ed03d5ad2213c033eb5cdc6bf27d57a35b29bfc9b8d251960eb34a7db8df9a17a34d0772f95f6d1e9207", 0x95, 0x4000, &(0x7f0000000b80)={0x11, 0xf8, r3, 0x1, 0x5}, 0x14) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r8, 0x84, 0x13, &(0x7f0000000bc0)={r0}, &(0x7f0000000c00)=0x8) r9 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000c40), 0x2, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r9, 0x84, 0x16, &(0x7f0000000c80)={0x1, [0x0]}, 0x6) r10 = getpgid(0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000cc0)={0x0, 0x0}) r12 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) kcmp(r10, r11, 0x2, r12, r8) 33.088698162s ago: executing program 5 (id=2845): sched_setscheduler(0x0, 0x2, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='htcp\x00', 0x5) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$vmci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00'}) r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x319c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f0000000400)={0x2c, &(0x7f0000000100)={0x0, 0x23, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) shutdown(r0, 0x2) 31.320255906s ago: executing program 5 (id=2868): r0 = syz_open_dev$swradio(&(0x7f00000001c0), 0x0, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r1 = open(&(0x7f0000000580)='./file0\x00', 0x181242, 0x1df2a23c5997fa5f) read$FUSE(r1, 0x0, 0x0) r2 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs$namespace(r2, &(0x7f0000000300)='ns/ipc\x00') statx(r1, &(0x7f00000003c0)='./file0\x00', 0x6000, 0x100, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000400)={0x0, 0x0, 0x0}, &(0x7f0000000440)=0xc) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000009c0)={{{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@remote}}, &(0x7f0000000ac0)=0xe8) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000001040)=@multiplanar_mmap={0x7f, 0x9, 0x4, 0x8, 0xffff, {}, {0x5, 0xc, 0x9, 0x6, 0x9, 0x62, "6f9e0bf8"}, 0xd, 0x1, {&(0x7f0000000fc0)=[{0x8000, 0x5, {}, 0x7}, {0x4, 0xd56, {0x10000}, 0xb80}]}, 0x8, 0x0, r1}) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r7, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r7, &(0x7f0000000040)={0x50, 0x0, r8, {0x7, 0x1f, 0x0, 0x1204020, 0x1, 0x3}}, 0x50) r11 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x24c01, 0x0) write$FUSE_ENTRY(r11, &(0x7f0000000340)={0x90, 0x0, r8, {0x2, 0x0, 0xa, 0x0, 0x800, 0x7, {0x5, 0x6, 0x7ff, 0x5, 0x51b5, 0x4, 0x1, 0x7fffffff, 0xf5, 0x6000, 0x9, r9, r10, 0x6, 0x3e}}}, 0x90) r12 = geteuid() fstat(r0, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(r1, &(0x7f0000004080)={0x2020, 0x0, 0x0, 0x0}, 0x2020) fstat(r0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r1, &(0x7f0000002080)="b1c7be372de0a5f340dbb71218b3ff2f138207c2eebc07051073ddb8122f7eb3cfa4c8072d089417ba2a440ee032f4fb81b7b0e626567105c3bd07db6182bf31cfd9c7176f83a66fdda371b0440e902b7a213db9d5b34e9d3d25ec1d95fbfceec3cd5ad8d6ae7491304487a2a89c3f1bd29d0e2918d3b155f67e8595f38d49abae8b290e5a9613f5861ecfc4f14e635c9036589de61837ab5ad3ceef5ddeab08767d304d09037b6c78f3cec2adcc9b37311aae000e136ec8d579d78864547b52112e93945116511b2ba0f5bf64a89be3906f921c123cb9c05fd40c8ea02c08041fc145a445262e1f5c6380a076b1de028a22e749b268e957999e0d582d2d223c5824459932df413e86a80952aed6e024bfb5b0fef7cba8a8d5fd69e4b839e9cc2282bf8c62ada450138c331b97c4e9c4b1fac0387f009d2054ffef5da10dfee7301943ed629452a013037fdeb0bc0e0a254eaceec55eb86ecaed5fb05e3060e2dbc1c99794bb20600233d49b8ad820b97b3abe367c45f1588e4bee7d95126ef38284709f6c72cb7bc203d6a20bbe32dfaa8f7f1ea57f09b77792a02f5a3d070d54c8e127474a0bc377cbe0e60317926376a49cc8a04baf176efb1a98dba4b42d6a78b9ff7512abd3da2a8557eba3ada5d82863a1f9e3cb45e5f1e881e2eabe5b0b1dfc297c8c84438201af224e23cd94a061d4c795576e2b16cef708aa3934218df374202a8b72d92529b2885cc29d6eb0e050ca4a5ef8ba05a5d33b671cca945e6076375bd9c08b1437803c7fe89d64d784db7b375e18b53b8a30746b92fbb1cd9643d1bf3c6a7563f601fd8e0c73a303beefcc1b60f165e54bc30864da38c0d2e486dacf6b51f84982ff77645d607464e384b8549bc131d4e0ece6ca088bf05e4441ec3f105cab82d35aceaf890defab336b96f6de778e39cade3724cbf002b872a7efa24cefe65be843e53dea68812f9281b6db96e849e964e976e2ff065630d17c737714dce05cf69dc2341abf86cb78a2d2d32668a1515fc078e5344f5b300237bd370cd85263b4b5dad046464e9163bbe341b438df1651f00c01fa2c4412d0aeddcb11c3e71fe491a4d44570663b3cf3823499534752fdb116ddd814ae9d4375a1e19b79245bfb6438e302005b04f17d88741599206021c5216988edbd261d2820a2667d7419bb2ba7254a9586d3b4e0f539a9940313704e2e2bb149cbc7495821ab5c9e780def9d72df45fef77682e27ea5771327f6b267b7b04e2a82f62470e665f9ecd5be07fb83aab3cd3dea1f7cc0eddd31b0aa7230fbdcad713e09ee20cd2b497e8a92b9a98ff433d6155064606c4d5bbab9d3ba99a1169dcc4442f82a1571fcf6ea7dbdff744f02b88290ef07f8b8686c6b2b4a7332d4a30e420b3b180f449fa22ba52702cc371813faebb020dd3d40c450e403e31017d7539b16728b022d4d78afaaf737f324945ea2e8af984e287a2832e2397c6c488972dbdff43b6895df6c2e72d7549dba8a7decd700e46e84ace15f15437d4722a25d0b79011af915f8581b210f441445371d8d1efae4be771092934210c4d5e05a6b227947d40a81ac82b92cc5f9abf0c820f9ac1714a280a416a41de02a048faad95d58edba3e576602285f77efe7a04eb30207d19fa7447daf2760ef7c6716a6649ad32ef03cfd585294a6ac70bf084f5174fcf8bb3b2d1dae64d656c10d692cf3a8f9d63f30d89f54043cd232fefe76113127c6b07fb1332ecbca69a3ca7cdbf316c6d1dc47091413ef3e861923bce292b97577d20fedbb2ddbf5845f2698271acc6c939fc32a2c27203928e920fa8059822d9829679816976114946d19f32bea8e7365220f63045a84287ffcb18708103d5481c60e8ffe80be8d33503ad10ae6aeee0fbd1b7b5dfe4413cb1d4d8d68f1ef6f34e45cae4dd76f6c121b450f717c2f5dccd7b0cf3bf8b178d4b5991a51c1a65f6cca08a4d5f3d4b6dedcd6840477bd3d21b9f53efac872a081180e078f05de4ed5762e53f086624a2499586f8d0bda1f2ff2410ec2f1c8e38b97a1b1ab2c374eb32429e5915b6505f5da9b70521b19be551a6698cc95bc5373c8a15268236a2bdb55e4a7ebc64bb7a38ae34c29f8075597ad16789d09ecd2c6ed4e7e4a18dd354292c9243ac4be616e82f5d12e209ca89644fd586c46c0949f1353596f3d6b31cd00ed1fe5e6fadad2c9ffbec7c59c7b58ad9b638f00141e1308bc1cabad7a7e7b5dda77cf6f86cf9cb2d154954a1b796c910aad312926e68fff8853e504d15e0fedfa5c40aee348f6db3525e1030862fb3612aa26fd8266a40640da6d1464def51b002bf86ddaebf441fd228d2ca09b9ad560e8110366ac0b7b966102f14fbd228f3ea11f59deb51dc93bb1649a7edf69cf8b27ac0ca8728e39de8f8c1a29d404ee6952a05634d8a76178fc1ccea57f23bea5d5674b882bffa1cb64904cc730d2f89b0baf71b29c7e78574b2cc57c57e51aac4aaa1426c2a68a2a31ff2b00d9f53ff19327c469dc4e2d04f5e3e4ec0b257e8f2177cf6b6ad22d8a4422a31d9564d2721a07d01c1656ad7c7f4d17374170fdd88c73e923cd0dd0c876d0f8ed632bd75ece915aca7dc2de85970fc2734c5ac367ee8bbfad0ce8c06fb3e74fc0924b7b7ec6db0c1faa45b698b06db27065fed317278360e70b3117d6b67e6431a08b62cf2841871117d4bef96cc4fc88ca00057e04867d965ae7a6c80632cb812261a9655e69cf9199fd464ca147b0df5e7b3e0b9b9f646daad36b56a3a2540ab3c4c67dd9ff1c79bb8dd4494f0cbb78f6acb4bea54a52ce098d407cc9bdc22d124a2c637bc93c026607d525cfdc4e89e8eac73696d3211134b58c7fe7510b1451cd146d9dd10d5e4b5bfffab83cd94a2fcb364eb485efa7f473f0deaf211a33a0304f64217ddcd561456d9edd603b6173b0ca6a3fafc32390def7ffe5a3b843139754a5c453bea1c658f01df16fd74e85104150fcd77e2d916b115ccfb0edf8b6de24e8a2b34a201c8fdd919dd483f757d748d4ea0d9ca1bebe981007edd8e33d65ebf2fd0e7e3bbad431d69d7b1adf894e26c55e2955a5252090daa5193e7b0328db7d4e740c4c320cb8fb5d514e44eeb36c5796878fb52199859932a5190fef4c769a4b4a82ac6386089038a7aab605ead770a3d682821dc2ceaeb763719a6e11ace0b612253ec34a8b6309f65e5dc8e8aa14747e30e80de19e3727c12b0bac78286856efb2d62ffdf03ee482cfeb7e21583b1aa97a7fed84398f86d366ae4e1e3589ef0abac84f56ebedfb7ec79a575ed525cb6c0608d40210d22f29276c336b4bd619b16260a10936422cab200f282d439f4fd87980475182221d1c6fb143c402d578c1415a7cbe6f063fb49cf91e356e455f721fb5f34a1922b340f1195b294a63dbbb2ab2f76b3b185e1f241a533b3d7865e7314b488b9ca7a696687d0b61adf557b8f4d36803a528ea688d8bd6c78fca090d211934f27b6ce2ac12e18f6a323233a3a73afad7323507e5157e0dc2639d1dac318dde7b5cbe0f9cd84b4167b900b22be89956dbbb3a73b3eb3b9b738fb16633a87f266a129296d57781bf724d087e430fc9e6542e3f7ed8a18987ea83c408ba5c5ca99a5494e0388c83b0459e323b3622360dc1ce899b424b5c5b03dcdad442d8c35690d2b4aabdabd9e483c250ef086f6c10aa28e0ae7db31056fba2e1aa3ac296162e891e9338bf72dc3d9be0715d37c4dc474b3b5ff6669f7c7a13b65b676835cd6c9d1f275ae83c296e998fc33c4781fa60e8f782efa165c926948a139edeba91ee6b20bc166237b1a8e002cc2488f7a339a88e177ee4ed8e4db2a9ccd5e6853f796075d8d8614369faaf327e532e3ea91284194066a469b9d83e1d3fcf4465f893e73923e0c853e4f9b561ab9ce7ec621052fa3a297b629a682d172907d10db9e7b66154b12fef6376f1dd257380db8cdf6570e3e51a65352bc9e3900df930636bed61e598e790d5fd84ce0e8b67c0e3b22a8c3b8bef916d87b64208bdb93ff8dc7085ec0cdcb96e08e493edf9809c0ee1f3dbab091b74c28f9836cf1ff17d4eaee150a1d9895f887f64f8d15c11f193076c6da063233e933579b589ebdd244916d6d20ec5a5b5bdb10402c11530b88cb859989deff53f9bff9364fcc9441c830a331720aa5bd5d014fdae3b75ff80c4c83198cbdc258b65f54830db46a5d049265bc6aa862f28b290222a6b0d306244ae7f9f2974d27f78d73f0ea49d082188c3343859327f0093043b19d96a813cd133ac455948fa1c8f22711a48dce73077ffb7f891a3a786c4475d84d01ddb39115f0fa1cae13d05b6f240fbea478db4ce084b481df5c6a9cf675efd873748f40895a1f546fa17f553399aa27b4019453c4071392813d730f82687686df157101bb316e339d847782dfdb94ac79579a60620738ab1228adae60f97167adfe9d7d17dee6028426310490b436cb32eb9bb8be89b4da62ce6d3833267b4ecac21ebe6179f71145a2200b99a8bd8449ad986485e6d045649c9d9c35d50836c6b3654c7acebe195d3bab2d172f6a7e8fe0b15ae4de6c4d08b4e02c800d5b98e120a81179562babc1125aba3c6477d91d443fdcfe2cea7fa11b0fbed1267024aec1f038271bab727fb974927278e4eb8b724132b3d53685bbb80acc56f243e3fd0d48b69208dcf76769135d376f1295ab7a31ab372d4e8792b25a6ff6624bf4e188636c652218caec25f80820e859ecccc9d4087efcfc5d50f4efbef089a463e622c7b558e3bac63a3767199253eb1703ffe10f7d2156b9568c7aaee1fdbdfbe477105856b91576fcb88bf06b0f22824730f4d43bfdfd3f810d3390dceda52f81bef9d6db674d6d895bd535b39747071a5eb19c7569c8b7df11490089d2e79d1c536e7673c3a180d72bd8b695b931fa25ee88403a8fc8cbb1e324232356bc704faef9f1c1bbb8628f4cae13741b55fa46b375497ed67708062c7e35da8c80893c28ccfb6297a6b96ef504cfb817663cc8f08a30eb589da6183d1685d24d5cac4b838e9db5cd51f458146e5a20da0ff84e4a01eb2c4e63755a69f43c6f6a05c378b19e7c93311fd5d4caa9e7e3f75c95c573a0ef9fb8a7bbf2ec3f284be285e084e086e743335280dd02cdd1d6023e3232692a47a0d87cc4f0b2a3ab8f6aa0fce4b7810700773df4cd26d7e9d2f1ac6274cfb3f0dd1b3af4c3675582764ad7a5f6d6818e2e4b425ce0f062673a871559311602cdddff09ceaafc6b57ae3a2e261c9b507cdde3ad563c56a428ec2e8f50e4a6b3d07dbc6eb3b984ca49a00720efe8c35b902f10925cf1f2f7c4e76a21ff6beb57b87b76861b20ec84d149ff5a20bc6561d6c365e7ccba263807de9800da26c48d42e232dd1b560c914a94b04e3ce02e3cf4ff9971eae1c36a2db53ccbec8d0cde736c120a6aa93830fe578c72e128f65b7b3147fa3497b5242090d7332307b89e8c997da0c0f0e4798b0e542c0b57b5abc80b3b3b2775777ea19120de1162d6133abc89c91e48d7cf24d429e62b3f8b2fbc508dcfe42e040fdb0aa2005c672662b8244f0ed0a72786de4c2ee69dfad82c2912e5d6271abb6f766ad027946fcadf007b2a989351c0af52f0eefb0b8c08db6ba188b544061215fdbb995122160daadd9e249cf3e2b70586269a2a73c8050f1a8993236b7c45853548d2997820ed97878e1c50135a2583d4a29c89a3ae55b2332fc8e41f670622487880f6747f7e01e7409c2dc6edf336c1eac6252d2d953b011683c3b4372eb326f3d6aa742b686e7784b86523de15f68d8461bd0b8b870ea02f248499b7475bb509bd76b9a49e3fda51b85ff06105eafebd21507f4bc4b3f11440271fb605a421a27480e4fbd1e6971098e153548bfd50fefdcd1994e163d8f81e7e1122b721f00ed412346541664c0ac3f32a4e12406f350065790df592f5f94424d39b511f7ac598b4bc119bc7cbe1caa1d91349e3ab58e0c0ac84e6b22243ddab75962fa285652f113d64a6507c442e4db5f6a9bda5585c8635e9a704ab54cc295a1aba90d887c30c9f338bf5dc25c487f6c2c1c7fb701078804ea26bc5d2d0693113bc9cce6bb7f5cab9b113803239979f1bd26dd072a6b7031fdffadfcaede25a2d822c12f07a1709d3e165b8bd75477d390178533e24b6933777089d8817155726c5daede7a66118f6e34f7a26b53fb5763c2895a463de332f1674f33049850a26991dc986be0b8733c9179633f16b8d2c474038e1f0b1610338d6e6208273d316ceb9a29dcaea5a167364dfeb0289275963a5897c71c54b2ac0cc978405089aef6242e14678336d319c823c63aa0515b814dc1dcee1940c71cd53c3071ce2174091fb74dc26f22372a8216eac0cebf44d654476af4b4a40b89462b10a14026bb9f684c84768a8fd6c4c6f38ea53acd081a188dd077e60f7776fb518c20bfba2b2224832dba7b4d85b2da2e6e06b63cb01c31f8dad66b371c3852cc508e77d9da121c01969c3c8cd00babd890457d1c501231842bd1aedef0ed2fbff4be0d0b3b2be36b135c7acd770cefe96a9e83a6f8caaaa7d7a714a0f7ea9266f431ac4a6bba884a1269ae85db120fdb58f5e10630d6d5b088fabeb291c7eca2e1a07a592abdf7e440f8c64dcd971a06bae95b641e91d4c3e145ad675d1151383f47fac306ea518bf36f33b79e95a9b1e5fe4057990da50f00296e77f31e58da68c9ab9cb2b5c467e924fd69fee6854645be87046a34de2fa72a9409714e671298d1a1e1eab7f55435ac18fbf921ed07d750d4e408dfa65c9d8acd1b6f2ff42587d0f273821911c5e75bc2a72833f2ba6d363d51eec95dd91139c4449bf0d4fe6c49bd109eab44874acce942828140160f3569d64476ec72875f009b274155602553db1fc8fa20ba015b9ba216b04bf11b3d3e7a3758ab9b6d1ae47fb79ec84c16713295e2c19790635703bf3c092295898daa9d0891988f747ddadf83dac00c8a371b83df539804b72a6b5cf0a722787a36184eea42432ac78c61fac53e20f3882b3ecdd17b3fb33d47573cd59109f4a493425127c974acd2315265a806e5dcb57d4ee2c02ae93d7be0e2e2b48497bc197e817d6127b95287f53b0d9c8c54e74f6cfbb87055ce070b55cf3570a79b66c3c0631778240f8c1b5201caa705eb664728d982db2c0dbac320c1a1343752bb5f28224ef4cfdbeeb3009c8ac3fd6f222c3b58b15a0e81ab9c815cfc6e1e07bebe3b0802e6f3f2af7cff71f4cbc9ac50b84f5c2576adc270e812eed660ed35e3055f20e33ae187f031e76a12181201d811dbf76a9d5cdbd855e8676a3192cc3753ccade2b113ba7266ce8e20f88ed67324016685af24932e2cb10aabea2eb3505108546c9511d7c4d666085c49206617378841547acdad56864159d906b4278a910cd237987b23175b52e84e2668f8fd2550ddae0caf13861580b72e77b8e23ed296837fb996db72383a9373a9a027795c94d7ac3b580bfa4a4d4209a5b6920fd0abd11a4a4519b04cb9bc2d47c2e0dbadbd846a01c9b003fc4e099f6050b6d0648780728f803c0ee43297b5bf8d12bb850bc5d404b937c413b16a9b704844b4e1b33fc2e5383e29d5308bcd4ad5309f90601cf2badc47285c94fb6a15b9d084a08c3364051c095ffbb62d5d065413bdb3f8d3a2fd4ca66f4bf48f93450bcc6e0f4e2ce634fb35ed121a2d035b0590398011dc4c8df69a053e4f1111a139a4e5a98ed7abfb9c971b8d2d4c32ed3f8ed8a32d271d66b5cbd91f71081f0c95118255760279ac25691b706bc01177cf013dfbc3a1b4f92f0c866e5f12245849fe828acfede53fa43f8804f0603a0837c56c76ee1a63d2519b929da396841bcc19a1b074e3c2ef7e82d387ac470847c5a91b3a0f78a39589f857f8a3f592bf50b6846eef0fab34767582354eb4b2a5462d6c4db36a409d79beb8efc6154b3a57492c39068926fbbd0bbeba4ebe0627c5309421dd6caf18b4404a7ea566fc75e63bf360f4789417ca69637a5d5ea36f011f18ad790f0e9113d7cd7fbd576294591072e6d646c872d83a5a6fe87e5390b52ef8aa670086f5b5a6d26f6e179b2162c44f748914c33f80a61604af44dcda4e895d3405b34d58bd0c802d7b04ad1f22239438c41162feeea6fdc08a8421310d6d235e4de0a0d587febf04d8d5f2a34406550aa9a652c8b3a27355fd7f0ab22ebd2283f1549d0ad3d36c3a0f9c4b68bc881674cb5ab074a91571f9a5ffdfa482e35129f1c85d909cd50915e0854ebc6e503b270c47111fb8a154a9e1f21cfab74edcd54c9d1b5b48fd8b03ec7d2b6a87840003d13223d778ecf6f2833abfec61d0a6c111b3c47f07b8560cfc5864bcbad4013ff3f7b6f531648c033bd2adbe56c1e9b0e45f795ec7ce65b284fcbef325d1839f2dec9e8fce21bcff177217efa714957eabab4a81aa9d4d0bd983ef9cd5690face929e5bf33de7b03fa3c6171510255b0907bce9f87a902ab00195a95aad32aea686ab96a611d07375bd90a0132dfd78c0b660eaea45df2f1501ec92cfd7c7c728b33149b0b7511da31dc30f8347d8767e6f6334963b8e0c3660e2143571466b15a9d5039a2ee60998741898bf6942c449be8c1663f8235e302c40b75b60539c72c6b7583f9b74674d5f2fd1ebeac4cfec8c140412c3f0fb3bb054a65f839d9abc331ddc09ad0017c632686632ff4fbee1d340475720b89998807568b0603801ba4d3a24302da3f025404a02a66d50f11b8968d40ed885d30f9cd91fe75db2fd8bf8f93f0d44a03b46636a20421921f360a6e89174e8611831563ac6e39d34d9c07d2a6088c69579ccae0aab4cd6a8bed1899419aff7d5d2169f6b248ac4562492825939808ea245f09a3895bb5c280a4f977fccc412e9cc58fbd6d6411a5c6add3d3d8e7e9fecdda6fa3af7e5af626e3721129ca41dee57ff1ccfe93bc83f1107baa35b4ef7abd900743e86fcdb5496c65a8f50d46231cdc9d3460acae8bcdf055fee6af0c3c43c06723f619e2d96386a8cc41fd81b9bb1e4ac895412514b6f6a41b89f3e39f940c32c6b879231bbdcb00603cb193060a1018af8e42ec4668c648cda9ae8be4052e9868acd86f572d72e401633f180bef2088a3c10e7ba1fc1b58c9b646e141313e2315c7494d51b07b76dbeadbed604def3192a12a892195f0692e460204447994bdd44f0e3fe0945f4fcc51aec1e27554f52e9d6589cea97ee5cf8e73ff8c8198f417b5090996f547a8a2845b666e9da85cc897af2d3962ae909707cbedfe2eb437a7ad1578a72371581e5483843709a75d5f4084e86aa2100d58d05ca9bde1dfbc533d4f961134828c4a49bd5ef225bdaa62d99342f89fb2d71e12572a4e5a78b5a836938c8518d85764ac8a0cfe2e94de3150f3965f4beebabc684d729293edfb7bc0cabeac7b9decd865ecabc463fb1b540a108e89cc1768519adf9ff4a09251a23a85d7188b04af0933e931c1c707f3a4dd62dda81f5ade59845df75e80c51285c180bbc7a0c5dd980ae285f1f5ed446e7bc08327fd74ad549b85acefdcb116b7f5d11e850fb2256ea4b90e8dde019c13605611c0fb3832f210548901e5ca599558033a98e06115730f7cfb5cbc7a6586162ae4386eb5d73c9258a66a2203defeccb8414d706c1d1aaf5552ff814417e315e6e8c6432b43ff27e1ecdcd4d38708140dee7458baaa4ff2d0da07de4bd66e9bea95f95b5ca81fe252a882512e6033bd8e56c39c9829d4ea5486c713ea35230c48395232ebac2f4c9689dad99e388db0abeabd42be00e387a92b571284b9f90f7d4eb0bcf647228d556768546a3f04c3d7c5d7f631bf5e5ee002bcd13dc6b24ee811a409e10295b93f2675822f2be9bec03c412fc72720560616b37dcb8ea8c6e79471be44e0668cee821afe28b3fce79edb40f2fed5e9052f8cb700f561a5fae118864c587fce1c2f9d13bc776a48ecd0ad3f33df3a9632296079216d6d1ba4d3a537b4382bccb9f1be2c9be08f2dcf647c95b3e590c21780b8f35a5395802856dad63dd99b631db399cb933f1867f255c67c2593f795aee9c36230c901246d9ddc98f33e8938c2f15c5b9fd3638c78a4808b4004ff2c7b49c0452aadf6f7e3ebc7b8722d2f319fd852b47c4a91e33884ef5cc38b0a00b3d1cd928136fd781299158ccd5016d14030660d37ced8f749a58f8232494091dfeb478c26ffcd189706d06489cd50d2b5892f5d3487e5fc46db6d297d6045af20c63e540961607cdd541f882fe9848f6dc998a9a078474e7285930f0faa1d455337b2e515197cbd0c7528a8575a4f6fc9a4232c4951979b2bd1faa38bfb62b3b84df1651ab01b47abca78cc991139bef32987e13f34f22f9b5f9b45fc91d136ae3ee2b319df4e0aee528b790960392b47c46f95a5700b8b5146dbea8963473f1c2b4178cc2f5379bd0415c2b5578508e937eaa82c8a5e5a28a836bcfa08b199b5be4d19d6055979b75cdcef401740928421b3e34809acc3b0243837258f48df86f1d7d4f8932ea7c9214a3288078a32e19fada166093f1286010d6d4777a008a11b3745590e3d73e2de9eeadfda6923e3876d99ba86338aa7eeca6dfcb3a13a263b5142476aabf2457f2da01529909245aaa017f242ef1027c812614730cc0b389921ab2e5a7156cbc035500656cdaa9bbaa00750541d3f95d24d1fda17b8ae50cb61f56a0f04e6833c7503848d911cf3dec37395469ada07e80ba794c03190c40add05accddcb91630d1598addf85d243158e0dbcddb36a9c9927d78de4a3e5bd47b6f8a0616056c6acd27420932636eba3efdef36773f496b4349a2efedb83149b10b159aa5032ecedfebf525d56a8a74eae8f9653229de33f290d4d0d958123d150d36de89d4198afb7611c0f2659320bc6b1311fa20fc909e70c5809c381ba501de6b682eadaf629900abd1b063f9fe77d718bc9ab5186369deeedf06e46da4cd9746b17e16766ea63c9a2ce4411379f0cd8dd84de47634dcf12b1f2a4363123c224ef0bb01aa3c55dfb25d010d3c9fa6587a0651bafb5b42689947e7ac95e247c6061d6cb5466536d6ec2ae96e387f29957c500c4ac1f166f263ca3cb2e23132ccd5f5c2782e26703b91184f9f595db37d7ef41c4e3faa40e004a7234c95d6166efa578ae8acd172ead8c74e14e37e00c4c121a241d7670d5822a5bceab1602059ad0a7e2309c237dc5bdbaee1e2b92af03f08ca4162ca14dc7cc75b84a96c2704c74870217b69adfbf10efc211c82d2bb7e4269db1bf47484da58ff0e91d498899a668bb824125253c74b888670054d2e68c9c35655e61f93095d6b662147174ddc71365212f552a9f62f718b06208716a0f3742e3aaea6cccbe20c6a32eb4de861bb801705c16764f8b6520be211b4a32b8d024102b7aa9c575366a32874e40067b77a34999a452243036bcb34027b014d3aa814a311d233898e6510a98ac27000274251caee917b1cf35d815c8348250fc406e9404088b86b5d2487387a08e2d8f04be80f75fb4637d151be0736de66c2189720baf9f04c0291769edf44736ad4", 0x2000, &(0x7f0000000f00)={&(0x7f0000000000)={0x50, 0x0, 0x6, {0x7, 0x2b, 0x8b84, 0x2882c05, 0x5, 0x5, 0x0, 0x101, 0x0, 0x0, 0x2, 0x8}}, &(0x7f0000000080)={0x18, 0x0, 0x1, {0x7f}}, &(0x7f00000000c0)={0x18, 0x0, 0xffffffffffffffff, {0xb}}, &(0x7f0000000140)={0x18, 0x0, 0x10, {0x5}}, &(0x7f0000000200)={0x18, 0x0, 0x2, {0xffff68a9}}, &(0x7f0000000240)={0x28, 0xfffffffffffffffe, 0x2, {{0x1, 0x9, 0x1, r2}}}, &(0x7f0000000280)={0x60, 0x0, 0x8000000000000001, {{0x8000000000000000, 0x5, 0xffffffff, 0xffffffffffff0563, 0x5, 0x7, 0x10, 0x3}}}, &(0x7f0000000300)={0x18, 0x0, 0x6, {0x2}}, &(0x7f0000000340)={0x14, 0xffffffffffffffda, 0x4, {':,-\x00'}}, &(0x7f0000000380)={0x20, 0xfffffffffffffff5, 0xcce9, {0x0, 0x15}}, &(0x7f0000000740)={0x78, 0x0, 0x7f, {0x0, 0xdd, 0x0, {0x3, 0xf373, 0x9, 0x8000000000000001, 0x8, 0xffffffff, 0x4, 0x100, 0x8, 0x2000, 0xbd, r3, r4, 0x7, 0xfff}}}, &(0x7f0000000840)={0x90, 0x0, 0x100000000, {0x0, 0x2, 0x4, 0x2, 0x9, 0x3, {0x3, 0xd49, 0xfffffffffffff624, 0x3, 0xde, 0xffffffffffffffb5, 0x5, 0x45c2, 0x1, 0xc1f108b3a2484d35, 0x9, 0xffffffffffffffff, r5, 0xb424, 0x558128d5}}}, &(0x7f0000000900)={0x90, 0xfffffffffffffffe, 0x0, [{0x3, 0x80, 0x4, 0x8000, '\\+[^'}, {0x5, 0x3b, 0x4, 0xb, 'syz\x00'}, {0x5, 0x6a, 0x2, 0x1, '+\\'}, {0x0, 0xe, 0x4, 0x7c2, '}.\')'}]}, &(0x7f0000000b00)={0xb0, 0x0, 0x7, [{{0x2, 0x2, 0x8, 0x1, 0xd, 0x9, {0x5, 0x6, 0x101, 0x1ff, 0x0, 0x2, 0x1, 0xae, 0xac3, 0xc000, 0x40, r6, r10, 0x1, 0x6}}, {0x3, 0x2, 0x1, 0x80000001, '!'}}]}, &(0x7f0000000c40)={0xa0, 0xfffffffffffffffe, 0x4a, {{0x5, 0x1, 0x40, 0x80, 0x40, 0x81, {0x2, 0x6, 0x100, 0x0, 0xffff, 0xffffffffffffffff, 0x2acadb1e, 0x8, 0x7271, 0x4000, 0x58f00000, r12, r13, 0x5, 0x5}}, {0x0, 0x7}}}, &(0x7f0000000d00)={0x20, 0x0, 0x80, {0xff, 0x4, 0x2, 0x7}}, &(0x7f0000000dc0)={0x130, 0x0, 0xf, {0x7fffffff, 0xfff, 0x0, '\x00', {0x4000, 0x4, 0xc, 0x0, r14, r15, 0x8000, '\x00', 0xb89, 0x9, 0xc51, 0x8, {0xd, 0x40}, {0x4, 0xd4}, {0x56, 0x8}, {0x4}, 0x47, 0x4, 0x2, 0x5}}}}) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/cgroup\x00') ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000540)={0x4, 0x100003, 0x2, {0xb, @vbi={0x50c, 0x1, 0x370, 0x32525942, [0xb4ac, 0x5], [0x5abc, 0x4000003], 0x2}}, 0x9}) 30.460655413s ago: executing program 5 (id=2876): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x84, r1, 0x5, 0x0, 0x1003, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @broadcast, @device_b}, 0x0, @default, 0xc01, @void, @void, @void, @val={0x4, 0x6, {0x3, 0x7, 0x7f, 0xfc}}, @void, @void, @void, @val={0x2a, 0x1, {0x1}}, @val={0x3c, 0x4, {0x0, 0xf9, 0xab, 0x40}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0x0, 0x1, 0xdd, 0x8}}, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x11}, @NL80211_ATTR_HE_BSS_COLOR={0xc, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x25}]}]}, 0x84}}, 0x0) 30.370618992s ago: executing program 5 (id=2877): open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007) (fail_nth: 2) 30.291069494s ago: executing program 36 (id=2877): open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007) (fail_nth: 2) 2.340285762s ago: executing program 7 (id=3159): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x1c1900, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x40000}, [@call={0x85, 0x0, 0x0, 0x7a}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000280)={0x2, 0x0, {0x1, 0x0, 0x2, 0x2, 0xd8}, 0x5}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x16f, @tick=0x7}) 2.290324904s ago: executing program 7 (id=3160): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_TABLE(r0, 0x0, 0xd1, &(0x7f0000000000)=0xfd, 0x4) r1 = syz_open_dev$dri(&(0x7f0000002580), 0x200, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, 0x0) memfd_create(&(0x7f0000000140)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\v)\x06B\xf0\xed\x91 )y\xb4\xba\x01\x00\x00\x00\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x03\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xbaL\xd3#\x87|J\xb9\xd0\b\x00\x00\x00\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\x00\x00\x00\x00\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9Z\xd9G\xb6K[\x94\xfd^\xdd\x04\xa1\x83U\x900}!\x8b\x0e,M\xc0D\x15\x02\xde\xda', 0x0) (async) r2 = memfd_create(&(0x7f0000000140)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05V%$6\x9fU\x86\xbe\xcbx\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5\xcc\x8fI\x00\xf0\xc9%\n\xa7\xd6\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2L\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\v)\x06B\xf0\xed\x91 )y\xb4\xba\x01\x00\x00\x00\xad\xf1\x92/(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\xbb\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x03\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f8\t\xe7X_H\xd4\xe3\xb2,oj\xbaL\xd3#\x87|J\xb9\xd0\b\x00\x00\x00\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\x00\x00\x00\x00\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9Z\xd9G\xb6K[\x94\xfd^\xdd\x04\xa1\x83U\x900}!\x8b\x0e,M\xc0D\x15\x02\xde\xda', 0x0) fallocate(r0, 0x0, 0x0, 0x3fffff) (async) fallocate(r0, 0x0, 0x0, 0x3fffff) ioctl$FS_IOC_RESVSP(r2, 0x4030582b, &(0x7f0000000080)={0x0, 0x0, 0x9, 0x100000001}) 2.290187762s ago: executing program 7 (id=3161): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x1f, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x65, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e22, 0x4d, 0x0, @wg=@data={0x4, 0x2, 0x8, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76d"}}}}, 0x73) 2.13970089s ago: executing program 7 (id=3162): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x0, 0x3, 0x14) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001600010a0000ccc0240000000000000a"], 0x24}}, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000019007b29e00212ba0d8105040a601100fe02040b067c55a1bc001400090006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5000000000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x40) fcntl$notify(r4, 0x402, 0x8000003d) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0) mknod(&(0x7f0000000140)='./file1/file3\x00', 0xc000, 0x9) rename(&(0x7f00000003c0)='./file1/file3\x00', &(0x7f0000000100)='./file0\x00') r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800c001a"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) write$P9_RGETLOCK(r3, &(0x7f00000002c0)=ANY=[], 0x200002e6) fcntl$setpipe(r3, 0x407, 0x7000000) fcntl$setpipe(r3, 0x407, 0x100000) sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000002c0)="b74995b4bbde1ce8937da8cf5e10a4eef70ea5f337277887f8f5279da0547441dcdaff3db50b0ccddd32c320e8886e5e9d604467ac6006897bffb2a156ebd366cd0cca4ba0d1e14cb630a246d8a813272e16a1004dbb2bfadbcdf6d54a9be7943ec8e59f7d191941ea6a9ab156db2b5ce8c4a8b4817042de90bdd1f2a7febc19c726746f085254e524f23f1967244100fb995fbc1817cc5cd433af6087adf491d594a88dfc3edcb15b81304bf161b05fd0a1f4a13ecc775f0aa54fa196885c587ac51ce94d0c6cf9251257a93c0b74d06a3dfd337a727816461d2936fac722e8a4f2bf", 0xe3}, {&(0x7f0000000ac0)="9b7c46ade1b4c1eca8d730f9ffe07b147afeeb1dadeca96929e2896bda27216a50cf2c0a1dd1de303f858733cec0cc475d12b5610aad3cac28cc15aea9b22f487636bfc22ba9203e5993dca6d2628fc2d572d9e2d27187e2610c37338e081b", 0x5f}, {&(0x7f0000000480)="4a9bd3561e8f01f90f0cd566ceba8a951788fc275ba1be31ed64f422ffb794011a89d9549cf085ff5c301a3e4d278fc1af1e12bfd81a8a1792192deab758aba17233c7497e52307b3715d7e131523b2ce2bc57733e8b1838840e8a5a", 0x5c}, {&(0x7f0000000500)="5d5f7601b5b070c643a115672cf8872d43c0d92a27f8c788a611c7394b637ef1c51409ac0d1cbe5459ca70ae02f1020150f91fef6755aa0041e9b17981b5177e6c0e6719f4dfaddbb7dff29e69f821a8af418e338117815510491bd823c0cf2f67b67a77e5a0b336d5a27d7b663f7b229d347cf7c98d1070a0f8857b8083194b0d4daf21f4c80d4c493207d0af8a196d3a3c9259da7a4a847b5eb62d3191e818c10f5061bf2a8571b2d8", 0xaa}, {&(0x7f00000005c0)="ea1cd7b32b6d44dbdabd73b943a4c19144eba31e13c0585a37ff8fb53f93582c4a773e8cf642267aa8103161d95b6ecf4a59f56cf3723ffa4846782777d780d94abee226a025d41d3552b9fe87026177b3129ef15c85022f1b52b3474e260fd8168b21862a554c4c519704040c87b5e54611c817ae5b8a81032423716bb97bbbbba55c8182e6fb540bd9d71c803ee0b7", 0x90}, {&(0x7f0000000680)="26433838578c97aafcda496e9199817453a0bdc7a1a2d33fb14b87049ba8d4d2033172d925e2c7e026b23dbc17ef372e3a0c051b0e6dfc0bb09bbf67c873ac7447b08c2634d401e1daddf6b9f5f3fc2f912a77e51cbcebf6f03cf161f80f2595b4e71d471ac72322b5745d96a9460ce603dfbd3c0a285468fb1eb3f922fb3aeb03bd493e230b1a43fbec11658dd9a2fd597f1d6d94075fcba563e8458775c1aefe4f21eb47b902a30e08abbefe921fccce4fc6e4c7dcaa53b05b06df9ca60ffeffc2737bf3ad374cc90b5d6830323da8b67958ad5dd1d984a1ab43490e8faa8c3c0f04aae83dd6", 0xe7}], 0x6, &(0x7f0000000800)=[{0x30, 0x111, 0x7, "629c8d3bb68a98a333136646cfb5492f7aa63c540e325720110990"}, {0x78, 0x6, 0xb, "a4ceb743dfd3c9a27378116817e1c7b3b37822d51893dd5c9ad2ec6a6ef2edec881f95e1fc4343b91338ccc256d62049c158cb74fd6e669ff47bded542cb8c56776f0d72693df9446bc4ca98a2d6e3da5b5a19b7d5d7421a9e5e9c1c346bd04d81577875"}, {0x20, 0x10d, 0x2, "799a1a399d1dd82080b5"}, {0x50, 0x109, 0x6463382c, "08a11235a253a8fdad3498cfa0e2fbea91a8fc66913d7d02c535dd4fe6aae1db1eb08556b120f08f6dccefad1bd65cbb76d2b2e45d608fc334036f"}, {0x80, 0x0, 0x23b, "3871bca3f6105c0141c5ea76bb63a914b5b38e0b71eef1f68de7f5896764cc603adc1093ced323a881ce50e4cac7ca96ec1e541a3cbb5ad9c9092915eec410166d23697c99f989eaedc7ee67dd9df610dcdaab69a744c5f2637f2a3e0d1e11a3dfd6140000169fb29b40a69ff68013"}, {0x110, 0x0, 0xfff, "c1e50e980a49ee5e6375032febbb07491c3f80267c43e6a98c64708ea7b080a39a6510d9ca0fc5c9e0638de6126588aca6eae6cd145698323a5d86e6d6b5dac3edbece209943e4ef0f2ca8f53596e307d8c3c38ab4f3f2605bde235ccdaec0985bbbae62b54a7bdf7b7f9305a4808090d82a5b70f41bdca1d35ac850192fdcd9e366ba432806f2ac798ae45434cc86a5697d38559c7d401c7aa1883028d0918bce3d980efcc510b96ea717fd0d23505b717d149b1929453979c30011cb5efb27fd429ba14e3797619d28cc66e615d90ed3fd2b9aa777a2492f7fa5cf5b6223870aca792a32c766724f9cbaaa0cc218c85ab9b45a66b1112d34120a"}], 0x2a8}, 0x44005) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={'\x00', 0x0, 0x0, {0xfffffffffffffff8, 0x10000}, {0x6, 0x8}, 0xab4, [0x5, 0x7a, 0x1, 0x4000000005, 0x40, 0x66, 0x1, 0x5f, 0x2, 0xfffffffffffffffe, 0x2010, 0x4, 0x6, 0xffdffffffffffff7, 0x621, 0x7]}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='omfs\x00', 0x200000, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet(r6, &(0x7f0000003bc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000008c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x28}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x20}}], 0x1, 0x48040) sendto$unix(r6, 0x0, 0x2, 0x0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) r7 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x169101, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000180)) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYRESHEX=0x0, @ANYRESHEX], 0x34}}, 0x0) 2.139297528s ago: executing program 6 (id=3163): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x5c, r1, 0x400, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x10000, 0xf}}}}, [@NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x7}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xca}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1c00}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x4000004) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="b58d009071ce15713f05fb86ea97a251d5c3de68091a00b6c910e666325af87bfaa45164d77f60633dde7d00"/59, @ANYRES16=r3, @ANYRESHEX=0x0], 0x44}}, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003e000701feffffff00000000017c0000000039a0040008000c00018006000600894f0000080002"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000) r6 = fanotify_init(0x200, 0x0) socket$l2tp6(0xa, 0x2, 0x73) fanotify_mark(r6, 0x2, 0x2002, r4, 0x0) r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000200)={'\x00', 0xfffb, 0xc78b, 0x4, 0x9, 0x3}) ioctl$BLKTRACESTART(r7, 0x1274, 0x0) fanotify_mark(r6, 0x441, 0x103f, r4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="060000000000000071113c00000000008510000002000000850000007600000095000000000000009500b50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) mq_open(&(0x7f0000000040)='devlink\x00', 0x841, 0x27, &(0x7f0000000140)={0x0, 0x2a, 0xfffffffffffffff7, 0x5}) 2.047937697s ago: executing program 6 (id=3165): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=0x0) r2 = getpid() stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000002140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='initcall_start\x00', r4}, 0x10) r6 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r6, r5, 0x0, 0x0, 0x0}, 0x30) read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r8 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(r8, 0x1, 0x2a, &(0x7f0000000140)=0x2f, 0x4) recvmmsg(r8, &(0x7f0000008880), 0x483, 0x44000102, 0x0) sendmsg$netlink(r0, &(0x7f0000000580)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)=[{&(0x7f0000000080)={0x54, 0x2e, 0x300, 0x4, 0x25dfdbfc, "", [@generic="499661ee59cabdd917ed9d5570204c08aa9e55f68a84d4c763d958eff31458e862675f95cb50398d5523c9c50faac80736c42f64b07138dab0d2782054f9d26a8bad18fc"]}, 0x54}, {&(0x7f0000000100)={0x18, 0x26, 0x100, 0x70bd26, 0x25dfdbfb, "", [@typed={0x8, 0x32, 0x0, 0x0, @fd=r0}]}, 0x18}, {&(0x7f0000000140)={0x34, 0x38, 0x100, 0x70bd2c, 0x25dfdbfb, "", [@generic="4a6eab33abd28457c0b044d5334066ed08f309582c441e6e61c2231c058b488d83"]}, 0x34}, {&(0x7f0000000200)={0x188, 0x14, 0x4, 0x70bd2c, 0x25dfdbff, "", [@typed={0x8, 0xac, 0x0, 0x0, @pid=r1}, @nested={0x108, 0xa7, 0x0, 0x1, [@generic="ceeaa5ebc4032527cfd4aedde4ccebec3058d3facee249a02f07de8c62b29958ad764a9e7db6e482d5f9004d3fe2cbd64c52f846f85d6536a1e6743d1ada5622f2e9c7bc1cd681072f33a28c440405d4237ec4e36f2cd0cc149c47c76857b62a876a4a67568db40aff37f2defd8762defad02f191b7466d7d05b6044e3ab10ae6d593dc37465fe9b72f0e156d74e76c0be39f24baf23b0a9c1bea306526968559430aeeb8253822705b320ccf7af8a8ae34c7e1095e58c821bfd32f98c104a98703da4e3f6827674c5d69b740318f4f421aad87645ebc90d2145762bd3783f4f101a34e6cbad46d294bd79ae4d089a5e576ba9ba", @nested={0x4, 0x117}, @typed={0x4, 0xf3}, @typed={0x8, 0xeb, 0x0, 0x0, @u32}]}, @generic="10b275ded75b0a0d1e47589c805620d60501d27e130c5e3b60d7fe1b7c61c40335668804c37b12559b566d9fbdbfad48e9962e3d4d8901dfee57ed01559e27ba07ea701a63768ba1922631cd1825bfba88a3965ea8552e7d63d14fc6b853bf222d735dc83e2ff0", @generic]}, 0x188}], 0x4, &(0x7f00000004c0)=[@cred={{0x1c, 0x1, 0x2, {r2, r3, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r6, 0xee00, r7}}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x24, 0x1, 0x1, [r8, r0, r0, r0, r0]}}], 0x98, 0x40008}, 0x800) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000640)=ANY=[@ANYBLOB="140100002e00010000000000fcdbdf250101f2800900180008ac0f00000000001400010000800000"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.940076194s ago: executing program 7 (id=3168): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={{{}, {0x7ffc}, @device_a, @device_a, @initial, {0x0, 0x400}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x0, 0xb9}, @val={0x76, 0x6, {0x4, 0x5, 0x1a, 0x3}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.939603208s ago: executing program 7 (id=3169): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000800)=@newnexthop={0x3c, 0x68, 0x901, 0x0, 0x0, {}, [@NHA_GROUP_TYPE={0x6}, @NHA_GROUP={0x1c, 0x2, [{0x1, 0x4}, {0x2, 0xd4}, {0x1, 0x2}]}]}, 0x3c}}, 0x0) write$char_usb(r1, &(0x7f0000004840)="643e72e43f8d0f221d", 0x9) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, 0x0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000180)='./file1/file0\x00', &(0x7f0000002280), 0x2, &(0x7f00000044c0)=ANY=[@ANYRES32=r3, @ANYBLOB="4a40de502a9ffc2504005d6ba24737d10d153fedb26376851b3e4854180d36741f49c5eead32de4bf1a7c628ad752694b8bf62fe6f88ac3ed35f9cf38a5a93ae0b2bf1fdb5b0597b209ba9", @ANYRESHEX=r3, @ANYRES16=r3, @ANYRES16=r0, @ANYRESOCT=r0, @ANYRES8=0x0, @ANYRES32=r0, @ANYRES64=r0]) read$FUSE(r3, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000002480)={0x2020}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/hardlockup_count', 0x800, 0x4) read$char_usb(r5, &(0x7f0000000040)=""/236, 0xec) write$FUSE_INIT(r3, &(0x7f0000002300)={0x50, 0x0, r4, {0x7, 0x9, 0x0, 0x31008003, 0xfffe}}, 0x50) read$FUSE(r3, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r6}, 0x10) sync_file_range(r0, 0x8, 0x3, 0x3) write$binfmt_misc(r5, &(0x7f0000002380)="5af51af9d1994ae48d4682b91cc0c8ed56011225a232764d49c8021bf42f94fca707c7e7e24592ee70746680906df7c0a6b142d1fb383bda96c854e19c9c9e15c220676cce7bca9b3ca344d3219a477269216c9fbc5a13c0928c034c9006375e99f44902e92c66a1a94676b9166db9a6b54dbc272df37f061f7de0b9b96af74286c9e13b4391bd722a6224ffc016ce", 0x8f) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) fanotify_init(0x0, 0x2) dup3(r7, r3, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r8, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) 1.229902745s ago: executing program 6 (id=3176): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0xf000, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xffe0, 0x3}, {}, {0x3, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x9, 0x4, 0x4, 0xb, 0x6e}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) 1.119601359s ago: executing program 6 (id=3178): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000140)={0x18, 0x1, 0x0, 0x0, r1, 0x1}) (async) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff00001fbfa300000000000007030000f0ffffff6a0af0fff8ffffff61a4f0ff0000000066040200000000001d400200000000004704000001ed00006203000000ffffffcf440000000000007a0a00ff00ffffffc30300fff1000000b4000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebaa0f040000c72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204ab3949006c3172171652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d156ae8383117c039862198899b212c55318294270a1ad10c80fef7c247afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15f279b513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aa0000000000000000832371fe5bc621426d1ed0a4a99702cc1b692c3f0b15629eaf4c12a1e717d29135753208165b9cdbae2ed9dc7358f0e3adde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594807031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac42738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca9be8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998802008f0232b39578052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91ed92cac7c2ccd17d338bbda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922928e000000ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abb8a9982ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139566fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe6290421338ef8f6d27117cd1471bf3c0b64416fbbe955da0281e7ef7f7d5176150e86cda98d07f7de2088cb2ffd1d4c71097635c2bb3d9a0b01e757256ee427f0a244d48682bf89e2279b383b616b40f116172bc1b995eb2c1220597af8df52646f1f0cb65cfa7e038e8bb5d4d52b86a61d82dc14a4f5cc7e6061c65ccdbc2afc3f363ecf34ad0b227687c3ea8d63683ddd5914116edd9e075da9e3638647188bc8f95107c9250995eb6cadcd0f65b8504ff10304f2ceba275f9d485ed5554d64005db877f0fbb3beba59666ff66f132d5077835823592d6d392f5ff62f6f876eb10d8cbf0a73f8421b74c8916e4077b8866c95ad88bc7130244183ed216210f10f69b3e0ee13d06e4eb240cce5ec1c3b1defe4c0f8b83a34ef4f5f8f9ceefb678ad29d3683e3c44a01549e55ffca41c0b06e013f054257646c58b667ec0701004c239589b3e64ef5e1d5ed22b5fd5a90fe3453327c3652d5c9762428f0bd0178d1b80a60f64343ab77d8baa0a388711c8d2d6d3e9049814b15b6ea21387040989d69c3aa27256c55780f33d20823d8e2eb6e56850162969bf4c6c9632a55cf5be00"/2944], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x4a) 1.119298199s ago: executing program 6 (id=3179): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x2, 0x3, 0x2) write$tun(r0, &(0x7f0000000040)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x7c, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@ra={0x94, 0x4}]}}, {0x4e20, 0x4e22, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x2, "322dea01be4e700e340201e051406c07b13d48fccb52b246c94dc495e3336fcf", "f3b22d74847de02639d142c954fa7ca4", {"756ef9830157ec539cd4529060075dfa", "59514de9b7f735f9e9e8250ff41c5207"}}}}}, 0x8a) dup(r0) 1.029416541s ago: executing program 6 (id=3180): syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x90044802, &(0x7f0000000100)={0x155, "152b53dc13c07ee0f2d860ec11beef80636d7de358c8c8a1fe8d9a95b540e64d7f7c0ad0bd7cddacadccdfb24b8cf8b1ae979e03d3122427ff0e209caeb9ab71d8c26a28c7855fd2641e4b22667160237a1c412ad0ff7fe5b39fc6c8b3b6208f9219a4359a72b7ecff84bded85ae2dd14647c0e3aa5c3a2bfb0456fd3126f2cd528e366830eda150e526693380b2863c599acb5455be6fa3c30184fd21c14f291c7ccdbf343a9c562ca860a4e56b1be79da28b1abcba8640aa10681c3984555404fd6c64fbf0708942a981030cd760fff1d22079f95e5915ae5cb3d3982ae28a58e9a1738e93b336e64dbd88f0cf55267e5721606771c3196a77628da3084eccb52c89cd1d2e977b777293407b7e10e95a2aab7a4e54f1c10c3c8953d386e4c29983728c36c2cfef4c9fa188da0a62ef6d259d714b87ebecfe73aa6180d0d85135c3a0fbffefbd29ecdd30c64911f4062e24e809cc"}) write$char_usb(r0, 0x0, 0x0) 493.425626ms ago: executing program 8 (id=3184): r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000200)={r1, r2, r3, 0x400000, 0x80000000, 0x80000003, 0x0, 0x0, 0x5, 0xe, 0xc, 0x31e}) 390.384316ms ago: executing program 8 (id=3185): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000000000007601"]) 305.903309ms ago: executing program 8 (id=3186): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f00000000c0)={0x2}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2a, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x8080) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x2, 0x2, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c00000004000000040000000180000000000000879d5ffb74d54b4db0e65e8e36a9cc69132500a78b548107a295837325b32e51b9c730ebb6065b2b705f04798115edeb3a76cbfe2b9facc9ad904aeb306a31f294314e453cae949264d588577c00f685e1c07115923de0585aaa0a8937a466cd26d635d95180824f542bc507edc8426cdaf86f2505732046ad41b25a07550c40814707479043f6f755db759aea2c58d63d2212c4e435172d0e6e1dfe33175b7e5c042915cf1f6601696b6aeb402680f60a762a6d51e27b825102962576ea1651ff17d6f3d2884a9de4532d80cf0a865601afb8680ae803d12d17a9b60db0d123643ca22a32e4910acbdaee9e8f0b", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000feffffff00"/28], 0x50) 220.168694ms ago: executing program 8 (id=3187): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000200), 0x280) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ipvlan1\x00', 0x0}) r4 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x0) ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000140)={0x1, 0xd, 0x3, &(0x7f00000000c0)={0x13, "0329aedbf37e5ad4a9b6347d1d85ea5c315c660ec032e386e8512900"}}) pipe(&(0x7f0000000080)={0xffffffffffffffff}) socket$netlink(0x10, 0x3, 0x13) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r5, 0x54a3) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f0000000240), 0x4) r6 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r7 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r7, 0x0) write(r6, &(0x7f0000000380)="2cd889f03e14f3c3", 0x8) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10) write(r5, &(0x7f00000001c0)="24bf000011000f2223fa5e15d0460400810000003c000000000000000856000f0001000000", 0x82) 49.450337ms ago: executing program 8 (id=3188): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) (async) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000300)=0x2e12, 0x4) (async) write(r1, &(0x7f0000000600)="38b28b363c6a7ac422aa", 0xa) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000400)=[0x7], 0x0, 0x0, 0x1}}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x11}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x4a}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x43}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x52}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0xa4}}, 0x0) (async, rerun: 32) keyctl$KEYCTL_MOVE(0x1c, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) r4 = socket$kcm(0x2, 0x3, 0x84) (async, rerun: 32) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000280)={r5}) setsockopt$IP_VS_SO_SET_FLUSH(r6, 0x0, 0x485, 0x0, 0x0) (async) sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFNL_MSG_ACCT_GET(r5, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x1, 0x7, 0x101, 0x0, 0x0, {0xa}, [@NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001e40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000002400048020000180080001006c6f6700140002800800064000008801080005400000000814000000110001"], 0x78}}, 0x0) (async) sendmsg$inet(r4, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04180a332e94ee4784fffee263c06f2d924e8699b6af71aa257b5a316af31628e5148c7012f4d55ce4c29fea9e5b0b61fdf0b2dc866fa81b4e775e235eaebe330e16114548f147b8a966bf1f1fc6c24b9d47d349c87c3f789d2ba608cd25b17b6c80a7f0ceb4a06ff270ff8c9f0d3a19133f1fdfd51b767b8cef1f36e5490c5df5fcb378a6fb6eb5d8aaf7791ce81f61a05e1ebdd1789eb70ac1f3dfed378f6f3e237120052113a75ab977796117f7e7b2d6ee499f51dc070c820d10a0eaef4fc94ddc648bafae070caf70c465267497b3de963df649e113e2060c82b057abfae0798d424c81aeb42796189eb0936a2c547a5c4d6351ed786c75beb926118fb7af49ecc00b545fe2563bd4294a982980afed3f9cf390f304611db4c6d7b64d64f38db5fde5cf7cadb29c697013b710e0218660671d0051ddd7fb7f5eb72a34f469b2e20600000091817eb5b952af43d1a40f4770e7220fcdfe25d3e9747e2af76ece5922724840afdba6f6f9e1d11db8561e8e836413ee04d6e084700ec1ac0e00569f0e4d4844f4710299aabbef615c33e276544669ce074528938ec0cc6d2af1ce7a47a64ad676f08507aa08d4210f979ef4aacfa4d524c9952d4743d65c3c527302942a8880116ce7ebc6c84778346f02c806bb466db7d313d7ebc7ea87823d4a8de0b697929fb3277012327827801f75ca3c5776d1a81acb160007f73148dfaf05ab7eed5a0e603ac468eb2bcd9de5f140758e74c20a9931187e0cbc857aa62a4cec8a62f7e31af3a78cdb8608551cdd68e83aebb3c9e05519184ff996c336553fa6bf16865cd6c4eacf1e360b029cdae41070f5fd183ea0eaae427505d56994ccfd0737aae3abbc45f56710d2e3f2662bf4514044f7fa03cde28fa1783970d3c676cb23cb1923a9feb233267ef663936ccf25f7597a2270724527bf468d22786d0548b25582180b72c51742c4e5c373a1008dd4cfba508e8f3f8ec35e6f1375a11b1fbe2dc09e9fe609e80112c8f5c895c922cd547def707b7252d7afa0030d008b1dd10fd4a56e30237a6e0229fb4562cb8df3d4e64b28e15c075e59554e9d61a6065d49c1e765a49195cf5d6b1e2b6192447817fedfe41fcdf9a4fc5af567906e4b6453da7b97eac255cc253d7bceba09f67da4815438583c6843366b76d9e9277558e48681e9cfa920b47aea0e5c46ef86ea7f1ef534cf7565b24b833ba2cbfe60e6271614850dd68f2a8a6be4f315b83abb8e2699ed8e2a4b3506f9dacbb180c4deeef7489f49faf34cdf4e91a402956564f854d71c892e4aada1c91647ce45d4834d000e8d5be1773ecae388e511228977a69d4cc67fbab60ee1555a219e41eebc31807a87d9cbe88a8b05959e1a988f6ea6ed73a6ac1ec2f3d74d73eaa91a39308e008b7fa1ecc2a020f495750f9936d9c07130d950a777c0d8d131416ef55a4ec041113df65ba4aea92fcb3e2268510f316bd17f04993b6473338fe7c08fd9874e743a31582162232c7d6c614e7b3513abcc0feb99b2c9111300004fe291f5bd682c039183e61c1fdac90b2a015939a8d10b07a05e99e5772b4b9329275cef8de2b066d4e4d421e4a0a69cdd8f674b12f5b3fa764e4b1e9f4d767e252e37477813a03f18da16d598fddcf4be590d9f65f64c647cb2f330a614fe688d3d80182ed8aa59905a1cb0d3f034d927e070d71f56ee8e5c5bdf23c4f85c7a17834467bd6cf58218868fe53e3675c130bbe44bea271fa67999a0dc3dbf7c40dbba6e7d6cc0936bd8d466a1f041883c093a3a60743d0549b1a989a2fa41ff978388014434909053e279a21e7866bd4efb4a9f46b7a8b0d1d84d83020e9e68936ca3de030269784aa29a3e25146cd5b03d21ca82f961be925c9ad487fb24b1e35c2d043ee4b6a4aaf811c4308a6ced6b4c45e7513a3f0e1421cb3b0fd8571a7085c9a4b454e4ee8b44767428666cd108b78369b871ab32f36943e24976f4bb6bd4068cc19585a2de791e3f950d220b28f4ba268d8c9dbccc1a705b1b1c30881babdbc8cc4cf97b801e4d410fd7c61b34b1f126e6df1b0e9c676d1ab5", 0x5c9}, {&(0x7f0000000600)="3001fb90647586f4601659c5ad2644b99bfd65452e947b394c96c29278d097c5f170d77283a744139d2ce2a2f4bb5bb37e7396e7bac14056f25d17145e73bc2461b20ea3fce771f1b32d1585e8a456763cfafcf7189145a6e261af6232014cbf8a0f898bf6d14136874b6a1fd7caf8ec9966b0419be0420dc6e247d1a44f038ae29eb4bc67d6a04e80dfb7715ebafaa20fcbc57ade23cba05da1fbe4bba675b742472eebaabf356adc99866930e146125a272cef5baf5dfad4a28a01208d9908183ab2085a781e531f1bed4ac9c245ec19be383047656a7d857d364e6f69eccea5ac", 0xe2}, {&(0x7f0000000b00)="79dfe4263f037de282e588f3c773eca5f0c383e7425d1573aa90a44223bfeced3ff85afe9d0c0b3b5a7ed7fcdb96a3934fe7af73ee25d5d36ba42e2a858c3d134299abc0393e031db435b2156e55eb2b2b2e2300e0706dfc5c4ec73ba929ffe8a7bb7ce55d95fb6e58560c45d96a58a13aa944b98c481a82927ec071b272b4592616116116527fd2dbc0dfd540810275770aa531098c572f714f6852063afc8358fb33cc7ef5c52565d58643e6805bb8a95460b32b4e26bea604e534d8983790b5e2a180fed88108b0f5a499d5f80b4e4047d9ecc03d21856a4ec0d0d41496d99dddfa9098d327d9559e82fceb2b1b1c7be309200691488d6616780cd4e9020865ef41a22175dc52d35dac1232ae1164d7fee64a50651978436207fca4a9026a8a903e7857324458b7e8a143e6fdac0823c8d1a3ac864ad2d0402344aee2511247e716436fe118e65455da74ef25627785638dfa4bf365840fe12fbf73f0d42bcc66efc8693855156f6151e49471e1b7cccbfb01344f76cca177551c73147c32615b53f74a0b7c7ac25b86a01ce34e72172a77fd", 0x194}, {&(0x7f0000000cc0)="f2a0f0f863621b483b19e7ecfce0d34e53fbf295927214684f4d69e90f0ec506442d2126c3f5ab0cdfd79dc1815274c3ee57068b3793c25fab48eb353478689f452328afb023f75f93229060bc2c82dd05d1e8c3a549a06e280ca4eaf77b4aed57a0c5f6120d25a3d5121895638ec5e2e600000000f5be12a64e075c60dd63e0b00e8f42bfb7671a56925477029cec7e7f16b358404edfb5e7a055fdeb2ba044d0d54e341d1d1ef1eb2c317f587f591626ceed08555ca0b2f31a3e7bf5ba7541db275e6a6b6501b87cc74c4804f6da7d3de93327287204cc97f9cb747576d2ab23a6e35c6da6b3240c92ae18b31cb6e7bc60066994e2cb401c76b1840d3e231621355f10ff35ea91ffd463228d000000000000000e454d3c36efee949f6311c6ad78b5a8f091d2ebb008925107e4a4584dab83f7f0cb5ad94266e71e2b7aaa01cf4f9f5e1d52e1e5086e9633cbee8126a200000000000000", 0x158}, {&(0x7f0000000700)="15c84609b06c6d85a5ca6f3a9a242f214aee4e7093161b717090c0c852a05393abd8992d91576f57bbd3488e85d8456d6c6c09de5c5228ee18819665861f01a2823a7cfa8e9260a5fe3921638db2dc5156149f86916810f913a944e1c8cd7fccb63f37900c5b287016e512b050ca214125b2217260c9ce3019e88b80985402ff7ca34be17e0dbda4f028cec9973a2b9eed83eee86f35f2c0adf50a04296e99c0f709fb3990aa5d0e74a1", 0xaa}], 0x5, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0) 0s ago: executing program 8 (id=3189): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, 0x0, 0x2d) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0xffffc000) mbind(&(0x7f00001e7000/0x2000)=nil, 0x2000, 0x8003, &(0x7f0000000000)=0x9, 0x3, 0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) read$FUSE(r3, &(0x7f00000007c0)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): 0000000246 R12: 0000000000000001 [ 362.747924][T14408] R13: 0000000000000000 R14: 00007fbb401b5fa0 R15: 00007ffcd1bcd568 [ 362.747938][T14408] [ 362.747942][T14408] ERROR: Out of memory at tomoyo_realpath_from_path. [ 362.802992][ T40] audit: type=1400 audit(1749169215.547:587): avc: denied { setopt } for pid=14391 comm="syz.6.2695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 362.864362][T14262] veth0_vlan: entered promiscuous mode [ 362.873148][T14262] veth1_vlan: entered promiscuous mode [ 362.889826][T14262] veth0_macvtap: entered promiscuous mode [ 362.894042][T14262] veth1_macvtap: entered promiscuous mode [ 362.912463][T14262] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 362.920430][T14262] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 362.925075][T14262] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.927724][T14262] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.930620][T14262] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.933529][T14262] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.970252][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.973140][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.987739][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.997648][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.100596][ T40] audit: type=1400 audit(1749169215.857:588): avc: denied { map } for pid=14424 comm="syz.6.2699" path="socket:[67692]" dev="sockfs" ino=67692 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 363.137991][T14430] lo: entered allmulticast mode [ 363.143116][T14429] lo: left allmulticast mode [ 363.219486][ T24] usb 10-1: new full-speed USB device number 58 using dummy_hcd [ 363.320675][ T40] audit: type=1400 audit(1749169216.077:589): avc: denied { write } for pid=14436 comm="syz.6.2702" path="socket:[67720]" dev="sockfs" ino=67720 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 363.381638][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 363.385347][ T24] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.388693][ T24] usb 10-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 363.392696][ T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.397457][ T24] usb 10-1: config 0 descriptor?? [ 363.804762][ T24] usbhid 10-1:0.0: can't add hid device: -71 [ 363.806717][ T24] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 363.810271][ T24] usb 10-1: USB disconnect, device number 58 [ 364.180093][ T6111] usb 12-1: USB disconnect, device number 2 [ 364.347413][T14456] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 364.568890][T14474] SELinux: Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped). [ 364.575074][ T40] audit: type=1400 audit(1749169217.327:590): avc: denied { relabelto } for pid=14473 comm="syz.7.2713" name="cgroup.procs" dev="cgroup" ino=468 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0" [ 364.579532][ T6029] usb 10-1: new high-speed USB device number 59 using dummy_hcd [ 364.585266][T14474] binder: 14473:14474 ioctl c00c620f 200000000540 returned -22 [ 364.588817][ T40] audit: type=1400 audit(1749169217.327:591): avc: denied { associate } for pid=14473 comm="syz.7.2713" name="cgroup.procs" dev="cgroup" ino=468 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object_r:semanage_exec_t:s0" [ 364.624654][T14478] FAULT_INJECTION: forcing a failure. [ 364.624654][T14478] name failslab, interval 1, probability 0, space 0, times 0 [ 364.624727][T14478] CPU: 2 UID: 0 PID: 14478 Comm: syz.7.2715 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 364.624746][T14478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 364.624752][T14478] Call Trace: [ 364.624759][T14478] [ 364.624765][T14478] dump_stack_lvl+0x16c/0x1f0 [ 364.624790][T14478] should_fail_ex+0x512/0x640 [ 364.624816][T14478] should_failslab+0xc2/0x120 [ 364.624832][T14478] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 364.624849][T14478] ? security_netlbl_sid_to_secattr+0x1d8/0x4d0 [ 364.624863][T14478] kstrdup+0x53/0x100 [ 364.624877][T14478] security_netlbl_sid_to_secattr+0x1d8/0x4d0 [ 364.624890][T14478] selinux_netlbl_sock_genattr+0x129/0x4f0 [ 364.624905][T14478] selinux_netlbl_socket_post_create+0xb0/0x1b0 [ 364.624920][T14478] selinux_socket_post_create+0x2f9/0x7d0 [ 364.624940][T14478] ? __pfx_selinux_socket_post_create+0x10/0x10 [ 364.624962][T14478] ? tcp_v4_init_sock+0x15/0x80 [ 364.624976][T14478] ? __pfx_tcp_v4_init_sock+0x10/0x10 [ 364.624990][T14478] ? inet_create+0x973/0x1090 [ 364.625006][T14478] security_socket_post_create+0x247/0x260 [ 364.625021][T14478] __sock_create+0x738/0x8d0 [ 364.625034][T14478] mptcp_subflow_create_socket+0xf5/0xed0 [ 364.625055][T14478] ? avc_has_perm_noaudit+0x117/0x3b0 [ 364.625074][T14478] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 364.625106][T14478] __mptcp_nmpc_sk+0x182/0x7d0 [ 364.625123][T14478] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 364.625139][T14478] ? __lock_acquire+0xb8a/0x1c90 [ 364.625168][T14478] mptcp_connect+0x7f/0xfe0 [ 364.625188][T14478] __inet_stream_connect+0x3c8/0x1020 [ 364.625211][T14478] ? __pfx___inet_stream_connect+0x10/0x10 [ 364.625229][T14478] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 364.625249][T14478] ? __pfx_inet_stream_connect+0x10/0x10 [ 364.625268][T14478] ? __local_bh_enable_ip+0xa4/0x120 [ 364.625290][T14478] ? __pfx_inet_stream_connect+0x10/0x10 [ 364.625307][T14478] inet_stream_connect+0x57/0xa0 [ 364.625325][T14478] __sys_connect_file+0x141/0x1a0 [ 364.625338][T14478] __sys_connect+0x13b/0x160 [ 364.625349][T14478] ? __pfx___sys_connect+0x10/0x10 [ 364.625365][T14478] ? __pfx_ksys_write+0x10/0x10 [ 364.625382][T14478] __x64_sys_connect+0x72/0xb0 [ 364.625393][T14478] ? lockdep_hardirqs_on+0x7c/0x110 [ 364.625406][T14478] do_syscall_64+0xcd/0x4c0 [ 364.625421][T14478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.625432][T14478] RIP: 0033:0x7f6294b8e929 [ 364.625441][T14478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.625450][T14478] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 364.625461][T14478] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929 [ 364.625468][T14478] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005 [ 364.625474][T14478] RBP: 00007f6295ac0090 R08: 0000000000000000 R09: 0000000000000000 [ 364.625490][T14478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 364.625499][T14478] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8 [ 364.625513][T14478] [ 364.751907][ T6029] usb 10-1: Using ep0 maxpacket: 32 [ 364.759411][ T6029] usb 10-1: config index 0 descriptor too short (expected 29220, got 36) [ 364.759425][ T6029] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 364.759436][ T6029] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 364.759711][ T6029] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 364.759723][ T6029] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 364.759735][ T6029] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 364.759754][ T6029] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 364.759766][ T6029] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.762827][ T6029] usb 10-1: config 0 descriptor?? [ 364.783698][ T40] audit: type=1400 audit(1749169217.527:592): avc: denied { name_connect } for pid=14489 comm="syz.7.2719" dest=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 364.926162][T14502] binder: 14501:14502 ioctl 4018620d 0 returned -22 [ 364.968751][ T6029] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 59 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 364.977159][ T6029] usb 10-1: USB disconnect, device number 59 [ 364.980901][ T6029] usblp0: removed [ 365.052627][ T1145] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.419647][ T6029] usb 10-1: new high-speed USB device number 60 using dummy_hcd [ 365.580380][ T6029] usb 10-1: Using ep0 maxpacket: 32 [ 365.583934][ T6029] usb 10-1: config index 0 descriptor too short (expected 29220, got 36) [ 365.587599][ T6029] usb 10-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 365.591837][ T6029] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 365.595009][ T6029] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 365.598088][ T6029] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 365.601565][ T6029] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 365.605582][ T6029] usb 10-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 365.608444][ T6029] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.613750][ T6029] usb 10-1: config 0 descriptor?? [ 366.169693][ T6029] usblp 10-1:0.0: usblp0: USB Bidirectional printer dev 60 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 366.571228][ T6111] usb 10-1: USB disconnect, device number 60 [ 366.575019][ T6111] usblp0: removed [ 366.582527][ T1145] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.657700][ T1145] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.746807][ T1145] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.747304][ T5948] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 366.755498][ T5948] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 366.758230][ T5948] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 366.763392][ T5948] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 366.766391][ T5948] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 366.811990][T14523] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2730'. [ 366.875609][T14529] netlink: 216 bytes leftover after parsing attributes in process `syz.7.2732'. [ 366.945064][T14516] chnl_net:caif_netlink_parms(): no params data found [ 367.012930][ T1145] bridge_slave_1: left allmulticast mode [ 367.014651][ T1145] bridge_slave_1: left promiscuous mode [ 367.016423][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.017728][T14539] xt_CT: You must specify a L4 protocol and not use inversions on it [ 367.023551][ T1145] bridge_slave_0: left allmulticast mode [ 367.025580][ T1145] bridge_slave_0: left promiscuous mode [ 367.028893][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.128326][T14547] FAULT_INJECTION: forcing a failure. [ 367.128326][T14547] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 367.134651][T14547] CPU: 2 UID: 0 PID: 14547 Comm: syz.5.2739 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 367.134670][T14547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 367.134676][T14547] Call Trace: [ 367.134681][T14547] [ 367.134685][T14547] dump_stack_lvl+0x16c/0x1f0 [ 367.134703][T14547] should_fail_ex+0x512/0x640 [ 367.134720][T14547] _copy_from_user+0x2e/0xd0 [ 367.134736][T14547] do_sock_getsockopt+0x5f4/0x800 [ 367.134754][T14547] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 367.134769][T14547] ? __fget_files+0x204/0x3c0 [ 367.134790][T14547] __sys_getsockopt+0x12f/0x260 [ 367.134805][T14547] __x64_sys_getsockopt+0xbd/0x160 [ 367.134817][T14547] ? do_syscall_64+0x91/0x4c0 [ 367.134830][T14547] ? lockdep_hardirqs_on+0x7c/0x110 [ 367.134844][T14547] do_syscall_64+0xcd/0x4c0 [ 367.134858][T14547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.134869][T14547] RIP: 0033:0x7fbb3ff8e929 [ 367.134878][T14547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.134888][T14547] RSP: 002b:00007fbb40d30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 367.134898][T14547] RAX: ffffffffffffffda RBX: 00007fbb401b5fa0 RCX: 00007fbb3ff8e929 [ 367.134905][T14547] RDX: 0000000000000080 RSI: 0000000000000084 RDI: 0000000000000004 [ 367.134911][T14547] RBP: 00007fbb40d30090 R08: 0000200000001080 R09: 0000000000000000 [ 367.134917][T14547] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 367.134923][T14547] R13: 0000000000000000 R14: 00007fbb401b5fa0 R15: 00007ffcd1bcd568 [ 367.134936][T14547] [ 367.483587][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 367.488256][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 367.492831][ T1145] bond0 (unregistering): Released all slaves [ 367.573167][T14516] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.575481][T14516] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.577957][T14516] bridge_slave_0: entered allmulticast mode [ 367.582268][T14516] bridge_slave_0: entered promiscuous mode [ 367.586525][T14516] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.589816][T14516] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.592906][T14516] bridge_slave_1: entered allmulticast mode [ 367.596805][T14516] bridge_slave_1: entered promiscuous mode [ 367.667144][T14516] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 367.674839][T14516] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 367.737315][T14516] team0: Port device team_slave_0 added [ 367.747540][T14516] team0: Port device team_slave_1 added [ 367.806033][T14576] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2748'. [ 367.846033][T14572] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2748'. [ 367.858039][T14516] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 367.863410][T14516] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.874277][T14516] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 367.892208][ T1145] hsr_slave_0: left promiscuous mode [ 367.895197][ T1145] hsr_slave_1: left promiscuous mode [ 367.897405][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.899785][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 367.903016][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.905524][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.934819][ T1145] veth1_macvtap: left promiscuous mode [ 367.936598][ T1145] veth0_macvtap: left promiscuous mode [ 367.938271][ T1145] veth1_vlan: left promiscuous mode [ 367.940208][ T1145] veth0_vlan: left promiscuous mode [ 368.616996][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 368.687237][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 368.819942][ T5952] Bluetooth: hci1: command tx timeout [ 369.258702][T14516] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 369.262912][T14516] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 369.271096][T14516] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 369.337050][T14516] hsr_slave_0: entered promiscuous mode [ 369.341016][T14516] hsr_slave_1: entered promiscuous mode [ 369.343272][T14516] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 369.345697][T14516] Cannot create hsr debugfs directory [ 369.513518][T14610] FAULT_INJECTION: forcing a failure. [ 369.513518][T14610] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 369.518015][T14610] CPU: 3 UID: 0 PID: 14610 Comm: syz.5.2755 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 369.518032][T14610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 369.518038][T14610] Call Trace: [ 369.518043][T14610] [ 369.518047][T14610] dump_stack_lvl+0x16c/0x1f0 [ 369.518065][T14610] should_fail_ex+0x512/0x640 [ 369.518081][T14610] should_fail_alloc_page+0xe7/0x130 [ 369.518098][T14610] prepare_alloc_pages+0x3c2/0x610 [ 369.518113][T14610] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 369.518127][T14610] ? kasan_save_stack+0x33/0x60 [ 369.518140][T14610] ? kasan_save_track+0x14/0x30 [ 369.518152][T14610] ? __kasan_slab_alloc+0x89/0x90 [ 369.518165][T14610] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 369.518179][T14610] ? __pmd_alloc+0xbf/0x930 [ 369.518188][T14610] ? __handle_mm_fault+0xaac/0x5490 [ 369.518199][T14610] ? handle_mm_fault+0x589/0xd10 [ 369.518209][T14610] ? __get_user_pages+0x589/0x3b80 [ 369.518222][T14610] ? populate_vma_page_range+0x278/0x3a0 [ 369.518232][T14610] ? __mm_populate+0x1d8/0x380 [ 369.518241][T14610] ? __do_sys_mlockall+0x516/0x5d0 [ 369.518253][T14610] ? do_syscall_64+0xcd/0x4c0 [ 369.518266][T14610] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.518279][T14610] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 369.518300][T14610] ? __lock_acquire+0xb8a/0x1c90 [ 369.518317][T14610] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 369.518331][T14610] ? policy_nodemask+0xea/0x4e0 [ 369.518348][T14610] alloc_pages_mpol+0x1fb/0x550 [ 369.518363][T14610] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 369.518379][T14610] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 369.518392][T14610] alloc_pages_noprof+0x131/0x390 [ 369.518407][T14610] pte_alloc_one+0x1c/0x3a0 [ 369.518418][T14610] __handle_mm_fault+0x3a68/0x5490 [ 369.518434][T14610] ? __pfx___handle_mm_fault+0x10/0x10 [ 369.518457][T14610] handle_mm_fault+0x589/0xd10 [ 369.518472][T14610] __get_user_pages+0x589/0x3b80 [ 369.518486][T14610] ? __pfx_mt_find+0x10/0x10 [ 369.518505][T14610] ? __pfx___get_user_pages+0x10/0x10 [ 369.518520][T14610] populate_vma_page_range+0x278/0x3a0 [ 369.518532][T14610] ? __pfx_populate_vma_page_range+0x10/0x10 [ 369.518543][T14610] ? __pfx_find_vma_intersection+0x10/0x10 [ 369.518554][T14610] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 369.518569][T14610] __mm_populate+0x1d8/0x380 [ 369.518595][T14610] ? __pfx___mm_populate+0x10/0x10 [ 369.518607][T14610] ? up_write+0x1b2/0x520 [ 369.518619][T14610] __do_sys_mlockall+0x516/0x5d0 [ 369.518634][T14610] do_syscall_64+0xcd/0x4c0 [ 369.518648][T14610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.518658][T14610] RIP: 0033:0x7fbb3ff8e929 [ 369.518668][T14610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.518678][T14610] RSP: 002b:00007fbb40d30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 369.518688][T14610] RAX: ffffffffffffffda RBX: 00007fbb401b5fa0 RCX: 00007fbb3ff8e929 [ 369.518695][T14610] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 369.518700][T14610] RBP: 00007fbb40d30090 R08: 0000000000000000 R09: 0000000000000000 [ 369.518706][T14610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 369.518712][T14610] R13: 0000000000000000 R14: 00007fbb401b5fa0 R15: 00007ffcd1bcd568 [ 369.518725][T14610] [ 369.944077][ T40] audit: type=1400 audit(1749169222.697:593): avc: denied { setopt } for pid=14638 comm="syz.5.2761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 370.011526][T14649] netlink: 244 bytes leftover after parsing attributes in process `syz.7.2764'. [ 370.054183][T14655] JFS: charset not found [ 370.083596][T14516] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 370.092752][T14516] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 370.099084][T14516] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 370.105850][T14516] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 370.122668][ T40] audit: type=1400 audit(1749169222.877:594): avc: denied { ioctl } for pid=14654 comm="syz.7.2766" path="/dev/input/mice" dev="devtmpfs" ino=940 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 370.182537][T14516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 370.197653][T14516] 8021q: adding VLAN 0 to HW filter on device team0 [ 370.216738][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.219111][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 370.224918][T14670] syzkaller1: entered promiscuous mode [ 370.226926][T14670] syzkaller1: entered allmulticast mode [ 370.252370][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.255425][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 370.280354][ T6028] usb 10-1: new high-speed USB device number 61 using dummy_hcd [ 370.408171][T14516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 370.449530][ T6028] usb 10-1: Using ep0 maxpacket: 8 [ 370.459672][ T40] audit: type=1400 audit(1749169223.217:595): avc: denied { open } for pid=14693 comm="syz.7.2772" path="/dev/ptyr2" dev="devtmpfs" ino=145 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 370.464867][ T6028] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 370.479035][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 370.484187][ T6028] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 370.491359][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 370.494836][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 370.500693][T14695] netlink: 'syz.6.2771': attribute type 1 has an invalid length. [ 370.502243][ T6028] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 370.503947][T14695] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2771'. [ 370.507096][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 370.507124][ T6028] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 370.521343][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 370.525870][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 370.532558][ T6028] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 370.535744][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 370.539632][ T6028] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 370.544094][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 370.547478][ T6028] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 370.557715][ T6028] usb 10-1: string descriptor 0 read error: -22 [ 370.560139][ T6028] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 370.563632][ T6028] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.583521][ T6028] adutux 10-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 370.606813][T14516] veth0_vlan: entered promiscuous mode [ 370.618568][T14516] veth1_vlan: entered promiscuous mode [ 370.647271][T14516] veth0_macvtap: entered promiscuous mode [ 370.653669][T14516] veth1_macvtap: entered promiscuous mode [ 370.668405][T14516] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 370.685204][T14516] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 370.694338][T14516] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.698009][T14516] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.701897][T14516] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.704604][T14516] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.757412][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 370.760614][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.769272][ T40] audit: type=1804 audit(1749169223.517:596): pid=14716 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2776" name="/newroot/205/file1" dev="fuse" ino=1 res=1 errno=0 [ 370.782295][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 370.782378][ T40] audit: type=1800 audit(1749169223.517:597): pid=14716 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2776" name="/" dev="fuse" ino=1 res=0 errno=0 [ 370.784807][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.795833][ T40] audit: type=1800 audit(1749169223.517:598): pid=14716 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2776" name="/" dev="fuse" ino=1 res=0 errno=0 [ 370.805004][ T6028] usb 10-1: USB disconnect, device number 61 [ 370.899510][ T5948] Bluetooth: hci1: command tx timeout [ 370.979425][T14726] binder: 14725:14726 ioctl c0306201 200000000640 returned -22 [ 371.151053][ T40] audit: type=1326 audit(1749169223.907:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14731 comm="syz.7.2782" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6294b8e929 code=0x7ffc0000 [ 371.160470][ T40] audit: type=1326 audit(1749169223.907:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14731 comm="syz.7.2782" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6294b8e929 code=0x7ffc0000 [ 371.167976][ T40] audit: type=1326 audit(1749169223.907:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14731 comm="syz.7.2782" exe="/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7f6294b8e929 code=0x7ffc0000 [ 371.176267][ T40] audit: type=1326 audit(1749169223.907:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14731 comm="syz.7.2782" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6294b8e929 code=0x7ffc0000 [ 371.807504][T14767] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 371.875008][T14776] netlink: 'syz.6.2793': attribute type 39 has an invalid length. [ 372.015871][ T5303] Bluetooth: hci4: unexpected event for opcode 0x0407 [ 372.059161][ T5303] Bluetooth: hci2: Malformed HCI Event [ 372.686367][T14792] xt_hashlimit: size too large, truncated to 1048576 [ 372.874756][T14800] syzkaller1: entered promiscuous mode [ 372.876710][T14800] syzkaller1: entered allmulticast mode [ 372.901312][T14804] vlan2: entered allmulticast mode [ 372.902979][T14804] bond0: entered allmulticast mode [ 372.904639][T14804] bond_slave_0: entered allmulticast mode [ 372.906406][T14804] bond_slave_1: entered allmulticast mode [ 372.908187][T14804] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 372.989490][ T5303] Bluetooth: hci0: command 0x0405 tx timeout [ 373.480248][ T840] usb 12-1: new high-speed USB device number 3 using dummy_hcd [ 373.639554][ T840] usb 12-1: Using ep0 maxpacket: 32 [ 373.642565][ T840] usb 12-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 373.647541][ T840] usb 12-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58 [ 373.650659][ T840] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.653143][ T840] usb 12-1: Product: syz [ 373.654585][ T840] usb 12-1: Manufacturer: syz [ 373.656069][ T840] usb 12-1: SerialNumber: syz [ 373.658957][ T840] usb 12-1: config 0 descriptor?? [ 373.662870][ T840] gspca_main: sunplus-2.14.0 probing 08ca:2060 [ 373.971649][T14817] FAULT_INJECTION: forcing a failure. [ 373.971649][T14817] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 373.977202][T14817] CPU: 0 UID: 0 PID: 14817 Comm: syz.6.2808 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 373.977226][T14817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 373.977236][T14817] Call Trace: [ 373.977243][T14817] [ 373.977251][T14817] dump_stack_lvl+0x16c/0x1f0 [ 373.977298][T14817] should_fail_ex+0x512/0x640 [ 373.977331][T14817] should_fail_alloc_page+0xe7/0x130 [ 373.977359][T14817] prepare_alloc_pages+0x3c2/0x610 [ 373.977381][T14817] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 373.977407][T14817] ? ip_skb_dst_mtu+0x423/0xe90 [ 373.977427][T14817] ? __pfx_ip_finish_output2+0x10/0x10 [ 373.977443][T14817] ? ip_skb_dst_mtu+0x496/0xe90 [ 373.977458][T14817] ? __pfx_ip_skb_dst_mtu+0x10/0x10 [ 373.977474][T14817] ? __pfx_nf_hook+0x10/0x10 [ 373.977491][T14817] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 373.977516][T14817] ? __ip_finish_output+0x116/0x950 [ 373.977540][T14817] ? ip_output+0x142/0x2a0 [ 373.977554][T14817] ? __pfx_ip_output+0x10/0x10 [ 373.977571][T14817] ? ip_send_skb+0x177/0x560 [ 373.977586][T14817] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 373.977609][T14817] ? policy_nodemask+0xea/0x4e0 [ 373.977642][T14817] alloc_pages_mpol+0x1fb/0x550 [ 373.977666][T14817] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 373.977691][T14817] ? udp_sendmsg+0x3c8/0x29f0 [ 373.977713][T14817] folio_alloc_mpol_noprof+0x36/0x2f0 [ 373.977735][T14817] vma_alloc_folio_noprof+0xed/0x1e0 [ 373.977753][T14817] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 373.977771][T14817] ? rcu_read_unlock+0x2d/0xb0 [ 373.977799][T14817] do_wp_page+0x1136/0x4f20 [ 373.977827][T14817] ? __pfx_do_wp_page+0x10/0x10 [ 373.977845][T14817] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 373.977872][T14817] __handle_mm_fault+0x2223/0x5490 [ 373.977900][T14817] ? __pfx___handle_mm_fault+0x10/0x10 [ 373.977919][T14817] ? __pfx_mt_find+0x10/0x10 [ 373.977960][T14817] ? find_vma+0xbf/0x140 [ 373.977974][T14817] ? __pfx_find_vma+0x10/0x10 [ 373.977991][T14817] handle_mm_fault+0x589/0xd10 [ 373.978011][T14817] ? __pkru_allows_pkey+0x21/0xb0 [ 373.978037][T14817] do_user_addr_fault+0x7a6/0x1370 [ 373.978066][T14817] ? rcu_is_watching+0x12/0xc0 [ 373.978090][T14817] exc_page_fault+0x5c/0xb0 [ 373.978114][T14817] asm_exc_page_fault+0x26/0x30 [ 373.978130][T14817] RIP: 0010:__put_user_4+0xd/0x20 [ 373.978153][T14817] Code: 66 89 01 31 c9 0f 01 ca e9 d0 5a 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 [ 373.978170][T14817] RSP: 0018:ffffc90003637cf0 EFLAGS: 00050202 [ 373.978184][T14817] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000008038 [ 373.978194][T14817] RDX: ffff88805cbcc880 RSI: ffffffff894e0f99 RDI: ffffffff8c157020 [ 373.978204][T14817] RBP: 0000000000000001 R08: 255fd69911439148 R09: 0000000000000000 [ 373.978214][T14817] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000040000 [ 373.978223][T14817] R13: 0000200000008000 R14: 00000000000003ff R15: 0000000000000400 [ 373.978241][T14817] ? __sys_sendmmsg+0x229/0x420 [ 373.978266][T14817] __sys_sendmmsg+0x234/0x420 [ 373.978291][T14817] ? __pfx___sys_sendmmsg+0x10/0x10 [ 373.978321][T14817] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 373.978356][T14817] ? fput+0x70/0xf0 [ 373.978373][T14817] ? ksys_write+0x1ac/0x250 [ 373.978394][T14817] ? __pfx_ksys_write+0x10/0x10 [ 373.978422][T14817] __x64_sys_sendmmsg+0x9c/0x100 [ 373.978444][T14817] ? lockdep_hardirqs_on+0x7c/0x110 [ 373.978466][T14817] do_syscall_64+0xcd/0x4c0 [ 373.978490][T14817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.978507][T14817] RIP: 0033:0x7fea8998e929 [ 373.978522][T14817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.978538][T14817] RSP: 002b:00007fea8a7f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 373.978552][T14817] RAX: ffffffffffffffda RBX: 00007fea89bb5fa0 RCX: 00007fea8998e929 [ 373.978562][T14817] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005 [ 373.978572][T14817] RBP: 00007fea8a7f5090 R08: 0000000000000000 R09: 0000000000000000 [ 373.978581][T14817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 373.978590][T14817] R13: 0000000000000000 R14: 00007fea89bb5fa0 R15: 00007ffe439af3c8 [ 373.978613][T14817] [ 374.136779][T14821] FAULT_INJECTION: forcing a failure. [ 374.136779][T14821] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 374.141637][T14821] CPU: 2 UID: 0 PID: 14821 Comm: syz.5.2809 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 374.141653][T14821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 374.141660][T14821] Call Trace: [ 374.141664][T14821] [ 374.141668][T14821] dump_stack_lvl+0x16c/0x1f0 [ 374.141685][T14821] should_fail_ex+0x512/0x640 [ 374.141702][T14821] should_fail_alloc_page+0xe7/0x130 [ 374.141719][T14821] prepare_alloc_pages+0x3c2/0x610 [ 374.141748][T14821] ? rcu_is_watching+0x12/0xc0 [ 374.141764][T14821] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 374.141780][T14821] ? __lock_acquire+0x622/0x1c90 [ 374.141799][T14821] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 374.141813][T14821] ? __lock_acquire+0x622/0x1c90 [ 374.141833][T14821] ? __lock_acquire+0x622/0x1c90 [ 374.141849][T14821] ? __lock_acquire+0x622/0x1c90 [ 374.141864][T14821] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 374.141877][T14821] ? policy_nodemask+0xea/0x4e0 [ 374.141893][T14821] alloc_pages_mpol+0x1fb/0x550 [ 374.141909][T14821] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 374.141928][T14821] folio_alloc_mpol_noprof+0x36/0x2f0 [ 374.141939][T14821] vma_alloc_folio_noprof+0xed/0x1e0 [ 374.141949][T14821] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 374.141958][T14821] ? find_held_lock+0x2b/0x80 [ 374.141971][T14821] ? __handle_mm_fault+0x1092/0x5490 [ 374.141986][T14821] __handle_mm_fault+0x2f21/0x5490 [ 374.142001][T14821] ? __pfx___handle_mm_fault+0x10/0x10 [ 374.142013][T14821] ? __pte_offset_map_lock+0x174/0x310 [ 374.142030][T14821] ? find_held_lock+0x2b/0x80 [ 374.142041][T14821] ? find_held_lock+0x2b/0x80 [ 374.142056][T14821] ? follow_page_pte+0x3af/0x14c0 [ 374.142070][T14821] handle_mm_fault+0x589/0xd10 [ 374.142085][T14821] __get_user_pages+0x589/0x3b80 [ 374.142100][T14821] ? __pfx___get_user_pages+0x10/0x10 [ 374.142110][T14821] ? __pfx_down_read_killable+0x10/0x10 [ 374.142131][T14821] __gup_longterm_locked+0x20d/0x1850 [ 374.142145][T14821] ? try_get_folio+0x1d2/0x730 [ 374.142160][T14821] ? __pfx___gup_longterm_locked+0x10/0x10 [ 374.142171][T14821] ? try_get_folio+0x255/0x730 [ 374.142186][T14821] ? find_held_lock+0x2b/0x80 [ 374.142198][T14821] ? sanity_check_pinned_pages+0x3bf/0x1200 [ 374.142211][T14821] gup_fast_fallback+0x1ab3/0x29e0 [ 374.142231][T14821] ? __pfx_gup_fast_fallback+0x10/0x10 [ 374.142249][T14821] pin_user_pages_fast+0xa7/0xf0 [ 374.142260][T14821] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 374.142269][T14821] ? __kmalloc_noprof+0x242/0x510 [ 374.142287][T14821] rds_info_getsockopt+0x39f/0x4f0 [ 374.142304][T14821] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 374.142319][T14821] ? find_held_lock+0x2b/0x80 [ 374.142331][T14821] ? __might_fault+0x13b/0x190 [ 374.142348][T14821] rds_getsockopt+0x173/0x2d0 [ 374.142359][T14821] ? __pfx_rds_getsockopt+0x10/0x10 [ 374.142371][T14821] do_sock_getsockopt+0x3ff/0x800 [ 374.142389][T14821] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 374.142404][T14821] ? __fget_files+0x204/0x3c0 [ 374.142424][T14821] __sys_getsockopt+0x12f/0x260 [ 374.142440][T14821] __x64_sys_getsockopt+0xbd/0x160 [ 374.142452][T14821] ? do_syscall_64+0x91/0x4c0 [ 374.142465][T14821] ? lockdep_hardirqs_on+0x7c/0x110 [ 374.142477][T14821] do_syscall_64+0xcd/0x4c0 [ 374.142491][T14821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.142502][T14821] RIP: 0033:0x7fbb3ff8e929 [ 374.142511][T14821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 374.142520][T14821] RSP: 002b:00007fbb3ddf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 374.142530][T14821] RAX: ffffffffffffffda RBX: 00007fbb401b6160 RCX: 00007fbb3ff8e929 [ 374.142537][T14821] RDX: 0000000000002713 RSI: 0000200000000114 RDI: 0000000000000008 [ 374.142543][T14821] RBP: 00007fbb3ddf6090 R08: 00002000000000c0 R09: 0000000000000000 [ 374.142549][T14821] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001 [ 374.142555][T14821] R13: 0000000000000000 R14: 00007fbb401b6160 R15: 00007ffcd1bcd568 [ 374.142568][T14821] [ 374.640675][ T840] gspca_sunplus: reg_r err -110 [ 374.725534][T14827] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.2806'. [ 374.729949][T14810] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.2806'. [ 375.123142][T14834] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2813'. [ 375.151772][ T40] kauditd_printk_skb: 46 callbacks suppressed [ 375.151783][ T40] audit: type=1400 audit(1749169227.907:649): avc: denied { recv } for pid=23 comm="ksoftirqd/2" saddr=127.0.0.1 src=30000 daddr=127.0.0.1 dest=50472 netif=lo scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 375.158284][T14836] Bluetooth: MGMT ver 1.23 [ 375.163161][ T40] audit: type=1400 audit(1749169227.907:650): avc: denied { recv } for pid=23 comm="ksoftirqd/2" saddr=127.0.0.1 src=50472 daddr=127.0.0.1 dest=30000 netif=lo scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 375.199475][ T1465] usb 10-1: new full-speed USB device number 62 using dummy_hcd [ 375.268987][ T40] audit: type=1400 audit(1749169228.017:651): avc: denied { listen } for pid=14844 comm="syz.7.2817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 375.276410][T14846] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2817'. [ 375.279230][T14846] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2817'. [ 375.282501][T14846] netlink: 'syz.7.2817': attribute type 1 has an invalid length. [ 375.371903][ T1465] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 375.375300][ T1465] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.378352][ T1465] usb 10-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 375.380779][T14855] tmpfs: Bad value for 'mpol' [ 375.381704][ T1465] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.382800][T14855] tmpfs: Bad value for 'mpol' [ 375.386291][ T1465] usb 10-1: config 0 descriptor?? [ 375.386819][T14855] tmpfs: Bad value for 'mpol' [ 375.391143][T14855] tmpfs: Bad value for 'mpol' [ 375.392962][T14855] tmpfs: Bad value for 'mpol' [ 375.446501][T14861] loop6: detected capacity change from 0 to 524287999 [ 375.472424][ T40] audit: type=1400 audit(1749169228.227:652): avc: denied { egress } for pid=23 comm="ksoftirqd/2" saddr=fe80::1c daddr=ff02::2 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 375.485158][ T40] audit: type=1400 audit(1749169228.227:653): avc: denied { sendto } for pid=23 comm="ksoftirqd/2" saddr=fe80::1c daddr=ff02::2 netif=wpan1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1 [ 375.629827][ T840] sunplus 12-1:0.0: probe with driver sunplus failed with error -110 [ 375.635700][ T840] usb 12-1: USB disconnect, device number 3 [ 375.976228][T14882] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2831'. [ 375.979228][T14882] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2831'. [ 375.982250][T14882] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2831'. [ 375.992985][ T1465] usbhid 10-1:0.0: can't add hid device: -71 [ 375.995453][ T1465] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 376.003135][ T1465] usb 10-1: USB disconnect, device number 62 [ 376.160303][ T52] usb 12-1: new high-speed USB device number 4 using dummy_hcd [ 376.331113][ T52] usb 12-1: config index 0 descriptor too short (expected 46, got 36) [ 376.333588][ T52] usb 12-1: config 0 interface 0 altsetting 130 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.337080][ T52] usb 12-1: config 0 interface 0 altsetting 130 endpoint 0x81 has invalid wMaxPacketSize 0 [ 376.340459][ T52] usb 12-1: config 0 interface 0 has no altsetting 0 [ 376.342546][ T52] usb 12-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00 [ 376.345498][ T52] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.349078][ T52] usb 12-1: config 0 descriptor?? [ 376.353573][ T52] usbhid 12-1:0.0: can't add hid device: -22 [ 376.355518][ T52] usbhid 12-1:0.0: probe with driver usbhid failed with error -22 [ 376.532317][T14901] binder: 14900:14901 ioctl 4018620d 0 returned -22 [ 376.625271][ T6011] usb 12-1: USB disconnect, device number 4 [ 376.691832][T14909] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2840'. [ 377.158723][ T40] audit: type=1400 audit(1749169229.907:654): avc: denied { relabelfrom } for pid=14925 comm="syz.7.2846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 377.165753][ T40] audit: type=1400 audit(1749169229.907:655): avc: denied { relabelto } for pid=14925 comm="syz.7.2846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 377.280309][ T40] audit: type=1400 audit(1749169230.037:656): avc: denied { read write } for pid=14927 comm="syz.6.2847" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 377.283555][T14928] [ 377.289164][ T40] audit: type=1400 audit(1749169230.037:657): avc: denied { open } for pid=14927 comm="syz.6.2847" path="/237/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 377.324493][T14931] FAULT_INJECTION: forcing a failure. [ 377.324493][T14931] name failslab, interval 1, probability 0, space 0, times 0 [ 377.329070][T14931] CPU: 1 UID: 0 PID: 14931 Comm: syz.7.2848 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 377.329094][T14931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 377.329103][T14931] Call Trace: [ 377.329110][T14931] [ 377.329117][T14931] dump_stack_lvl+0x16c/0x1f0 [ 377.329164][T14931] should_fail_ex+0x512/0x640 [ 377.329188][T14931] should_failslab+0xc2/0x120 [ 377.329204][T14931] __kmalloc_cache_noprof+0x6a/0x3e0 [ 377.329217][T14931] ? selinux_netlbl_sk_security_free+0x12c/0x3e0 [ 377.329232][T14931] ? selinux_netlbl_sock_genattr+0xe8/0x4f0 [ 377.329247][T14931] selinux_netlbl_sock_genattr+0xe8/0x4f0 [ 377.329261][T14931] selinux_netlbl_socket_post_create+0xb0/0x1b0 [ 377.329277][T14931] security_mptcp_add_subflow+0x1e3/0x210 [ 377.329291][T14931] mptcp_subflow_create_socket+0x1b1/0xed0 [ 377.329307][T14931] ? avc_has_perm_noaudit+0x117/0x3b0 [ 377.329333][T14931] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 377.329355][T14931] __mptcp_nmpc_sk+0x182/0x7d0 [ 377.329366][T14931] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 377.329377][T14931] ? __lock_acquire+0xb8a/0x1c90 [ 377.329396][T14931] mptcp_connect+0x7f/0xfe0 [ 377.329411][T14931] __inet_stream_connect+0x3c8/0x1020 [ 377.329427][T14931] ? __pfx___inet_stream_connect+0x10/0x10 [ 377.329440][T14931] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 377.329453][T14931] ? __pfx_inet_stream_connect+0x10/0x10 [ 377.329465][T14931] ? __local_bh_enable_ip+0xa4/0x120 [ 377.329480][T14931] ? __pfx_inet_stream_connect+0x10/0x10 [ 377.329491][T14931] inet_stream_connect+0x57/0xa0 [ 377.329504][T14931] __sys_connect_file+0x141/0x1a0 [ 377.329517][T14931] __sys_connect+0x13b/0x160 [ 377.329528][T14931] ? __pfx___sys_connect+0x10/0x10 [ 377.329545][T14931] ? __pfx_ksys_write+0x10/0x10 [ 377.329559][T14931] ? fput+0x70/0xf0 [ 377.329569][T14931] __x64_sys_connect+0x72/0xb0 [ 377.329579][T14931] ? lockdep_hardirqs_on+0x7c/0x110 [ 377.329592][T14931] do_syscall_64+0xcd/0x4c0 [ 377.329607][T14931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.329618][T14931] RIP: 0033:0x7f6294b8e929 [ 377.329627][T14931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 377.329637][T14931] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 377.329647][T14931] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929 [ 377.329658][T14931] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005 [ 377.329664][T14931] RBP: 00007f6295ac0090 R08: 0000000000000000 R09: 0000000000000000 [ 377.329670][T14931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 377.329676][T14931] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8 [ 377.329690][T14931] [ 377.329903][ T840] usb 10-1: new full-speed USB device number 63 using dummy_hcd [ 377.600934][ T840] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 377.604473][ T840] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.607586][ T840] usb 10-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 377.610687][ T840] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.615063][ T840] usb 10-1: config 0 descriptor?? [ 377.802719][T14953] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=13 sclass=netlink_route_socket pid=14953 comm=syz.7.2859 [ 378.094933][T14965] FAULT_INJECTION: forcing a failure. [ 378.094933][T14965] name failslab, interval 1, probability 0, space 0, times 0 [ 378.099103][T14965] CPU: 2 UID: 0 PID: 14965 Comm: syz.7.2864 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 378.099119][T14965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 378.099126][T14965] Call Trace: [ 378.099131][T14965] [ 378.099135][T14965] dump_stack_lvl+0x16c/0x1f0 [ 378.099153][T14965] should_fail_ex+0x512/0x640 [ 378.099191][T14965] ? __kmalloc_noprof+0xbf/0x510 [ 378.099213][T14965] ? iovec_from_user+0x108/0x140 [ 378.099231][T14965] should_failslab+0xc2/0x120 [ 378.099246][T14965] __kmalloc_noprof+0xd2/0x510 [ 378.099259][T14965] ? __lock_acquire+0x622/0x1c90 [ 378.099277][T14965] iovec_from_user+0x108/0x140 [ 378.099294][T14965] __import_iovec+0x88/0x650 [ 378.099310][T14965] ? find_held_lock+0x2b/0x80 [ 378.099336][T14965] import_iovec+0x109/0x140 [ 378.099354][T14965] vfs_writev+0x19b/0xde0 [ 378.099374][T14965] ? __pfx_vfs_writev+0x10/0x10 [ 378.099397][T14965] ? __fget_files+0x20e/0x3c0 [ 378.099410][T14965] ? __fget_files+0x130/0x3c0 [ 378.099427][T14965] ? do_writev+0x132/0x340 [ 378.099438][T14965] do_writev+0x132/0x340 [ 378.099450][T14965] ? __pfx_do_writev+0x10/0x10 [ 378.099466][T14965] do_syscall_64+0xcd/0x4c0 [ 378.099481][T14965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.099492][T14965] RIP: 0033:0x7f6294b8e929 [ 378.099501][T14965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.099510][T14965] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 378.099521][T14965] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929 [ 378.099527][T14965] RDX: 000000000000000e RSI: 0000200000000c40 RDI: 0000000000000003 [ 378.099533][T14965] RBP: 00007f6295ac0090 R08: 0000000000000000 R09: 0000000000000000 [ 378.099539][T14965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 378.099545][T14965] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8 [ 378.099558][T14965] [ 378.223755][ T840] usbhid 10-1:0.0: can't add hid device: -71 [ 378.225751][ T840] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 378.229776][ T840] usb 10-1: USB disconnect, device number 63 [ 378.254653][ T5948] Bluetooth: hci0: unexpected event for opcode 0x0407 [ 378.768574][ T40] audit: type=1400 audit(1749169231.517:658): avc: denied { mount } for pid=14975 comm="syz.5.2868" name="/" dev="9p" ino=35913812 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 379.618068][T14998] netlink: 'syz.7.2875': attribute type 39 has an invalid length. [ 379.722753][ T1153] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.868028][ T1153] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.923204][ T1153] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.947670][ T5303] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 379.951786][ T5303] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 379.954662][ T5303] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 379.958324][ T5303] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 379.961983][ T5303] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 380.001600][ T1153] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.117706][T15001] chnl_net:caif_netlink_parms(): no params data found [ 380.345728][ T1153] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 380.348882][ T1153] bond_slave_0: left allmulticast mode [ 380.352097][ T1153] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 380.355070][ T1153] bond_slave_1: left allmulticast mode [ 380.358079][ T1153] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 380.361362][ T1153] mac80211_hwsim hwsim13 wlan1: left allmulticast mode [ 380.368003][ T1153] bond0 (unregistering): Released all slaves [ 380.417676][T15010] netlink: 'syz.7.2879': attribute type 3 has an invalid length. [ 380.420904][T15010] netlink: 'syz.7.2879': attribute type 1 has an invalid length. [ 380.423560][T15010] netlink: 193500 bytes leftover after parsing attributes in process `syz.7.2879'. [ 380.428028][T15001] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.430526][T15001] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.432860][T15001] bridge_slave_0: entered allmulticast mode [ 380.435510][T15001] bridge_slave_0: entered promiscuous mode [ 380.438843][T15001] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.441295][T15001] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.443869][T15001] bridge_slave_1: entered allmulticast mode [ 380.446474][T15001] bridge_slave_1: entered promiscuous mode [ 380.495715][T15001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 380.501224][T15001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 380.515272][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 380.515283][ T40] audit: type=1400 audit(1749169233.267:662): avc: denied { ioctl } for pid=15011 comm="syz.7.2880" path="socket:[71926]" dev="sockfs" ino=71926 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 380.552222][T15001] team0: Port device team_slave_0 added [ 380.568172][T15001] team0: Port device team_slave_1 added [ 380.619574][T15001] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 380.622273][T15001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.631958][T15001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 380.639661][T15001] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 380.642525][T15001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.653521][T15001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 380.673359][ T1153] hsr_slave_0: left promiscuous mode [ 380.675488][ T1153] hsr_slave_1: left promiscuous mode [ 380.677415][ T1153] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 380.681361][ T1153] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 380.685031][ T1153] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 380.687880][ T1153] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 380.710851][ T1153] veth1_macvtap: left promiscuous mode [ 380.713049][ T1153] veth0_macvtap: left promiscuous mode [ 380.715266][ T1153] veth1_vlan: left promiscuous mode [ 380.717372][ T1153] veth0_vlan: left promiscuous mode [ 381.389073][ T1153] team0 (unregistering): Port device team_slave_1 removed [ 381.473787][ T1153] team0 (unregistering): Port device team_slave_0 removed [ 381.680322][ T5633] usb 11-1: new high-speed USB device number 14 using dummy_hcd [ 381.834029][ T5633] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 381.837043][ T5633] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 381.840439][ T5633] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 381.843732][ T5633] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 381.847385][ T5633] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 381.852290][ T5633] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 381.855251][ T5633] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 381.857853][ T5633] usb 11-1: Product: syz [ 381.859482][ T5633] usb 11-1: Manufacturer: syz [ 381.864905][ T5633] cdc_wdm 11-1:1.0: skipping garbage [ 381.866629][ T5633] cdc_wdm 11-1:1.0: skipping garbage [ 381.873227][ T5633] cdc_wdm 11-1:1.0: cdc-wdm0: USB WDM device [ 381.875381][ T5633] cdc_wdm 11-1:1.0: Unknown control protocol [ 382.031324][ T5948] Bluetooth: hci3: command tx timeout [ 382.168775][T15001] hsr_slave_0: entered promiscuous mode [ 382.171792][T15001] hsr_slave_1: entered promiscuous mode [ 382.174008][T15001] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 382.176575][T15001] Cannot create hsr debugfs directory [ 382.226806][T15029] fuse: Unknown parameter 'rootmÿÿ000000000040000' [ 382.359068][T15035] xt_TCPMSS: Only works on TCP SYN packets [ 382.369753][T15035] netlink: 'syz.7.2884': attribute type 3 has an invalid length. [ 382.372361][T15035] netlink: 'syz.7.2884': attribute type 1 has an invalid length. [ 382.374770][T15035] netlink: 193500 bytes leftover after parsing attributes in process `syz.7.2884'. [ 382.388614][T15001] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 382.395643][T15001] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 382.402581][T15001] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 382.408639][T15001] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 382.496679][T15001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 382.515501][T15001] 8021q: adding VLAN 0 to HW filter on device team0 [ 382.523719][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.526566][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 382.536734][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.539037][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 382.622136][ T40] audit: type=1400 audit(1749169235.377:663): avc: denied { connect } for pid=15055 comm="syz.7.2886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 382.685814][T15001] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 382.863278][T15001] veth0_vlan: entered promiscuous mode [ 382.874071][T15001] veth1_vlan: entered promiscuous mode [ 382.895737][T15001] veth0_macvtap: entered promiscuous mode [ 382.899740][T15001] veth1_macvtap: entered promiscuous mode [ 382.909308][T15001] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 382.916460][T15001] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 382.921526][T15001] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.924415][T15001] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.927205][T15001] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.930313][T15001] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.976304][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.982631][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.997376][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 383.003996][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 383.012314][ T40] audit: type=1400 audit(1749169235.767:664): avc: denied { mounton } for pid=15001 comm="syz-executor" path="/syzkaller.vx5nET/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=73787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 383.062586][T15089] netlink: 'syz.7.2890': attribute type 12 has an invalid length. [ 383.133094][T15098] syzkaller1: entered promiscuous mode [ 383.135024][T15098] syzkaller1: entered allmulticast mode [ 383.364424][ T40] audit: type=1400 audit(1749169236.117:665): avc: denied { listen } for pid=15113 comm="syz.7.2893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 383.623614][ T1426] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.982320][ T5948] Bluetooth: hci0: unexpected event for opcode 0x0407 [ 384.099622][ T5948] Bluetooth: hci3: command tx timeout [ 384.432778][ T6028] usb 11-1: USB disconnect, device number 14 [ 384.514199][T15146] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2898'. [ 384.521814][T15146] : entered promiscuous mode [ 384.839226][T15152] netlink: 'syz.7.2900': attribute type 2 has an invalid length. [ 384.880115][ T6028] usb 11-1: new high-speed USB device number 15 using dummy_hcd [ 385.022421][ T6028] usb 11-1: device descriptor read/64, error -71 [ 385.269436][ T6028] usb 11-1: new high-speed USB device number 16 using dummy_hcd [ 385.399408][ T6028] usb 11-1: device descriptor read/64, error -71 [ 385.409555][ T840] usb 12-1: new high-speed USB device number 5 using dummy_hcd [ 385.510804][ T6028] usb usb11-port1: attempt power cycle [ 385.569877][ T840] usb 12-1: Using ep0 maxpacket: 32 [ 385.572372][ T840] usb 12-1: no configurations [ 385.573902][ T840] usb 12-1: can't read configurations, error -22 [ 385.709556][ T840] usb 12-1: new high-speed USB device number 6 using dummy_hcd [ 385.849666][ T6028] usb 11-1: new high-speed USB device number 17 using dummy_hcd [ 385.870975][ T6028] usb 11-1: device descriptor read/8, error -71 [ 385.889456][ T840] usb 12-1: Using ep0 maxpacket: 32 [ 385.893181][ T840] usb 12-1: no configurations [ 385.895126][ T840] usb 12-1: can't read configurations, error -22 [ 385.897987][ T840] usb usb12-port1: attempt power cycle [ 386.130029][ T6028] usb 11-1: new high-speed USB device number 18 using dummy_hcd [ 386.160264][ T6028] usb 11-1: device descriptor read/8, error -71 [ 386.180248][ T5948] Bluetooth: hci3: command tx timeout [ 386.259420][ T840] usb 12-1: new high-speed USB device number 7 using dummy_hcd [ 386.271049][ T6028] usb usb11-port1: unable to enumerate USB device [ 386.291587][ T840] usb 12-1: Using ep0 maxpacket: 32 [ 386.294322][ T840] usb 12-1: no configurations [ 386.296277][ T840] usb 12-1: can't read configurations, error -22 [ 386.439592][ T840] usb 12-1: new high-speed USB device number 8 using dummy_hcd [ 386.470081][ T840] usb 12-1: Using ep0 maxpacket: 32 [ 386.472993][ T840] usb 12-1: no configurations [ 386.475008][ T840] usb 12-1: can't read configurations, error -22 [ 386.478024][ T840] usb usb12-port1: unable to enumerate USB device [ 387.650968][ T40] audit: type=1804 audit(1749169240.407:666): pid=15187 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2910" name="/newroot/245/file1" dev="fuse" ino=1 res=1 errno=0 [ 387.657997][ T40] audit: type=1800 audit(1749169240.407:667): pid=15187 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2910" name="/" dev="fuse" ino=1 res=0 errno=0 [ 387.664555][ T40] audit: type=1800 audit(1749169240.407:668): pid=15186 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2910" name="/" dev="fuse" ino=1 res=0 errno=0 [ 387.741220][ T40] audit: type=1804 audit(1749169240.497:669): pid=15193 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2911" name="/newroot/246/file1" dev="fuse" ino=1 res=1 errno=0 [ 387.747993][ T40] audit: type=1800 audit(1749169240.497:670): pid=15193 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2911" name="/" dev="fuse" ino=1 res=0 errno=0 [ 387.772070][ T40] audit: type=1400 audit(1749169240.527:671): avc: denied { bind } for pid=15194 comm="syz.6.2913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 387.852907][T15202] FAULT_INJECTION: forcing a failure. [ 387.852907][T15202] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 387.857067][T15202] CPU: 2 UID: 0 PID: 15202 Comm: syz.6.2914 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 387.857082][T15202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 387.857089][T15202] Call Trace: [ 387.857093][T15202] [ 387.857098][T15202] dump_stack_lvl+0x16c/0x1f0 [ 387.857115][T15202] should_fail_ex+0x512/0x640 [ 387.857132][T15202] should_fail_alloc_page+0xe7/0x130 [ 387.857149][T15202] prepare_alloc_pages+0x3c2/0x610 [ 387.857160][T15202] ? rcu_is_watching+0x12/0xc0 [ 387.857175][T15202] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 387.857191][T15202] ? __lock_acquire+0x622/0x1c90 [ 387.857210][T15202] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 387.857223][T15202] ? __lock_acquire+0x622/0x1c90 [ 387.857243][T15202] ? __lock_acquire+0x622/0x1c90 [ 387.857259][T15202] ? __lock_acquire+0x622/0x1c90 [ 387.857274][T15202] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 387.857287][T15202] ? policy_nodemask+0xea/0x4e0 [ 387.857303][T15202] alloc_pages_mpol+0x1fb/0x550 [ 387.857318][T15202] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 387.857337][T15202] folio_alloc_mpol_noprof+0x36/0x2f0 [ 387.857349][T15202] vma_alloc_folio_noprof+0xed/0x1e0 [ 387.857359][T15202] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 387.857368][T15202] ? find_held_lock+0x2b/0x80 [ 387.857381][T15202] ? __handle_mm_fault+0x1092/0x5490 [ 387.857395][T15202] __handle_mm_fault+0x2f21/0x5490 [ 387.857411][T15202] ? __pfx___handle_mm_fault+0x10/0x10 [ 387.857423][T15202] ? __pte_offset_map_lock+0x174/0x310 [ 387.857439][T15202] ? find_held_lock+0x2b/0x80 [ 387.857450][T15202] ? find_held_lock+0x2b/0x80 [ 387.857465][T15202] ? follow_page_pte+0x3af/0x14c0 [ 387.857479][T15202] handle_mm_fault+0x589/0xd10 [ 387.857493][T15202] __get_user_pages+0x589/0x3b80 [ 387.857509][T15202] ? __pfx___get_user_pages+0x10/0x10 [ 387.857519][T15202] ? __pfx_down_read_killable+0x10/0x10 [ 387.857539][T15202] __gup_longterm_locked+0x20d/0x1850 [ 387.857557][T15202] ? try_get_folio+0x1d2/0x730 [ 387.857572][T15202] ? __pfx___gup_longterm_locked+0x10/0x10 [ 387.857584][T15202] ? try_get_folio+0x255/0x730 [ 387.857598][T15202] ? find_held_lock+0x2b/0x80 [ 387.857610][T15202] ? sanity_check_pinned_pages+0x3bf/0x1200 [ 387.857623][T15202] gup_fast_fallback+0x1ab3/0x29e0 [ 387.857643][T15202] ? __pfx_gup_fast_fallback+0x10/0x10 [ 387.857661][T15202] pin_user_pages_fast+0xa7/0xf0 [ 387.857671][T15202] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 387.857681][T15202] ? __kmalloc_noprof+0x242/0x510 [ 387.857697][T15202] rds_info_getsockopt+0x39f/0x4f0 [ 387.857715][T15202] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 387.857730][T15202] ? find_held_lock+0x2b/0x80 [ 387.857742][T15202] ? __might_fault+0x13b/0x190 [ 387.857771][T15202] rds_getsockopt+0x173/0x2d0 [ 387.857783][T15202] ? __pfx_rds_getsockopt+0x10/0x10 [ 387.857795][T15202] do_sock_getsockopt+0x3ff/0x800 [ 387.857813][T15202] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 387.857827][T15202] ? __fget_files+0x204/0x3c0 [ 387.857848][T15202] __sys_getsockopt+0x12f/0x260 [ 387.857864][T15202] __x64_sys_getsockopt+0xbd/0x160 [ 387.857876][T15202] ? do_syscall_64+0x91/0x4c0 [ 387.857889][T15202] ? lockdep_hardirqs_on+0x7c/0x110 [ 387.857902][T15202] do_syscall_64+0xcd/0x4c0 [ 387.857916][T15202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.857927][T15202] RIP: 0033:0x7fea8998e929 [ 387.857937][T15202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.857946][T15202] RSP: 002b:00007fea8a7d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 387.857957][T15202] RAX: ffffffffffffffda RBX: 00007fea89bb6080 RCX: 00007fea8998e929 [ 387.857963][T15202] RDX: 0000000000002713 RSI: 0000200000000114 RDI: 0000000000000008 [ 387.857970][T15202] RBP: 00007fea8a7d4090 R08: 00002000000000c0 R09: 0000000000000000 [ 387.857976][T15202] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001 [ 387.857982][T15202] R13: 0000000000000000 R14: 00007fea89bb6080 R15: 00007ffe439af3c8 [ 387.857995][T15202] [ 387.881690][T15207] FAULT_INJECTION: forcing a failure. [ 387.881690][T15207] name failslab, interval 1, probability 0, space 0, times 0 [ 387.989537][T15207] CPU: 1 UID: 0 PID: 15207 Comm: syz.8.2918 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 387.989566][T15207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 387.989573][T15207] Call Trace: [ 387.989577][T15207] [ 387.989582][T15207] dump_stack_lvl+0x16c/0x1f0 [ 387.989601][T15207] should_fail_ex+0x512/0x640 [ 387.989618][T15207] should_failslab+0xc2/0x120 [ 387.989634][T15207] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 387.989650][T15207] ? sidtab_do_lookup+0x1bd/0x9d0 [ 387.989664][T15207] ? security_netlbl_sid_to_secattr+0x1d8/0x4d0 [ 387.989678][T15207] kstrdup+0x53/0x100 [ 387.989693][T15207] security_netlbl_sid_to_secattr+0x1d8/0x4d0 [ 387.989706][T15207] selinux_netlbl_sock_genattr+0x129/0x4f0 [ 387.989720][T15207] selinux_netlbl_socket_post_create+0xb0/0x1b0 [ 387.989736][T15207] security_mptcp_add_subflow+0x1e3/0x210 [ 387.989750][T15207] mptcp_subflow_create_socket+0x1b1/0xed0 [ 387.989767][T15207] ? avc_has_perm_noaudit+0x117/0x3b0 [ 387.989779][T15207] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 387.989800][T15207] __mptcp_nmpc_sk+0x182/0x7d0 [ 387.989811][T15207] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 387.989822][T15207] ? __lock_acquire+0xb8a/0x1c90 [ 387.989854][T15207] mptcp_connect+0x7f/0xfe0 [ 387.989867][T15207] __inet_stream_connect+0x3c8/0x1020 [ 387.989884][T15207] ? __pfx___inet_stream_connect+0x10/0x10 [ 387.989896][T15207] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 387.989909][T15207] ? __pfx_inet_stream_connect+0x10/0x10 [ 387.989921][T15207] ? __local_bh_enable_ip+0xa4/0x120 [ 387.989936][T15207] ? __pfx_inet_stream_connect+0x10/0x10 [ 387.989947][T15207] inet_stream_connect+0x57/0xa0 [ 387.989960][T15207] __sys_connect_file+0x141/0x1a0 [ 387.989974][T15207] __sys_connect+0x13b/0x160 [ 387.989985][T15207] ? __pfx___sys_connect+0x10/0x10 [ 387.990002][T15207] ? __pfx_ksys_write+0x10/0x10 [ 387.990015][T15207] ? fput+0x70/0xf0 [ 387.990026][T15207] __x64_sys_connect+0x72/0xb0 [ 387.990037][T15207] ? lockdep_hardirqs_on+0x7c/0x110 [ 387.990050][T15207] do_syscall_64+0xcd/0x4c0 [ 387.990065][T15207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.990076][T15207] RIP: 0033:0x7f7e5518e929 [ 387.990085][T15207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.990095][T15207] RSP: 002b:00007f7e55f9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 387.990106][T15207] RAX: ffffffffffffffda RBX: 00007f7e553b5fa0 RCX: 00007f7e5518e929 [ 387.990112][T15207] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005 [ 387.990118][T15207] RBP: 00007f7e55f9e090 R08: 0000000000000000 R09: 0000000000000000 [ 387.990124][T15207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.990130][T15207] R13: 0000000000000000 R14: 00007f7e553b5fa0 R15: 00007ffd57814c88 [ 387.990144][T15207] [ 388.111840][T15214] ptm ptm1: ldisc open failed (-12), clearing slot 1 [ 388.489523][T11931] usb 13-1: new high-speed USB device number 2 using dummy_hcd [ 388.535800][T15247] (syz.7.2929,15247,1):dlmfs_mkdir:421 ERROR: invalid domain name for directory. [ 388.539599][T15246] delete_channel: no stack [ 388.659456][T11931] usb 13-1: Using ep0 maxpacket: 32 [ 388.662479][T11931] usb 13-1: config index 0 descriptor too short (expected 29220, got 36) [ 388.665268][T11931] usb 13-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 388.668286][T11931] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 388.671330][T11931] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 388.674216][T11931] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 388.677457][T11931] usb 13-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 388.682214][T11931] usb 13-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 388.685972][T11931] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.690609][T11931] usb 13-1: config 0 descriptor?? [ 388.801584][T15264] syz.7.2937: attempt to access beyond end of device [ 388.801584][T15264] nbd7: rw=0, sector=0, nr_sectors = 1 limit=0 [ 388.805625][T15264] (syz.7.2937,15264,0):ocfs2_get_sector:1714 ERROR: status = -5 [ 388.808050][T15264] (syz.7.2937,15264,0):ocfs2_sb_probe:753 ERROR: status = -5 [ 388.810630][T15264] (syz.7.2937,15264,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 388.813352][T15264] (syz.7.2937,15264,0):ocfs2_fill_super:1177 ERROR: status = -5 [ 388.862596][T15271] FAULT_INJECTION: forcing a failure. [ 388.862596][T15271] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 388.867087][T15271] CPU: 3 UID: 0 PID: 15271 Comm: syz.6.2940 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 388.867106][T15271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 388.867113][T15271] Call Trace: [ 388.867117][T15271] [ 388.867122][T15271] dump_stack_lvl+0x16c/0x1f0 [ 388.867140][T15271] should_fail_ex+0x512/0x640 [ 388.867157][T15271] should_fail_alloc_page+0xe7/0x130 [ 388.867174][T15271] prepare_alloc_pages+0x3c2/0x610 [ 388.867188][T15271] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 388.867203][T15271] ? __pfx_stack_trace_save+0x10/0x10 [ 388.867217][T15271] ? stack_depot_save_flags+0x28/0xa40 [ 388.867235][T15271] ? iovec_from_user+0x108/0x140 [ 388.867250][T15271] ? kasan_save_stack+0x42/0x60 [ 388.867262][T15271] ? kasan_save_stack+0x33/0x60 [ 388.867275][T15271] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 388.867289][T15271] ? iovec_from_user+0x108/0x140 [ 388.867304][T15271] ? import_iovec+0x109/0x140 [ 388.867318][T15271] ? do_writev+0x132/0x340 [ 388.867331][T15271] ? do_syscall_64+0xcd/0x4c0 [ 388.867344][T15271] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.867373][T15271] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 388.867388][T15271] ? policy_nodemask+0xea/0x4e0 [ 388.867404][T15271] alloc_pages_mpol+0x1fb/0x550 [ 388.867419][T15271] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 388.867438][T15271] ? __pfx_vcs_write+0x10/0x10 [ 388.867450][T15271] alloc_pages_noprof+0x131/0x390 [ 388.867465][T15271] get_free_pages_noprof+0x10/0xb0 [ 388.867481][T15271] vcs_write+0x11a/0xdb0 [ 388.867493][T15271] ? copy_iovec_from_user+0x131/0x170 [ 388.867509][T15271] ? iovec_from_user+0xbb/0x140 [ 388.867526][T15271] ? __import_iovec+0x1dd/0x650 [ 388.867540][T15271] ? __pfx_vcs_write+0x10/0x10 [ 388.867554][T15271] ? bpf_lsm_file_permission+0x9/0x10 [ 388.867563][T15271] ? security_file_permission+0x71/0x210 [ 388.867583][T15271] ? rw_verify_area+0xcf/0x680 [ 388.867596][T15271] ? __pfx_vcs_write+0x10/0x10 [ 388.867607][T15271] vfs_writev+0x5dc/0xde0 [ 388.867623][T15271] ? __pfx_vfs_writev+0x10/0x10 [ 388.867645][T15271] ? __fget_files+0x20e/0x3c0 [ 388.867658][T15271] ? __fget_files+0x130/0x3c0 [ 388.867675][T15271] ? do_writev+0x132/0x340 [ 388.867686][T15271] do_writev+0x132/0x340 [ 388.867698][T15271] ? __pfx_do_writev+0x10/0x10 [ 388.867714][T15271] do_syscall_64+0xcd/0x4c0 [ 388.867728][T15271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.867738][T15271] RIP: 0033:0x7fea8998e929 [ 388.867747][T15271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.867757][T15271] RSP: 002b:00007fea8a7f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 388.867767][T15271] RAX: ffffffffffffffda RBX: 00007fea89bb5fa0 RCX: 00007fea8998e929 [ 388.867774][T15271] RDX: 000000000000000e RSI: 0000200000000c40 RDI: 0000000000000003 [ 388.867780][T15271] RBP: 00007fea8a7f5090 R08: 0000000000000000 R09: 0000000000000000 [ 388.867786][T15271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 388.867792][T15271] R13: 0000000000000000 R14: 00007fea89bb5fa0 R15: 00007ffe439af3c8 [ 388.867805][T15271] [ 388.903717][T11931] usblp 13-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 388.974191][T11931] usb 13-1: USB disconnect, device number 2 [ 388.978515][T11931] usblp0: removed [ 389.110601][T15287] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2947'. [ 389.419933][T11931] usb 13-1: new high-speed USB device number 3 using dummy_hcd [ 389.569838][T11931] usb 13-1: Using ep0 maxpacket: 32 [ 389.576723][T11931] usb 13-1: config index 0 descriptor too short (expected 29220, got 36) [ 389.583030][T11931] usb 13-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 389.586545][T11931] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 389.590050][T11931] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 389.594037][T11931] usb 13-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 389.597527][T11931] usb 13-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 389.603574][T11931] usb 13-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 389.607104][T11931] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.611036][T11931] usb 13-1: config 0 descriptor?? [ 390.168870][T11931] usblp 13-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 390.570849][ T29] usb 13-1: USB disconnect, device number 3 [ 390.577875][ T29] usblp0: removed [ 390.800155][ T6028] usb 11-1: new high-speed USB device number 19 using dummy_hcd [ 390.960190][ T6028] usb 11-1: Using ep0 maxpacket: 16 [ 390.964687][ T6028] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 390.971197][ T6028] usb 11-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 390.974744][ T6028] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.977274][ T6028] usb 11-1: Product: syz [ 390.978616][ T6028] usb 11-1: Manufacturer: syz [ 390.980218][ T6028] usb 11-1: SerialNumber: syz [ 390.983867][ T6028] usb 11-1: config 0 descriptor?? [ 390.987912][ T6028] hub 11-1:0.0: bad descriptor, ignoring hub [ 390.991032][ T6028] hub 11-1:0.0: probe with driver hub failed with error -5 [ 390.996960][ T6028] input: syz syz as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/input/input32 [ 391.245950][T15322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.249656][T15322] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.349677][ T838] usb 11-1: USB disconnect, device number 19 [ 391.459503][ T1465] usb 13-1: new high-speed USB device number 4 using dummy_hcd [ 391.589584][ T1465] usb 13-1: device descriptor read/64, error -71 [ 391.829508][ T1465] usb 13-1: new high-speed USB device number 5 using dummy_hcd [ 391.947128][T15326] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2957'. [ 391.969521][ T1465] usb 13-1: device descriptor read/64, error -71 [ 392.033131][T15331] FAULT_INJECTION: forcing a failure. [ 392.033131][T15331] name failslab, interval 1, probability 0, space 0, times 0 [ 392.037807][T15331] CPU: 1 UID: 0 PID: 15331 Comm: syz.6.2959 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 392.037830][T15331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 392.037840][T15331] Call Trace: [ 392.037847][T15331] [ 392.037854][T15331] dump_stack_lvl+0x16c/0x1f0 [ 392.037880][T15331] should_fail_ex+0x512/0x640 [ 392.037904][T15331] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 392.037931][T15331] should_failslab+0xc2/0x120 [ 392.037956][T15331] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 392.037979][T15331] ? __alloc_skb+0x2b2/0x380 [ 392.038004][T15331] __alloc_skb+0x2b2/0x380 [ 392.038023][T15331] ? __pfx___alloc_skb+0x10/0x10 [ 392.038045][T15331] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 392.038075][T15331] netlink_alloc_large_skb+0x69/0x130 [ 392.038103][T15331] netlink_sendmsg+0x6a1/0xdd0 [ 392.038130][T15331] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.038163][T15331] ____sys_sendmsg+0xa95/0xc70 [ 392.038179][T15331] ? copy_msghdr_from_user+0x10a/0x160 [ 392.038201][T15331] ? __pfx_____sys_sendmsg+0x10/0x10 [ 392.038227][T15331] ___sys_sendmsg+0x134/0x1d0 [ 392.038250][T15331] ? __pfx____sys_sendmsg+0x10/0x10 [ 392.038269][T15331] ? __lock_acquire+0x622/0x1c90 [ 392.038331][T15331] __sys_sendmsg+0x16d/0x220 [ 392.038354][T15331] ? __pfx___sys_sendmsg+0x10/0x10 [ 392.038389][T15331] do_syscall_64+0xcd/0x4c0 [ 392.038413][T15331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.038430][T15331] RIP: 0033:0x7fea8998e929 [ 392.038443][T15331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.038458][T15331] RSP: 002b:00007fea8a7f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 392.038475][T15331] RAX: ffffffffffffffda RBX: 00007fea89bb5fa0 RCX: 00007fea8998e929 [ 392.038486][T15331] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 392.038497][T15331] RBP: 00007fea8a7f5090 R08: 0000000000000000 R09: 0000000000000000 [ 392.038506][T15331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 392.038515][T15331] R13: 0000000000000000 R14: 00007fea89bb5fa0 R15: 00007ffe439af3c8 [ 392.038537][T15331] [ 392.080228][ T1465] usb usb13-port1: attempt power cycle [ 392.116723][T15333] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2960'. [ 392.123504][T15333] netlink: 'syz.6.2960': attribute type 1 has an invalid length. [ 392.142676][T15333] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 392.449431][ T1465] usb 13-1: new high-speed USB device number 6 using dummy_hcd [ 392.469898][ T1465] usb 13-1: device descriptor read/8, error -71 [ 392.719435][ T1465] usb 13-1: new high-speed USB device number 7 using dummy_hcd [ 392.751542][ T1465] usb 13-1: device descriptor read/8, error -71 [ 392.859720][ T1465] usb usb13-port1: unable to enumerate USB device [ 393.082619][T15346] No such timeout policy "syz1" [ 393.249175][T15356] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2969'. [ 393.268955][T15356] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2969'. [ 393.272085][T15356] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2969'. [ 393.419514][ T29] usb 11-1: new high-speed USB device number 20 using dummy_hcd [ 393.465413][T15364] FAULT_INJECTION: forcing a failure. [ 393.465413][T15364] name failslab, interval 1, probability 0, space 0, times 0 [ 393.470772][T15364] CPU: 1 UID: 0 PID: 15364 Comm: syz.7.2973 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 393.470788][T15364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 393.470795][T15364] Call Trace: [ 393.470799][T15364] [ 393.470803][T15364] dump_stack_lvl+0x16c/0x1f0 [ 393.470820][T15364] should_fail_ex+0x512/0x640 [ 393.470836][T15364] ? fs_reclaim_acquire+0xae/0x150 [ 393.470848][T15364] ? tomoyo_encode2+0x100/0x3e0 [ 393.470862][T15364] should_failslab+0xc2/0x120 [ 393.470878][T15364] __kmalloc_noprof+0xd2/0x510 [ 393.470894][T15364] tomoyo_encode2+0x100/0x3e0 [ 393.470911][T15364] tomoyo_encode+0x29/0x50 [ 393.470924][T15364] tomoyo_realpath_from_path+0x18f/0x6e0 [ 393.470941][T15364] ? tomoyo_profile+0x47/0x60 [ 393.470952][T15364] tomoyo_path_number_perm+0x245/0x580 [ 393.470964][T15364] ? tomoyo_path_number_perm+0x237/0x580 [ 393.470978][T15364] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 393.470991][T15364] ? find_held_lock+0x2b/0x80 [ 393.471016][T15364] ? find_held_lock+0x2b/0x80 [ 393.471056][T15364] ? hook_file_ioctl_common+0x145/0x410 [ 393.471079][T15364] ? __fget_files+0x20e/0x3c0 [ 393.471106][T15364] security_file_ioctl+0x9b/0x240 [ 393.471128][T15364] __x64_sys_ioctl+0xb7/0x210 [ 393.471142][T15364] do_syscall_64+0xcd/0x4c0 [ 393.471158][T15364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.471168][T15364] RIP: 0033:0x7f6294b8e929 [ 393.471178][T15364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.471188][T15364] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 393.471198][T15364] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929 [ 393.471205][T15364] RDX: 0000200000000500 RSI: 000000004008ae89 RDI: 0000000000000005 [ 393.471211][T15364] RBP: 00007f6295ac0090 R08: 0000000000000000 R09: 0000000000000000 [ 393.471217][T15364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 393.471223][T15364] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8 [ 393.471236][T15364] [ 393.471251][T15364] ERROR: Out of memory at tomoyo_realpath_from_path. [ 393.629595][ T29] usb 11-1: Using ep0 maxpacket: 32 [ 393.634093][ T29] usb 11-1: config index 0 descriptor too short (expected 29220, got 36) [ 393.637557][ T29] usb 11-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 393.641879][ T29] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 393.645653][ T29] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 393.646321][ T40] audit: type=1400 audit(1749169246.397:672): avc: denied { watch } for pid=15366 comm="syz.7.2974" path="/137/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 393.650142][ T29] usb 11-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 393.663660][ T40] audit: type=1400 audit(1749169246.397:673): avc: denied { watch_sb watch_reads } for pid=15366 comm="syz.7.2974" path="/137/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 393.667904][ T29] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 393.686947][ T29] usb 11-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 393.691581][ T29] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.700512][ T29] usb 11-1: config 0 descriptor?? [ 393.911354][ T29] usblp 11-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 393.920612][ T29] usb 11-1: USB disconnect, device number 20 [ 393.934693][ T29] usblp0: removed [ 393.961456][T15377] overlayfs: missing 'lowerdir' [ 393.966525][T15377] fuse: Bad value for 'fd' [ 394.336725][T15394] SELinux: policydb version 1402900228 does not match my version range 15-34 [ 394.341276][T15394] SELinux: failed to load policy [ 394.349491][ T57] usb 11-1: new high-speed USB device number 21 using dummy_hcd [ 394.369875][ T29] usb 12-1: new high-speed USB device number 9 using dummy_hcd [ 394.509446][ T57] usb 11-1: Using ep0 maxpacket: 32 [ 394.512963][ T57] usb 11-1: config index 0 descriptor too short (expected 29220, got 36) [ 394.515868][ T57] usb 11-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 394.518979][ T57] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 394.520017][ T29] usb 12-1: Using ep0 maxpacket: 16 [ 394.522574][ T57] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 394.526812][ T29] usb 12-1: too many configurations: 129, using maximum allowed: 8 [ 394.528417][ T57] usb 11-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 394.534928][ T29] usb 12-1: invalid descriptor for config index 0: type = 0x2, length = 0 [ 394.535502][ T57] usb 11-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 394.535549][ T57] usb 11-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 394.538892][ T29] usb 12-1: can't read configurations, error -22 [ 394.544142][ T57] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.546339][ T57] usb 11-1: config 0 descriptor?? [ 394.679542][ T29] usb 12-1: new high-speed USB device number 10 using dummy_hcd [ 394.832812][ T29] usb 12-1: Using ep0 maxpacket: 16 [ 394.836153][ T29] usb 12-1: too many configurations: 129, using maximum allowed: 8 [ 394.839853][ T29] usb 12-1: invalid descriptor for config index 0: type = 0x2, length = 0 [ 394.842623][ T29] usb 12-1: can't read configurations, error -22 [ 394.845875][ T29] usb usb12-port1: attempt power cycle [ 394.857746][T15413] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2984'. [ 394.860577][T15413] netlink: 'syz.8.2984': attribute type 30 has an invalid length. [ 394.866107][T15413] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.869408][T15413] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.872033][T15413] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.874649][T15413] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 394.880619][T15413] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2984'. [ 394.883999][T15413] netlink: 'syz.8.2984': attribute type 30 has an invalid length. [ 395.112600][ T57] usblp 11-1:0.0: usblp0: USB Bidirectional printer dev 21 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 395.139709][T11017] usb 13-1: new high-speed USB device number 8 using dummy_hcd [ 395.179440][ T29] usb 12-1: new high-speed USB device number 11 using dummy_hcd [ 395.200776][ T29] usb 12-1: Using ep0 maxpacket: 16 [ 395.203976][ T29] usb 12-1: too many configurations: 129, using maximum allowed: 8 [ 395.208455][ T29] usb 12-1: invalid descriptor for config index 0: type = 0x2, length = 0 [ 395.212728][ T29] usb 12-1: can't read configurations, error -22 [ 395.279447][T11017] usb 13-1: device descriptor read/64, error -71 [ 395.339837][ T29] usb 12-1: new high-speed USB device number 12 using dummy_hcd [ 395.370220][ T29] usb 12-1: Using ep0 maxpacket: 16 [ 395.373472][ T29] usb 12-1: too many configurations: 129, using maximum allowed: 8 [ 395.376946][ T29] usb 12-1: invalid descriptor for config index 0: type = 0x2, length = 0 [ 395.379980][ T29] usb 12-1: can't read configurations, error -22 [ 395.382126][ T29] usb usb12-port1: unable to enumerate USB device [ 395.513670][ T1465] usb 11-1: USB disconnect, device number 21 [ 395.519896][ T1465] usblp0: removed [ 395.529497][T11017] usb 13-1: new high-speed USB device number 9 using dummy_hcd [ 395.659538][T11017] usb 13-1: device descriptor read/64, error -71 [ 395.771887][T11017] usb usb13-port1: attempt power cycle [ 396.120123][T11017] usb 13-1: new high-speed USB device number 10 using dummy_hcd [ 396.141167][T11017] usb 13-1: device descriptor read/8, error -71 [ 396.300664][T15454] FAULT_INJECTION: forcing a failure. [ 396.300664][T15454] name failslab, interval 1, probability 0, space 0, times 0 [ 396.305663][T15454] CPU: 1 UID: 0 PID: 15454 Comm: syz.6.2989 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 396.305679][T15454] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 396.305685][T15454] Call Trace: [ 396.305690][T15454] [ 396.305695][T15454] dump_stack_lvl+0x16c/0x1f0 [ 396.305713][T15454] should_fail_ex+0x512/0x640 [ 396.305730][T15454] should_failslab+0xc2/0x120 [ 396.305745][T15454] __kmalloc_cache_noprof+0x6a/0x3e0 [ 396.305759][T15454] ? __add_metainfo+0x99/0x460 [ 396.305775][T15454] ? kasan_save_track+0x14/0x30 [ 396.305789][T15454] __add_metainfo+0x99/0x460 [ 396.305805][T15454] tcf_ife_init+0xd5c/0x14e0 [ 396.305824][T15454] ? __pfx_tcf_ife_init+0x10/0x10 [ 396.305845][T15454] ? tcf_action_init_1+0x2d2/0x6c0 [ 396.305857][T15454] ? __asan_memcpy+0x3c/0x60 [ 396.305871][T15454] tcf_action_init_1+0x45d/0x6c0 [ 396.305884][T15454] ? __pfx_tcf_action_init_1+0x10/0x10 [ 396.305902][T15454] ? __nla_parse+0x40/0x60 [ 396.305913][T15454] tcf_action_init+0x432/0xa50 [ 396.305929][T15454] ? __pfx_tcf_action_init+0x10/0x10 [ 396.305941][T15454] ? is_bpf_text_address+0x8a/0x1a0 [ 396.305964][T15454] ? __lock_acquire+0xb8a/0x1c90 [ 396.305990][T15454] ? find_held_lock+0x2b/0x80 [ 396.306002][T15454] ? pcpu_alloc_noprof+0x949/0x1470 [ 396.306018][T15454] tcf_exts_validate_ex+0x42d/0x550 [ 396.306034][T15454] ? __pfx_tcf_exts_validate_ex+0x10/0x10 [ 396.306047][T15454] ? mark_held_locks+0x49/0x80 [ 396.306069][T15454] mall_change+0x3cd/0x1090 [ 396.306086][T15454] ? __pfx_mall_change+0x10/0x10 [ 396.306100][T15454] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 396.306118][T15454] ? __pfx_mall_change+0x10/0x10 [ 396.306132][T15454] tc_new_tfilter+0xa35/0x2340 [ 396.306149][T15454] ? __pfx_tc_new_tfilter+0x10/0x10 [ 396.306170][T15454] ? find_held_lock+0x2b/0x80 [ 396.306182][T15454] ? __pfx_tc_new_tfilter+0x10/0x10 [ 396.306191][T15454] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 396.306206][T15454] ? __pfx_tc_new_tfilter+0x10/0x10 [ 396.306216][T15454] rtnetlink_rcv_msg+0x95e/0xe90 [ 396.306231][T15454] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 396.306248][T15454] ? ref_tracker_free+0x37c/0x830 [ 396.306265][T15454] netlink_rcv_skb+0x158/0x420 [ 396.306274][T15454] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 396.306289][T15454] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 396.306309][T15454] ? netlink_deliver_tap+0x1ae/0xd30 [ 396.306326][T15454] netlink_unicast+0x53a/0x7f0 [ 396.306343][T15454] ? __pfx_netlink_unicast+0x10/0x10 [ 396.306362][T15454] netlink_sendmsg+0x8d1/0xdd0 [ 396.306380][T15454] ? __pfx_netlink_sendmsg+0x10/0x10 [ 396.306400][T15454] ____sys_sendmsg+0xa95/0xc70 [ 396.306411][T15454] ? copy_msghdr_from_user+0x10a/0x160 [ 396.306424][T15454] ? __pfx_____sys_sendmsg+0x10/0x10 [ 396.306439][T15454] ___sys_sendmsg+0x134/0x1d0 [ 396.306452][T15454] ? __pfx____sys_sendmsg+0x10/0x10 [ 396.306464][T15454] ? __lock_acquire+0x622/0x1c90 [ 396.306494][T15454] __sys_sendmsg+0x16d/0x220 [ 396.306507][T15454] ? __pfx___sys_sendmsg+0x10/0x10 [ 396.306525][T15454] ? fput+0x70/0xf0 [ 396.306536][T15454] do_syscall_64+0xcd/0x4c0 [ 396.306554][T15454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.306565][T15454] RIP: 0033:0x7fea8998e929 [ 396.306574][T15454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 396.306584][T15454] RSP: 002b:00007fea8a7f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 396.306594][T15454] RAX: ffffffffffffffda RBX: 00007fea89bb5fa0 RCX: 00007fea8998e929 [ 396.306601][T15454] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 396.306607][T15454] RBP: 00007fea8a7f5090 R08: 0000000000000000 R09: 0000000000000000 [ 396.306613][T15454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 396.306619][T15454] R13: 0000000000000000 R14: 00007fea89bb5fa0 R15: 00007ffe439af3c8 [ 396.306631][T15454] [ 396.500120][T11017] usb 13-1: new high-speed USB device number 11 using dummy_hcd [ 396.529292][T15457] netlink: 56 bytes leftover after parsing attributes in process `syz.6.2990'. [ 396.530100][T11017] usb 13-1: device descriptor read/8, error -71 [ 396.650231][T11017] usb usb13-port1: unable to enumerate USB device [ 396.792090][ T40] audit: type=1804 audit(1749169249.547:674): pid=15468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.6.2995" name="/newroot/285/file1" dev="fuse" ino=1 res=1 errno=0 [ 396.801125][ T40] audit: type=1800 audit(1749169249.547:675): pid=15468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2995" name="/" dev="fuse" ino=1 res=0 errno=0 [ 396.809820][ T40] audit: type=1800 audit(1749169249.547:676): pid=15468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2995" name="/" dev="fuse" ino=1 res=0 errno=0 [ 396.877648][ T40] audit: type=1400 audit(1749169249.627:677): avc: denied { write } for pid=15473 comm="syz.6.2997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 396.932127][T15476] dlm: non-version read from control device 0 [ 396.966547][T15478] ata1.00: invalid cdb length 6 [ 397.151039][ T40] audit: type=1804 audit(1749169249.907:678): pid=15481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.7.3000" name="/newroot/140/file1" dev="fuse" ino=1 res=1 errno=0 [ 397.151455][T15481] FAULT_INJECTION: forcing a failure. [ 397.151455][T15481] name failslab, interval 1, probability 0, space 0, times 0 [ 397.159904][ T40] audit: type=1800 audit(1749169249.907:679): pid=15481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.7.3000" name="/" dev="fuse" ino=1 res=0 errno=0 [ 397.163746][T15481] CPU: 0 UID: 0 PID: 15481 Comm: syz.7.3000 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 397.163762][T15481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 397.163769][T15481] Call Trace: [ 397.163774][T15481] [ 397.163779][T15481] dump_stack_lvl+0x16c/0x1f0 [ 397.163798][T15481] should_fail_ex+0x512/0x640 [ 397.163812][T15481] ? __kmalloc_noprof+0xbf/0x510 [ 397.163828][T15481] ? ima_write_template_field_data+0x5d/0x1f0 [ 397.163840][T15481] should_failslab+0xc2/0x120 [ 397.163856][T15481] __kmalloc_noprof+0xd2/0x510 [ 397.163872][T15481] ima_write_template_field_data+0x5d/0x1f0 [ 397.163886][T15481] ima_eventname_init_common+0x1b8/0x260 [ 397.163900][T15481] ? __pfx_ima_eventname_init_common+0x10/0x10 [ 397.163914][T15481] ? trace_kmalloc+0x2b/0xd0 [ 397.163922][T15481] ? __kmalloc_noprof+0x242/0x510 [ 397.163939][T15481] ima_alloc_init_template+0x39d/0x720 [ 397.163956][T15481] ? rcu_is_watching+0x12/0xc0 [ 397.163970][T15481] ima_store_measurement+0x1eb/0x5c0 [ 397.163987][T15481] ? __pfx_ima_store_measurement+0x10/0x10 [ 397.164004][T15481] ? vfs_getxattr_alloc+0xec/0x340 [ 397.164023][T15481] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 397.164039][T15481] process_measurement+0x1f26/0x23e0 [ 397.164057][T15481] ? avc_has_perm_noaudit+0x149/0x3b0 [ 397.164068][T15481] ? __pfx_process_measurement+0x10/0x10 [ 397.164085][T15481] ? __pfx_avc_has_perm+0x10/0x10 [ 397.164096][T15481] ? find_held_lock+0x2b/0x80 [ 397.164121][T15481] ? file_map_prot_check+0x1eb/0x360 [ 397.164136][T15481] ima_file_mmap+0x1a8/0x1d0 [ 397.164150][T15481] ? __pfx_ima_file_mmap+0x10/0x10 [ 397.164163][T15481] ? __lock_acquire+0x622/0x1c90 [ 397.164181][T15481] security_mmap_file+0x88c/0x990 [ 397.164197][T15481] vm_mmap_pgoff+0xec/0x450 [ 397.164213][T15481] ? find_held_lock+0x2b/0x80 [ 397.164225][T15481] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 397.164242][T15481] ? __fget_files+0x20e/0x3c0 [ 397.164259][T15481] ksys_mmap_pgoff+0x32c/0x5c0 [ 397.164269][T15481] ? __pfx_ksys_write+0x10/0x10 [ 397.164284][T15481] __x64_sys_mmap+0x125/0x190 [ 397.164301][T15481] do_syscall_64+0xcd/0x4c0 [ 397.164316][T15481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.164326][T15481] RIP: 0033:0x7f6294b8e929 [ 397.164336][T15481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.164346][T15481] RSP: 002b:00007f6295ac0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 397.164356][T15481] RAX: ffffffffffffffda RBX: 00007f6294db5fa0 RCX: 00007f6294b8e929 [ 397.164363][T15481] RDX: 0000000000000006 RSI: 0000000000002000 RDI: 0000200000000000 [ 397.164369][T15481] RBP: 00007f6295ac0090 R08: 0000000000000007 R09: 0000000000000000 [ 397.164375][T15481] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 397.164381][T15481] R13: 0000000000000000 R14: 00007f6294db5fa0 R15: 00007ffdcb9b9ac8 [ 397.164394][T15481] [ 397.271482][ T40] audit: type=1800 audit(1749169249.907:680): pid=15481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.7.3000" name="/" dev="fuse" ino=1 res=0 errno=0 [ 397.278583][ T40] audit: type=1804 audit(1749169249.917:681): pid=15481 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=add_template_measure cause=ENOMEM comm="syz.7.3000" name="/newroot/140/file1" dev="fuse" ino=1 res=0 errno=0 [ 397.345120][T15489] netlink: 'syz.7.3001': attribute type 3 has an invalid length. [ 397.466952][T15489] netlink: 'syz.7.3001': attribute type 28 has an invalid length. [ 397.470564][T15489] netlink: 'syz.7.3001': attribute type 3 has an invalid length. [ 397.473786][T15489] netlink: 132 bytes leftover after parsing attributes in process `syz.7.3001'. [ 397.591812][T15489] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.3001'. [ 397.594933][T15484] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.3001'. [ 397.783949][T15499] openvswitch: netlink: IP tunnel TTL not specified. [ 398.069500][T15512] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3006'. [ 398.096046][T15520] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5) [ 398.098125][T15520] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 398.102781][T15520] vhci_hcd vhci_hcd.0: Device attached [ 398.109439][T15522] vhci_hcd: connection closed [ 398.112262][ T1157] vhci_hcd: stop threads [ 398.115192][ T1157] vhci_hcd: release socket [ 398.116652][ T1157] vhci_hcd: disconnect device [ 398.382898][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3013'. [ 398.386663][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3013'. [ 398.389705][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3013'. [ 399.049509][ T10] usb 12-1: new high-speed USB device number 13 using dummy_hcd [ 399.077644][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 399.077656][ T40] audit: type=1400 audit(1749169251.827:683): avc: denied { listen } for pid=15540 comm="syz.6.3020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 399.133615][ T40] audit: type=1400 audit(1749169251.887:684): avc: denied { map } for pid=15540 comm="syz.6.3020" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 399.201871][ T10] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.205404][ T10] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 399.208368][ T10] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 399.213915][ T10] usb 12-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 399.217675][ T10] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.222700][ T10] usb 12-1: config 0 descriptor?? [ 399.573545][ T40] audit: type=1400 audit(1749169252.327:685): avc: denied { write } for pid=15555 comm="syz.6.3026" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 399.628591][ T10] plantronics 0003:047F:FFFF.000B: reserved main item tag 0xd [ 399.632674][ T10] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 399.639082][ T10] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0 [ 399.790818][T11931] usb 13-1: new high-speed USB device number 12 using dummy_hcd [ 399.887947][ T29] usb 12-1: USB disconnect, device number 13 [ 399.939950][T11931] usb 13-1: device descriptor read/64, error -71 [ 400.189722][T11931] usb 13-1: new high-speed USB device number 13 using dummy_hcd [ 400.319548][T11931] usb 13-1: device descriptor read/64, error -71 [ 400.440257][T11931] usb usb13-port1: attempt power cycle [ 400.527191][T15571] xfrm1: entered allmulticast mode [ 400.537194][ T40] audit: type=1400 audit(1749169253.287:686): avc: denied { audit_control } for pid=15570 comm="syz.7.3030" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 400.575965][T15577] random: crng reseeded on system resumption [ 400.580980][T15576] xt_TPROXY: Can be used only with -p tcp or -p udp [ 400.587036][T15576] gfs2: not a GFS2 filesystem [ 400.635940][T15580] __nla_validate_parse: 1 callbacks suppressed [ 400.635951][T15580] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3033'. [ 400.657850][ T40] audit: type=1400 audit(1749169253.407:687): avc: denied { ioctl } for pid=15575 comm="syz.6.3033" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 400.789636][T11931] usb 13-1: new high-speed USB device number 14 using dummy_hcd [ 400.810182][T11931] usb 13-1: device descriptor read/8, error -71 [ 401.061112][T11931] usb 13-1: new high-speed USB device number 15 using dummy_hcd [ 401.080784][T11931] usb 13-1: device descriptor read/8, error -71 [ 401.200486][T11931] usb usb13-port1: unable to enumerate USB device [ 401.205962][T15605] o2cb: This node has not been configured. [ 401.208189][T15605] o2cb: Cluster check failed. Fix errors before retrying. [ 401.210776][T15605] (syz.7.3042,15605,2):user_dlm_register:674 ERROR: status = -22 [ 401.213349][T15605] (syz.7.3042,15605,2):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 401.248063][T15607] syzkaller0: entered promiscuous mode [ 401.250205][T15607] syzkaller0: entered allmulticast mode [ 401.598688][T15621] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3049'. [ 401.662905][T15614] veth1_macvtap: left promiscuous mode [ 401.665371][T15614] macsec0: entered promiscuous mode [ 401.667570][T15614] macsec0: entered allmulticast mode [ 401.677530][T15614] veth1_macvtap: entered promiscuous mode [ 401.679477][T15614] veth1_macvtap: entered allmulticast mode [ 401.681504][T15614] macsec0: left promiscuous mode [ 401.683187][T15614] macsec0: left allmulticast mode [ 401.685049][T15614] veth1_macvtap: left allmulticast mode [ 401.876147][T15634] binder: 15633:15634 unknown command 0 [ 401.878524][T15634] binder: 15633:15634 ioctl c0306201 2000000002c0 returned -22 [ 402.712419][T15668] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3065'. [ 403.094484][ T40] audit: type=1400 audit(1749169255.847:688): avc: denied { create } for pid=15690 comm="syz.7.3074" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 403.126554][T15691] loop6: detected capacity change from 0 to 524287998 [ 403.234021][T15694] syzkaller0: entered promiscuous mode [ 403.236542][T15694] syzkaller0: entered allmulticast mode [ 403.253032][T15696] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3076'. [ 403.328292][T15698] bridge1: entered promiscuous mode [ 403.420753][T15704] loop6: detected capacity change from 0 to 524287999 [ 403.564804][ T5948] Bluetooth: hci0: unexpected event for opcode 0x0407 [ 403.706629][T15714] netlink: 'syz.6.3084': attribute type 6 has an invalid length. [ 403.710565][T15714] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3084'. [ 403.748740][T15717] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3085'. [ 403.807820][T15721] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 403.948333][T15733] IPVS: sync thread started: state = BACKUP, mcast_ifn = tunl0, syncid = 3, id = 0 [ 403.949110][T15732] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3091'. [ 403.987420][T15735] binder: 15734:15735 ioctl 4018620d 0 returned -22 [ 404.109586][ T5633] usb 11-1: new high-speed USB device number 22 using dummy_hcd [ 404.144287][T15746] netlink: 168 bytes leftover after parsing attributes in process `syz.8.3097'. [ 404.240882][T15755] QAT: Invalid ioctl -2144835806 [ 404.270839][ T5633] usb 11-1: too many configurations: 9, using maximum allowed: 8 [ 404.272540][ T40] audit: type=1400 audit(1749169257.027:689): avc: denied { getopt } for pid=15756 comm="syz.8.3101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 404.275328][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 404.285248][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 404.290120][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0 [ 404.293206][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 404.296201][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 404.300155][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0 [ 404.303549][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 404.306479][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 404.310016][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0 [ 404.312819][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 404.315586][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 404.319007][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0 [ 404.322181][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 404.324936][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 404.328247][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0 [ 404.331330][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 404.334324][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 404.337635][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0 [ 404.340744][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 404.343541][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 404.346792][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0 [ 404.349711][ T5633] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 404.352540][ T5633] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 404.355795][ T5633] usb 11-1: config 0 interface 0 has no altsetting 0 [ 404.362521][ T5633] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 404.365278][ T5633] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 404.367694][ T5633] usb 11-1: Product: syz [ 404.368934][ T5633] usb 11-1: Manufacturer: syz [ 404.370512][ T5633] usb 11-1: SerialNumber: syz [ 404.374226][ T5633] usb 11-1: config 0 descriptor?? [ 404.381412][ T5633] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0 [ 404.428011][ T40] audit: type=1400 audit(1749169257.177:690): avc: denied { create } for pid=15766 comm="syz.8.3106" name="#18" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 404.436702][ T40] audit: type=1400 audit(1749169257.177:691): avc: denied { link } for pid=15766 comm="syz.8.3106" name="#18" dev="tmpfs" ino=327 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 404.443946][ T40] audit: type=1400 audit(1749169257.177:692): avc: denied { rename } for pid=15766 comm="syz.8.3106" name="#19" dev="tmpfs" ino=327 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 404.476841][T15771] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3108'. [ 404.513992][ T40] audit: type=1400 audit(1749169257.267:693): avc: denied { ioctl } for pid=15774 comm="syz.7.3110" path="/dev/ptyr2" dev="devtmpfs" ino=145 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 404.514968][T15775] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3110'. [ 404.535925][T15778] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 404.535947][T15778] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 404.540194][T15778] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 404.543524][T15778] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.582519][ T5633] usb 11-1: USB disconnect, device number 22 [ 404.585580][ T5633] yurex 11-1:0.0: USB YUREX #0 now disconnected [ 404.682084][T15784] netlink: 'syz.7.3112': attribute type 3 has an invalid length. [ 404.684585][T15784] netlink: 'syz.7.3112': attribute type 1 has an invalid length. [ 404.757171][T15790] input: syz0 as /devices/virtual/input/input34 [ 405.296450][T15816] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2133 sclass=netlink_route_socket pid=15816 comm=syz.7.3125 [ 405.444599][T15824] xt_CT: You must specify a L4 protocol and not use inversions on it [ 405.676945][ T40] audit: type=1400 audit(1749169258.427:694): avc: denied { connect } for pid=15831 comm="syz.8.3130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 405.740185][ T40] audit: type=1400 audit(1749169258.487:695): avc: denied { bind } for pid=15827 comm="syz.6.3129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 405.748139][T15830] sctp: [Deprecated]: syz.6.3129 (pid 15830) Use of struct sctp_assoc_value in delayed_ack socket option. [ 405.748139][T15830] Use struct sctp_sack_info instead [ 405.754614][ T40] audit: type=1400 audit(1749169258.497:696): avc: denied { getopt } for pid=15827 comm="syz.6.3129" laddr=::ffff:172.20.20.10 lport=38622 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 406.159444][ T40] audit: type=1400 audit(1749169258.907:697): avc: denied { map } for pid=15836 comm="syz.7.3132" path="socket:[76668]" dev="sockfs" ino=76668 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 406.168182][ T40] audit: type=1400 audit(1749169258.917:698): avc: denied { accept } for pid=15836 comm="syz.7.3132" path="socket:[76668]" dev="sockfs" ino=76668 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 406.480359][T15844] __nla_validate_parse: 3 callbacks suppressed [ 406.480372][T15844] netlink: 248 bytes leftover after parsing attributes in process `syz.6.3135'. [ 406.560933][ T5948] Bluetooth: Frame is too long (len 10, expected len 4) [ 406.571397][T15850] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15850 comm=syz.6.3137 [ 406.598296][T15850] netlink: 'syz.6.3137': attribute type 5 has an invalid length. [ 406.691010][T15863] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3140'. [ 406.693777][T15863] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3140'. [ 407.427707][T15907] FAULT_INJECTION: forcing a failure. [ 407.427707][T15907] name failslab, interval 1, probability 0, space 0, times 0 [ 407.433840][T15907] CPU: 0 UID: 0 PID: 15907 Comm: syz.8.3155 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 407.433856][T15907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 407.433863][T15907] Call Trace: [ 407.433867][T15907] [ 407.433871][T15907] dump_stack_lvl+0x16c/0x1f0 [ 407.433907][T15907] should_fail_ex+0x512/0x640 [ 407.433927][T15907] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 407.433943][T15907] should_failslab+0xc2/0x120 [ 407.433958][T15907] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 407.433971][T15907] ? __thp_vma_allowable_orders+0x1c5/0xb10 [ 407.433981][T15907] ? ptlock_alloc+0x1f/0x70 [ 407.433995][T15907] ptlock_alloc+0x1f/0x70 [ 407.434006][T15907] pte_alloc_one+0x82/0x3a0 [ 407.434017][T15907] __handle_mm_fault+0x3a68/0x5490 [ 407.434033][T15907] ? __pfx___handle_mm_fault+0x10/0x10 [ 407.434045][T15907] ? folio_mark_accessed+0xc1/0xc00 [ 407.434060][T15907] ? __pfx_folio_mark_accessed+0x10/0x10 [ 407.434074][T15907] ? vm_normal_page+0x152/0x2e0 [ 407.434089][T15907] ? find_held_lock+0x2b/0x80 [ 407.434101][T15907] ? find_held_lock+0x2b/0x80 [ 407.434121][T15907] handle_mm_fault+0x589/0xd10 [ 407.434136][T15907] __get_user_pages+0x589/0x3b80 [ 407.434150][T15907] ? __pfx_mt_find+0x10/0x10 [ 407.434165][T15907] ? __pfx___get_user_pages+0x10/0x10 [ 407.434180][T15907] populate_vma_page_range+0x278/0x3a0 [ 407.434192][T15907] ? __pfx_populate_vma_page_range+0x10/0x10 [ 407.434202][T15907] ? __pfx_find_vma_intersection+0x10/0x10 [ 407.434213][T15907] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 407.434228][T15907] __mm_populate+0x1d8/0x380 [ 407.434240][T15907] ? __pfx___mm_populate+0x10/0x10 [ 407.434251][T15907] ? up_write+0x1b2/0x520 [ 407.434263][T15907] __do_sys_mlockall+0x516/0x5d0 [ 407.434277][T15907] do_syscall_64+0xcd/0x4c0 [ 407.434292][T15907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.434303][T15907] RIP: 0033:0x7f7e5518e929 [ 407.434312][T15907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.434323][T15907] RSP: 002b:00007f7e55f9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 407.434333][T15907] RAX: ffffffffffffffda RBX: 00007f7e553b5fa0 RCX: 00007f7e5518e929 [ 407.434339][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 407.434345][T15907] RBP: 00007f7e55f9e090 R08: 0000000000000000 R09: 0000000000000000 [ 407.434355][T15907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 407.434361][T15907] R13: 0000000000000000 R14: 00007f7e553b5fa0 R15: 00007ffd57814c88 [ 407.434375][T15907] [ 407.833830][T15921] syzkaller1: entered promiscuous mode [ 407.836100][T15921] syzkaller1: entered allmulticast mode [ 407.954439][T15923] netlink: 'syz.7.3162': attribute type 20 has an invalid length. [ 407.963865][T15923] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3162'. [ 407.967639][T15923] netlink: 244 bytes leftover after parsing attributes in process `syz.7.3162'. [ 407.971802][ T57] IPVS: starting estimator thread 0... [ 408.059983][T15929] IPVS: using max 46 ests per chain, 110400 per kthread [ 408.074217][T15938] netlink: 'syz.6.3165': attribute type 1 has an invalid length. [ 408.077501][T15938] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3165'. [ 408.083918][T15939] omfs: Invalid superblock (0) [ 408.150344][T15942] 9pnet_virtio: no channels available for device syz [ 408.430800][ T838] usb 12-1: new low-speed USB device number 14 using dummy_hcd [ 408.584264][ T838] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 408.589397][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 408.592829][ T838] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 408.596491][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 408.601500][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 408.606767][ T838] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 408.609227][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 408.612860][ T838] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 408.616840][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 408.622069][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 408.626716][ T838] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 408.629472][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 408.633283][ T838] usb 12-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 408.637288][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 408.641256][ T838] usb 12-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 408.647170][ T838] usb 12-1: string descriptor 0 read error: -22 [ 408.649762][ T838] usb 12-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 408.653174][ T838] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.660814][T15968] FAULT_INJECTION: forcing a failure. [ 408.660814][T15968] name failslab, interval 1, probability 0, space 0, times 0 [ 408.661759][ T838] adutux 12-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 408.665991][T15968] CPU: 2 UID: 0 PID: 15968 Comm: syz.8.3173 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 408.666016][T15968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.666026][T15968] Call Trace: [ 408.666033][T15968] [ 408.666041][T15968] dump_stack_lvl+0x16c/0x1f0 [ 408.666069][T15968] should_fail_ex+0x512/0x640 [ 408.666093][T15968] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 408.666125][T15968] should_failslab+0xc2/0x120 [ 408.666151][T15968] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 408.666173][T15968] ? bpf_ksym_find+0x127/0x1c0 [ 408.666197][T15968] ? vm_area_dup+0x27/0x8d0 [ 408.666221][T15968] vm_area_dup+0x27/0x8d0 [ 408.666243][T15968] __split_vma+0x17f/0x1030 [ 408.666268][T15968] ? mas_next_slot+0x12d3/0x21b0 [ 408.666293][T15968] ? __pfx___split_vma+0x10/0x10 [ 408.666327][T15968] vms_gather_munmap_vmas+0x392/0x1310 [ 408.666354][T15968] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 408.666378][T15968] ? mas_walk+0x6a6/0x910 [ 408.666410][T15968] __mmap_region+0x3c7/0x25e0 [ 408.666436][T15968] ? __pfx___mmap_region+0x10/0x10 [ 408.666468][T15968] ? rcu_is_watching+0x12/0xc0 [ 408.666489][T15968] ? kasan_quarantine_put+0x10a/0x240 [ 408.666510][T15968] ? lockdep_hardirqs_on+0x7c/0x110 [ 408.666537][T15968] ? kmem_cache_free+0x2d1/0x4d0 [ 408.666558][T15968] ? process_measurement+0xfec/0x23e0 [ 408.666587][T15968] ? process_measurement+0x1e6/0x23e0 [ 408.666645][T15968] ? mm_get_unmapped_area_vmflags+0x97/0xe0 [ 408.666671][T15968] mmap_region+0x32b/0x3f0 [ 408.666698][T15968] do_mmap+0xa3e/0x1210 [ 408.666720][T15968] ? __pfx_do_mmap+0x10/0x10 [ 408.666738][T15968] ? __pfx_down_write_killable+0x10/0x10 [ 408.666767][T15968] vm_mmap_pgoff+0x281/0x450 [ 408.666798][T15968] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 408.666828][T15968] ? __fget_files+0x20e/0x3c0 [ 408.666856][T15968] ksys_mmap_pgoff+0x32c/0x5c0 [ 408.666871][T15968] ? __pfx_ksys_write+0x10/0x10 [ 408.666923][T15968] __x64_sys_mmap+0x125/0x190 [ 408.666952][T15968] do_syscall_64+0xcd/0x4c0 [ 408.666976][T15968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.666994][T15968] RIP: 0033:0x7f7e5518e929 [ 408.667008][T15968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.667023][T15968] RSP: 002b:00007f7e55f9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 408.667040][T15968] RAX: ffffffffffffffda RBX: 00007f7e553b5fa0 RCX: 00007f7e5518e929 [ 408.667051][T15968] RDX: 0000000000000006 RSI: 0000000000002000 RDI: 0000200000000000 [ 408.667061][T15968] RBP: 00007f7e55f9e090 R08: 0000000000000007 R09: 0000000000000000 [ 408.667071][T15968] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000002 [ 408.667081][T15968] R13: 0000000000000000 R14: 00007f7e553b5fa0 R15: 00007ffd57814c88 [ 408.667112][T15968] [ 409.163829][T15992] loop6: detected capacity change from 0 to 524287999 [ 409.290060][T11017] usb 11-1: new high-speed USB device number 23 using dummy_hcd [ 409.441228][T11017] usb 11-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 409.444759][T11017] usb 11-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 409.462784][T11017] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 409.465948][T11017] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 409.469454][T11017] usb 11-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 409.474668][T11017] usb 11-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 409.477571][T11017] usb 11-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 409.480630][T11017] usb 11-1: Product: syz [ 409.481957][T11017] usb 11-1: Manufacturer: syz [ 409.491969][T11017] cdc_wdm 11-1:1.0: skipping garbage [ 409.494224][T11017] cdc_wdm 11-1:1.0: skipping garbage [ 409.498153][T11017] cdc_wdm 11-1:1.0: cdc-wdm1: USB WDM device [ 409.501644][T11017] cdc_wdm 11-1:1.0: Unknown control protocol [ 409.543994][ T40] kauditd_printk_skb: 9 callbacks suppressed [ 409.544006][ T40] audit: type=1400 audit(1749169262.297:708): avc: denied { write } for pid=15994 comm="syz.8.3182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 410.513506][ T10] ------------[ cut here ]------------ [ 410.515523][ T10] workqueue: cannot queue hci_conn_timeout on wq hci1 [ 410.517846][ T10] WARNING: CPU: 0 PID: 10 at kernel/workqueue.c:2257 __queue_work+0xc9c/0x10f0 [ 410.520778][ T10] Modules linked in: [ 410.522480][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 410.528985][ T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 410.533219][ T10] Workqueue: events l2cap_chan_timeout [ 410.535400][ T10] RIP: 0010:__queue_work+0xc9c/0x10f0 [ 410.537620][ T10] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 00 fe ab 8b e8 f5 16 f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 66 4b 38 00 90 0f 0b 90 e9 1b f6 ff [ 410.545653][ T10] RSP: 0018:ffffc900000d7a48 EFLAGS: 00010082 [ 410.548319][ T10] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae368 [ 410.551637][ T10] RDX: ffff88801dab8000 RSI: ffffffff817ae375 RDI: 0000000000000001 [ 410.554784][ T10] RBP: ffff8880561c0948 R08: 0000000000000001 R09: 0000000000000000 [ 410.558013][ T10] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 410.561071][ T10] R13: ffff8880531f7000 R14: ffff8880531f7178 R15: ffff8880561c0950 [ 410.564211][ T10] FS: 0000000000000000(0000) GS:ffff8880d675a000(0000) knlGS:0000000000000000 [ 410.567379][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 410.569448][ T10] CR2: 00002000000007c0 CR3: 00000000480b1000 CR4: 0000000000352ef0 [ 410.571861][ T10] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000c8 [ 410.574361][ T10] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 410.576713][ T10] Call Trace: [ 410.577753][ T10] [ 410.578678][ T10] ? __cancel_work+0x2c8/0x370 [ 410.580210][ T10] ? clear_pending_if_disabled+0xa8/0x210 [ 410.581946][ T10] ? __pfx_clear_pending_if_disabled+0x10/0x10 [ 410.583920][ T10] __queue_delayed_work+0x35b/0x460 [ 410.585512][ T10] queue_delayed_work_on+0x1b5/0x200 [ 410.587101][ T10] l2cap_chan_del+0x5a0/0x8f0 [ 410.588572][ T10] l2cap_chan_close+0xfe/0xa30 [ 410.590045][ T10] ? __pfx_l2cap_chan_close+0x10/0x10 [ 410.591692][ T10] l2cap_chan_timeout+0x196/0x310 [ 410.593493][ T10] process_one_work+0x9cf/0x1b70 [ 410.595156][ T10] ? __pfx_process_one_work+0x10/0x10 [ 410.596861][ T10] ? assign_work+0x1a0/0x250 [ 410.598318][ T10] worker_thread+0x6c8/0xf10 [ 410.599852][ T10] ? __kthread_parkme+0x19e/0x250 [ 410.601444][ T10] ? __pfx_worker_thread+0x10/0x10 [ 410.603186][ T10] kthread+0x3c5/0x780 [ 410.604456][ T10] ? __pfx_kthread+0x10/0x10 [ 410.605950][ T10] ? rcu_is_watching+0x12/0xc0 [ 410.607490][ T10] ? __pfx_kthread+0x10/0x10 [ 410.609009][ T10] ret_from_fork+0x5d4/0x6f0 [ 410.610620][ T10] ? __pfx_kthread+0x10/0x10 [ 410.612221][ T10] ret_from_fork_asm+0x1a/0x30 [ 410.614061][ T10] [ 410.615150][ T10] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 410.617443][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 410.621016][ T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 410.624351][ T10] Workqueue: events l2cap_chan_timeout [ 410.626124][ T10] Call Trace: [ 410.627222][ T10] [ 410.628190][ T10] dump_stack_lvl+0x3d/0x1f0 [ 410.629680][ T10] panic+0x71c/0x800 [ 410.630960][ T10] ? __pfx_panic+0x10/0x10 [ 410.632394][ T10] ? show_trace_log_lvl+0x29b/0x3e0 [ 410.634045][ T10] ? check_panic_on_warn+0x1f/0xb0 [ 410.635722][ T10] ? __queue_work+0xc9c/0x10f0 [ 410.637279][ T10] check_panic_on_warn+0xab/0xb0 [ 410.638832][ T10] __warn+0xf6/0x3c0 [ 410.640127][ T10] ? __queue_work+0xc9c/0x10f0 [ 410.641704][ T10] report_bug+0x3c3/0x580 [ 410.643378][ T10] ? __queue_work+0xc9c/0x10f0 [ 410.644993][ T10] handle_bug+0x184/0x210 [ 410.646443][ T10] exc_invalid_op+0x17/0x50 [ 410.647968][ T10] asm_exc_invalid_op+0x1a/0x20 [ 410.649599][ T10] RIP: 0010:__queue_work+0xc9c/0x10f0 [ 410.651323][ T10] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 00 fe ab 8b e8 f5 16 f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 66 4b 38 00 90 0f 0b 90 e9 1b f6 ff [ 410.657351][ T10] RSP: 0018:ffffc900000d7a48 EFLAGS: 00010082 [ 410.659169][ T10] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae368 [ 410.661550][ T10] RDX: ffff88801dab8000 RSI: ffffffff817ae375 RDI: 0000000000000001 [ 410.664096][ T10] RBP: ffff8880561c0948 R08: 0000000000000001 R09: 0000000000000000 [ 410.666607][ T10] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 410.669044][ T10] R13: ffff8880531f7000 R14: ffff8880531f7178 R15: ffff8880561c0950 [ 410.671497][ T10] ? __warn_printk+0x198/0x350 [ 410.673037][ T10] ? __warn_printk+0x1a5/0x350 [ 410.674528][ T10] ? __queue_work+0xc9b/0x10f0 [ 410.676001][ T10] ? __cancel_work+0x2c8/0x370 [ 410.677473][ T10] ? clear_pending_if_disabled+0xa8/0x210 [ 410.679232][ T10] ? __pfx_clear_pending_if_disabled+0x10/0x10 [ 410.681042][ T10] __queue_delayed_work+0x35b/0x460 [ 410.682808][ T10] queue_delayed_work_on+0x1b5/0x200 [ 410.684707][ T10] l2cap_chan_del+0x5a0/0x8f0 [ 410.686148][ T10] l2cap_chan_close+0xfe/0xa30 [ 410.687607][ T10] ? __pfx_l2cap_chan_close+0x10/0x10 [ 410.689235][ T10] l2cap_chan_timeout+0x196/0x310 [ 410.690795][ T10] process_one_work+0x9cf/0x1b70 [ 410.692450][ T10] ? __pfx_process_one_work+0x10/0x10 [ 410.694151][ T10] ? assign_work+0x1a0/0x250 [ 410.695583][ T10] worker_thread+0x6c8/0xf10 [ 410.697067][ T10] ? __kthread_parkme+0x19e/0x250 [ 410.698595][ T10] ? __pfx_worker_thread+0x10/0x10 [ 410.700163][ T10] kthread+0x3c5/0x780 [ 410.701401][ T10] ? __pfx_kthread+0x10/0x10 [ 410.703034][ T10] ? rcu_is_watching+0x12/0xc0 [ 410.704671][ T10] ? __pfx_kthread+0x10/0x10 [ 410.706016][ T10] ret_from_fork+0x5d4/0x6f0 [ 410.707462][ T10] ? __pfx_kthread+0x10/0x10 [ 410.708920][ T10] ret_from_fork_asm+0x1a/0x30 [ 410.710374][ T10] [ 410.712014][ T10] Kernel Offset: disabled [ 410.713386][ T10] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:12:31 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff855b2985 RDI=ffffffff9b082320 RBP=ffffffff9b0822e0 RSP=ffffc900000d73b0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=0000000000000030 R14=ffffffff9b0822e0 R15=ffffffff855b2920 RIP=ffffffff855b29af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d675a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00002000000007c0 CR3=00000000480b1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=00000000000000c8 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000400001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89b84488 00007fea89b84480 00007fea89b84478 00007fea89b84450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea8a6ed100 00007fea89b84440 00007fea89b80004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89b84498 00007fea89b84490 00007fea89b84488 00007fea89b84480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c8c69fb3e57fffd0 2a411c7a23607166 224b1e64d25f85c7 286ac2d871abb9ae ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 71abb9ae9c200eff 272412d3039e97ae b1f88c4bb2dfccad acdd7cbdd00a7c7f ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8f20b6b3c8c69fb3 e57fffd02a411c7a 23607166224b1e64 d25f85c7286ac2d8 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cdf22631fd5604fb 2b3a5caae3c04746 d12dae85edbd84ff ecb7729a35a41992 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc09e8242e06f411 49c630ddec29bdef fffba0c33551d8d0 8061aa73feeceb87 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88806a53cec0 RCX=ffffffff81b011a3 RDX=ffff88801e28c880 RSI=0000000000000000 RDI=0000000000000005 RBP=ffffc90000157d08 RSP=ffffc90000157bb8 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=fffffbfff1cb9f6e R12=1ffff9200002af80 R13=0000000000000002 R14=0000000000000001 R15=ffffed100d4a79d9 RIP=ffffffff8b8202e0 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d685a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000404000 CR3=000000003e66b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=00000000000000c8 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294d84488 00007f6294d84480 00007f6294d84478 00007f6294d84450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f62958ed100 00007f6294d84440 00007f6294d84458 00007f6294d844a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294d84498 00007f6294d84490 00007f6294d84488 00007f6294d84480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=1ffff92000030fa0 RBX=ffffed1003c52910 RCX=ffffffff81c3e5ef RDX=1ffff11003c52913 RSI=ffffffff8191fc71 RDI=00000000ffffffff RBP=ffffc90000187de8 RSP=ffffc90000187dc8 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90a80057 R11=0000000000000001 R12=0000000000000002 R13=ffff88801e294880 R14=ffffffff90a80050 R15=0000000000000000 RIP=ffffffff8b7fe117 RFL=00000a06 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d695a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000555571d4c808 CR3=00000000480b1000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=00000000000000c8 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000400001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89a11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89b84488 00007fea89b84480 00007fea89b84478 00007fea89b84450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea8a6ed100 00007fea89b84440 00007fea89b80004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fea89b84498 00007fea89b84490 00007fea89b84488 00007fea89b84480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c8c69fb3e57fffd0 2a411c7a23607166 224b1e64d25f85c7 286ac2d871abb9ae ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 71abb9ae9c200eff 272412d3039e97ae b1f88c4bb2dfccad acdd7cbdd00a7c7f ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8f20b6b3c8c69fb3 e57fffd02a411c7a 23607166224b1e64 d25f85c7286ac2d8 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cdf22631fd5604fb 2b3a5caae3c04746 d12dae85edbd84ff ecb7729a35a41992 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cc09e8242e06f411 49c630ddec29bdef fffba0c33551d8d0 8061aa73feeceb87 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000000b8013 RBX=ffff88802e341bc0 RCX=ffffffff81c3e5ef RDX=0000000000000000 RSI=ffffffff8de14dcb RDI=0000000000000001 RBP=ffff88802e341dc0 RSP=ffffc90004c3fcd8 R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90a80057 R11=0000000000000001 R12=0000000000000000 R13=0000000000000011 R14=0000000000000200 R15=ffff88802e341bc0 RIP=ffffffff8b81b5a9 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f6295a9f6c0 ffffffff 00c00000 GS =0000 ffff8880d6a5a000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000200000139000 CR3=000000003e66b000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=00000000000000c8 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b12 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b1f ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b19 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11b2d ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11bb3 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294c11c91 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294d84488 00007f6294d84480 00007f6294d84478 00007f6294d84450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f62958ed100 00007f6294d84440 00007f6294d84458 00007f6294d844a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6294d84498 00007f6294d84490 00007f6294d84488 00007f6294d84480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000