last executing test programs: 7m41.095659397s ago: executing program 32 (id=27): sched_setscheduler(0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x88) chdir(0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, 0x0, &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000008c0)='contention_end\x00', r0}, 0x18) r1 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f00000000c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) 7m36.160716456s ago: executing program 33 (id=40): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4008094) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000640)="f3", 0xf000}], 0x1) 7m34.838671659s ago: executing program 34 (id=44): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(r0, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/240, 0xf0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000640)=""/187, 0xbb}], 0x1}}, {{0x0, 0x0, &(0x7f0000002d00)}}], 0x3, 0x0, 0x0) 7m33.146748563s ago: executing program 4 (id=47): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_open_procfs(r0, &(0x7f00000003c0)='net/netlink\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x66}}}}, 0x104) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) io_setup(0x1, &(0x7f00000004c0)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000140)='i', 0x1}]) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_team\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x800) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x118, 0x4) ptrace$pokeuser(0x6, r5, 0x102, 0x5ffffffd) 7m32.883976617s ago: executing program 4 (id=48): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r2]) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4048aecb, &(0x7f0000000080)) 7m32.744439522s ago: executing program 4 (id=49): clock_gettime(0xb, &(0x7f0000000300)) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}) r2 = socket$inet(0x2, 0x1, 0x100) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c00) io_setup(0x3, &(0x7f0000000180)=0x0) io_submit(r4, 0x1, &(0x7f0000000800)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="2400000021000100000000000000000002000000000000000000000005001e"], 0x24}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$can_raw(0x1d, 0x3, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = openat$cdrom(0xffffff9c, &(0x7f0000000140), 0x880, 0x0) getsockopt$IP_VS_SO_GET_INFO(r2, 0x0, 0x481, &(0x7f0000000000), &(0x7f00000001c0)=0xc) ioctl$CDROMREADAUDIO(r9, 0x530e, &(0x7f0000000180)={@msf={0x4}, 0x1, 0x37, &(0x7f0000000040)=""/55}) 7m31.542471724s ago: executing program 4 (id=51): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_open_procfs(r0, &(0x7f00000003c0)='net/netlink\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x66}}}}, 0x104) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000380)='./bus\x00') io_setup(0x1, &(0x7f00000004c0)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000140)='i', 0x1}]) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_team\x00', 0x10) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$pokeuser(0x6, r4, 0x118, 0x4) ptrace$pokeuser(0x6, r4, 0x102, 0x5ffffffd) 7m30.117218678s ago: executing program 4 (id=53): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000540)=@newsa={0x180, 0x10, 0x3, 0x0, 0x0, {{@in=@empty, @in=@empty, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@loopback, 0x0, 0xff}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x4}, 0x0, 0x0, 0x2, 0x0, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'blake2s-128-generic\x00'}}}]}, 0x180}}, 0x4810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x800, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_procfs(0x0, 0x0) r5 = socket$rxrpc(0x21, 0x2, 0xa) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000611224000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000340)='btrfs_inode_mod_outstanding_extents\x00', 0xffffffffffffffff, 0x0, 0x1}, 0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYRES32=0x0], 0x74}}, 0x0) bind$rxrpc(r5, &(0x7f0000000000)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x3, @empty, 0xd}}, 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x4}, 0x94) r6 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r6, 0x114, 0x8, &(0x7f00000008c0)=0xffffffffffffffff, 0x4) r7 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002580), 0x2, 0x0) read(r7, &(0x7f0000000000)=""/83, 0x53) read(r7, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400), r4) 7m29.786015234s ago: executing program 4 (id=54): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f60c01a83d88008135048567c566a31077d12879017186ecd85"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000e0ffffffffffff94001eb3c364440be9125ff7ffffff0000f174b56cf0b1a4dd3f78e0e59a486a57f9adda4a7d6a13c4fc679e81245196392d7f00fb10b79c191b19840ae478c9e404593e6dc195506ae20d8f72ce19693c6beca14ad3fe04982254ddef1e3ac693aa6470b00ec581887975b1ae2cde48a7a2399c3f99acc038311bbce5a6069197923b407cb6bd6fdaed05ae2e0b5ef7550db04a70c8ed321b999e5ca70e116300"/188], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xc, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9c}, 0x94) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(r0) 7m29.692656885s ago: executing program 35 (id=54): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f60c01a83d88008135048567c566a31077d12879017186ecd85"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000e0ffffffffffff94001eb3c364440be9125ff7ffffff0000f174b56cf0b1a4dd3f78e0e59a486a57f9adda4a7d6a13c4fc679e81245196392d7f00fb10b79c191b19840ae478c9e404593e6dc195506ae20d8f72ce19693c6beca14ad3fe04982254ddef1e3ac693aa6470b00ec581887975b1ae2cde48a7a2399c3f99acc038311bbce5a6069197923b407cb6bd6fdaed05ae2e0b5ef7550db04a70c8ed321b999e5ca70e116300"/188], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xc, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9c}, 0x94) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(r0) 7m25.243158936s ago: executing program 7 (id=55): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_open_procfs(r0, &(0x7f00000003c0)='net/netlink\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x66}}}}, 0x104) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000380)='./bus\x00') io_setup(0x1, &(0x7f00000004c0)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000140)='i', 0x1}]) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_team\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x800) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x118, 0x4) ptrace$pokeuser(0x6, r5, 0x102, 0x5ffffffd) 7m24.906660231s ago: executing program 7 (id=71): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_open_procfs(r0, &(0x7f00000003c0)='net/netlink\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x66}}}}, 0x104) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000380)='./bus\x00') io_setup(0x1, &(0x7f00000004c0)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000140)='i', 0x1}]) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_team\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x800) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x118, 0x4) ptrace$pokeuser(0x6, r5, 0x102, 0x5ffffffd) 7m23.725719472s ago: executing program 7 (id=78): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan4\x00'}) r1 = semget(0x1, 0x3, 0x400) semctl$GETVAL(r1, 0x0, 0xc, &(0x7f0000000040)=""/202) semctl$IPC_STAT(r1, 0x0, 0x2, &(0x7f0000000140)=""/64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) listen(r2, 0xffff6892) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0) sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, r3, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0xe}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x2}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0202}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x20000840) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000340), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xb0, r4, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'batadv_slave_0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x3a}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xa}}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:dmesg_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_bridge\x00'}]}, 0xb0}, 0x1, 0x0, 0x0, 0x48080}, 0x4840) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000500)={'veth0_vlan\x00', &(0x7f00000004c0)=@ethtool_ts_info}) mount$overlay(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x90, &(0x7f00000005c0)={[{@redirect_dir_nofollow}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_auto}, {@uuid_null}, {@uuid_null}, {@volatile}], [{@seclabel}, {@flag='dirsync'}]}) socket$nl_generic(0x10, 0x3, 0x10) fcntl$getownex(r2, 0x10, &(0x7f0000000640)={0x0, 0x0}) capset(&(0x7f0000000680)={0x20071026, r5}, &(0x7f00000006c0)={0x1, 0x7, 0x7, 0x0, 0x80000000, 0x6}) r6 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r6, &(0x7f0000000700)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r7 = socket$packet(0x11, 0x2, 0x300) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000740)={@multicast2, @multicast2, 0x0}, &(0x7f0000000780)=0xc) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f00000007c0)={r8, 0x1, 0x6, @multicast}, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_START_REQ(r9, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x3c, r3, 0x2, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0xfa}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xd}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_BAT_EXT={0x5, 0x1a, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x28044000}, 0x800) r10 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000940), r0) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000a40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x4c, r10, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20044080}, 0x1) statx(0xffffffffffffff9c, &(0x7f0000000b40)='./file0\x00', 0x400, 0x4, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000c80)={{{@in6=@initdev, @in6=@ipv4={""/10, ""/2, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@private1}}, &(0x7f0000000d80)=0xe4) stat(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_virtio(&(0x7f0000000a80), &(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00), 0x4, &(0x7f0000000e80)={'trans=virtio,', {[{@ignoreqv}, {@aname={'aname', 0x3d, ')^[\\s#:'}}], [{@flag='async'}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@fowner_eq={'fowner', 0x3d, r11}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@fowner_gt={'fowner>', r12}}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@obj_role={'obj_role', 0x3d, 'NLBL_CALIPSO\x00'}}, {@euid_gt={'euid>', r13}}]}}) bind$pptp(0xffffffffffffffff, &(0x7f0000000f80)={0x18, 0x2, {0x2, @empty}}, 0x1e) 7m23.600907152s ago: executing program 36 (id=78): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan4\x00'}) r1 = semget(0x1, 0x3, 0x400) semctl$GETVAL(r1, 0x0, 0xc, &(0x7f0000000040)=""/202) semctl$IPC_STAT(r1, 0x0, 0x2, &(0x7f0000000140)=""/64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) listen(r2, 0xffff6892) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0) sendmsg$IEEE802154_DISASSOCIATE_REQ(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, r3, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@IEEE802154_ATTR_REASON={0x5, 0x12, 0xe}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0x2}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa3}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0202}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x20000840) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000340), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xb0, r4, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'batadv_slave_0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x3a}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xa}}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:dmesg_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_bridge\x00'}]}, 0xb0}, 0x1, 0x0, 0x0, 0x48080}, 0x4840) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000500)={'veth0_vlan\x00', &(0x7f00000004c0)=@ethtool_ts_info}) mount$overlay(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x90, &(0x7f00000005c0)={[{@redirect_dir_nofollow}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_auto}, {@uuid_null}, {@uuid_null}, {@volatile}], [{@seclabel}, {@flag='dirsync'}]}) socket$nl_generic(0x10, 0x3, 0x10) fcntl$getownex(r2, 0x10, &(0x7f0000000640)={0x0, 0x0}) capset(&(0x7f0000000680)={0x20071026, r5}, &(0x7f00000006c0)={0x1, 0x7, 0x7, 0x0, 0x80000000, 0x6}) r6 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r6, &(0x7f0000000700)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r7 = socket$packet(0x11, 0x2, 0x300) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000740)={@multicast2, @multicast2, 0x0}, &(0x7f0000000780)=0xc) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f00000007c0)={r8, 0x1, 0x6, @multicast}, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_START_REQ(r9, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x3c, r3, 0x2, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_BCN_ORD={0x5, 0x17, 0xfa}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0xd}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}, @IEEE802154_ATTR_BAT_EXT={0x5, 0x1a, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x28044000}, 0x800) r10 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000940), r0) sendmsg$NLBL_CALIPSO_C_REMOVE(r0, &(0x7f0000000a40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x4c, r10, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20044080}, 0x1) statx(0xffffffffffffff9c, &(0x7f0000000b40)='./file0\x00', 0x400, 0x4, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000c80)={{{@in6=@initdev, @in6=@ipv4={""/10, ""/2, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@private1}}, &(0x7f0000000d80)=0xe4) stat(&(0x7f0000000dc0)='./file0\x00', &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_virtio(&(0x7f0000000a80), &(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00), 0x4, &(0x7f0000000e80)={'trans=virtio,', {[{@ignoreqv}, {@aname={'aname', 0x3d, ')^[\\s#:'}}], [{@flag='async'}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@fowner_eq={'fowner', 0x3d, r11}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@fowner_gt={'fowner>', r12}}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@obj_role={'obj_role', 0x3d, 'NLBL_CALIPSO\x00'}}, {@euid_gt={'euid>', r13}}]}}) bind$pptp(0xffffffffffffffff, &(0x7f0000000f80)={0x18, 0x2, {0x2, @empty}}, 0x1e) 7m19.652511274s ago: executing program 8 (id=79): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_open_procfs(r0, &(0x7f00000003c0)='net/netlink\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000380)='./bus\x00') io_setup(0x1, &(0x7f00000004c0)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000140)='i', 0x1}]) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_team\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x800) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x118, 0x4) ptrace$pokeuser(0x6, r5, 0x102, 0x5ffffffd) 7m19.326321207s ago: executing program 8 (id=99): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1]) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 7m17.806035805s ago: executing program 8 (id=106): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000003600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000008850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x11, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/cpu_byteorder', 0xa2100, 0x1) read$FUSE(r2, &(0x7f0000000380)={0x2020}, 0x2020) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="06ff03076844268cb89e14f086dd", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) write$cgroup_int(r4, &(0x7f0000000040)=0xfd8, 0x12) close(r4) r6 = syz_open_dev$swradio(&(0x7f0000000f80), 0x1, 0x2) read(r6, &(0x7f0000000fc0)=""/4, 0x4) ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000001000)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) sendto$inet(r4, &(0x7f0000000080)="2854a895843aa10d2e03385da8af41cb762153437819eb495d77fa53effd6905bb7db02fecdb745570e2643cace2760a06121ec96061dc5ff3363a9e4be583ebe3c31bcd3248e02db59f67239b40ed383fac6350db737fdce07b95f51a1d9c84f73f514d0cdec7b7fc503ec6", 0x6c, 0x4000804, &(0x7f0000000140)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r7, 0x0, 0x0}, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) socket$inet6(0xa, 0x3, 0x8000000003c) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r8, 0x6, 0x13, 0x0, 0x0) connect$inet6(r8, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, 0x0, 0x0) getsockopt$bt_hci(r8, 0x11a, 0x1, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 7m17.739322538s ago: executing program 37 (id=106): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000003600000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000008850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x11, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/cpu_byteorder', 0xa2100, 0x1) read$FUSE(r2, &(0x7f0000000380)={0x2020}, 0x2020) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c03406910927c6b0b55b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfe79578e51bc53099e90f4580d760551b5b342f7cbdb9cd38bdb2209c676b2ac2deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f132020000002cbe7bc04b82d2789cb1b2b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c41146dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a42b359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780c70014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e506d1387b63112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece08ac772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2ef0ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a3f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099bdae7ed04935c2c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adeb988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ffa3c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe4a3ced846891180604b6dd2499d16d7d9158ffffff069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb0814040000007874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dbae3428d2129ecfce1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296c6a298c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f050000000000000026049fe86e09623524f390bf79b441b75fc790c58e273cd905deb28c13c1ed1c0d9cae846b03008cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc48f97496079654f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b4749c28eb5167e9936ed327fb237a56224e49d9ea956d1798571b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecf743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be182724d95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd0403a099f32468f1561f058960d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b656dc0e32384f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bbe3e8ef76f57a2d0e69115d33394e86e4b83c0f3c2a34635f3eee4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cd082027c641ec4355eb4acff90756d1a1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8cc3fe28bc3586844f5fecb92aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a5906002fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128ab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0afd9ae134400f70b5e6aefb7eee403502732df858a2ea033b6c91c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80ffb8f386bb79f5589829b6b0679b5d65a00000000000000e6ff00000000000000000000faff0000bab50bc8508a9644d3e7c328b0ff22035c8073f8c1f0e3da7339fc81d4ab3ef2857ef70a81d8a1628da28c942571880e22df7cabae56d5ff5e483c9c1f5a258b8f1f34cc300312f76a374a6e9b3f9dbd7f538a80b00f97e47895b3201c5126feca0888956a7d768198d9c2109ac508a47ebb99c539ef45af7d87b308117a9e321a3861bc42cf41942c31268a4020221d7b1622585094eddd83c7f4acdd7f5c23d8b730bf03118261edada8b8487a3b1b7548a4687a91f12bf70bb1df3bfe7d4b92ad6fcbf401efd6eb004cf20016ad8d1dad136dd856ffca238b39482811f9c8524bf182f1956a3d044423927df28880bbd11c06407220df8e1d1d483d947d990dc175803d765ca14a915a0040b641959ad3e776b4bb4852fea12983dc18b7404914a6137dc4a78f1e0d331c60a9019c21698cd18753491df962f496f2395563e9c3d7b1228d0e488cf7e50a29541aa757f2e2ee9ff4433d65db0de5a123d569e39dce481156cbec584c9a32a8e3b032fa003192c891d83119bc950abac9147b9fcb0acd9a207b5ceb7e8ed1d91c000000000000000000000000000000141258373281153fa27e586ea82650f070d8851ac9e7ac07b37a6479d4017b5b5af3ff4c91235df4f657d77e386a329aec4d766369c86b62b01ceb028c6fcf206883633cb143016b9f5351a45a8cb4ea110ba700000000000000883416b6eff6a793c71deb7d780c4f51d86ece127c0714144916f397d398ad2fe72b710b932c15c2369cb5d2d2f6ae420672c4a626195a891ac51825077fbc286aa3866bbf18a4a8b836ea8c90af0d5f0aff55b50bc18c27875ed2628b91224b7fa9fd10ccd7c1b1a92bac529df981a6d30100e68555553625c0e91a51000000000000000000fe030f85b294f3ea1fce314a9dcefbe3b64e83c35c5e95734786ca78315793cc0e6e776d2ec07c55cd89541ec25e074e840287011cab538d79e1569df321282071d49a4dc5fb2d7da1d05249d0e153fd04aca2", @ANYRES8], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x16, 0x0, 0xffffffffffffffff, 0xffffffffffffffc9}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="06ff03076844268cb89e14f086dd", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) write$cgroup_int(r4, &(0x7f0000000040)=0xfd8, 0x12) close(r4) r6 = syz_open_dev$swradio(&(0x7f0000000f80), 0x1, 0x2) read(r6, &(0x7f0000000fc0)=""/4, 0x4) ioctl$VIDIOC_EXPBUF(r6, 0xc0405610, &(0x7f0000001000)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) sendto$inet(r4, &(0x7f0000000080)="2854a895843aa10d2e03385da8af41cb762153437819eb495d77fa53effd6905bb7db02fecdb745570e2643cace2760a06121ec96061dc5ff3363a9e4be583ebe3c31bcd3248e02db59f67239b40ed383fac6350db737fdce07b95f51a1d9c84f73f514d0cdec7b7fc503ec6", 0x6c, 0x4000804, &(0x7f0000000140)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r7, 0x0, 0x0}, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) socket$inet6(0xa, 0x3, 0x8000000003c) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r8, 0x6, 0x13, 0x0, 0x0) connect$inet6(r8, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, 0x0, 0x0) getsockopt$bt_hci(r8, 0x11a, 0x1, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 7m10.919515824s ago: executing program 9 (id=107): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_open_procfs(r0, &(0x7f00000003c0)='net/netlink\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000380)='./bus\x00') io_setup(0x1, &(0x7f00000004c0)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000140)='i', 0x1}]) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_team\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x800) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x118, 0x4) ptrace$pokeuser(0x6, r5, 0x102, 0x5ffffffd) 7m10.33308474s ago: executing program 9 (id=130): socket(0x1d, 0x1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000012140100000000000000000008004f000000000008004b00130000060800030001000000080015000000000008000100"], 0x38}}, 0x4000) r5 = socket$tipc(0x1e, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000006c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)={0x38, r7, 0x1, 0x70bd2b, 0x65dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4000090) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r9 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r9, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) 7m9.546002573s ago: executing program 6 (id=132): memfd_create(&(0x7f00000005c0)='\x00\xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00\xeb0\xdd\xe8\x87\x05=\xfb\x8b$\xdcQ\xee\xc5\x1f\x8bQ\xf7fo\"i\xa1hk\x1d\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94Tr@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\xcb\xaf\xb3\xe3\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x99\xb80xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r6 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x880) connect$inet(r5, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)=ANY=[@ANYBLOB="20000000111401000000000001000000080001000000000008000300000000000684fac250c0186b5f1c7fb02f7da770fe5d5989bcf5415ff97a45eee02b4ede83bf149156"], 0x20}}, 0x0) 7m9.285919055s ago: executing program 9 (id=133): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x121041) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, @LWTUNNEL_IP_OPT_ERSPAN_VER={0x5, 0x1, 0x1}}}}]}, 0x38}}, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000000)={0x4, 0x68fa, 0x8, 0x2, 0x10, "403c1d38006cb40b8a9b575ab9f2623b2effd3"}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xa73}}}]}, 0x38}}, 0x24000098) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x9, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x80000001}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x804}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x74, 0x2}}) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETLED(r7, 0x4b32, 0xffffffff) write$evdev(r0, &(0x7f0000000040), 0x373) 7m9.181259405s ago: executing program 38 (id=133): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x121041) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, @LWTUNNEL_IP_OPT_ERSPAN_VER={0x5, 0x1, 0x1}}}}]}, 0x38}}, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000000)={0x4, 0x68fa, 0x8, 0x2, 0x10, "403c1d38006cb40b8a9b575ab9f2623b2effd3"}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xa73}}}]}, 0x38}}, 0x24000098) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x9, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x80000001}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x804}, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000000c0)={0x0, 0x0, 0x0, {0x0, 0x100000000000001}, {0x74, 0x2}}) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETLED(r7, 0x4b32, 0xffffffff) write$evdev(r0, &(0x7f0000000040), 0x373) 7m8.422697578s ago: executing program 6 (id=135): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0xe39}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @local}], 0x20) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r7, 0xc0a45320, &(0x7f00000000c0)={{0x80}, 'port0\x00', 0x3eb, 0x2062f, 0x3, 0x7, 0x0, 0xc, 0x400, 0x0, 0x6, 0xfd}) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x9, 0x3, 0x37c, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2d8, 0xffffffff, 0xffffffff, 0x2d8, 0xffffffff, 0x3, &(0x7f00000000c0), {[{{@uncond, 0x0, 0xa4, 0x1cc}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x165f0a01, 'system_u:object_r:tetex_data_t:s0\x00'}}}, {{@ipv6={@mcast1, @remote, [0xffffffff, 0xffffffff, 0xffffff00, 0x80000000], [0xffffffff, 0xffffff00, 0x0, 0xff000000], 'bridge_slave_0\x00', 'vcan0\x00', {0xff}, {0xff}, 0x73, 0xd, 0x4, 0xe101753b3a1d0f45}, 0x0, 0xc8, 0xe8, 0x0, {}, [@common=@ipv6header={{0x24}, {0x21, 0x20, 0x1}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3d8) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=@ipv6_newnexthop={0x48, 0x68, 0x1, 0x70bd2b, 0x25dfdbfc, {0xa, 0x0, 0x3, 0x0, 0x1c}, [@NHA_OIF={0x8}, @NHA_GATEWAY={0x14, 0x6, @ip4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @NHA_GATEWAY={0x14, 0x6, @ip4=@private=0xa010100}]}, 0x48}, 0x1, 0x0, 0x0, 0x2404c810}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000400), 0x8002) ioctl$SNDRV_TIMER_IOCTL_GINFO(r8, 0x403c5404, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) r9 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) fsmount(r9, 0x0, 0x0) 7m7.764686439s ago: executing program 6 (id=137): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000200)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SYNC(r0, 0xffffffff80000101, 0x0, 0x0) 7m7.752285822s ago: executing program 6 (id=138): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) syz_open_procfs(r0, &(0x7f00000003c0)='net/netlink\x00') mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0xc0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000380)='./bus\x00') io_setup(0x1, &(0x7f00000004c0)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000140)='i', 0x1}]) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_team\x00', 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) accept4(r4, 0x0, 0x0, 0x800) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$pokeuser(0x6, r5, 0x118, 0x4) ptrace$pokeuser(0x6, r5, 0x102, 0x5ffffffd) 7m7.434636841s ago: executing program 6 (id=140): sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) writev(r1, &(0x7f0000000000)=[{0x0}], 0x1) 7m5.594587234s ago: executing program 6 (id=142): socket$vsock_stream(0x28, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0xe39}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @local}], 0x20) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r7, 0xc0a45320, &(0x7f00000000c0)={{0x80}, 'port0\x00', 0x3eb, 0x2062f, 0x3, 0x7, 0x0, 0xc, 0x400, 0x0, 0x6, 0xfd}) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x9, 0x3, 0x37c, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2d8, 0xffffffff, 0xffffffff, 0x2d8, 0xffffffff, 0x3, &(0x7f00000000c0), {[{{@uncond, 0x0, 0xa4, 0x1cc}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x165f0a01, 'system_u:object_r:tetex_data_t:s0\x00'}}}, {{@ipv6={@mcast1, @remote, [0xffffffff, 0xffffffff, 0xffffff00, 0x80000000], [0xffffffff, 0xffffff00, 0x0, 0xff000000], 'bridge_slave_0\x00', 'vcan0\x00', {0xff}, {0xff}, 0x73, 0xd, 0x4, 0xe101753b3a1d0f45}, 0x0, 0xc8, 0xe8, 0x0, {}, [@common=@ipv6header={{0x24}, {0x21, 0x20, 0x1}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3d8) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=@ipv6_newnexthop={0x48, 0x68, 0x1, 0x70bd2b, 0x25dfdbfc, {0xa, 0x0, 0x3, 0x0, 0x1c}, [@NHA_OIF={0x8}, @NHA_GATEWAY={0x14, 0x6, @ip4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @NHA_GATEWAY={0x14, 0x6, @ip4=@private=0xa010100}]}, 0x48}, 0x1, 0x0, 0x0, 0x2404c810}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000400), 0x8002) ioctl$SNDRV_TIMER_IOCTL_GINFO(r8, 0x403c5404, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) r9 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) fsmount(r9, 0x0, 0x0) 7m5.436664921s ago: executing program 39 (id=142): socket$vsock_stream(0x28, 0x1, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0xe39}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @local}], 0x20) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r7, 0xc0a45320, &(0x7f00000000c0)={{0x80}, 'port0\x00', 0x3eb, 0x2062f, 0x3, 0x7, 0x0, 0xc, 0x400, 0x0, 0x6, 0xfd}) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x9, 0x3, 0x37c, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2d8, 0xffffffff, 0xffffffff, 0x2d8, 0xffffffff, 0x3, &(0x7f00000000c0), {[{{@uncond, 0x0, 0xa4, 0x1cc}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x165f0a01, 'system_u:object_r:tetex_data_t:s0\x00'}}}, {{@ipv6={@mcast1, @remote, [0xffffffff, 0xffffffff, 0xffffff00, 0x80000000], [0xffffffff, 0xffffff00, 0x0, 0xff000000], 'bridge_slave_0\x00', 'vcan0\x00', {0xff}, {0xff}, 0x73, 0xd, 0x4, 0xe101753b3a1d0f45}, 0x0, 0xc8, 0xe8, 0x0, {}, [@common=@ipv6header={{0x24}, {0x21, 0x20, 0x1}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3d8) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=@ipv6_newnexthop={0x48, 0x68, 0x1, 0x70bd2b, 0x25dfdbfc, {0xa, 0x0, 0x3, 0x0, 0x1c}, [@NHA_OIF={0x8}, @NHA_GATEWAY={0x14, 0x6, @ip4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @NHA_GATEWAY={0x14, 0x6, @ip4=@private=0xa010100}]}, 0x48}, 0x1, 0x0, 0x0, 0x2404c810}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000400), 0x8002) ioctl$SNDRV_TIMER_IOCTL_GINFO(r8, 0x403c5404, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x3}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) r9 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) fsmount(r9, 0x0, 0x0) 6m58.680596503s ago: executing program 3 (id=202): r0 = socket$caif_stream(0x25, 0x1, 0x3) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f0000000180)=@ethtool_sset_info={0x37, 0x2, 0x7, [0x6]}}) r1 = openat$vsock(0xffffff9c, &(0x7f0000000000), 0x10000, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = open(&(0x7f0000000280)='.\x00', 0x80000, 0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="0403"], 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1a01, 0x0) writev(r5, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x4, 0xc8, 0x9d}}}, 0x7) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) sendfile(r4, r3, &(0x7f0000000240)=0x7, 0xfffffffb) write$binfmt_elf64(r6, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c4600000006010000000000000003003e000000000003000000df00000040000000000000e79701000000000000000000000000380001"], 0x78) close(r6) execveat(r4, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x0) execve(&(0x7f0000000040)='./file1/file0\x00', &(0x7f00000001c0), &(0x7f0000000340)={[&(0x7f0000000200)='\x00', &(0x7f00000002c0)=':%}.^\'#\x84+\x00']}) socket$caif_stream(0x25, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x0, 0x0, 0x1, 0x1}, 0x21) sendmsg$NFNL_MSG_ACCT_GET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, 0x1, 0x7, 0x7, 0x0, 0x0, {0x1, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x48801}, 0x20004000) ioctl$DRM_IOCTL_GET_UNIQUE(r1, 0xc0086401, &(0x7f0000000080)={0xd, &(0x7f0000000040)=""/13}) 6m58.615629749s ago: executing program 3 (id=203): socket(0x1d, 0x1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000012140100000000000000000008004f000000000008004b00130000060800030001000000080015000000000008000100"], 0x38}}, 0x4000) r5 = socket$tipc(0x1e, 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000006c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)={0x38, r7, 0x1, 0x70bd2b, 0x65dfdbff, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4000090) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x3}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r9 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r9, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) 6m57.624210541s ago: executing program 3 (id=211): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r2]) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4048aecb, &(0x7f0000000080)) 6m57.423579398s ago: executing program 3 (id=212): mkdir(&(0x7f0000000000)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x100000, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x547002, &(0x7f00000001c0)='\x80\x19N\xee\xfa\xf7\x05\x00\x00\x00~\x93s\xbb\"\x8c\xae\xd1\xfd?\x9f\x82\x89\xd7\xdb\x1c\x1e.H\x02\xcb\xe2\xf2\xfb\xc1\xa1\xdd^65\xb1H\xe9~\xac\xc7Z\xbb\x1ca\xc3\a>\xf3\x17K\x8b?\xd8$T\xab(Z\x19 \x1a\xd2\xdf\xfe\a\xe3\x114\x97\xa5\x0e]\xfb(\xd1\xefh;\xf5\xa4\xe3\x82q\xdf\x8f7|\x8a\xf8\x0f\xbe\xb4\xa0LW\xd1\xcdi9I\xb2\x85;\xedQ\xf1\xcc\xcew\xbb;\xb1\xa3:\x94\x8adw\xd2') mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000200), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x10, 0x0) chroot(&(0x7f0000000040)='./file0\x00') umount2(&(0x7f0000000000)='./file0\x00', 0x1) lstat(&(0x7f00000003c0)='./file0\x00', 0x0) chdir(&(0x7f0000000180)='./file1\x00') r1 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0) setpgid(r1, 0x0) r2 = getpgid(r1) setpgid(0x0, r2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000540)='./file0\x00', 0x0, 0x0, 0x0) ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, 0x0) 6m56.475258685s ago: executing program 3 (id=215): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0xc, 0x1, &(0x7f0000000140)="c0", 0x9, 0x52, 0x7c0, 0x7, 0x9, 0x0, 0x4, 'syz1\x00'}) 6m55.485617291s ago: executing program 3 (id=223): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000300), 0x10) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x9, 0x7, 0x2, 0x76d}]}, 0x8) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0xe000) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f00000001c0)=@bpq0, 0x10) 6m55.33103157s ago: executing program 40 (id=223): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000300), 0x10) sendmsg$can_bcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x9, 0x7, 0x2, 0x76d}]}, 0x8) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) sendmmsg$inet(r2, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0xe000) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f00000001c0)=@bpq0, 0x10) 23.162043055s ago: executing program 2 (id=2013): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x800, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) syz_open_dev$sg(0x0, 0xffffffffffffffff, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000040)=@t={0x81, 0x6, 0xf5, 0x1}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, 0x0, 0x0) epoll_create(0x101) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000041) prctl$PR_SET_IO_FLUSHER(0x41, 0x2) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000003a00290200000000100000de00000000"], 0x14}}, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) syz_emit_ethernet(0x172, &(0x7f0000000380)={@local, @random="a74eedc01b29", @val={@val={0x88a8, 0x7, 0x1}, {0x8100, 0x1, 0x1, 0x2}}, {@ipv6={0x86dd, @generic={0x6, 0x6, "a690ee", 0x134, 0x32, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @empty}, {[@routing={0x89, 0xe, 0x2, 0x3, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @broadcast}, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, @remote]}, @srh={0x33, 0x2, 0x4, 0x1, 0x7, 0x8, 0x8, [@mcast1]}, @hopopts={0x33, 0x4, '\x00', [@calipso={0x7, 0x20, {0x3, 0x6, 0x9, 0x7f, [0x7, 0x7f, 0x5]}}]}], "e95f7346daeb7a38a29f151e04e41503a5c05af17551989e7898768b68ff2b6e2edecdcb213725f32dfe5920e9dbcd38f8100fc6c8695d49c28668cc75859b1f23f483c5f106ddd603df91032cd8a3d51373c98d875ec33af9c3753504578d025bf44e02406ab811eec681cb394fe9fad6e13bbd"}}}}}, &(0x7f00000000c0)={0x1, 0x4, [0x5da, 0x2d7, 0xe67, 0x7b5]}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000002100)={{}, 0x0, 0x8, @inherit={0x58, &(0x7f0000000440)=ANY=[@ANYBLOB="00000000000000000200000000000000000000000000000001000000000000003500000000000000060000000000000010000000000000000000000000000000810000000000000009000000000000000700000000000000ad05f895ad46c2cc7624eb4c45965f173b6182d27e749f9ed2078bac450376279bf790686c"]}, @name="0151fd461e82ba9f2cebc2faa271b82813b30dc989cf8a6c169b2074e2e0934d68d453e54c9f0792ddd8fdca4b950790ea15107fb006679d1568ff1539558a07efbdcb97866151812bda8439ff3aa2200ad824d5eb4d46564be5cdef9139657742cd458ec9ce9746789fc88de4c79f1d30eb44ccd1dee5fd120f41adddc39b12f767bb4cb3d8e30202763ea1caa2d149e1f26d358968b442594aa366850436222c376bd1d1c0ca37b8438e2af1831b384de0815edca1176d09993d2bbba1932a051c44963620cc19d1648368c0015383c63e1620e58fdfc4bdf522e243adf97e7d13066d69620ae929fb9182e227ab9243ba007600fbfb9101bc0b968a652b2173fc9954eeeb4a7ee362fb892b4f9062dc3d22ead1b313022c12b16d9d15078fd982832015e4745502ca9e9199a43b10666187a24ad7cec63bf9c5983aef7e13150c2325df6eb08cd844f3a6b15a3e8bb520b22d427a56dbe84b1927ab23b55429c7c6863a3db236994a0ce9e452edb0674c8373ab478e00ea1d6c94ba0ebe7462990ceed441628c08f34b5f2f0c757af41d0fbd967fd850b78306a68ae58d71c29e2e610c5e075d8997d46d2ddcd2fa0ee2548110b4adc30a5b78361c9d749ce7a327ce15e38be12bf0115132a2db34aab510e0866d614022dd3cbc5503aa693c6b5a3f32081923d5ce4d05ede8a14e42b8395db09a4bae67f8301a6f82ea170877c5dcb1b4ad2a71e4e0d48ae947f8f6b9c6019c36eab0455f48ee5726c116bf56901433664782281bece52c5141e21116abf70a767e8876a7129b0ecccf42457e6c3bf8602aea4ef258c09534c12bbe4af6692d4c5b2a04b11b10f9561c40dcb367d0b0fd1a83c6aa45bb99644bc90737905055c4a9c9d1b9beeeca789f5585bb31d013b2da6bd8e8e7b82ac29fa9897319bdf43bdf78f5070985b5b9136537c0b5961fe801032a3bbc06e02d06974ae7731aaf52b45343578666a6935414c853711d4fa8fa2563d3e85cfebbbba4872c6ff9adfae19ef06c9eef14ceb4d29c6501c3b8697063b6607e065f264c8b5ba9a0e3a8e74b736e7934d209240bcd85ae8a0a1d7bd104f2f522229e8aba37f88ad5a27dc921b7c3ae109c761d134c143a50fd226950bb14c9c708f0aaa98855d67675a3132a05784afe2f9325d0bef51884145a155fa8830829f5c2ba5f13fd46f56d37f3f22ca75988e225c0563427589ee45477cb3e8dff3b466089b9f87dff9d3983c3ff46967818e3d0a1f3254b8b57a634ca1aac936f4a5893068806b70d5e7ca7e17915659e8122a8a9d5b4b6ad98f82ba5c7b7bce8adbadff344c986e9eef81075c3e94f4463682996812f5f106dae5761884d9d4f406bb89444bc604bc71c65dda8e543cf68a36bbc301d3d931a443a1087e9923ccccdfb8a48a9f0ab23974391b927e6bd0709ebed970f29890bac42af45d40a42e662afdb1f19b0da2f9abfcb3fdc5f6a2c3ebf1227a2da2059eb8508aa4ca8d5ff433e5152bd02251bd66a83a9739851861c0c9a14e5f3b016a97ebd3600d3c550eb17347412772f7635afa5c3c7a0b4229977acd1678ac223a621e51e6311872e12cb6db84ceeee593a1b3e27119dd5ee926c21a0784e0d14d1a0cb462862825e44351283053cf682621cb3529154a50a58246348ce84244856ddd2ccc707bd5e165769d493ffac16c54586d0cc69d8f9a611fb34217ceeba9ef52af98a9395fffdcc755f8867ef61c372012a59065c3e0ae357eac977921bdacf3f4981ce2b8792650a66b99056510f801a897cf09bc181860fef806aa64242804494e463a3c3e736f185e2f79da4bafff703882c90a88df603f0e76d21f87f42baf0a2b047c62afa7ab6aece4a1906e666a79bb846c51411f324ee2304e8d340dae660d41757e64359266f8f9494be90c930a57908985a0f2202fac1013a93b181a9b5bdc3d6c02332e3caf16065a070439ce2122124a430debacd873feb7ba36cfa3cda65ddde3d16a9f54ec483b8e4cad1be7360b1f16a05d1791ec00bdc777c5bd6997d9bcd12837645157991804acffe74218f9f83d7ad9efceb9d916b3d10c45dcba41f5930caf4b1201a273e62f4718f03ab78d09ec09aab14be96968d8daebdc851b4d1106c5da1d6d60fc3bc4855af1f4f4d2f3b3abf1d66294f7cb548d146659e55a075cad87669589e52b8442de428c60bed7eb721e4f2654bfc1c8745a0d86cfb61213ac05132343e5d5deb9f347218eb32e72a98f442e98e54166d4f39d78414c09e5a9d149a469c2c64f902cd1ddb2043d3da694ff99a41d66dd59d3ae8606b48362e3cb2d5f19cf95ef05e091fe90296d34ad4beea4a4beaa91b8f45b8126462f5829cbcf2a21556ff4ddf938d6181ea7952fc9da5656d01751bcba584c34bc826df1848a894f6ba823a43fb8abb161279e4ea00083820b26569330ffc4fa26af190fa8dea45d7adaa65216232ba378c7bd04342be35ebc709a81dd31162f0ade322c5d6a29720b249df1e0263d3aad834593be2c51f2dec9589105c6c7d66a49910cebec97def940286143a1e5f44669ca9ec546424f6947db1cec17928c4d762dd4088d45428befd46e04cfd1776dfb80b0337e34e0f0e9da76c6d5ff9aa503d4ee4284b93f90e6e9fea40d598069ad08eda07bbdc891c70f9dd6570e1c3563458bd60ec9d5540ce705ecacb91ed614c2615a9d4cd70deb34f930e51e614fc118af9a3080351315050b6488c7d2676551a71c0c1db765531e6adb3aae547c5439fc18c313923fecaa6c044ad1d1e5beb28d9d94ae228a83c2cf001be617c3a455daedc616dd990f5024b453120f4d249ab5d81ccd6c07b1aa5a1fcc7109875a224c6920741edcf92da679033c2545bb2b49be497ad74982fa4b5b77ffea0bd5cab9e515c57a077bb93fd32ec0c013d52380cb95c5be92ca5c7e3dfdf3db87531915a0d6e8b625889ef40d26df1f96297fd8954476aeab54bab04a99db2e9874c16adda0df211cc57f2568bbdad29e68bfc6b4b519a0fae563fe54fde2a397b65a904435f592f41609ede062c7cce410d563dafc5379971c713113736c7f20e9b0c7748de132bcec9538405263c19fb27a97e3b8c9658689fa08a8ecda03ec4d0f22e0b075d07db4f33b3cb8ecb281ba0adefba27731090d368e1a8a41965548928dbaecbe6dc87989a3510ebc0f85085191b9827ac5882ab854803589582ea55e6685023e22cc0c8f9382f5d49fa12c79fc26cf7754362ea5d7fec537f8b7a3acafd44788e68f6d372a0407396111aa147aba7897c0a05e1efa2f9818f77f2ce4cc6f7fe34099391c72a169916c9344674d3194259526c01a6c251345e9edc845dd42beb681d34956aae687d478b1ee087f972fa3adfa756674fc2082452c3f759bb35c8412f12356a7a04af2391d62451fe686856eeadf22f5f572ef054311f4ddf1104eef696b8a85f0f4eada7aa1a9f435b97ee21c97536c0e4ffd08d564a0bd2c9cf85a4c60889e05f27d33b0e53aafaeae8907978d52d9824ac52215d735d0ddc587cb3de013232ac39927ab17b9fd1af7c3cc58fd72ba886f7ffbd09da7ebd239c78dea9d362cdd4817e0cd804c6a6292c9a385da676ade314a40e3eb1892bf4a61a730e08aaa22d0a72da77a214a44826a136a423c3745fa1f0d1567750230c15630d00082d35d31a7662c09e2bce92cdbfaf233833c3f226328b6c590d06db5b2f28e5466936f61488b9519120426cd85f004cd94b222d671e04e7c97fd855ca9ab29a3a54993bcf0a61a4fc03131790b26dd5da184a59416899c3677e5f6cf3caae779c3201cd482752ec2fa8a2277ceea44142bc52fdc13734f3c1c779514ea9ba78bbccc17e9128b71853b5562464de34fb06edd9bf8a614ea1b857ee594318d1d917b333c4a07b932fb3b10dd314f1ee7bf1136969742ca016bef3e8b0c2a80a8fe25b30cec310fbe4b358ba49baf4e17d495ef09b75bf43dccb33d2ae863375879159413cae3cbfaeeca1435267b7ab4776ea53474670c6649f7dc26f2f0228cf3e58d45f1f9a40567093e94bb96de5b98550318d699d60b7a7067cf275fa7f781d7163203b2144530b1b79fd519e911342c6558a76a003f41b8f64bafa4156d3bf798b96c47838a62e742662d2d49f948add4e1bca46fc30f1c2fa124c9945ff9c042fe4700b9cdf373b97a1c64636b01d5f84362be704d74a03d38e8f99233aacf025d0454d56157aba3a738c2d5010e00b8ecaa2e4ecae720fea1f6594f1696581f288e31c3772f3b6bf56b032c5c309770a62b4f4adb27d93c311c10a88a6235122b8161bd6bbb5014e7f9ee47180c5a33f2f9f506745ef862289ce5fbbe9072abe186eb0cd9687c51dba3effac4ab4297dee8ed099330bf97d9bcf1a95ac79a9968dd9c1214203712d3facf492fffae7dfcb5fdda31bd52db685c39816b91c5324b20b7575647d4e2fa88cad5826efcb5477c54a60f6dc370f2018c5ac9abde4f460fc5017a508c0d78b5b30e5799733d82d8695cfb0f752813cc5dfd4a7c1bfb168912d069a5cc055c8d2fcbd7e3360f65516fb77f5ec3e17f3d0ef2c7d19545698bfe53895f78c6fabed90e6fc85ce1e8cee4a341f94530f040e3fc88b657a465ed40489e9b286267bd1d369cb82b0da34f07cdf9ff15223b3215fa962f60a44538a07e1dd5a1fba3f00664ccb63764ee4ef4b0e98822f539d29595c2d4c8721d1585668bafa46ab8768035ac2d7e1ea4879bc5286ed761f61d30fd9c3fde8ee1e6a22ff4de518cd918dbe9587c0e3120bb97ad8df35ec21efe7b784755a2bb5a2dc5ac157749076717aa51660180dee9a714f5241974ffcb5dc0135e97f310702b485f94c98208a76d7c30d2385112b3bd0c3b4b723cb30068e84ff24d26c93f8c7c7eb3f43e09d3ba9ab995af8f34c1b05f1e4ada1d8b2cac35274daef968032775b4f8310663c689162026e446fdecc39c2d954245c476aed4464a5751164e20527f06394bbb6e1d8aed35268b39511a4d1347aabad98731417d305cfb1944a3f8c5c17da89f3eafa570fc7c27a41703a8ede2be12dad4ad923a0f8bb8946943145608952bca3e0ca796a3d39db51c3b54505dbc9e566111b5a6cbf43c969cd65b12f453cadcdd09399d3e33a074aa31318d47de1a82a8f9c1565b9d9e39b292690358de1846cc0d4593749189a5b54f343a0b1de961a45d0358e1d8ad6255c4b3fe5da07b50a3ab5894ce913fd1f96d24eb9054616bc5a906d7086cd1c9f04fdf205b828500adcfb2083fa0bb238f2d56be2c16dfa6661d3c065b5ad1ca558917b5662fcd0813f781c7864a5440e467cd7522bbb1f87542e3efdc05238cfdb1d5068e114fce8a39bd3bdfcd94e3eeb78d4d7e7b515f77cc1ad569512191b273eaa6c903b00766b6fd2960666c607ab46b7814855f27cc3d926d5291b181301557224d6b751d99bdbbf1f25c6da1535de6665f4dd62c0b1209204cfb77f3925c73e2eb761f06037e58426ee6f1efd5a4a455021975f61ee2f3cfcc9ed7f5ad5aaf4f52e9d9be72af5e8e0c93028c78b743528b7bd35219519308783d0396bb4ab5bfe9af78a1e82482af865fe751f9e199dc5d3502716de498f4c49d2011c8ab8d29c9e1e13a7491826f5306adf27587ed5d23ba44a40f2937f95de26c155144c96c35651e46be006ea207dc29cb617"}) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) writev(r0, &(0x7f0000000000)=[{&(0x7f00000001c0)="ae373b3ffd3b362e53e26ad47ed36a2067b76614194ccbc1f8ed731dc0f0ffac9e44465abe127f60daa43caea29d692c45f5e746bfcdf2ac3259be9f063583f07f3cde264eac5540f6df82f970233982012ed241cb6afc64f4957bc8d13691294bb447", 0x63}, {&(0x7f0000000500)="484b119add30ae611a6da693a85cdef17e54103b8d23645e73195d4ead43b7e71104b31084f92d0c0df43886db5330d1113e26b60ddc25414347d373f6a327905d70343f686b3a8bca43237766bdd1e2ef4a6c1a3b8b565b1f43fb8482967f6efc0ae10277d2c50dcdcf695163a5d4fdc11781a358d8c6167884264e8e4ae7a0027ac855be7656", 0x87}, {&(0x7f0000000280)="59f0a7ffda7fb5148b6a8b9981da2ca22ed9e1fc21fe1eddcf34a74c2fd3086b9fe01bfada702a9ec481ac8a80a1e678d4ddfcdbe31e82e57ac9bf97dd300443651216211f2f8f349b9d06d8741969d5f6b89062300c949b0d7951e24464cdcafbd5f78358c18a64879f120a9c9c8faec3eab16ebee256e1", 0x78}, {&(0x7f0000000600)="537754f15b1779e1f330fac79898ddee5bb9a2854f8c40c6a951f781b45aeff8de8a963469be6f960e1ba7a32b8cd0b8a1e848b4b8431cc6f79b1c0c2b11afdaa72177edde2e77a988a69aca72502c647ab418434f3c19d9a2adb4475de33174dcd5be8c034df85b97775eae48f1da8cca4456f7e1948595f2f4d1e989551a0a6b5eb108eb8b7d6ca2a6fadd5ed9254f9fdb5c20d525712fc894bab2a7da4a5190367765317a831daae392ffa27986a1b5587660d711a3242aaf834de271fb8ac3d7741c21f3f7cff4e3ab9765eaedfc6def0a85ffefac22eef83f4f047b870008a19b51f75fea42066fb548d7ba0d018d95a2c87c01", 0xf6}, {&(0x7f0000000700)="bf8ff0dd47f17390dd06bdf66629ffcabb8aa34fcf329db74476018fa05dd39f06b05ba13cd58c90f823ceca447486867744a4b30d188eff130d87b4a69c95e4bb70e8990b0eca29c522cbb5e7155d9162978101c18c78abdeb2a139927500180feee5dc0d2e5d13dbcf86e9e3e476b7942c0957987155d83b49d7e952fb3c137e8963615875d4bad6514b2f6770d9c5c406100f3f63f72faca2f8db5e82209332036a129e41908a2aa69f444d8b2e00aa84051ec216d5a7ec56ba61b6fc1a9c18e09ce1a4f15867c32545ca297549f828719acf85c9d451d94ff8436f8242b695e62560bba96353fe4d83def096abfc6eae54db6f", 0xf5}], 0x5) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x400}}}]}, 0x38}}, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r10, 0x0, 0x9}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 22.454150039s ago: executing program 0 (id=2015): sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead9591", 0x19, 0x20000000, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f00000000c0)={0x2, 0x100, 0x0, 0x2, 0xfffffffd, 0x2}) 21.775975944s ago: executing program 0 (id=2018): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) r2 = fsopen(&(0x7f0000000240)='jfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x1eb640) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x8, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x50) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) writev(r3, &(0x7f00000014c0)=[{0x0}], 0x1) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x7fffffff, 0x2, 0x1a00, 0x80, 0xffffffffffffffff, 0x2fc, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5}, 0x50) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x3dc, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x3}, 0x50) pipe2$watch_queue(0x0, 0x80) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x9, &(0x7f0000000380)=@raw=[@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7f}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @exit, @btf_id={0x18, 0x8, 0x3, 0x0, 0x5}], &(0x7f0000000280)='syzkaller\x00', 0x5, 0x0, &(0x7f00000002c0), 0x40f00, 0x10, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0xbd4a, 0x2, 0x7eab, 0x9}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000700)=[r4, r5, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000740)=[{0x3, 0x5, 0xb, 0x1}, {0x2, 0x2, 0x9, 0x8}, {0x2, 0x2, 0xd, 0x9}, {0x0, 0x3, 0xe, 0xa}], 0x10, 0x9}, 0x94) write$sysctl(0xffffffffffffffff, &(0x7f0000000580)='1\x00', 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r6 = userfaultfd(0x801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r6, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) r7 = socket(0x10, 0x3, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f0000000400)=0x8) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8}]}}]}, 0x3c}}, 0x8850) r9 = socket$inet_udp(0x2, 0x2, 0x0) openat$sysfs(0xffffff9c, 0x0, 0x281, 0x3) setsockopt$SO_BINDTODEVICE_wg(r9, 0x1, 0x19, &(0x7f0000000140)='wg0\x00', 0x4) 21.159723368s ago: executing program 2 (id=2024): r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000140)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0xd}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="16000000000000"], 0x48) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000004c0)={0x60, 0x2, &(0x7f00002b4000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x80000000, &(0x7f0000000680)=[{0x873, 0x4, 0x60}, {0xfffffffffffffffd, 0x10000000004, 0x2}, {0x3, 0xfffffffffffffffa, 0x8}, {0x4001000, 0x7, 0x4007}, {0x80000000007, 0xe7e2}, {0x6, 0x5, 0x2000003}, {0x1, 0x80000001, 0xe}, {0x9, 0x80000000005, 0x8}], 0x8, 0xd, 0x0, 0x3, 0x41, 0x8}) splice(r1, &(0x7f00000000c0), r1, &(0x7f0000000100)=0x5, 0x9, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYRES64=0x0, @ANYBLOB="8cde3b9444d342f05be9a7f16b4e420ddefbb7c86807ea169bb26e2fbe4fc49c4fdc963907ae0fadee18e6a61288a9ae1ab57f7af6b79875821296d61fbb8d3762156f0f0a19caf13fe84de252b5c0a7f9b8c50526141ec0160fed9bd183212a33a83b17dd16141dafb7eaa7f892ae62a34a22428442e8061b3bb7b82f8a224f800e781e6bb4f7b1977193a0581705324909f6ac3a654df54c3dfc2e6a8d65479a28f0c6", @ANYRES16=r0], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r8 = accept4$alg(r7, 0x0, 0x0, 0x0) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x40) sendfile(r6, r8, 0x0, 0x10ffff) socket$inet6_sctp(0xa, 0x5, 0x84) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x80, &(0x7f0000000080)=0x4, 0x0, 0x4) r9 = syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042) ioctl$HIDIOCGRDESC(r9, 0x4030582a, &(0x7f0000000200)={0xd, "7954bbc8e80000000000000001"}) 20.593972343s ago: executing program 0 (id=2025): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, 0x0) syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) socket$inet_sctp(0x2, 0x5, 0x84) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0601, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x14) r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0xffffffff}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x300000}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x106}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa4}}, 0x20050800) r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r5) pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r8, 0x1e) r9 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x35, 0x0, 0xd, 0x65]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x2d}, 0x48, r5) (fail_nth: 4) keyctl$KEYCTL_MOVE(0x1e, r9, r5, r7, 0x0) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) syz_io_uring_submit(r3, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0x0) r10 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7}) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x14) mq_timedsend(r10, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r10, 0x0, 0x0, 0x0, 0x0) 19.768940042s ago: executing program 0 (id=2026): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f60c01a83d88008135048567c566a31077d12879017186ecd85"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000e0ffffffffffff94001eb3c364440be9125ff7ffffff0000f174b56cf0b1a4dd3f78e0e59a486a57f9adda4a7d6a13c4fc679e81245196392d7f00fb10b79c191b19840ae478c9e404593e6dc195506ae20d8f72ce19693c6beca14ad3fe04982254ddef1e3ac693aa6470b00ec581887975b1ae2cde48a7a2399c3f99acc038311bbce5a6069197923b407cb6bd6fdaed05ae2e0b5ef7550db04a70c8ed321b"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getrlimit(0xc, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9c}, 0x94) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(r0) 19.617109604s ago: executing program 2 (id=2028): socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$kcm(0x2, 0xa, 0x2) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0), 0x0, 0x4001c00) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000006c0)=@newsa={0x104, 0x10, 0x1, 0x70bd2c, 0x25dfdbfb, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@mcast1, 0x0, 0x0, 0x4e22, 0x0, 0x0, 0x0, 0x0, 0xff}, {@in6=@empty, 0x14, 0x3c}, @in6=@mcast1, {0x3, 0x0, 0x0, 0x4, 0x100000, 0x4000000, 0x1000000000000000, 0x1000000000000000}, {0xfffffffffffffffb, 0x9, 0xfffffffffffffffd, 0xfffffffffffff005}, {}, 0xfffffffe, 0x0, 0x2, 0x4}, [@coaddr={0x14, 0xe, @in6=@private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x104}, 0x1, 0x0, 0x0, 0x400d0}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x7, 0x869b379e93f8a111) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x459d, 0x2}) fcntl$lock(r1, 0x6, &(0x7f0000000380)={0x1, 0x0, 0x101, 0x1}) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, 0x0, 0x850) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e0000000400000004"], 0x48) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="380000003e0007012fbd7000fcdbdf25047c0000040000002000018006000600800a0000140019"], 0x38}}, 0x0) 18.431994949s ago: executing program 1 (id=2033): pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r1 = openat$cuse(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) splice(r0, 0x0, r1, 0x0, 0x7fff, 0x6) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x27, 0x0, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x27, 0x0, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x28, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1a) eventfd(0xfffffff9) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x224}) r6 = add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r6, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x6}, 0x18) r7 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, 0x0, 0x0) 17.478933157s ago: executing program 5 (id=2034): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, 0x13, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000810) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=ANY=[], 0x3bc}, 0x1, 0x0, 0x0, 0x4000000}, 0x8014) fgetxattr(r3, &(0x7f0000000100)=@known='trusted.overlay.origin\x00', &(0x7f0000000200)=""/132, 0x84) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x70, 0x0, 0x800, 0x70bd28, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_TX_RATES={0x4c, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x48, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x7, 0x200, 0x0, 0x9, 0x6, 0x7, 0x2]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x30, 0x1, 0x12, 0x4, 0x36, 0x6c, 0x2, 0x12, 0xb, 0x6c, 0x5c, 0x12, 0x2, 0x18, 0x18, 0x6, 0x30, 0x6c, 0x6, 0xc, 0xc, 0x39, 0x4, 0x48, 0x9, 0x48, 0x0]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000015) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r5, &(0x7f0000000040)={0x23, 0x4}, 0x10) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r6, &(0x7f0000000040)={0x23, 0x14}, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="f7ff26bd7000fcdbdf250300000004000180"], 0x18}, 0x1, 0x0, 0x0, 0x844}, 0x4080) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x64, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8}]}, 0x64}}, 0x0) write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x2}, 0x2) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup, 0x10, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0}, 0x40) r10 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x0, @val=@kprobe_multi=@syms={0x0, 0x5, &(0x7f0000000900)=[&(0x7f00000005c0)='kfree\x00', &(0x7f0000000600)='[\x00', &(0x7f0000000840)='\x00', &(0x7f0000000880)='GPL\x00', &(0x7f0000000400)='\'%/{\xe0-}\x00'], 0x0, 0x9}}, 0x30) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000340)={@cgroup, 0xffffffffffffffff, 0xd, 0x2000, 0xffffffffffffffff, @value=r10, @void, @void, @void, r9}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={@ifindex, 0xffffffffffffffff, 0x2f, 0x4, 0x0, @void, @value, @void, @void, r9}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@ifindex, 0xffffffffffffffff, 0x31, 0x2034, 0x0, @void, @void, @value, @void, r9}, 0x20) getsockopt$PNPIPE_IFINDEX(r3, 0x113, 0x2, &(0x7f0000000800)=0x0, &(0x7f0000000840)=0x4) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r12, 0x0, 0xe, 0x0, &(0x7f00000002c0)="428280f46aa1d3f08a90b1e2e0dc", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000007c0)={@ifindex=r11, 0xffffffffffffffff, 0x12, 0x8, 0x0, @void, @value=r12, @void, @void, r9}, 0x20) 17.36177488s ago: executing program 5 (id=2035): r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000140)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0xd}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="16000000000000"], 0x48) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000004c0)={0x60, 0x2, &(0x7f00002b4000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x80000000, &(0x7f0000000680)=[{0x873, 0x4, 0x60}, {0xfffffffffffffffd, 0x10000000004, 0x2}, {0x3, 0xfffffffffffffffa, 0x8}, {0x4001000, 0x7, 0x4007}, {0x80000000007, 0xe7e2}, {0x6, 0x5, 0x2000003}, {0x1, 0x80000001, 0xe}, {0x9, 0x80000000005, 0x8}], 0x8, 0xd, 0x0, 0x3, 0x41, 0x8}) splice(r1, &(0x7f00000000c0), r1, &(0x7f0000000100)=0x5, 0x9, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYRES64=0x0, @ANYBLOB="8cde3b9444d342f05be9a7f16b4e420ddefbb7c86807ea169bb26e2fbe4fc49c4fdc963907ae0fadee18e6a61288a9ae1ab57f7af6b79875821296d61fbb8d3762156f0f0a19caf13fe84de252b5c0a7f9b8c50526141ec0160fed9bd183212a33a83b17dd16141dafb7eaa7f892ae62a34a22428442e8061b3bb7b82f8a224f800e781e6bb4f7b1977193a0581705324909f6ac3a654df54c3dfc2e6a8d65479a28f0c6", @ANYRES16=r0], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r8 = accept4$alg(r7, 0x0, 0x0, 0x0) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x40) sendfile(r6, r8, 0x0, 0x10ffff) socket$inet6_sctp(0xa, 0x5, 0x84) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x80, &(0x7f0000000080)=0x4, 0x0, 0x4) r9 = syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042) ioctl$HIDIOCGRDESC(r9, 0x4030582a, &(0x7f0000000200)={0xd, "7954bbc8e80000000000000001"}) 17.272225528s ago: executing program 1 (id=2036): r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000140)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0xd}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="16000000000000"], 0x48) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000004c0)={0x60, 0x2, &(0x7f00002b4000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x80000000, &(0x7f0000000680)=[{0x873, 0x4, 0x60}, {0xfffffffffffffffd, 0x10000000004, 0x2}, {0x3, 0xfffffffffffffffa, 0x8}, {0x4001000, 0x7, 0x4007}, {0x80000000007, 0xe7e2}, {0x6, 0x5, 0x2000003}, {0x1, 0x80000001, 0xe}, {0x9, 0x80000000005, 0x8}], 0x8, 0xd, 0x0, 0x3, 0x41, 0x8}) splice(r1, &(0x7f00000000c0), r1, &(0x7f0000000100)=0x5, 0x9, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYRES64=0x0, @ANYBLOB="8cde3b9444d342f05be9a7f16b4e420ddefbb7c86807ea169bb26e2fbe4fc49c4fdc963907ae0fadee18e6a61288a9ae1ab57f7af6b79875821296d61fbb8d3762156f0f0a19caf13fe84de252b5c0a7f9b8c50526141ec0160fed9bd183212a33a83b17dd16141dafb7eaa7f892ae62a34a22428442e8061b3bb7b82f8a224f800e781e6bb4f7b1977193a0581705324909f6ac3a654df54c3dfc2e6a8d65479a28f0c6", @ANYRES16=r0], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) r8 = accept4$alg(r7, 0x0, 0x0, 0x0) sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x40) sendfile(r6, r8, 0x0, 0x10ffff) socket$inet6_sctp(0xa, 0x5, 0x84) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x80, &(0x7f0000000080)=0x4, 0x0, 0x4) r9 = syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042) ioctl$HIDIOCGRDESC(r9, 0x4030582a, &(0x7f0000000200)={0xd, "7954bbc8e80000000000000001"}) 17.198852243s ago: executing program 2 (id=2037): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, 0x0) syz_io_uring_setup(0x5e2, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) socket$inet_sctp(0x2, 0x5, 0x84) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0601, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x14) r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0xffffffff}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x300000}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x106}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa4}}, 0x20050800) r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r5) pipe2$watch_queue(&(0x7f00000003c0)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r8, 0x1e) r9 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x35, 0x0, 0xd, 0x65]}, &(0x7f0000000180)={0xfe, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x2d}, 0x48, r5) keyctl$KEYCTL_MOVE(0x1e, r9, r5, r7, 0x0) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) syz_io_uring_submit(r3, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0x0) r10 = mq_open(&(0x7f000084dff0)='!sali\x1cqxte&\xac\xe87x\x00', 0x6e93ebbbcc0884f2, 0x12e, &(0x7f0000000300)={0x0, 0x1, 0x7}) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x14) mq_timedsend(r10, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r10, 0x0, 0x0, 0x0, 0x0) 16.306947176s ago: executing program 0 (id=2038): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000080), &(0x7f00000000c0)=@sha1={0x1, "f0e0f61290269db0f3741407447d862a9c876573"}, 0x15, 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x80893000) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0x30000008}) dup3(r1, r2, 0x0) 16.306454999s ago: executing program 5 (id=2039): mkdir(&(0x7f0000000000)='./file0\x00', 0x2) r0 = socket(0x400000010, 0x3, 0x0) write(r0, &(0x7f0000000200)="fc0000001400073eac093a00090007000aab0800080000000400e293210001c000000000060000000100000009000000fa2c1eff8656aaa79bffffffff0000002d00024000036c6c256f1a272fdf0d11512fd633d4400007f60eb8fa2e6b00000016fd368934d07302ade01720d7d5bbc91a3e2e80772c05f70c9ddef2fe082038f4f8b29d3ef3d92883170efdffffff3ae4f50504000000000040d815b2ccd243f295edbabc7c3f1a5f4e023dd16b176e83df150c3b8829a1ad0a4f41f0d48f6f0000080548deac270e37429f3694dec896592d69d381873cf1582740000000000000001ace36f071d0c22700"/252, 0xfc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) (async, rerun: 32) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff}, 0x80) (async, rerun: 32) r3 = socket$inet6_udp(0xa, 0x2, 0x0) write(r3, &(0x7f0000000840)="4b1ee8d2df865b0c681fc2a8da65639461b2c61d4babba126ca9a70716524acbff0b5ac84ee02ab6932c0cb4d91b09eb75905470618cd539fa8fa5ca0d22fa3ef421c6c3e3188801ba0a51aeace04d90344647021d029a77fcb264ac54670aed6e8615c4dc552fcb9dcd036d09723b226ad4905634c6be517b6626aa38bd3be2cc1a7149404f72b6f313b39dab2043d2ff5887af99f7bf1ae6ee8f3d112a92f9557a3c4cf2b8cf4a3299fb601ad50d8c6403b59d12406772322303cc7f6c2e4288a2469776e52242d8c1c813ba04b60536022b99b34ca3e014ca3ec5f3a324f5c65bdc0a2781a52b1e91caf4fae63a100b4d9c40aa62a11129334c4a426bc7bf80738e20ceb7fbd4c01408aa03beaf586da17bf11a7f9bcea64c40c528a95a47ceba4ce79d68b2d20be98809a3aaace9006e998b2215d9ca7003dddbfb017c087b729e83960bca01c1b406e41b164984e6b339e18d39f123f8848f644389ac582270c0eff08b002854aa9fff073bb4c6e06a9b037302bd3dbe732067719dd0c289d4fa9078848b9369b7724a2221b5a60d040d129df9ffbc06cc1fcacd0fc8e7ccc33164ef579a4285eea3a30160208402391ae034ff61b0c1239352b6b995e7f4082ef5065df64f8c590a6e6e1460cbb3d77567124c9a08fdd938bcc7950811b9f66b2eb0bdaf8f686c67ccdd6dfa41f049698fcdab12316f2261db1440ef2e2c842d7f6913aad57d4beec4429664c877f0f5daef85f7203fc1f786e3e5af4d3707ca2e4d256fc426cc191a78f29d02a88f56c07c0ed60289d4ed98457569c846e6e2f03a570ade6ae34f73ec8d2593b25dcd0ff65108b40d3b62acb3699b94a3ce851967e9465943ba2d69c9a61e0e0be98d0b9aab9d6cd1fcb1b5515206b3d23b32e9e39db85069ca27fa827a894653de455c1d4dbe86220e817f6c1c5faac7d4c7f02b26fab9c7587acbab1aa0fc2e13c54f6689ce96f5ea9bf70b0b4e8f0a18fdf73663cbfe7dc4919cc5f2dcffbc845e63bcc4af71b5b303422ca9f62ce62520b5b784038e1bb077e3dd0b68076a40a5042670d8957ef7a978f670674fbc2c965c479df545ca6a827cb122cd5431e12240bfd086ddf981186d3171d9ec6abd876bc011c8cfe208d5b18b9aeae64f62a07d7af005838f65910cbe9ce7635e85997e422139f49453c8e87e80867416e2278c53dc693412b72d92dfb44ca607417e9cc7f125c9c916e5656a63c208361ec0a09902b7eca68480561324ededc858d02b734d7da9565a055460fe3b06226bc754febc68295446a623fbff8205b9f161dc67e74f7f3b28f39c95b6a1465e01b5552a1c49f33e56bdbd555773c26cee03b6da67b1224195eaa232bfd12ff9a51b71f9f3a18a729e2c023a95b566d3b615d6e84857182927fd2663e2500430f338beafb6410a5a3b7b44f2a5f234ca9ba4955cc0b25d84219baad917f46a89d60cca5ca94db6685dbd3935460ac15c60d7289db620123603ef8781913d8dc4e02599b85a1ac5a91ac59c4793aba3dcba90513b2a806ef0f6316f7ab8ddd7adc81467295452a917f62fdc296eafb2f9446290a0feb2e67f007b7029447dc396fc1b6d21be12658ac09dc84a1ab1f910014c0dc508c7ddb9bf9ff848b026957c1e194d394a50077d44f24bcac9c782ed045c02ac089ad30ca4ba93b0219335628700582d6f9c5dba9dd4a606314b4414e31b1c3e71768dad6bc0866374657eacfaf99e6178d4831ff34a3bf53973a46b2b8ffe0fb1440a559998ae7dc3dc084419133224a6ce7a27aaa76a42c38d18d8f8e463e4aa6f0962d407265f92a1204890ea0a1e2b57a7481f18a7b627a6fe8286ce432e27a8cb7bfaf9822c1246c646bac494ed4d28d5c63a461c3178bd24b2e596dc1ebce9367620fea2a7af9b16e482bfb7c113bffe669a6e28dfe207990443245c041f9a1d149a72e0fef6c2e1941b84216126dbab67976dade20230e7811d68db7ee98df46d607228633501015bb07ec7fecb8c56424bcc5d943014851a169c5b6f733ee55a462c71cb503edd651491afde153cad8b3a369948fdc79a76e024c74a53386574a0023f0ac83a8262d583b41ef55e1c122ec2d3aa50612dd67c256debdf212add2447ab3a313f961032808ebb78da9951fbbd94ae00c896faa6f57b19742509a21a473d20e409eb198e4d0f802e9dad5f1f925c7dd2550e0f4b46c472d04e983c32c14b678857a0a49df8c737cfb11a69a7fd3318e2781a7d5b91acdc456551fdc361aafe817cee17eaa3459260c74371f165f1479ae365b188171c78747144200245483fd34c9070110e800551d6027ad1d4a82709b81e416b4422d8813912ae571eee3e208ff5c8a6b7213699af360f32fdb9bc0ed9debcec02baf17e397d4d74ba47157208c24d2e7dc6b0c11c56db892255e07a033722c7a532ad90fcbcad06ab5fddc5c15e97924d45865cb8c32511684d5abbc24a83afe248bde6d317dcb1260a84d1e6de4cefc95fb73ce69f6fd070127501b32d9b6c342d96564be73d0b8e6db641352a1dfafe22ebb6d1e0a777c14d6e6b281ece35ab8c80f6bb4b1920a6f5d0e351010908eaa83c46536d8b876eb784da2cc2cc349b07797bda07b402567af7f4eabd33908db652abbf8cfba42da36d8b9955e6fc4d88f001692a187918c483e9bb2cf69c933647cf1cb96339a9fb6fe6d2ce173e543ca8ad1c51fc745400ba6dcffed906ff326f0056ff4df4735067fc4442da5e83d5de1fcf25570dd5a5695725bd607ba3c4ceb17d9f17bb9c99291d0c0c05728a81e54adf30f04e69214ca35b9753a6e90658893b63541ab48e620ead427cff6ecc2f13512623973acb835bbc1dfb0276e113493c1662a90ebb3b995700f4e94b38d2f62141e69b413b62b3df19422c1b1342d303d62173a5d66a7ddbac0b41c24875241b4580a9b7cb16a8ed8bf352eac982de13cd79dbf351463211277e2f75d6875e713091d333a8e8c4703cf44dc2577f54142b027197047abf8be463280ca72a78b562a742e14e887677b3e4340bceb68dafc94aaad59697d9f8ca773c610506956859eb25841083c787776b0f068b0c5ac886f9f9a76ce333874c5a6ab2dc77d55154c3ae9f72d1e3ea5c2c7ea41536a5634117bcfe1c3f4cbdd64678981b383ff59da25c03dc6d76ae7d1d14f290d3bb4d5902c4f7912a04c29d0298c8c187919beabb7309f2aef20375e93321a565df4a60582150f7da5c39780afdbc68604dc6898a1cf0242e435ba42f71affcfaef4cfdca08f021b665eb01e0e75ec9a33f90b0ddcdd3839b2cdc723f588748a52ee74157e9f71187d8f2703ad69ba7b055f5f07fa0e678222c105d17478e2c126efee00001e6a8a99cf10ba8297a58adcb3c513790df4d45b0eaa8df624bf75dfc595cd9689050b9b09445e88fc08bc572d8c8e9f0a0a679e9db01d262e59d4c5902f4e159dc08ebaf8a53ab07178007e6617d884f749e61cdf0bbdde720058737624cf8f0520cfd6a39d1587a0694179fcf7cba2f818206fa79b473d9aedfeb55f858d64b5773c34044c6bc71519b3ef00d4acd56c5b2fefa039ba302ca38c1de90e9de2ec370eef334ded46d09ffc53505a16d2dc6b94f001a9af4adc18a1adeedde4527b61a423a4f6117baf39547d91f3d4b342a3cc411fd3ea7caeeb752dfa2e4cb915b3592486e5872ae25b75cf6540bd891b57a6d43f6ed72b1b7aff1ec6c58998e5c21127a2d04466380612233afe47b423d485c88b53338c43cbd2cb1a25dc5dd6749cb215df5eaa2abc01b7942da059033a6f8a73b8898d259426ad84051a4dd42e6d98a10593048386cfcbd8a94c81402c4cd5bec7ea06d5f97d41b1263ee1f54ef5eecb254e3e98f4b7d3c99098fda3fda82741d1d066348bc22c768192790c5185bfec5f1f1d4dfb47554aee47e5b5bdb3b4ab7b0d6c2fd5df50776064475c2a8e586475d0656de420d123353977ea09454d94f615d79823fa429771c5e6b4a06060cd661128cc9fac90f7b8f3a49042490f0b86d75094bc7509533220242c5554187af00d7708b7648eec95e57d584092795be588b94538b96a756ac2c298890d7a7bc00eb2f1a18fcb776f6748ab38a646e1e5d76f65f7b506f3079ed6c64f3ae4889951a978ddffcbc62802b98600276a7949c4e71eb50ee03ba99c4fca2ba7feb18765e3379099860c9bff28b556513e9e828a1bf744adafb9e8b96aebdab60be6795a81ac60c62106d49f4cd6c9a9f489592b72fe1ec47d79872711f2bf88b17ba06acc6ef0d2efa90510ac7373f0136ff9753d6712b0e77488f3e5a64478bc59d62b8ed4304445784ff56b8142476d6412545265b66796f5f2c44ea8a9eff8daaa8db630d9adf74a5324cdfed500180c0493bc06cb54fc26852da92bdc764d5b774dfc7a589b75edf0178c8f5c44f44225202a1a84d54d9d7a88d1a4673fd5c7492c5959319c09b49c3daf3e3d790f141b0aeadb934f6ea95bc1e2ba4f5c5b4cf35176a8ba65570ac7cae18a92905ac873160084edfbf9fa02d1286cdf24be4ff064b73294847430e932b79770ffe76d98a2816e36af504b8624e4eac68df40ee2e8b2120977d8ae01aced4f71a3416f1a059e4d8f2bd056e32265b1738bbfc3e7f3462effc6689b19e03a5c624a0c79f53d905095ae66f4c342e4cae10c9129030df8b426ee9990c10a4401f31a277443ed01784182056ba721faaa77210292a250fd472d9a21279ef0683c40d131dabb10b24202f62478dccc212f8494fc671b11d1a75e109fea7e6ae366df8121b868d36dc249a902e6523773a71da4a96a128a9e1e4b560882d6f262daf9a4d4cbdd10b48d5384238b8a72f24f9eae46753543d78a883437279d005224f35e67d21453f6331dc3b8892aebf736debb0b5ac5ea1eb7e97ce88fdf8039790f588093d8b9a9effbfef9def3bbdb30a4eb7ba77c5ba422edf226cfb2ded01d911d6fd9d6525eb9c7007ae04ce8732c8a662bdab0c37e7c4d4af1f859acb875e8ddf50998df11fb3deff2123759ba560460fb83dfd86530ea2bbaf2e3ec084b1c2f9b23b31ef54d51d6a8825a3bf62ec7fef0a0dec589624e7288da0af408c4547bba6bbe154f0c1b9b03b84eb0e317c5024ce235777fb324f2af2999794f951f9804f5dc4888f468459518ee541127df8beaf7e3e7b79e169f1152ebbdc8b5fe7b08cbbe64f04475d25c0b47159b0ccae28f8f4993519e3b4ace76a05861d75fa6aa5b18e15aa2df846acc45462c3eab30b9df1000ce4ece93a1b8a0a76b437bd2fd207af004938d370a5318a13490a8d52fd9b03212eb8bf5b3961ca2ea08b9b40f96b2672737624cab8281a5892f79fc6a633b5cfb191f1e1b42ab2e6305bcd52e9ef0c1586c78373504d9720997aa972df57e4011a68fa210eb44eef12b55ebde94365146abd04a673127c8d6dec9003e8e1c6520fec53a84aa2f377b77c2095e1ab66d03189e1ec97c0c70a57c40143fa25f04444ed274362da8890d5561d17c421fc5d815619be7627c7e4420a1b0c107f3d50cafe301d666232266043207002ee4f56009101bfac874d6683fe6f11dbb2cabbc1deea6f9fafbbf51ebee0ccd4a900be554945fb3ab42c187f66c5c0dc57cfa98a8b36f6ed93728bd0bcfccf912b28dd317f7d189f3f0145e78e8253d1fbb190e4ff995b9d1457b8c3e457d90fcea74cf666faf714e191ee288b6f03934da99e1af7ba9643882e3da8c8dd1ce7eb7318018dcd7a7362e926541c0c82fe4890", 0x1000) r4 = openat2$dir(0xffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x10800, 0xc, 0x8}, 0x18) statx(r4, &(0x7f00000003c0)='./file0\x00', 0x100, 0x7ff, &(0x7f0000000400)) (async) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000540), 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) (async, rerun: 32) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000500)=@req={0x100, 0x1, 0x4, 0x8}, 0x10) (async, rerun: 32) r5 = socket$kcm(0x10, 0x2, 0x4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x8, 0x1, 0xa, 0x1}]}) (async) sendmsg$inet(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000012006b04000000d86e6c1d0000147ea60864160af36504b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003680601000008000300ff000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x2004000c) (async, rerun: 32) connect$unix(r1, &(0x7f00000002c0)=@file={0x1, './file0\x00'}, 0x6e) (rerun: 32) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000040)=0x3) 16.155717284s ago: executing program 1 (id=2040): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000ff0df25789ffffff000008000001000095000000000000000f05505848355c0839151f533cf3023cf33779dbe466be0b47686d13dffb57816b407b3fc0c315590a84ef0030993ed77cd1bad044ce7b9995b5c549fe6fef15f43854faa216727abcbb7890ac123f090bce7bedd131281a6784ea42b23162a4e34ea80016272b8e642e9a90f84c2e1b1cf133fad1780445c0a657bf6ef7b7933a8d871a1b2792f9da795714b833eb3f475a74d76a1dfaee21341179c92c92e9fd96ae6e986e4570cd495431e72a686e4ebc4c7aaac5ef0fd76c2e4ab269676f5b3688b1bd319dcbb622f9ac154d9e5f70792f2f92227a6630f1bc8817512e0ef7c93373ac21d5a2ee56ed49ae546d333665f9e2afe88654c970c417b4f16f05c1ebb6ee820f5293b3443e97838c92e61e632d7c73717ab8d2af"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16.155472711s ago: executing program 5 (id=2041): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x800, 0x0, 0x0) (fail_nth: 4) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) 16.155063915s ago: executing program 1 (id=2042): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmmsg$inet(r0, &(0x7f00000046c0)=[{{0x0, 0x0, 0x0}, 0xfffffdef}, {{&(0x7f0000000180)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x34}}, 0x10, &(0x7f0000000480)=[{&(0x7f00000003c0)="41331c528b43f59d63fc4032d903a1afbd7d4df7a39dd2fa1b3c97b053790371474ed6e9a5e51414120e85d01cba298e621d7a1c733b0bdd46c33e553630c33502743513e3b9aec92a9eba3fa968eae354dbcd163d7f1eb25a150466ecfde41e7f241cc8f940f01163e81512634c1de298884e1102b97ec57a92391a0aa38c0fa74daec8f71acb8e6e68e3db63e8bf57e98b88ce8edb99653634205864921567e0ad31a6f06f81340f02d380", 0xac}, {&(0x7f00000001c0)="8a34cc4f3836fd33385418ceb59879fae017ebbbf468", 0x16}, {&(0x7f0000000240)="e1", 0x1}, {&(0x7f0000000580)="264a28c7049377446f039b8c39901cc3f110259b7a43e897a29324183dabfa4fcdafe9eb15e95492d728183f2d684a16515d3a8675cc5dd66f25eec4011e2d082b7c33877b47e2f439627de919ee6da36d444c0002158df806da6b6bab37e78c949b8dfea4f9f357264d360fce97d1929f91e0c7f5cbb96b763fc6a3879e06612fec4a5f6e9cf29314c27e2b05569a8e724248c1c9b6737ee3012b095d3d637718", 0xa1}, {&(0x7f0000000640)="6b17021feecb7aa449daaab992426f21597e404386a3f00fa4aebfb71d43c04b11c98aef4ffc794d9fda02e0819ae5e5b6118b0fad4004b8740eff90ca07578f980a7de60a63f3", 0x47}, {&(0x7f00000006c0)="b868f57817da7dea0117ef06b6b2657b6c6fe777571b7d70e7f015bddfb45a063a5c61af142c91204e43828e59285650c9c42b825e36899e7627c6547f49b871028a2b51a0413c74cc3edcddf83db136798e6331ba1a598aeb5a7121bc4d95726d61581e", 0x64}, {&(0x7f0000000740)="f7449908fd29c0aef378b3f14713203326c809775ee9cac5470d1df8b1437be9981b0fd8b2f8130661f42029c136fdd430bffe457859db159f65990b0f998b938bee7dd60960e1284589749213f1053e17ae161bb5fb4646f4edb7f11cca96964201a80502e08cb3ceabc774bcd0d23ed49ab37e928136d3e203f6e7e178c3c046dd6da9fdc5a3eb5a1aab486c7d39c08327c88fcbf25ecd7974eb8dae25d7b4b4d27727fb74567252771bb5135aaf63cbfb04d16dcb30459e9677137386ff692c38de0be04c4d1c3ee29d442006fdb71aefdd1f1bf3905c77a82d5740e93fe4bb45679647888e", 0xe7}, {&(0x7f0000000880)="a69641dcd50d8bad033c10194d557feb12075d12d105157e54d122229e88281493ac80e55f6e5e3cb49da48a6351cab669c416e28d631bbe6b9d9b762676c096dbcde19d59653e2bf238f0f2257c5078467d6348acca31072f23343c5bf943a791153f9715d3767f27e054f379d080e8f7b9de14f31bcc0fb5f18720a77e2e8082537e1b6e8f899927f53c12af2485614a585484c69df83f11f2453509d5d94332e23240e760b2d9f22f2729caf985e88cee902d47f034010acabbd5399c31f00b095d2434b42ea30f82a7c27c70df0455b3bad3bf97c9f31c88da842deb281e1e64", 0xe2}], 0x8, &(0x7f0000000980)=[@ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @private=0xa010101, @local}}}, @ip_ttl={{0x10, 0x0, 0x2, 0x5}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @empty, @rand_addr=0x64010101}}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x5}}, @ip_retopts={{0x20, 0x0, 0x7, {[@generic={0x88, 0x12, "fedaa2479e909bee625b27163ae1ae8a"}]}}}], 0x88}}, {{&(0x7f0000000d40)={0x2, 0x4e20, @multicast2}, 0x10, &(0x7f0000000e80)=[{&(0x7f0000000d80)="52e6ee8c4b783497fa0407ab9972daed4f181018a58a0c8f5258f65df685894c204ba83b724e427cbed4724e30affc8f09511082fa7ba0df966c5e9f4b1dc0c5021c448ae9e1aa0f728cd3f05fd9c4242d538ddce57fc62ef67388c9578d1429f95052e2fb3d94339780dda661c5869f28184643ca66d0b664c640370bb9671082a2e1134895215b8684361cd9c84b3ee044186a1eaafa7a5d7f25bb127509d62308195f390347105fe3bc7acb10745ffef3bb8660c99649be64916f99c1da368729585c48e722d66230277041d9cc48ab30bb891fe10308432f", 0xda}], 0x1, &(0x7f0000000cc0)=ANY=[@ANYBLOB="100000000000000002000000490000001000000000000000010000000d0000000d0000000000000001000000700000001000000000000000075eff00000044046173"], 0x40}}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000f40)="1ab9c6a7198e50cc888eda91914af2761004ef08dae7f97ab35ab4d3b2396e543ca5e06d804ac50c3c60c57e02166c185415d6d352d8ee273ed44af4946bc8da49d34a32ce299615dd6fd51bf732b79890edaf6a229e2ed0b8f7fefe55fb4141d6753d611fd4d2a18d7117ed753b0add1c69eafd116224747cce2f2e8c22343dba378646030c6f12f3d607a7", 0x8c}, {&(0x7f0000001000)="03a695a24a2612daea99f39c05cda8bb0bb7e5af9f268660cf7e96f258ab92c8c00b639e0e9e34af703e8f1f62023e091740acdc614745131a9146b31a4b70bc491d0e71ef22cc7e583c122c0c5044800810a4f9912181fc059f303e8d843da55d109009b99941f14794867cabbe92bf3b6e0391706dc14864d6596cf672d31676dcfa3b997580344f7cf9a8589fa95a7a9c1b1991752230d3b88059fbee970ff66817f7c75c0c953e40d35bc986aeb0def34264efe46a7d7834cd26a2ebf1614e6496f395db099ce5585a2daa8e4663679420f6007aa599aa", 0xd9}], 0x2}}, {{&(0x7f0000001140)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000001280)=[{&(0x7f0000001180)="a4c0669ae4a240973e8aee47a43aaac5a2b75579c152e430d699e607aca7266e8785ce379e8946bebb9169dc41bb4f57634505b47573c868518139cef6f0d91d768fc86c910c4a44e3270853596ab9ec9f87be517e2016cfe47aa67e1662a1a596d6c53ccdbe7c0c64aba92d47ee85d0919ebfde41e2462c22e97dc9e42775926fb4f57e7f2a593c39742261d24b9dc9ab1138c8785454821594b4c92f9d6062efae27de74104f784594587985cf12c93036e87607a74c8880fe98d53ec4d9d9bb5ec7e8841af218c06de274ae9812c4bb0cb94c8242c05530586dc8a0668908432ce87e", 0xe4}], 0x1, &(0x7f00000012c0)=[@ip_ttl={{0x10, 0x0, 0x2, 0x6}}], 0x10}}, {{&(0x7f0000001300)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000001440)=[{&(0x7f0000001340)="731f4d04246c40a4cb488205e209f8a36bb6fa14101ce6bb2d7feff97814e91778158578849f590e7f30c3959d17feff2ffbe51b7d4166ba3d67c88c38b0e059c03a9538ba4ead5e87468aeab129882553db5b6707c692b19aa689fbf74756454c7dcf289ae778c2bbfc0cb5a65cd2f1e9b972ed6a49cd6cb0c9e26360c732768594c63b8a8b9e3a59cb962792e552a94a4c487a1ace3e017db68ae2c868da6e2493a0616bffccea1a50092430b6ca5aa8cf5a75507aad606a71fb82823f9a1113b0b697fc1f1975b6f186aca0dda901fb9d756f02665ef90325f91523abb1015f2a093415be82", 0xe7}], 0x1, &(0x7f0000001480)=[@ip_ttl={{0x10, 0x0, 0x2, 0x1}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x6}}, @ip_pktinfo={{0x18, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}}}], 0x38}}, {{0x0, 0x0, &(0x7f0000002a00)=[{&(0x7f0000001540)="6b0c72315e67f85495f149529f278a4b70cd955a8932f2089b1454404927d0ac1da4fce883392b85f36aaa2ec625aaa1a4e74826620acf31e30726f94bac87f94b7e48ca9335d2448cf0b77aee3c9ece3c7d4ff0e67df5b8f89661995cf1ce9ca44f5228211b589c53c64f1693edd1a3eecf3e5e90e3668c77403c2197905d076e0ec2d527ac90e3c17efe594e0a878a3b99701f", 0x94}, {&(0x7f0000001600)="71d9bf31fb1be751739c382f788ee7ea433f5b9e3c688ebed954f8d4cdd8c3c726cbdfc5ea02711a5477824f53515d20", 0x30}, {&(0x7f0000001640)="75a6fec1d0bb16444a0f09e8c577bad06fff5cc22ea2f4b66faaee88590c07de4a66e74cc173df56a2a517041536c9560b", 0x31}, {&(0x7f0000001680)="7e22c038dca3b2bc174979e74209922be65ce1ee4e32868ec0", 0x19}, {&(0x7f00000016c0)}, {&(0x7f0000001700)="e25373c9ecd5c09896571edec088862c081c5069910f811254219fa4406ece9a07ca76ea27ec2b305aae3be7dd1c36153267b4783b77c0de7c4d4a5a11693c1a484a1efe0013ec07e57c25b4deb2dfdbc2ac0b046cdb8bd90175", 0x5a}, {&(0x7f0000001780)="ff0965404b58ea78baef881809ba67d3a844e82a42f7adf70ab91d7df1dc6091a79840c6cd4387474e177cc6061a2b4cac9b44e954013c7f9c8f3fc05e70d8069729c707c817a4ea2066b32a6c1173135adfb84073970b026518bb2bcb45670393e1a6cbabea0b1f687bc5d3436d471546c0790a239913f038f1e9899a6dbdbe75468501c1786566024283c10611d43ec50e1705128247b94dff4f63be7773821c58c7147ab2519b75216349806137bb2f2b53d5f996d1246219854d24af9832dea311b7706a4bc2209497b04839e67c0dcceef5df7e389ac0e9d5965fe7e5deab8d11b7c7d2c1eb6c", 0xe9}, {&(0x7f0000001900)}, {&(0x7f0000001a00)="4d41ce51a1df5a2c8de398c6efd32b50c1ed683899ade7128ff22db4e56c179fb7143e73a6eddfd9cf28e83db8f713a8c10f1df264e83ded189477beebb7175da7c254f3327518ccd9c28f4b0323fbd85cbf8167b3e6a32ca8f14fb1cdf986cc172c5fcf76a89231cadfc4e12657249cc9eeb69f1a3c3a1c8e375426dd1ffe9409d4c2401a119734dd636bc1ca3a1f89652c1a81bf1fb1339a3531826b62f1952fa1d2d1c853d41eb6faf41c1cb20ef5d9b087f50bb529701e6afd9da8b971dd2fd294bb2396117069d914564bfbcdba3f6ed1a8873643a5df5f85c2e59d5b7fff919fe706725c5be44b79e108f3ca648c6aafc8ca27b59f253ccad0e6c482dbb05e1770514d96085079663497111a8ade8633b7da3b4c17ea03291ec8b14b90b6c430ebf99fbebc50550045baf8ee5f5905148dd76564535ceb80b05132aa65433631813ce54a74a948bfca94e54de98109dbda415725b1feb866a002748d479a7d541918fb1f8aa8b6bd3ea7ac77bf66d8163466d6907710756cd599ed2ae58835c4de76eb1f76c0f240b8ca70daea286470e13a072ad13cfc5e726c3904cf8aba8bdf86468834b4b1fb60914d5332c9cfbdcd29124097ac83eee48c404084eb9a4e77e5cd33f6882affd27d3ec232b36708292da395c2fc4ee2a269d0f41d49e72b7c41e5e87acdfc8a9c5c905443624941e901bd55af0a193de9f850d5703264f87414dab47805811db6fe3cab0657f0bba767966ac38161db0d0015d2eccd474d0b8ba7141573e5e2fe62a3c6bcc9ea9f3636e170af567a1d81771382f3f766a470fd0f870d3c8506994821c3a001efb43caafd207c1a64d4ae4c0bd39b2a505a7cb99b83b394977e55732dc54f3503b5edc6000daf7cd66ba3abbf4c2fd3a54bbc2245af5fa0f8b225cdad95ebf5a62829c6b4d8370a37b12b6fe2ce81ac7c58a35753d40394cc4762956811618f0c223ec52a7331260463c95918196b5f289e3476bb440b767164153cb0dd0a73a13a68b41feac22edd50ddf27bd2cc0775a7223ac5d77325680faddd895a594a6469eb9cf21983b0fe7ef5ff4e2684e4351a0a3cd6dc0caafe35599c0646ae21ba5a03293e4ad2e3031fc6706f19dad9ebabdf3e7806d49d95b82609cdcf115a9eefd542cf4df475f8a8c79cbd22c64d68d1a5a8923c55facf5b257542780f5ea62e6f98b2afac490755ec5dcbfc74ff195f0689400570f681996bc06796b1225d0835b806b26eb6beb54707bfbd7b1366efae8d85bc5e047d1b259b991ea634e832222187990b4b20a804587712d9212727640e11288280ca024511bdcb4f8b875699fa7c04d2bbfa6c4ad723afacdee4253b3ae5b41be7e3420a76d1d78043755d040b06335480e247fd026795653f3780b153d396aab46e951b4ecd66fa317756e2296597147084db7ce6e259e514d543ef322426cd34ac5f10435280ef53a202431c7d6d898f99e3c29add8a31486f323fd15c35d2fde3d59c0433a2cc42e114d982d33a0322803822f7fdeb19f9861b31ba2b491af0ff940458f000840f8f51d263fd42476e38b953764ab3ab73571a43494c2bb42e67be532909d25365bac0c69df40486d2d28f9980925363f96f6993ddcd1b255398bd17eacd7b8666b29c2590fe3412d822fe93381d8d150cd9582f32a895d69151b9f0251c1814c8d663d1622e8e42e654794e51e458f6a0e60410347d2f996a3a50e0779c73e5af94d1ec3c479431f25387edc9c301ab258f317f4aba65d34d330814aa98528b0c686147652c0ba1e2669904fd1c4f1377891aad36fe682be0b8e671e4f843e9f13613091aa5554cd29875b8285dbddf18f2d678ff6088e3faf4ae1f7277e7fed383d7e65fbb1f63b04dc0c818d6ffa942ea044f9f5a47606c322d15ab5256357d6371b723d3aef9196ef593527f75e5ba2a998da83f0aec46a491555abdf9d566ce5a4481931f0eb74d2d2ec342e4ab3e1199fe3fa3c8a21c8af8986750a4ae02e945ac622ac1901efc6059d50c94c9ee375844b8cc532fe2344773d5b12cecbc3b48f1e2e155dfdde63e17bb2290172d28dced12679f84c47fc039b5e8967a54a81bbd16e7ece6581f8157a03418864b9f435f71f8a699ae0d782387e869359358b25307e4c6b1f4f538608cbd7274b233cd6f588dae8b6ce4acaac2c86cda9bce23142a3bd124254d02be9594a421cd17724deecec13d3015a2eb8a00dd015475f7e27f33b508c642f1b08608dd273653342bbaf566d4d145690e957ed1312199cd2eb4366fb7e447af14f804376b0ac152a4dc4aa1e3a6787e38e6d26fc887bc6eb60b16c99a8529662b33e5ee4244980d2ca1b7661cf18dea3261660f268d53ea1cd27aa7eb2254acf095526a9d351d1affd7ac45b28fb200b94ad691a458400abb42fa13c1679b88bebe895ca044d77e923d0d9683469c3a67218e75f5d1eeef79e117ed7256531941cc094c8feabd3cf88b310d3f7f15376c251bbb7f39e7c5d35da60b7fbcaca1b14015fe760fec88e4fb9cba5702ade65e7ca4d23a4b15052f9ee6d094e0e532fd8f1abf0cc09fde58925ad43b5f752e795a087954b59f03ae9583ffb390b8036cae8bab039086f5419ce507023cce579c49d993e990979a9957c696483a6b4a662ae59148bb3b47032c1c614f6fcbb9930c3bed28a21eca6d493197747b1b31a796a3b287bb5e356e1793f9c38e3349d8a31ae3c1c51c7f6de7c01a176ab25602086110521091a289771ada131e506a5843ec88e800a7d53dd385a65e2085465339bfbb4ccff1ceb3fb4de75a65f9f1e37bb75ec26f9e1c00265d1b4dd174cafeaa053ab4066bed2e1daab909fd4feb809270b74e78306a9e234cc12b3cdf6e0c79b9e5aab6912c7da0b1d6edb4032077626d02bbb157dd6ac5517b983e41c5a2800dbb0063270317973e6b9414a11ee7e6259513b5dc5df43f7e402c5be1ccceae738ec5f3f8fe75a73c1daec109db8b5418c13f5b42d9fc266396fbf8742fe35abb4e461d5d07f2260552022ce6150c2f97bf2c17df50723efd41869d71894e28b15dbb40146cb93c0a6fc8891e06bba773a507fcb240b4a1cc9cc00680e4cfe181421914f94739624e94eb5dd4c1ec81da9331ebdec056c0e6d1bf5bcd65625d7a5793a9534bb18875684cd69fbe2c26a88843093da8d9c9c4e76d83cc2524c86afaa35b7ccbbeb78d7a0ddbbca62c64b92bc708f188c0a9c595dc5eaa4081d3fc0eec6c9230414a68fe51de3c99b9e20b5e3deac14d6f78b4723e893dc2de00bf0e46922fea1b775bd5c23479a9e630f6038dee52a1e42e85b1c1e72ee3eaf132b480d0f1d5e8264dbebf41924df2ea69f2c7adb8cc5c1cb3bcd95b62ba1ca1538ed02be326d599e0ba98a8ded2ab882cf5995b228da6d8f69a33e85fe4a527eea380ccf537e2cc1238a1fcccebe456a206135a43c3023d3bbe00808d8bb5465376358df1f4dd99a8cfd88f5d1c2da9746bd2b0af929ffff996cf56a73becd112234e6c33e1ec732136418a1461719e4ba3f9b174c194e31fe9e467084754d0d83043a23eacbf6cc38875a1cca5c93eab2bbfbfdaeab37ed2a4e5c031bfaf8e740c3c59aa7bffda83d9b42dc903836e5be40f9441d003c7f1c61fd72590d2799e572d2fb87548bc600ed8387a203e965f827de5af30107893a9a736fe7753eb6aab0af9db81bf8fe88faf11d3af755ba8802cb03b8ff835e878fa9fb09fc6abcf13a959d9366c0df2a170dd7bd91d8aa30e3f28084eec261578f9da6d8153b8442c59c15e3925e5448bafd40747cacabd02585c29ea77610c3f9482c99a9958e567f90c58b96a3e5aea7f095c18dfcd0892d27866ee1a4030a4c74dbe4177e9f7ba8830b8a1b9a452fcc2b66cb46b83903f3a2dbca51fe9b5a8d3b213638a23fb06e30e1e2efd9f52e873036ec3eec776df2cf5e3f34e8b09848ef5859c864a80c440b907134c0113bd01b9811d408921a5f71a19013be5ab423482922c60fdc5ee8e63dff25878303d9dbf9552b67b01e2606bd7923f0da3cd91a55d9ee8a89002ddfab06de89df3a18563dc2bdc0d1732b3fb829c2a8425c5ed59515482726995ecbee07cda6034395737396a81d20a0dfe6ba648af2080312aae9f5adadc98eaa06f1224c648fbd7ac728354b149bbd21bab634368aa960573ddb8f138fc7e3dd249321210c420cc8126d0bb85024aad14b2d8b5d51dfa3445e1c378b9335bd8bdb69f3b87fafbc84ca62069c9a3df9116aabd5e7ab03f85e4229a11db5926110b2f659f71322256a49f9df8ba2c290f6027d1206b395d5368008e230a423eac6d1eeac18df65be213eb12b345fbb55375f04ca6134697e314a9f46dee53ac6f122bfc06745d1beccd49e404caaba1bfa0032474d5786214a4a606e9228fab45859f1796ff0395196e5e4a27dd94d450c1b8e464ebba41d861b6228cb95119548c5d778176ae5dd9f2b75cd4c2de5779292d8fe444cc2753117cc70ce32029373cb6e1ee050f2e5969a5cedef0395f16d04f9f229c59f1a20eabe9d63f1cf4c5cbf72d22d351394516468c2d4de17daaed0dd92a47f93d1b6c31c596675416f406eee945c2c8be6b11c0bbe0025d419a01c6048b629c72f5a3ba2773210dd0385275e4e243be3bee59eb6965db995b7f6e351adc017e71b6d86d3a3750a094231bb9e03c5fc623dc5cc4186ef113d41124d40c0402bd9a222fd12c899c3db63e832d91054b66435a99815d5ff07f93e69dcfd01bf02a05ef9fe1ad6e27c6b285cdbe3121142861d518136af5b1996fd83b699365220887240ff4fad0715e58150ac9cc3165ff784392e3d46315daf7116fa65fb36721f0925c85e4bdd288cde5dc0920e85d7409c512a6ce7e87e4038aa3144920fca8dcc0fec743b786813b3d1181bc88c090fa7606ebd6c6e4564ea7c14e9357a6f817279f689b0fa0b6766a69ce8ab48b7b329452a59c47687162155fad37986542f9e919b11a95bd9b48e20a13eacad45d741f67260ed9bddde0ebe3b5b94c8dd9c4aecc11dda1615ad62ec9a0482aa1214bf3dda828bf3a9b4da9d5f46eb55959fa68be203dd2a14deb91c8c40f93fefe86e7c9503bf62d7bcecde8418b0cb58beb277c339239b917909f16036e424e1280aa8f3dd9679b50d613ac9fdf9d5a717bc9d6a6377537f045dcf6252a215c7dea9b1021a740cc27b1cd055670e078fce28dec8750c2b6c24a093c6bacd411830ebddc4089af6874486de8007df560bf89ae6b1990f10d332a8829baab482491c24b1e48ee214b5ad2fdf5f5e5a84301695c2d28779017fdabdb0539d0090504d209defb3d5dedf72fa098f8b2ce80b3cf431119b17f6892a89ecc419b3ca8949b638ee88f0bce1cb21832aa358724c60082cb51fd4ef5b1a3abe211d88d9ec61fdbf5593f2a82df05c43ca2cb8f23de3db725a23f901450905497bf39317e18c50b2879013f2fe2e8ec58cc50713071f329a2f0c45d04fdb42142cc24cecbf1794513e5986ed21597fed430df70c1c0c95918ca742a072f74f1cd8ddb3e637d4ed78eee1428880b0269b002292ddef7a01a6d3dab447d826535fb975cbb46bb577b0e4ae6414249a8e8d80d879cfe1673ae9f89aeb0761bf9162c1a22911dc295a1c1d50e418a7c0b65f2bd20cd50acb6d13f18195f7fa36fdcc6c1274aa8bc45fb3f018c8c6a0f0e1a8165ec372bf6972e8ec3b80fe6bbdc0caab8e010438979e2eae09839646b1c4cb3156198e58554992ad29f158d0a59c39a", 0x1000}], 0x9, &(0x7f0000002a80)=[@ip_tos_u8={{0xd, 0x0, 0x1, 0x8}}, @ip_ttl={{0x10, 0x0, 0x2, 0x7}}, @ip_ttl={{0x10, 0x0, 0x2, 0x7}}, @ip_retopts={{0x30, 0x0, 0x7, {[@rr={0x7, 0x23, 0x1c, [@rand_addr=0x64010100, @rand_addr=0x64010101, @multicast2, @rand_addr=0x64010102, @local, @dev={0xac, 0x14, 0x14, 0x3d}, @remote, @multicast1]}]}}}, @ip_ttl={{0x10}}, @ip_tos_int={{0x10, 0x0, 0x1, 0x1000100}}, @ip_tos_u8={{0xd, 0x0, 0x1, 0x4}}, @ip_ttl={{0x10}}], 0xa0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)}}, {{0x0, 0x0, &(0x7f0000004640)=[{&(0x7f0000004540)="120fec6dc62f91ac1debc122f1b10c9d075c8061370753bfc8bceda6779d19399038edd0b2f2757868f62f21ef3bb22218a74e683af9a36e50107628c2e6acc4326ae42a25dfbae565b96e3274da1366bf69c533343c4f6a875df90078bc31b35bab21f985a0cbd9cf543f97fa38afa17dd96ea216468710710224f1d40c69d7d9b2e3fc0f73a68e28ab3c47d0148b5293c632673b969ba37938c44776a181a2ae3dde6351c3f58e616fd6c82ac42078e81ecdf33a1c1ab93d6a14c8098daf123901e67969c122e75c2015869ccb942c0971a1f24ecfb6dcf8d1873695ca0684a957d69f788eff8ac43fe00d33fb7551f72b03132ce099633b797ddfff1f8c", 0xff}], 0x1, &(0x7f0000004680)}}], 0x9, 0x401e394) 16.092580168s ago: executing program 0 (id=2043): socket$inet6(0xa, 0x80000, 0x33b) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r1, 0x107, 0x7, 0x0, &(0x7f0000000040)) r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x240) write$cgroup_int(r2, &(0x7f0000000000)=0xfe8e, 0x12) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000001b00)=""/102392, 0x18ff8) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x400c000) syz_open_dev$tty20(0xc, 0x4, 0x1) openat$audio(0xffffffffffffff9c, &(0x7f00000003c0), 0x4da400, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) unshare(0x62040200) chdir(&(0x7f0000000140)='./file0\x00') syz_pidfd_open(0x0, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0xa) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000700)={&(0x7f00000002c0)={0x50, 0xffffffffffffff8c}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16.08841705s ago: executing program 2 (id=2044): sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead9591", 0x19, 0x20000000, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f00000000c0)={0x2, 0x100, 0x0, 0x2, 0xfffffffd, 0x2}) 16.088228981s ago: executing program 1 (id=2045): pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r1 = openat$cuse(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) splice(r0, 0x0, r1, 0x0, 0x7fff, 0x6) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x27, 0x0, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x27, 0x0, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x28, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1a) eventfd(0xfffffff9) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x224}) r6 = add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r6, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x6}, 0x18) r7 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, 0x0, 0x0) 15.172329641s ago: executing program 5 (id=2046): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f60c01a83d88008135048567c566a31077d12879017186ecd85"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000e0ffffffffffff94001eb3c364440be9125ff7ffffff0000f174b56cf0b1a4dd3f78e0e59a486a57f9adda4a7d6a13c4fc679e81245196392d7f00fb10b79c191b19840ae478c9e404593e6dc195506ae20d8f72ce19693c6beca14ad3fe04982254ddef1e3ac693aa6470b00ec581887975b1ae2cde48a7a2399c3f99acc038311bbce5a6069197923b407cb6bd6fdaed05ae2e0b5ef7550db04a70c8ed321b"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f00000001c0)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x7]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getrlimit(0xc, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9c}, 0x94) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243) close(r0) 15.142047606s ago: executing program 1 (id=2047): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) unshare(0x64000600) chdir(0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 13.58236986s ago: executing program 5 (id=2048): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x20004804) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) fsmount(0xffffffffffffffff, 0x1, 0x8c) socket$alg(0x26, 0x5, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 13.043939716s ago: executing program 2 (id=2049): openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a80)={'syz1\x00', {0xfffd}, 0x4a, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x2000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x185], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x9, 0x0, 0x3cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe654, 0x0, 0xae, 0x0, 0x0, 0x88, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x4, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x4a9c, 0x4, 0x1, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ec2, 0x0, 0x80, 0x4]}, 0x45c) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x8) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r1, 0xffffffffffffffff, 0x1f) 943.063831ms ago: executing program 41 (id=2043): socket$inet6(0xa, 0x80000, 0x33b) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r1, 0x107, 0x7, 0x0, &(0x7f0000000040)) r2 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x240) write$cgroup_int(r2, &(0x7f0000000000)=0xfe8e, 0x12) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000001b00)=""/102392, 0x18ff8) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x400c000) syz_open_dev$tty20(0xc, 0x4, 0x1) openat$audio(0xffffffffffffff9c, &(0x7f00000003c0), 0x4da400, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) unshare(0x62040200) chdir(&(0x7f0000000140)='./file0\x00') syz_pidfd_open(0x0, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0xa) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000700)={&(0x7f00000002c0)={0x50, 0xffffffffffffff8c}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 42 (id=2047): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) unshare(0x64000600) chdir(0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) kernel console output (not intermixed with test programs): ing to 1000 [ 365.484773][T13271] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1520'. [ 365.685738][ T34] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 365.848127][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.851964][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.855291][ T34] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 365.860377][ T34] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 365.879107][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.886848][ T34] usb 6-1: config 0 descriptor?? [ 366.294634][ T34] plantronics 0003:047F:FFFF.001D: reserved main item tag 0xd [ 366.333428][ T34] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 366.546744][ T34] usb 6-1: USB disconnect, device number 17 [ 366.572869][T13282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1524'. [ 367.495698][ T34] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 367.663830][ T34] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 367.671347][ T34] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 367.675259][ T34] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 367.746287][ T34] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 367.749962][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.753137][ T34] usb 6-1: Product: syz [ 367.758953][ T34] usb 6-1: Manufacturer: syz [ 367.760765][ T34] usb 6-1: SerialNumber: syz [ 367.999099][ T34] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 368.198943][T13292] cgroup: none used incorrectly [ 368.207333][ T5851] usb 6-1: USB disconnect, device number 18 [ 368.210583][ T5851] usblp0: removed [ 368.258658][T13300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1531'. [ 369.821258][T13331] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1537'. [ 370.442001][T13346] lo speed is unknown, defaulting to 1000 [ 370.446111][T13346] lo speed is unknown, defaulting to 1000 [ 371.127612][T13359] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1544'. [ 372.495631][ T34] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 372.899350][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.903513][ T34] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.907619][ T34] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 372.913016][ T34] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 372.916910][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.922863][ T34] usb 6-1: config 0 descriptor?? [ 373.089336][T13387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1549'. [ 373.336825][ T34] plantronics 0003:047F:FFFF.001E: reserved main item tag 0xd [ 373.345599][ T34] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 373.539754][ T34] usb 6-1: USB disconnect, device number 19 [ 374.171466][T13404] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1555'. [ 375.025882][T13411] lo speed is unknown, defaulting to 1000 [ 375.029880][T13411] lo speed is unknown, defaulting to 1000 [ 375.302932][T13415] lo speed is unknown, defaulting to 1000 [ 375.307473][T13415] lo speed is unknown, defaulting to 1000 [ 376.170282][T13427] lo speed is unknown, defaulting to 1000 [ 376.186679][T13427] lo speed is unknown, defaulting to 1000 [ 376.533917][T13432] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1560'. [ 377.333469][T13462] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1566'. [ 377.408774][T13461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1565'. [ 377.590080][T13467] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1564'. [ 378.038964][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.360676][T13477] lo speed is unknown, defaulting to 1000 [ 378.365071][T13477] lo speed is unknown, defaulting to 1000 [ 379.755884][T13493] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1573'. [ 380.497851][T13500] program syz.1.1574 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 380.545947][ T1108] ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 [ 380.548516][ T1108] ata1.00: irq_stat 0x40000000 [ 380.550019][ T1108] ata1.00: failed command: ZAC MANAGEMENT OUT [ 380.551930][ T1108] ata1.00: cmd 9f/02:00:00:00:00/00:00:00:00:00/40 tag 8 [ 380.551930][ T1108] res 41/04:00:00:00:00/00:00:00:00:00/40 Emask 0x1 (device error) [ 380.559068][ T1108] ata1.00: status: { DRDY ERR } [ 380.560678][ T1108] ata1.00: error: { ABRT } [ 380.562156][ T1108] ata1.00: device reported invalid CHS sector 0 [ 380.612480][T13503] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1575'. [ 381.459349][T13523] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1579'. [ 381.463191][T13523] FAULT_INJECTION: forcing a failure. [ 381.463191][T13523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 381.467635][T13523] CPU: 2 UID: 0 PID: 13523 Comm: syz.0.1579 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 381.467652][T13523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 381.467660][T13523] Call Trace: [ 381.467664][T13523] [ 381.467668][T13523] dump_stack_lvl+0x16c/0x1f0 [ 381.467690][T13523] should_fail_ex+0x512/0x640 [ 381.467709][T13523] _copy_from_user+0x2e/0xd0 [ 381.467727][T13523] get_compat_msghdr+0xa7/0x170 [ 381.467747][T13523] ? __pfx_get_compat_msghdr+0x10/0x10 [ 381.467772][T13523] ___sys_sendmsg+0x1ae/0x1d0 [ 381.467790][T13523] ? __pfx____sys_sendmsg+0x10/0x10 [ 381.467814][T13523] ? find_held_lock+0x2b/0x80 [ 381.467836][T13523] __sys_sendmsg+0x16d/0x220 [ 381.467853][T13523] ? __pfx___sys_sendmsg+0x10/0x10 [ 381.467876][T13523] ? rcu_is_watching+0x12/0xc0 [ 381.467890][T13523] __do_fast_syscall_32+0x7c/0x3a0 [ 381.467910][T13523] do_fast_syscall_32+0x32/0x80 [ 381.467927][T13523] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 381.467942][T13523] RIP: 0023:0xf70de579 [ 381.467953][T13523] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 381.467964][T13523] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 381.467975][T13523] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000140 [ 381.467982][T13523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 381.467988][T13523] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 381.467994][T13523] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 381.468000][T13523] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 381.468014][T13523] [ 381.535078][ C2] hpet: Lost 2 RTC interrupts [ 382.306050][ T59] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 382.460672][ T59] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 382.474507][ T59] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 382.478207][ T59] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 382.494451][ T59] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 382.505642][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.510016][ T59] usb 7-1: Product: syz [ 382.511367][ T59] usb 7-1: Manufacturer: syz [ 382.512836][ T59] usb 7-1: SerialNumber: syz [ 382.575070][T13542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1584'. [ 382.745991][ T59] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 40 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 382.942429][ T34] usb 7-1: USB disconnect, device number 40 [ 382.957419][ T34] usblp0: removed [ 383.116583][T13551] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1585'. [ 383.554899][T13561] fuse: Unknown parameter 'group_d' [ 383.833256][T13568] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1588'. [ 384.545763][ C3] ata1: illegal qc_active transition (00000000->00400000) [ 384.895701][ T34] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 384.900525][ T1108] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 384.906847][ T1108] ata1.00: configured for UDMA/100 [ 385.077296][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 385.081159][ T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 385.084996][ T34] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 385.089764][ T34] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 385.092882][ T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.097109][ T34] usb 5-1: config 0 descriptor?? [ 385.503729][ T34] usbhid 5-1:0.0: can't add hid device: -71 [ 385.507511][ T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 385.514329][ T34] usb 5-1: USB disconnect, device number 15 [ 385.756068][T13600] lo speed is unknown, defaulting to 1000 [ 385.768163][T13600] lo speed is unknown, defaulting to 1000 [ 386.005732][ T59] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 386.173844][ T59] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 386.182195][ T59] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 386.195809][ T59] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 386.202879][ T59] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 386.210494][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.213207][ T59] usb 7-1: Product: syz [ 386.214652][ T59] usb 7-1: Manufacturer: syz [ 386.225584][ T59] usb 7-1: SerialNumber: syz [ 386.343706][T13623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1600'. [ 386.445337][T13602] cgroup: none used incorrectly [ 386.472937][ T59] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 41 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 386.488390][ T59] usb 7-1: USB disconnect, device number 41 [ 386.492896][ T59] usblp0: removed [ 386.635015][T13629] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1599'. [ 387.249362][T13640] openvswitch: : Dropping previously announced user features [ 387.979723][T13653] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1606'. [ 388.155037][T13652] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1604'. [ 388.996616][T13668] lo speed is unknown, defaulting to 1000 [ 389.008367][T13668] lo speed is unknown, defaulting to 1000 [ 389.370579][T13665] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1607'. [ 389.575954][ T34] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 389.655585][ T5994] usb 10-1: new high-speed USB device number 29 using dummy_hcd [ 389.755183][ T34] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 389.758948][ T34] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 389.762025][ T34] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 389.779314][ T34] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 389.782311][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.784948][ T34] usb 5-1: Product: syz [ 389.797100][ T34] usb 5-1: Manufacturer: syz [ 389.798830][ T34] usb 5-1: SerialNumber: syz [ 389.807159][ T5994] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.810204][ T5994] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 389.814360][ T5994] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 389.835593][ T5994] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.840536][ T5994] usb 10-1: config 0 descriptor?? [ 389.850182][ T5994] usbhid 10-1:0.0: couldn't find an input interrupt endpoint [ 390.030809][T13681] cgroup: none used incorrectly [ 390.051848][ T34] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 390.061913][ T34] usb 5-1: USB disconnect, device number 16 [ 390.072626][ T34] usblp0: removed [ 390.622132][T13700] lo speed is unknown, defaulting to 1000 [ 390.625403][T13700] lo speed is unknown, defaulting to 1000 [ 392.155821][T13720] lo speed is unknown, defaulting to 1000 [ 392.162521][T13720] lo speed is unknown, defaulting to 1000 [ 392.445391][ T59] usb 10-1: USB disconnect, device number 29 [ 393.270011][T13737] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1619'. [ 394.335591][ T6689] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 394.537092][ T6689] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 394.546404][ T6689] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 394.555622][ T6689] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 394.580373][ T6689] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 394.583402][ T6689] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.695797][ C2] hpet: Lost 3 RTC interrupts [ 394.804178][ T6689] usb 7-1: Product: syz [ 394.809656][ T6689] usb 7-1: Manufacturer: syz [ 394.819259][ T6689] usb 7-1: SerialNumber: syz [ 395.177675][T13747] cgroup: none used incorrectly [ 395.191401][ T6689] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 42 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 395.199031][ T6689] usb 7-1: USB disconnect, device number 42 [ 395.218762][ T6689] usblp0: removed [ 395.247619][T13762] lo speed is unknown, defaulting to 1000 [ 395.252152][T13762] lo speed is unknown, defaulting to 1000 [ 395.412003][T13768] lo speed is unknown, defaulting to 1000 [ 395.704962][T13768] lo speed is unknown, defaulting to 1000 [ 395.807405][T13771] FAULT_INJECTION: forcing a failure. [ 395.807405][T13771] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 395.811909][T13771] CPU: 3 UID: 0 PID: 13771 Comm: syz.0.1629 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 395.811925][T13771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 395.811942][T13771] Call Trace: [ 395.811949][T13771] [ 395.811953][T13771] dump_stack_lvl+0x16c/0x1f0 [ 395.811973][T13771] should_fail_ex+0x512/0x640 [ 395.811992][T13771] _copy_from_user+0x2e/0xd0 [ 395.812009][T13771] copy_from_sockptr_offset.constprop.0+0x136/0x170 [ 395.812028][T13771] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 395.812051][T13771] tipc_setsockopt+0x681/0xdb0 [ 395.812064][T13771] ? __pfx_tipc_setsockopt+0x10/0x10 [ 395.812081][T13771] ? __pfx_tipc_setsockopt+0x10/0x10 [ 395.812092][T13771] do_sock_setsockopt+0x221/0x470 [ 395.812104][T13771] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 395.812124][T13771] __sys_setsockopt+0x120/0x1a0 [ 395.812142][T13771] __ia32_sys_setsockopt+0xbc/0x160 [ 395.812157][T13771] ? lockdep_hardirqs_on+0x7c/0x110 [ 395.812173][T13771] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 395.812189][T13771] __do_fast_syscall_32+0x7c/0x3a0 [ 395.812208][T13771] do_fast_syscall_32+0x32/0x80 [ 395.812224][T13771] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 395.812238][T13771] RIP: 0023:0xf70de579 [ 395.812247][T13771] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 395.812257][T13771] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 395.812268][T13771] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000010f [ 395.812274][T13771] RDX: 0000000000000087 RSI: 0000000080000180 RDI: 00000000000004bd [ 395.812280][T13771] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 395.812286][T13771] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 395.812292][T13771] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 395.812305][T13771] [ 396.076276][T13778] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1631'. [ 396.079127][T13778] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1631'. [ 396.082384][T13778] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1631'. [ 396.185406][T13786] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1631'. [ 396.190036][T13786] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1631'. [ 396.194573][T13786] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1631'. [ 397.774409][T13807] netlink: 'syz.1.1639': attribute type 5 has an invalid length. [ 397.857961][T13810] cgroup: none used incorrectly [ 398.183731][T13817] lo speed is unknown, defaulting to 1000 [ 398.190903][T13817] lo speed is unknown, defaulting to 1000 [ 398.884219][T13825] lo speed is unknown, defaulting to 1000 [ 398.887920][T13825] lo speed is unknown, defaulting to 1000 [ 400.293598][T13842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1647'. [ 400.877050][ C2] hpet: Lost 5 RTC interrupts [ 400.903557][ C2] hpet: Lost 1 RTC interrupts [ 401.043069][ T40] audit: type=1800 audit(1751538151.073:189): pid=13854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1649" name="dmabuf" dev="dmabuf" ino=2 res=0 errno=0 [ 401.110339][ T40] audit: type=1800 audit(1751538151.143:190): pid=13856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1650" name="dmabuf" dev="dmabuf" ino=3 res=0 errno=0 [ 401.117781][T13856] FAULT_INJECTION: forcing a failure. [ 401.117781][T13856] name failslab, interval 1, probability 0, space 0, times 0 [ 401.123442][T13856] CPU: 3 UID: 0 PID: 13856 Comm: syz.2.1650 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 401.123467][T13856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 401.123478][T13856] Call Trace: [ 401.123487][T13856] [ 401.123496][T13856] dump_stack_lvl+0x16c/0x1f0 [ 401.123526][T13856] should_fail_ex+0x512/0x640 [ 401.123552][T13856] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 401.123580][T13856] should_failslab+0xc2/0x120 [ 401.123597][T13856] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 401.123620][T13856] ? __page_table_check_zero+0x33c/0x5d0 [ 401.123646][T13856] ? vm_area_dup+0x27/0x8d0 [ 401.123672][T13856] vm_area_dup+0x27/0x8d0 [ 401.123697][T13856] __split_vma+0x18e/0x1070 [ 401.123722][T13856] ? __pfx___split_vma+0x10/0x10 [ 401.123752][T13856] ? get_page_from_freelist+0x1321/0x3890 [ 401.123791][T13856] vms_gather_munmap_vmas+0x1c2/0x1310 [ 401.123821][T13856] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 401.123842][T13856] ? trace_mm_page_alloc+0x11f/0x1a0 [ 401.123862][T13856] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 401.123883][T13856] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 401.123898][T13856] ? is_bpf_text_address+0x94/0x1a0 [ 401.123913][T13856] ? kernel_text_address+0x8d/0x100 [ 401.123929][T13856] ? __kernel_text_address+0xd/0x40 [ 401.123947][T13856] do_vmi_align_munmap+0x27c/0x7d0 [ 401.123963][T13856] ? __lock_acquire+0x622/0x1c90 [ 401.123976][T13856] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 401.124012][T13856] do_vmi_munmap+0x204/0x3e0 [ 401.124029][T13856] do_munmap+0xbd/0x100 [ 401.124041][T13856] ? __pfx_do_munmap+0x10/0x10 [ 401.124056][T13856] ? __pfx_down_write_killable+0x10/0x10 [ 401.124071][T13856] __do_sys_mremap+0xfe7/0x1590 [ 401.124088][T13856] ? __pfx___do_sys_mremap+0x10/0x10 [ 401.124103][T13856] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 401.124122][T13856] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 401.124140][T13856] ? __fget_files+0x20e/0x3c0 [ 401.124153][T13856] ? handle_mm_fault+0x2a0/0xd10 [ 401.124173][T13856] ? rcu_is_watching+0x12/0xc0 [ 401.124186][T13856] __do_fast_syscall_32+0x7c/0x3a0 [ 401.124204][T13856] do_fast_syscall_32+0x32/0x80 [ 401.124221][T13856] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 401.124235][T13856] RIP: 0023:0xf7fd4579 [ 401.124244][T13856] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 401.124254][T13856] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 00000000000000a3 [ 401.124265][T13856] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000001000 [ 401.124272][T13856] RDX: 0000000000001000 RSI: 0000000000000003 RDI: 0000000080007000 [ 401.124279][T13856] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 401.124285][T13856] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 401.124291][T13856] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 401.124304][T13856] [ 401.225627][ C3] vkms_vblank_simulate: vblank timer overrun [ 401.792802][T13864] cgroup: none used incorrectly [ 401.979958][ T6920] libceph: connect (1)[c::]:6789 error -101 [ 401.982124][ T6920] libceph: mon0 (1)[c::]:6789 connect error [ 402.026244][T13866] ceph: No mds server is up or the cluster is laggy [ 403.201022][T13888] FAULT_INJECTION: forcing a failure. [ 403.201022][T13888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.206479][T13888] CPU: 2 UID: 0 PID: 13888 Comm: syz.2.1658 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 403.206526][T13888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 403.206535][T13888] Call Trace: [ 403.206540][T13888] [ 403.206546][T13888] dump_stack_lvl+0x16c/0x1f0 [ 403.206571][T13888] should_fail_ex+0x512/0x640 [ 403.206592][T13888] _copy_to_user+0x32/0xd0 [ 403.206613][T13888] simple_read_from_buffer+0xcb/0x170 [ 403.206631][T13888] proc_fail_nth_read+0x197/0x270 [ 403.206646][T13888] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 403.206661][T13888] ? rw_verify_area+0xcf/0x680 [ 403.206676][T13888] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 403.206690][T13888] vfs_read+0x1e4/0xc60 [ 403.206707][T13888] ? fdget_pos+0x2a2/0x370 [ 403.206726][T13888] ? __pfx_vfs_read+0x10/0x10 [ 403.206741][T13888] ? find_held_lock+0x2b/0x80 [ 403.206758][T13888] ? __fget_files+0x20e/0x3c0 [ 403.206778][T13888] ksys_read+0x12a/0x250 [ 403.206794][T13888] ? __pfx_ksys_read+0x10/0x10 [ 403.206811][T13888] ? __secure_computing+0x21c/0x320 [ 403.206829][T13888] __do_fast_syscall_32+0x7c/0x3a0 [ 403.206850][T13888] do_fast_syscall_32+0x32/0x80 [ 403.206869][T13888] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 403.206886][T13888] RIP: 0023:0xf7fd4579 [ 403.206896][T13888] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 403.206908][T13888] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 403.206925][T13888] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f50f6620 [ 403.206933][T13888] RDX: 000000000000000f RSI: 00000000f7463ff4 RDI: 0000000000000000 [ 403.206939][T13888] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 403.206946][T13888] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 403.206953][T13888] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 403.206968][T13888] [ 403.289663][ C2] hpet: Lost 5 RTC interrupts [ 403.348577][ T40] audit: type=1326 audit(1751538153.383:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13891 comm="syz.2.1659" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x0 [ 403.675730][ T34] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 403.904355][ T34] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 403.957805][ T34] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 403.962918][ T34] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 403.967276][ T34] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 403.971549][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.984192][T13895] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 403.994632][ T34] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 404.093628][T13908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1665'. [ 405.821775][T13930] lo speed is unknown, defaulting to 1000 [ 405.827051][T13930] lo speed is unknown, defaulting to 1000 [ 406.435704][ C2] hpet: Lost 1 RTC interrupts [ 406.514914][ C2] hpet: Lost 2 RTC interrupts [ 406.551738][ C2] hpet: Lost 1 RTC interrupts [ 406.623299][ C2] hpet: Lost 1 RTC interrupts [ 406.757883][ T6920] usb 6-1: USB disconnect, device number 20 [ 407.074566][T13943] Bluetooth: hci0: too big key_count value 47413 [ 407.273449][T13952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1676'. [ 408.211755][T13966] FAULT_INJECTION: forcing a failure. [ 408.211755][T13966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 408.222853][T13966] CPU: 3 UID: 0 PID: 13966 Comm: syz.1.1678 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 408.222883][T13966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.222890][T13966] Call Trace: [ 408.222895][T13966] [ 408.222900][T13966] dump_stack_lvl+0x16c/0x1f0 [ 408.222921][T13966] should_fail_ex+0x512/0x640 [ 408.222939][T13966] _copy_from_user+0x2e/0xd0 [ 408.222957][T13966] __sys_bpf+0x21d/0x4d80 [ 408.222976][T13966] ? __pfx___sys_bpf+0x10/0x10 [ 408.222992][T13966] ? ksys_write+0x190/0x250 [ 408.223010][T13966] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 408.223034][T13966] ? fput+0x70/0xf0 [ 408.223044][T13966] ? ksys_write+0x1ac/0x250 [ 408.223057][T13966] ? __pfx_ksys_write+0x10/0x10 [ 408.223075][T13966] __ia32_sys_bpf+0x76/0xe0 [ 408.223086][T13966] __do_fast_syscall_32+0x7c/0x3a0 [ 408.223104][T13966] do_fast_syscall_32+0x32/0x80 [ 408.223120][T13966] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 408.223134][T13966] RIP: 0023:0xf70be579 [ 408.223143][T13966] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 408.223153][T13966] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 408.223165][T13966] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000140 [ 408.223171][T13966] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000 [ 408.223177][T13966] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 408.223183][T13966] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 408.223189][T13966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 408.223202][T13966] [ 408.393673][T13970] lo speed is unknown, defaulting to 1000 [ 408.397569][T13970] lo speed is unknown, defaulting to 1000 [ 409.161901][T13976] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1682'. [ 409.164937][T13976] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1682'. [ 409.168655][T13976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1682'. [ 409.169690][T13978] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1683'. [ 409.225251][T13980] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1682'. [ 409.250116][T13980] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1682'. [ 409.253311][T13980] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1682'. [ 410.456066][ T6581] usb 10-1: new high-speed USB device number 30 using dummy_hcd [ 410.622322][ T6581] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 410.626943][ T6581] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 410.635556][ T6581] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 410.639547][ T6581] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 410.642349][ T6581] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.652975][T13988] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 410.657817][ T6581] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 411.407825][T14004] FAULT_INJECTION: forcing a failure. [ 411.407825][T14004] name failslab, interval 1, probability 0, space 0, times 0 [ 411.412774][T14004] CPU: 0 UID: 0 PID: 14004 Comm: syz.1.1690 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 411.412790][T14004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 411.412797][T14004] Call Trace: [ 411.412802][T14004] [ 411.412806][T14004] dump_stack_lvl+0x16c/0x1f0 [ 411.412841][T14004] should_fail_ex+0x512/0x640 [ 411.412858][T14004] ? fs_reclaim_acquire+0xae/0x150 [ 411.412873][T14004] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 411.412888][T14004] should_failslab+0xc2/0x120 [ 411.412899][T14004] __kmalloc_noprof+0xd2/0x510 [ 411.412919][T14004] tomoyo_realpath_from_path+0xc2/0x6e0 [ 411.412936][T14004] ? tomoyo_profile+0x47/0x60 [ 411.412957][T14004] tomoyo_path_number_perm+0x245/0x580 [ 411.412969][T14004] ? tomoyo_path_number_perm+0x237/0x580 [ 411.412983][T14004] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 411.413012][T14004] ? find_held_lock+0x2b/0x80 [ 411.413023][T14004] ? hook_file_ioctl_common+0x145/0x410 [ 411.413038][T14004] ? __fget_files+0x20e/0x3c0 [ 411.413051][T14004] ? __fput_deferred+0x440/0x480 [ 411.413065][T14004] security_file_ioctl_compat+0x9b/0x240 [ 411.413080][T14004] __ia32_compat_sys_ioctl+0xc3/0x370 [ 411.413095][T14004] __do_fast_syscall_32+0x7c/0x3a0 [ 411.413114][T14004] do_fast_syscall_32+0x32/0x80 [ 411.413131][T14004] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 411.413145][T14004] RIP: 0023:0xf70be579 [ 411.413154][T14004] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 411.413165][T14004] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 411.413176][T14004] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af10 [ 411.413182][T14004] RDX: 0000000080002000 RSI: 0000000000000000 RDI: 0000000000000000 [ 411.413189][T14004] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 411.413195][T14004] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 411.413201][T14004] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 411.413215][T14004] [ 411.413256][T14004] ERROR: Out of memory at tomoyo_realpath_from_path. [ 411.569411][T14013] lo speed is unknown, defaulting to 1000 [ 411.572734][T14013] lo speed is unknown, defaulting to 1000 [ 411.667028][T14015] bio_check_eod: 2 callbacks suppressed [ 411.667040][T14015] syz.1.1694: attempt to access beyond end of device [ 411.667040][T14015] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 411.672867][T14015] syz.1.1694: attempt to access beyond end of device [ 411.672867][T14015] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 411.677055][T14015] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 411.680298][T14015] syz.1.1694: attempt to access beyond end of device [ 411.680298][T14015] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 411.684667][T14015] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 411.688313][T14015] syz.1.1694: attempt to access beyond end of device [ 411.688313][T14015] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 411.692657][T14015] syz.1.1694: attempt to access beyond end of device [ 411.692657][T14015] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 411.697300][T14015] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 411.700504][T14015] syz.1.1694: attempt to access beyond end of device [ 411.700504][T14015] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 411.706856][T14015] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 411.707310][T14017] lo speed is unknown, defaulting to 1000 [ 411.710770][T14015] syz.1.1694: attempt to access beyond end of device [ 411.710770][T14015] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 411.723566][T14015] syz.1.1694: attempt to access beyond end of device [ 411.723566][T14015] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 411.728227][T14015] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 411.731580][T14015] syz.1.1694: attempt to access beyond end of device [ 411.731580][T14015] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 411.736092][T14015] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 411.739395][T14015] syz.1.1694: attempt to access beyond end of device [ 411.739395][T14015] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 411.743645][T14015] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 411.747434][T14015] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 411.750895][T14015] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 411.751821][T14017] lo speed is unknown, defaulting to 1000 [ 413.265809][ T6920] usb 10-1: USB disconnect, device number 30 [ 413.396437][T14033] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 413.399039][T14033] overlayfs: failed to set xattr on upper [ 413.400863][T14033] overlayfs: ...falling back to redirect_dir=nofollow. [ 413.403064][T14033] overlayfs: ...falling back to index=off. [ 413.405020][T14033] overlayfs: ...falling back to uuid=null. [ 413.407276][T14033] overlayfs: conflicting lowerdir path [ 413.815581][ T6920] usb 10-1: new high-speed USB device number 31 using dummy_hcd [ 414.031592][ T6920] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 414.036878][ T6920] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 414.040575][ T6920] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 414.044645][ T6920] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 414.048465][ T6920] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.053034][ T6920] usb 10-1: config 0 descriptor?? [ 414.465833][ T6920] plantronics 0003:047F:FFFF.001F: reserved main item tag 0xd [ 414.474712][ T6920] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 414.726544][ T59] usb 10-1: USB disconnect, device number 31 [ 415.425712][ T34] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 415.472402][T14063] lo speed is unknown, defaulting to 1000 [ 415.476663][T14063] lo speed is unknown, defaulting to 1000 [ 415.616934][ T34] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 415.622032][ T34] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 415.627474][T14071] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1707'. [ 415.635725][ T34] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 415.639659][ T34] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 415.642617][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.657136][T14059] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 415.661580][ T34] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 417.388483][T14092] FAULT_INJECTION: forcing a failure. [ 417.388483][T14092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.392724][T14092] CPU: 2 UID: 0 PID: 14092 Comm: syz.5.1713 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 417.392739][T14092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 417.392746][T14092] Call Trace: [ 417.392750][T14092] [ 417.392754][T14092] dump_stack_lvl+0x16c/0x1f0 [ 417.392775][T14092] should_fail_ex+0x512/0x640 [ 417.392792][T14092] _copy_from_user+0x2e/0xd0 [ 417.392809][T14092] io_submit_one+0xbb/0x1df0 [ 417.392829][T14092] ? __lock_acquire+0xb8a/0x1c90 [ 417.392854][T14092] ? __pfx_io_submit_one+0x10/0x10 [ 417.392878][T14092] ? __might_fault+0xe3/0x190 [ 417.392900][T14092] ? __might_fault+0x13b/0x190 [ 417.392928][T14092] ? __ia32_compat_sys_io_submit+0x1ad/0x3a0 [ 417.392948][T14092] __ia32_compat_sys_io_submit+0x1ad/0x3a0 [ 417.392975][T14092] ? __pfx___ia32_compat_sys_io_submit+0x10/0x10 [ 417.393005][T14092] ? rcu_is_watching+0x12/0xc0 [ 417.393021][T14092] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 417.393051][T14092] __do_fast_syscall_32+0x7c/0x3a0 [ 417.393080][T14092] do_fast_syscall_32+0x32/0x80 [ 417.393106][T14092] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 417.393126][T14092] RIP: 0023:0xf7f63579 [ 417.393141][T14092] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 417.393157][T14092] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 00000000000000f8 [ 417.393174][T14092] RAX: ffffffffffffffda RBX: 00000000f7f5c000 RCX: 0000000000000001 [ 417.393185][T14092] RDX: 0000000080000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 417.393194][T14092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 417.393204][T14092] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 417.393214][T14092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 417.393254][T14092] [ 417.463329][ C2] hpet: Lost 4 RTC interrupts [ 418.275438][ T6920] usb 6-1: USB disconnect, device number 21 [ 419.095681][ T6689] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 419.247178][ T6689] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 419.250093][ T6689] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 419.256751][ T6689] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 419.295529][ T6689] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 419.298278][ T6689] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.310352][ T6689] usb 6-1: Product: syz [ 419.369748][ T6689] usb 6-1: Manufacturer: syz [ 419.371434][ T6689] usb 6-1: SerialNumber: syz [ 419.602984][ T6689] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 22 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 419.806314][T14110] cgroup: none used incorrectly [ 419.810092][ T59] usb 6-1: USB disconnect, device number 22 [ 419.813471][ T59] usblp0: removed [ 419.952355][T14128] lo speed is unknown, defaulting to 1000 [ 419.957029][T14128] lo speed is unknown, defaulting to 1000 [ 420.405908][ C2] hpet: Lost 3 RTC interrupts [ 420.435690][ C2] hpet: Lost 1 RTC interrupts [ 420.558050][ C2] hpet: Lost 6 RTC interrupts [ 420.605745][ C2] hpet: Lost 2 RTC interrupts [ 422.087880][ T40] audit: type=1804 audit(1751538172.123:192): pid=14149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1725" name="/newroot/418/file1" dev="fuse" ino=1 res=1 errno=0 [ 422.088434][T14148] FAULT_INJECTION: forcing a failure. [ 422.088434][T14148] name failslab, interval 1, probability 0, space 0, times 0 [ 422.094526][ T40] audit: type=1800 audit(1751538172.123:193): pid=14149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1725" name="/" dev="fuse" ino=1 res=0 errno=0 [ 422.100330][T14148] CPU: 2 UID: 0 PID: 14148 Comm: syz.0.1725 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 422.100347][T14148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 422.100355][T14148] Call Trace: [ 422.100359][T14148] [ 422.100364][T14148] dump_stack_lvl+0x16c/0x1f0 [ 422.100384][T14148] should_fail_ex+0x512/0x640 [ 422.100400][T14148] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 422.100416][T14148] should_failslab+0xc2/0x120 [ 422.100426][T14148] __kmalloc_cache_noprof+0x6a/0x3e0 [ 422.100440][T14148] ? alloc_pipe_info+0x10e/0x590 [ 422.100458][T14148] alloc_pipe_info+0x10e/0x590 [ 422.100475][T14148] splice_direct_to_actor+0x77d/0xa30 [ 422.100491][T14148] ? __pfx_direct_splice_actor+0x10/0x10 [ 422.100507][T14148] ? __pfx_aa_file_perm+0x10/0x10 [ 422.100522][T14148] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 422.100534][T14148] ? get_pid_task+0xfc/0x250 [ 422.100551][T14148] do_splice_direct+0x174/0x240 [ 422.100564][T14148] ? __pfx_do_splice_direct+0x10/0x10 [ 422.100577][T14148] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 422.100593][T14148] ? rw_verify_area+0xcf/0x680 [ 422.100607][T14148] do_sendfile+0xb06/0xe50 [ 422.100623][T14148] ? __pfx_do_sendfile+0x10/0x10 [ 422.100637][T14148] ? __fget_files+0x20e/0x3c0 [ 422.100654][T14148] __ia32_compat_sys_sendfile+0x1e5/0x220 [ 422.100664][T14148] ? ksys_write+0x1ac/0x250 [ 422.100678][T14148] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 422.100689][T14148] ? rcu_is_watching+0x12/0xc0 [ 422.100702][T14148] __do_fast_syscall_32+0x7c/0x3a0 [ 422.100720][T14148] do_fast_syscall_32+0x32/0x80 [ 422.100736][T14148] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 422.100750][T14148] RIP: 0023:0xf70de579 [ 422.100763][T14148] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 422.100773][T14148] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 422.100783][T14148] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000005 [ 422.100790][T14148] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000000 [ 422.100795][T14148] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 422.100801][T14148] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 422.100807][T14148] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 422.100819][T14148] [ 423.191057][T14172] overlayfs: workdir and upperdir must be separate subtrees [ 423.334780][T14176] bridge1: entered promiscuous mode [ 423.336714][T14176] bridge1: entered allmulticast mode [ 423.344754][T14176] team0: Port device bridge1 added [ 423.361093][T14174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1733'. [ 423.383536][T14180] FAULT_INJECTION: forcing a failure. [ 423.383536][T14180] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 423.394706][T14180] CPU: 3 UID: 0 PID: 14180 Comm: syz.2.1734 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 423.394733][T14180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 423.394744][T14180] Call Trace: [ 423.394751][T14180] [ 423.394759][T14180] dump_stack_lvl+0x16c/0x1f0 [ 423.394790][T14180] should_fail_ex+0x512/0x640 [ 423.394818][T14180] _copy_from_user+0x2e/0xd0 [ 423.394844][T14180] get_compat_msghdr+0xa7/0x170 [ 423.394873][T14180] ? __pfx_get_compat_msghdr+0x10/0x10 [ 423.394908][T14180] ___sys_sendmsg+0x1ae/0x1d0 [ 423.394936][T14180] ? __pfx____sys_sendmsg+0x10/0x10 [ 423.394971][T14180] ? find_held_lock+0x2b/0x80 [ 423.395005][T14180] __sys_sendmsg+0x16d/0x220 [ 423.395030][T14180] ? __pfx___sys_sendmsg+0x10/0x10 [ 423.395053][T14180] ? __pfx_bpf_trace_run2+0x10/0x10 [ 423.395083][T14180] ? syscall_trace_enter+0x1cb/0x260 [ 423.395110][T14180] ? rcu_is_watching+0x12/0xc0 [ 423.395130][T14180] __do_fast_syscall_32+0x7c/0x3a0 [ 423.395158][T14180] do_fast_syscall_32+0x32/0x80 [ 423.395182][T14180] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 423.395201][T14180] RIP: 0023:0xf7fd4579 [ 423.395215][T14180] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 423.395231][T14180] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 423.395248][T14180] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 423.395258][T14180] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 423.395267][T14180] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 423.395277][T14180] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 423.395287][T14180] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 423.395308][T14180] [ 423.497540][ T6920] usb 10-1: new high-speed USB device number 32 using dummy_hcd [ 423.677086][ T6920] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 423.682718][ T6920] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 423.694338][ T6920] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 423.711745][ T6920] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 423.719666][ T6920] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.733658][ T6920] usb 10-1: Product: syz [ 423.743959][ T6920] usb 10-1: Manufacturer: syz [ 423.749692][ T6920] usb 10-1: SerialNumber: syz [ 423.784586][T14174] team0 (unregistering): Port device team_slave_0 removed [ 423.793200][T14174] team0 (unregistering): Port device team_slave_1 removed [ 423.807587][T14174] team0 (unregistering): Port device bridge1 removed [ 423.908787][T14188] lo speed is unknown, defaulting to 1000 [ 423.937001][T14188] lo speed is unknown, defaulting to 1000 [ 423.963953][ T59] hid-generic 0000:0000:0000.0020: unknown main item tag 0x0 [ 423.978363][ T6920] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 32 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 423.987973][ T59] hid-generic 0000:0000:0000.0020: hidraw0: HID v0.00 Device [syz1] on syz0 [ 424.127928][T14191] fido_id[14191]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 424.177053][T14168] cgroup: none used incorrectly [ 424.207533][ T6920] usb 10-1: USB disconnect, device number 32 [ 424.298318][ T6920] usblp0: removed [ 424.432444][ T5994] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 424.449199][ T5994] hid-generic 0000:0000:0000.0021: hidraw0: HID v0.00 Device [syz1] on syz0 [ 424.482935][T14197] fido_id[14197]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 426.079118][ T59] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 426.235333][ T59] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 426.238991][ T59] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.242160][ T59] usb 6-1: Product: syz [ 426.243549][ T59] usb 6-1: Manufacturer: syz [ 426.245067][ T59] usb 6-1: SerialNumber: syz [ 426.254109][ T59] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 426.284108][ T6581] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 426.729468][ T6689] usb 6-1: USB disconnect, device number 23 [ 427.277924][T14231] FAULT_INJECTION: forcing a failure. [ 427.277924][T14231] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.282874][T14231] CPU: 2 UID: 0 PID: 14231 Comm: syz.1.1746 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 427.282900][T14231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 427.282911][T14231] Call Trace: [ 427.282919][T14231] [ 427.282926][T14231] dump_stack_lvl+0x16c/0x1f0 [ 427.282956][T14231] should_fail_ex+0x512/0x640 [ 427.282984][T14231] _copy_from_user+0x2e/0xd0 [ 427.283010][T14231] get_compat_msghdr+0xa7/0x170 [ 427.283037][T14231] ? __pfx_get_compat_msghdr+0x10/0x10 [ 427.283073][T14231] ___sys_sendmsg+0x1ae/0x1d0 [ 427.283100][T14231] ? __pfx____sys_sendmsg+0x10/0x10 [ 427.283140][T14231] ? find_held_lock+0x2b/0x80 [ 427.283175][T14231] __sys_sendmsg+0x16d/0x220 [ 427.283200][T14231] ? __pfx___sys_sendmsg+0x10/0x10 [ 427.283253][T14231] ? rcu_is_watching+0x12/0xc0 [ 427.283278][T14231] __do_fast_syscall_32+0x7c/0x3a0 [ 427.283305][T14231] do_fast_syscall_32+0x32/0x80 [ 427.283328][T14231] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 427.283349][T14231] RIP: 0023:0xf70be579 [ 427.283362][T14231] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 427.283378][T14231] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 427.283395][T14231] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000580 [ 427.283405][T14231] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 427.283414][T14231] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 427.283423][T14231] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 427.283433][T14231] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 427.283454][T14231] [ 427.358336][ C2] hpet: Lost 4 RTC interrupts [ 427.374964][ T6581] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 427.379663][ T6581] ath9k_htc: Failed to initialize the device [ 427.393414][ T6689] usb 6-1: ath9k_htc: USB layer deinitialized [ 427.459361][T14238] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1748'. [ 427.517208][T14245] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1748'. [ 427.785699][ T5994] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 427.915857][ T5994] usb 7-1: device descriptor read/64, error -71 [ 428.155638][ T5994] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 428.285810][ T5994] usb 7-1: device descriptor read/64, error -71 [ 428.399287][ T5994] usb usb7-port1: attempt power cycle [ 428.745772][ T5994] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 428.766096][ T5994] usb 7-1: device descriptor read/8, error -71 [ 429.025587][ T5994] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 429.046116][ T5994] usb 7-1: device descriptor read/8, error -71 [ 429.155805][ T5994] usb usb7-port1: unable to enumerate USB device [ 429.335628][ T6689] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 429.416199][ T5994] usb 10-1: new high-speed USB device number 33 using dummy_hcd [ 429.486582][ T6689] usb 6-1: Using ep0 maxpacket: 16 [ 429.489994][ T6689] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 429.492508][ T6689] usb 6-1: config 0 has no interface number 0 [ 429.494838][ T6689] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 429.498824][ T6689] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 429.503667][ T6689] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 429.508413][ T6689] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 429.511221][ T6689] usb 6-1: Product: syz [ 429.512555][ T6689] usb 6-1: SerialNumber: syz [ 429.515229][ T6689] usb 6-1: config 0 descriptor?? [ 429.518963][ T6689] cm109 6-1:0.8: invalid payload size 0, expected 4 [ 429.521889][ T6689] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input52 [ 429.526647][ T6581] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 429.565637][ T5994] usb 10-1: Using ep0 maxpacket: 16 [ 429.569809][ T5994] usb 10-1: config 0 has an invalid interface number: 8 but max is 0 [ 429.573444][ T5994] usb 10-1: config 0 has no interface number 0 [ 429.576278][ T5994] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 429.580740][ T5994] usb 10-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 429.588133][ T5994] usb 10-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 429.591898][ T5994] usb 10-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 429.595248][ T5994] usb 10-1: Product: syz [ 429.597185][ T5994] usb 10-1: SerialNumber: syz [ 429.601350][ T5994] usb 10-1: config 0 descriptor?? [ 429.605139][ T5994] cm109 10-1:0.8: invalid payload size 0, expected 4 [ 429.608283][ T5994] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.8/input/input53 [ 429.675617][ T6581] usb 5-1: Using ep0 maxpacket: 16 [ 429.679615][ T6581] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 429.682179][ T6581] usb 5-1: config 0 has no interface number 0 [ 429.684286][ T6581] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 429.687943][ T6581] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 429.693212][ T6581] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 429.696276][ T6581] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 429.698807][ T6581] usb 5-1: Product: syz [ 429.700165][ T6581] usb 5-1: SerialNumber: syz [ 429.702963][ T6581] usb 5-1: config 0 descriptor?? [ 429.706664][ T6581] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 429.710405][ T6581] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input54 [ 429.746562][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 429.746657][ T6581] usb 6-1: USB disconnect, device number 24 [ 429.748787][ C0] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 429.757644][ T6581] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 429.810631][T14274] FAULT_INJECTION: forcing a failure. [ 429.810631][T14274] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 429.815258][T14274] CPU: 3 UID: 0 PID: 14274 Comm: syz.5.1757 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 429.815274][T14274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 429.815281][T14274] Call Trace: [ 429.815286][T14274] [ 429.815291][T14274] dump_stack_lvl+0x16c/0x1f0 [ 429.815311][T14274] should_fail_ex+0x512/0x640 [ 429.815329][T14274] _copy_from_iter+0x29f/0x16f0 [ 429.815360][T14274] ? __pfx__copy_from_iter+0x10/0x10 [ 429.815380][T14274] ? get_pid_task+0xfc/0x250 [ 429.815400][T14274] file_tty_write.constprop.0+0x488/0x9b0 [ 429.815422][T14274] vfs_write+0x6c4/0x1150 [ 429.815438][T14274] ? __pfx_tty_write+0x10/0x10 [ 429.815459][T14274] ? __pfx_vfs_write+0x10/0x10 [ 429.815472][T14274] ? find_held_lock+0x2b/0x80 [ 429.815492][T14274] ksys_write+0x12a/0x250 [ 429.815507][T14274] ? __pfx_ksys_write+0x10/0x10 [ 429.815523][T14274] ? rcu_is_watching+0x12/0xc0 [ 429.815537][T14274] __do_fast_syscall_32+0x7c/0x3a0 [ 429.815556][T14274] do_fast_syscall_32+0x32/0x80 [ 429.815573][T14274] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 429.815586][T14274] RIP: 0023:0xf7f63579 [ 429.815595][T14274] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 429.815606][T14274] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 429.815616][T14274] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040 [ 429.815623][T14274] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000 [ 429.815628][T14274] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 429.815634][T14274] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 429.815640][T14274] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 429.815653][T14274] [ 429.879485][ C3] cm109 10-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 429.880068][ T6920] usb 10-1: USB disconnect, device number 33 [ 429.882100][ C3] cm109 10-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 429.891042][ T6920] cm109 10-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 429.916576][ C2] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 429.917157][ T6689] usb 5-1: USB disconnect, device number 17 [ 429.918795][ C2] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 429.925171][ T6689] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 430.416924][T14283] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1760'. [ 430.459988][T14283] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1760'. [ 430.689546][ C2] hpet: Lost 1 RTC interrupts [ 430.943680][T14294] lo speed is unknown, defaulting to 1000 [ 430.948022][T14294] lo speed is unknown, defaulting to 1000 [ 431.920182][T14323] FAULT_INJECTION: forcing a failure. [ 431.920182][T14323] name failslab, interval 1, probability 0, space 0, times 0 [ 431.926715][T14323] CPU: 3 UID: 0 PID: 14323 Comm: syz.0.1766 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 431.926743][T14323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 431.926755][T14323] Call Trace: [ 431.926761][T14323] [ 431.926769][T14323] dump_stack_lvl+0x16c/0x1f0 [ 431.926804][T14323] should_fail_ex+0x512/0x640 [ 431.926831][T14323] ? fs_reclaim_acquire+0xae/0x150 [ 431.926856][T14323] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 431.926881][T14323] should_failslab+0xc2/0x120 [ 431.926900][T14323] __kmalloc_noprof+0xd2/0x510 [ 431.926933][T14323] tomoyo_realpath_from_path+0xc2/0x6e0 [ 431.926962][T14323] ? tomoyo_profile+0x47/0x60 [ 431.926993][T14323] tomoyo_path_number_perm+0x245/0x580 [ 431.927014][T14323] ? tomoyo_path_number_perm+0x237/0x580 [ 431.927037][T14323] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 431.927089][T14323] ? find_held_lock+0x2b/0x80 [ 431.927108][T14323] ? hook_file_ioctl_common+0x145/0x410 [ 431.927136][T14323] ? __fget_files+0x20e/0x3c0 [ 431.927160][T14323] ? __fput_deferred+0x440/0x480 [ 431.927184][T14323] security_file_ioctl_compat+0x9b/0x240 [ 431.927210][T14323] __ia32_compat_sys_ioctl+0xc3/0x370 [ 431.927255][T14323] __do_fast_syscall_32+0x7c/0x3a0 [ 431.927287][T14323] do_fast_syscall_32+0x32/0x80 [ 431.927317][T14323] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 431.927340][T14323] RIP: 0023:0xf70de579 [ 431.927355][T14323] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 431.927373][T14323] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 431.927391][T14323] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 431.927403][T14323] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 431.927414][T14323] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 431.927424][T14323] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 431.927436][T14323] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 431.927462][T14323] [ 431.927549][T14323] ERROR: Out of memory at tomoyo_realpath_from_path. [ 432.326085][T14336] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 432.547542][T14344] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1773'. [ 432.618069][T14344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1773'. [ 433.048089][ T6581] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 433.199449][ T6581] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 433.203681][ T6581] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 433.208544][ T6581] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 433.211665][ T6581] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.216595][ T6581] usb 7-1: config 0 descriptor?? [ 433.435946][T14354] FAULT_INJECTION: forcing a failure. [ 433.435946][T14354] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 433.443109][T14354] CPU: 2 UID: 0 PID: 14354 Comm: syz.5.1776 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 433.443133][T14354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 433.443143][T14354] Call Trace: [ 433.443149][T14354] [ 433.443156][T14354] dump_stack_lvl+0x16c/0x1f0 [ 433.443187][T14354] should_fail_ex+0x512/0x640 [ 433.443231][T14354] _copy_from_user+0x2e/0xd0 [ 433.443257][T14354] do_compat_fcntl64+0x2cd/0x710 [ 433.443272][T14354] ? __pfx_do_compat_fcntl64+0x10/0x10 [ 433.443285][T14354] ? fput+0x70/0xf0 [ 433.443295][T14354] ? ksys_write+0x1ac/0x250 [ 433.443313][T14354] ? rcu_is_watching+0x12/0xc0 [ 433.443327][T14354] __do_fast_syscall_32+0x7c/0x3a0 [ 433.443345][T14354] do_fast_syscall_32+0x32/0x80 [ 433.443362][T14354] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 433.443377][T14354] RIP: 0023:0xf7f63579 [ 433.443386][T14354] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 433.443402][T14354] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000037 [ 433.443414][T14354] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000026 [ 433.443421][T14354] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 433.443427][T14354] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 433.443433][T14354] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 433.443439][T14354] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 433.443453][T14354] [ 433.499760][ C2] hpet: Lost 2 RTC interrupts [ 433.752046][ T6581] usb 7-1: string descriptor 0 read error: -71 [ 433.757420][ T6581] usb 7-1: USB disconnect, device number 47 [ 434.309561][ T40] audit: type=1804 audit(1751538184.343:194): pid=14369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1779" name="/newroot/429/file0" dev="tmpfs" ino=2294 res=1 errno=0 [ 434.736055][ T6689] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 434.918095][ T6689] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 434.922760][ T6689] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 434.927997][ T6689] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 434.932578][ T6689] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 434.940039][ T6689] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.947259][T14374] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 434.963268][ T6689] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 435.284574][T14387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1784'. [ 435.343512][T14390] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1784'. [ 436.185675][ T6689] usb 7-1: new high-speed USB device number 48 using dummy_hcd [ 436.357875][ T6689] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 436.361603][ T6689] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.364884][ T6689] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 436.383545][ T6689] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 436.394156][ T6689] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.404827][ T6689] usb 7-1: config 0 descriptor?? [ 437.051894][ T6689] plantronics 0003:047F:FFFF.0022: reserved main item tag 0xd [ 437.058504][ T6689] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 437.066218][ T6689] usb 7-1: USB disconnect, device number 48 [ 437.119707][T14407] fido_id[14407]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb7/report_descriptor': No such file or directory [ 437.381472][T14408] Process accounting resumed [ 437.635629][ T6920] usb 6-1: USB disconnect, device number 25 [ 437.756558][T14427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1795'. [ 437.801043][T14427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1795'. [ 438.443125][T14444] FAULT_INJECTION: forcing a failure. [ 438.443125][T14444] name failslab, interval 1, probability 0, space 0, times 0 [ 438.447674][T14444] CPU: 0 UID: 0 PID: 14444 Comm: syz.1.1799 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 438.447701][T14444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 438.447714][T14444] Call Trace: [ 438.447722][T14444] [ 438.447732][T14444] dump_stack_lvl+0x16c/0x1f0 [ 438.447769][T14444] should_fail_ex+0x512/0x640 [ 438.447798][T14444] ? fs_reclaim_acquire+0xae/0x150 [ 438.447824][T14444] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 438.447850][T14444] should_failslab+0xc2/0x120 [ 438.447871][T14444] __kmalloc_noprof+0xd2/0x510 [ 438.447906][T14444] tomoyo_realpath_from_path+0xc2/0x6e0 [ 438.447937][T14444] ? tomoyo_profile+0x47/0x60 [ 438.448057][T14444] tomoyo_path_number_perm+0x245/0x580 [ 438.448084][T14444] ? tomoyo_path_number_perm+0x237/0x580 [ 438.448116][T14444] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 438.448158][T14444] ? find_held_lock+0x2b/0x80 [ 438.448173][T14444] ? hook_file_ioctl_common+0x145/0x410 [ 438.448201][T14444] ? __fget_files+0x20e/0x3c0 [ 438.448227][T14444] ? __fput_deferred+0x440/0x480 [ 438.448253][T14444] security_file_ioctl_compat+0x9b/0x240 [ 438.448276][T14444] __ia32_compat_sys_ioctl+0xc3/0x370 [ 438.448295][T14444] __do_fast_syscall_32+0x7c/0x3a0 [ 438.448318][T14444] do_fast_syscall_32+0x32/0x80 [ 438.448339][T14444] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 438.448360][T14444] RIP: 0023:0xf70be579 [ 438.448384][T14444] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 438.448401][T14444] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 438.448419][T14444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c038563c [ 438.448433][T14444] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 438.448445][T14444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 438.448457][T14444] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 438.448469][T14444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 438.448492][T14444] [ 438.448499][T14444] ERROR: Out of memory at tomoyo_realpath_from_path. [ 438.570888][T14447] fuse: Bad value for 'group_id' [ 438.572399][T14447] fuse: Bad value for 'group_id' [ 439.095784][ T6581] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 439.185728][ T5994] usb 10-1: new high-speed USB device number 34 using dummy_hcd [ 439.387526][ C2] hpet: Lost 3 RTC interrupts [ 439.603639][ T5994] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 439.604192][ T6581] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.608888][ T5994] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 439.609370][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.612987][ T6581] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.623445][ T6581] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 439.628946][ T6581] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 439.632605][ T6581] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.638398][ T6581] usb 6-1: config 0 descriptor?? [ 439.854423][ T5994] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 439.861177][ T5994] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 439.864295][ T5994] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.869756][T14457] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 439.876179][ T5994] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 439.920428][T14470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1807'. [ 439.923766][T14470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1807'. [ 439.982219][T14473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1807'. [ 440.058296][ T6581] plantronics 0003:047F:FFFF.0023: reserved main item tag 0xd [ 440.069385][ T6581] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 440.114415][T14480] FAULT_INJECTION: forcing a failure. [ 440.114415][T14480] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 440.120417][T14480] CPU: 3 UID: 0 PID: 14480 Comm: syz.0.1810 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 440.120436][T14480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 440.120444][T14480] Call Trace: [ 440.120449][T14480] [ 440.120454][T14480] dump_stack_lvl+0x16c/0x1f0 [ 440.120477][T14480] should_fail_ex+0x512/0x640 [ 440.120497][T14480] _copy_from_user+0x2e/0xd0 [ 440.120517][T14480] move_addr_to_kernel+0x65/0x170 [ 440.120534][T14480] __sys_sendto+0x1be/0x520 [ 440.120551][T14480] ? __pfx___sys_sendto+0x10/0x10 [ 440.120581][T14480] ? ksys_write+0x1ac/0x250 [ 440.120602][T14480] ? __pfx_ksys_write+0x10/0x10 [ 440.120621][T14480] __ia32_sys_sendto+0xdd/0x1b0 [ 440.120637][T14480] ? lockdep_hardirqs_on+0x7c/0x110 [ 440.120655][T14480] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 440.120675][T14480] __do_fast_syscall_32+0x7c/0x3a0 [ 440.120695][T14480] do_fast_syscall_32+0x32/0x80 [ 440.120714][T14480] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 440.120730][T14480] RIP: 0023:0xf70de579 [ 440.120741][T14480] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 440.120753][T14480] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 440.120765][T14480] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 440.120773][T14480] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000080000100 [ 440.120780][T14480] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 440.120787][T14480] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 440.120794][T14480] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 440.120809][T14480] [ 440.308570][ T6581] usb 6-1: USB disconnect, device number 26 [ 442.055231][ T6920] usb 10-1: USB disconnect, device number 34 [ 442.220947][T14511] FAULT_INJECTION: forcing a failure. [ 442.220947][T14511] name failslab, interval 1, probability 0, space 0, times 0 [ 442.225129][T14511] CPU: 1 UID: 0 PID: 14511 Comm: syz.0.1824 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 442.225145][T14511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 442.225152][T14511] Call Trace: [ 442.225156][T14511] [ 442.225161][T14511] dump_stack_lvl+0x16c/0x1f0 [ 442.225182][T14511] should_fail_ex+0x512/0x640 [ 442.225200][T14511] should_failslab+0xc2/0x120 [ 442.225212][T14511] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 442.225228][T14511] ? __lock_acquire+0x622/0x1c90 [ 442.225242][T14511] ? dst_alloc+0x99/0x1a0 [ 442.225260][T14511] dst_alloc+0x99/0x1a0 [ 442.225276][T14511] rt_dst_alloc+0x35/0x3a0 [ 442.225292][T14511] ip_route_output_key_hash_rcu+0x87a/0x28f0 [ 442.225312][T14511] ip_route_output_key_hash+0x137/0x2e0 [ 442.225328][T14511] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 442.225348][T14511] ? find_held_lock+0x2b/0x80 [ 442.225360][T14511] ip_route_output_flow+0x27/0x150 [ 442.225376][T14511] udp_sendmsg+0x1bdd/0x29f0 [ 442.225390][T14511] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 442.225409][T14511] ? __pfx_udp_sendmsg+0x10/0x10 [ 442.225420][T14511] ? get_page_from_freelist+0x1321/0x3890 [ 442.225443][T14511] ? trace_mm_page_alloc+0x11f/0x1a0 [ 442.225455][T14511] ? __pfx___might_resched+0x10/0x10 [ 442.225465][T14511] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 442.225483][T14511] ? aa_sk_perm+0x2f4/0xb10 [ 442.225514][T14511] ? __pfx_udp_sendmsg+0x10/0x10 [ 442.225527][T14511] inet_sendmsg+0x105/0x140 [ 442.225543][T14511] sock_write_iter+0x4aa/0x5b0 [ 442.225556][T14511] ? __pfx_sock_write_iter+0x10/0x10 [ 442.225574][T14511] ? __lock_acquire+0x622/0x1c90 [ 442.225589][T14511] do_iter_readv_writev+0x657/0x950 [ 442.225605][T14511] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 442.225621][T14511] ? bpf_lsm_file_permission+0x9/0x10 [ 442.225632][T14511] ? security_file_permission+0x71/0x210 [ 442.225647][T14511] ? rw_verify_area+0xcf/0x680 [ 442.225661][T14511] vfs_writev+0x35f/0xde0 [ 442.225678][T14511] ? __pfx_vfs_writev+0x10/0x10 [ 442.225692][T14511] ? find_held_lock+0x2b/0x80 [ 442.225711][T14511] ? __fget_files+0x20e/0x3c0 [ 442.225724][T14511] ? __fget_files+0x140/0x3c0 [ 442.225740][T14511] ? do_writev+0x28c/0x340 [ 442.225753][T14511] do_writev+0x28c/0x340 [ 442.225766][T14511] ? __pfx_do_writev+0x10/0x10 [ 442.225781][T14511] ? rcu_is_watching+0x12/0xc0 [ 442.225794][T14511] __do_fast_syscall_32+0x7c/0x3a0 [ 442.225811][T14511] do_fast_syscall_32+0x32/0x80 [ 442.225828][T14511] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 442.225842][T14511] RIP: 0023:0xf70de579 [ 442.225851][T14511] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 442.225861][T14511] RSP: 002b:00000000f50ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 442.225872][T14511] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800008c0 [ 442.225879][T14511] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 442.225885][T14511] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 442.225892][T14511] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 442.225898][T14511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 442.225911][T14511] [ 442.428087][T14516] FAULT_INJECTION: forcing a failure. [ 442.428087][T14516] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 442.448136][T14516] CPU: 0 UID: 0 PID: 14516 Comm: syz.2.1818 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 442.448154][T14516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 442.448162][T14516] Call Trace: [ 442.448166][T14516] [ 442.448171][T14516] dump_stack_lvl+0x16c/0x1f0 [ 442.448190][T14516] should_fail_ex+0x512/0x640 [ 442.448208][T14516] _copy_from_user+0x2e/0xd0 [ 442.448225][T14516] get_compat_msghdr+0xa7/0x170 [ 442.448243][T14516] ? __pfx_get_compat_msghdr+0x10/0x10 [ 442.448265][T14516] ___sys_sendmsg+0x1ae/0x1d0 [ 442.448282][T14516] ? __pfx____sys_sendmsg+0x10/0x10 [ 442.448305][T14516] ? find_held_lock+0x2b/0x80 [ 442.448333][T14516] __sys_sendmsg+0x16d/0x220 [ 442.448355][T14516] ? __pfx___sys_sendmsg+0x10/0x10 [ 442.448388][T14516] ? rcu_is_watching+0x12/0xc0 [ 442.448401][T14516] __do_fast_syscall_32+0x7c/0x3a0 [ 442.448419][T14516] do_fast_syscall_32+0x32/0x80 [ 442.448436][T14516] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 442.448450][T14516] RIP: 0023:0xf7fd4579 [ 442.448459][T14516] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 442.448470][T14516] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 442.448481][T14516] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 442.448488][T14516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 442.448495][T14516] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 442.448501][T14516] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 442.448507][T14516] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 442.448520][T14516] [ 442.851239][ T6920] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 442.884495][T14527] lo speed is unknown, defaulting to 1000 [ 442.890177][T14527] lo speed is unknown, defaulting to 1000 [ 443.253262][ T6920] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 443.256896][ T6920] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 443.261227][ T6920] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 443.264284][ T6920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.285034][ T6920] usb 7-1: config 0 descriptor?? [ 443.291577][ T6920] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 444.393725][T14552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1827'. [ 444.455770][ T6581] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 444.607389][ T6581] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 444.611785][ T6581] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 444.616783][ T6581] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 444.621138][ T6581] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 444.625357][ T6581] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.631813][T14550] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 444.638016][ T6581] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 445.309555][T14564] syzkaller1: entered promiscuous mode [ 445.311840][T14564] syzkaller1: entered allmulticast mode [ 445.355272][T14566] FAULT_INJECTION: forcing a failure. [ 445.355272][T14566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 445.359877][T14566] CPU: 1 UID: 0 PID: 14566 Comm: syz.0.1831 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 445.359896][T14566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 445.359905][T14566] Call Trace: [ 445.359910][T14566] [ 445.359917][T14566] dump_stack_lvl+0x16c/0x1f0 [ 445.359941][T14566] should_fail_ex+0x512/0x640 [ 445.359962][T14566] _copy_to_user+0x32/0xd0 [ 445.359983][T14566] simple_read_from_buffer+0xcb/0x170 [ 445.360001][T14566] proc_fail_nth_read+0x197/0x270 [ 445.360017][T14566] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 445.360033][T14566] ? rw_verify_area+0xcf/0x680 [ 445.360048][T14566] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 445.360062][T14566] vfs_read+0x1e4/0xc60 [ 445.360080][T14566] ? fdget_pos+0x2a2/0x370 [ 445.360099][T14566] ? __pfx_vfs_read+0x10/0x10 [ 445.360114][T14566] ? find_held_lock+0x2b/0x80 [ 445.360131][T14566] ? __fget_files+0x20e/0x3c0 [ 445.360153][T14566] ksys_read+0x12a/0x250 [ 445.360170][T14566] ? __pfx_ksys_read+0x10/0x10 [ 445.360188][T14566] ? rcu_is_watching+0x12/0xc0 [ 445.360204][T14566] __do_fast_syscall_32+0x7c/0x3a0 [ 445.360225][T14566] do_fast_syscall_32+0x32/0x80 [ 445.360244][T14566] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 445.360261][T14566] RIP: 0023:0xf70de579 [ 445.360271][T14566] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 445.360284][T14566] RSP: 002b:00000000f50ce590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 445.360297][T14566] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50ce620 [ 445.360305][T14566] RDX: 000000000000000f RSI: 00000000f7443ff4 RDI: 0000000000000000 [ 445.360312][T14566] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 445.360319][T14566] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 445.360326][T14566] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 445.360342][T14566] [ 445.452406][T14568] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1832'. [ 445.569119][ T6920] usb 7-1: USB disconnect, device number 49 [ 446.255646][ T6581] usb 10-1: new high-speed USB device number 35 using dummy_hcd [ 446.425857][ T6581] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 446.435800][ T6581] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 446.445574][ T6581] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 446.460663][ T6581] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 446.465609][ T6581] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.468653][ T6581] usb 10-1: Product: syz [ 446.470013][ T6581] usb 10-1: Manufacturer: syz [ 446.484380][ T6581] usb 10-1: SerialNumber: syz [ 446.706718][ T6581] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 35 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 446.916883][T14575] cgroup: none used incorrectly [ 446.929821][ T6581] usb 10-1: USB disconnect, device number 35 [ 446.933336][ T6581] usblp0: removed [ 447.097317][T14595] lo speed is unknown, defaulting to 1000 [ 447.100812][T14595] lo speed is unknown, defaulting to 1000 [ 447.263165][ T6920] usb 6-1: USB disconnect, device number 27 [ 447.546856][T14604] sp0: Synchronizing with TNC [ 447.552663][T14604] sp0: Found TNC [ 447.613368][T14605] lo speed is unknown, defaulting to 1000 [ 447.618705][T14605] lo speed is unknown, defaulting to 1000 [ 447.988410][ T5994] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 448.146330][ T5994] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 448.150404][ T5994] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 448.155287][ T5994] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 448.175659][ T5994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.180411][ T5994] usb 5-1: config 0 descriptor?? [ 448.187765][ T5994] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 448.819176][T14621] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1843'. [ 450.904026][ T6689] usb 5-1: USB disconnect, device number 18 [ 451.492189][T14661] lo speed is unknown, defaulting to 1000 [ 451.504565][T14661] lo speed is unknown, defaulting to 1000 [ 451.585673][T14651] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1848'. [ 451.589025][T14651] netlink: 'syz.2.1848': attribute type 5 has an invalid length. [ 451.591599][T14651] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1848'. [ 451.629773][T14651] netdevsim netdevsim2 : set [1, 0] type 2 family 0 port 256 - 0 [ 451.638146][T14651] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 451.644132][T14651] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 451.656824][T14651] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 451.668983][T14651] geneve2: entered promiscuous mode [ 451.670974][T14651] geneve2: entered allmulticast mode [ 453.518970][T14686] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 453.521497][T14686] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 453.524318][T14686] vhci_hcd vhci_hcd.0: Device attached [ 453.600746][T14688] vhci_hcd: connection closed [ 453.601393][T12874] vhci_hcd: stop threads [ 453.610631][T12874] vhci_hcd: release socket [ 453.614857][T12874] vhci_hcd: disconnect device [ 453.635021][T14691] FAT-fs (nullb0): bogus number of reserved sectors [ 453.638149][T14691] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 454.145732][ T6689] usb 10-1: new high-speed USB device number 36 using dummy_hcd [ 454.308850][ T6689] usb 10-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 454.312329][ T6689] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 454.329065][ T6689] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 454.331855][ T6689] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.340284][ T6689] usb 10-1: config 0 descriptor?? [ 454.344241][ T6689] usbhid 10-1:0.0: couldn't find an input interrupt endpoint [ 455.061196][T14711] lo speed is unknown, defaulting to 1000 [ 455.064375][T14711] lo speed is unknown, defaulting to 1000 [ 455.242586][T14711] lo speed is unknown, defaulting to 1000 [ 455.247646][T14711] lo speed is unknown, defaulting to 1000 [ 455.469007][T14711] lo speed is unknown, defaulting to 1000 [ 455.473532][T14711] lo speed is unknown, defaulting to 1000 [ 455.644932][T14711] lo speed is unknown, defaulting to 1000 [ 455.650368][T14711] lo speed is unknown, defaulting to 1000 [ 455.845046][T14711] lo speed is unknown, defaulting to 1000 [ 455.872072][T14711] lo speed is unknown, defaulting to 1000 [ 455.922640][T14730] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1861'. [ 456.952353][ T5994] usb 10-1: USB disconnect, device number 36 [ 458.091602][T14763] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1869'. [ 458.143987][T14763] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1869'. [ 458.324232][T14771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1872'. [ 458.436769][T14776] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1872'. [ 459.195621][ T59] usb 10-1: new high-speed USB device number 37 using dummy_hcd [ 459.338942][T14797] lo speed is unknown, defaulting to 1000 [ 459.346599][T14797] lo speed is unknown, defaulting to 1000 [ 459.447141][ T59] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 459.559264][ T59] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 459.563586][ T59] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 459.594449][ T59] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.015592][ T6920] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 460.028011][ T59] usb 10-1: config 0 descriptor?? [ 460.179925][ T6920] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 460.183024][ T6920] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 460.207577][ T6920] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 460.222189][ T6920] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 460.227487][ T6920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.237503][ T6920] usb 5-1: Product: syz [ 460.276850][ T6920] usb 5-1: Manufacturer: syz [ 460.278619][ T6920] usb 5-1: SerialNumber: syz [ 460.467963][ T59] usbhid 10-1:0.0: couldn't find an input interrupt endpoint [ 460.510681][ T6920] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 460.706697][T14801] cgroup: none used incorrectly [ 460.726865][ T6689] usb 5-1: USB disconnect, device number 19 [ 460.737784][ T6689] usblp0: removed [ 462.682694][ T59] usb 10-1: USB disconnect, device number 37 [ 463.378655][ T40] audit: type=1326 audit(1751538213.413:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.386597][ T40] audit: type=1326 audit(1751538213.413:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.393626][ T40] audit: type=1326 audit(1751538213.413:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.404261][ T40] audit: type=1326 audit(1751538213.413:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.411917][ T40] audit: type=1326 audit(1751538213.423:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.420733][ T40] audit: type=1326 audit(1751538213.423:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.428801][ T40] audit: type=1326 audit(1751538213.423:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.438214][ T40] audit: type=1326 audit(1751538213.423:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.445440][ T40] audit: type=1326 audit(1751538213.423:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=425 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.455857][ T40] audit: type=1326 audit(1751538213.423:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14832 comm="syz.1.1883" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 463.919592][T14829] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1882'. [ 463.929155][T14829] netlink: 'syz.5.1882': attribute type 5 has an invalid length. [ 463.950334][T14829] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1882'. [ 464.226769][T14829] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 464.229835][T14829] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 464.233008][T14829] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 464.285754][T14829] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 464.303530][T14847] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1886'. [ 464.306160][T14829] geneve2: entered promiscuous mode [ 464.309631][T14829] geneve2: entered allmulticast mode [ 464.315798][T14845] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1886'. [ 464.321245][T14845] netlink: 31 bytes leftover after parsing attributes in process `syz.0.1886'. [ 464.691337][T14852] lo speed is unknown, defaulting to 1000 [ 464.698378][T14852] lo speed is unknown, defaulting to 1000 [ 465.405593][ T5994] usb 7-1: new high-speed USB device number 50 using dummy_hcd [ 465.505798][ T6689] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 465.575865][ T5994] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 465.579102][ T5994] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 465.582782][ T5994] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 465.607449][ T5994] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 465.610310][ T5994] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.612855][ T5994] usb 7-1: Product: syz [ 465.614264][ T5994] usb 7-1: Manufacturer: syz [ 465.625599][ T5994] usb 7-1: SerialNumber: syz [ 465.695196][ T6689] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 465.700333][ T6689] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 465.706194][ T6689] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 465.714937][ T6689] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.727858][ T6920] kernel read not supported for file /dsp1 (pid: 6920 comm: kworker/1:6) [ 465.729755][ T6689] usb 6-1: config 0 descriptor?? [ 465.757366][ T6689] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 465.845812][ T5994] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 50 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 466.051714][T14858] cgroup: none used incorrectly [ 466.066410][ T6689] usb 7-1: USB disconnect, device number 50 [ 466.075701][ T6689] usblp0: removed [ 466.406875][T14875] overlay: Unknown parameter 'fscontext' [ 466.666171][T12873] Bluetooth: hci4: Frame reassembly failed (-84) [ 466.872293][T14886] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1898'. [ 467.735635][ T6581] usb 10-1: new high-speed USB device number 38 using dummy_hcd [ 467.907458][ T6581] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 467.911482][ T6581] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 467.914637][ T6581] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 467.919283][ T6581] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 467.922296][ T6581] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.927144][ T6581] usb 10-1: config 0 descriptor?? [ 468.252555][ T6920] usb 6-1: USB disconnect, device number 28 [ 468.382354][ T6581] plantronics 0003:047F:FFFF.0024: reserved main item tag 0xd [ 468.402376][ T6581] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 468.667675][ T5994] usb 10-1: USB disconnect, device number 38 [ 468.685678][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 468.685768][ T63] Bluetooth: hci4: command 0x1003 tx timeout [ 468.948602][T14899] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1900'. [ 468.960866][T14899] netlink: 'syz.1.1900': attribute type 5 has an invalid length. [ 468.977572][T14899] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1900'. [ 469.026976][T14899] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 469.035594][T14899] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 469.044985][T14899] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 469.054164][T14899] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 469.063477][T14899] geneve2: entered promiscuous mode [ 469.068365][T14899] geneve2: entered allmulticast mode [ 469.469818][T14923] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1907'. [ 470.115675][ T5994] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 470.277181][T14933] FAULT_INJECTION: forcing a failure. [ 470.277181][T14933] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 470.281485][T14933] CPU: 1 UID: 0 PID: 14933 Comm: syz.5.1910 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 470.281503][T14933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 470.281511][T14933] Call Trace: [ 470.281516][T14933] [ 470.281521][T14933] dump_stack_lvl+0x16c/0x1f0 [ 470.281544][T14933] should_fail_ex+0x512/0x640 [ 470.281566][T14933] _copy_from_user+0x2e/0xd0 [ 470.281585][T14933] get_compat_msghdr+0xa7/0x170 [ 470.281605][T14933] ? __pfx_get_compat_msghdr+0x10/0x10 [ 470.281630][T14933] ___sys_sendmsg+0x1ae/0x1d0 [ 470.281649][T14933] ? __pfx____sys_sendmsg+0x10/0x10 [ 470.281675][T14933] ? find_held_lock+0x2b/0x80 [ 470.281697][T14933] __sys_sendmsg+0x16d/0x220 [ 470.281716][T14933] ? __pfx___sys_sendmsg+0x10/0x10 [ 470.281740][T14933] ? rcu_is_watching+0x12/0xc0 [ 470.281755][T14933] __do_fast_syscall_32+0x7c/0x3a0 [ 470.281775][T14933] do_fast_syscall_32+0x32/0x80 [ 470.281794][T14933] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 470.281810][T14933] RIP: 0023:0xf7f63579 [ 470.281819][T14933] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 470.281831][T14933] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 470.281843][T14933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 470.281851][T14933] RDX: 00000000000488c2 RSI: 0000000000000000 RDI: 0000000000000000 [ 470.281858][T14933] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 470.281865][T14933] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 470.281890][T14933] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 470.281906][T14933] [ 470.284020][ T5994] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 470.328608][T14935] overlay: Unknown parameter 'fscontext' [ 470.391499][T14939] fuse: Bad value for 'fd' [ 470.436141][T14941] syzkaller1: entered promiscuous mode [ 470.438314][T14941] syzkaller1: entered allmulticast mode [ 470.500523][ T5994] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 470.505452][ T5994] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 470.509408][ T5994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.513754][ T5994] usb 5-1: config 0 descriptor?? [ 470.531718][ T5994] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 470.659772][T14951] lo speed is unknown, defaulting to 1000 [ 470.663586][T14951] lo speed is unknown, defaulting to 1000 [ 471.935589][ T6689] usb 10-1: new high-speed USB device number 39 using dummy_hcd [ 472.041027][T14972] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 472.043107][T14972] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 472.055199][T14972] vhci_hcd vhci_hcd.0: Device attached [ 472.077723][T14973] vhci_hcd: connection closed [ 472.085658][T12872] vhci_hcd: stop threads [ 472.088549][T12872] vhci_hcd: release socket [ 472.089965][T12872] vhci_hcd: disconnect device [ 472.118716][ T6689] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 472.122022][ T6689] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 472.125027][ T6689] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 472.147877][ T6689] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 472.150744][ T6689] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.154733][ T6689] usb 10-1: Product: syz [ 472.160745][ T6689] usb 10-1: Manufacturer: syz [ 472.167424][ T6689] usb 10-1: SerialNumber: syz [ 472.396595][ T6689] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 39 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 472.588046][T14965] cgroup: none used incorrectly [ 472.599135][ T6689] usb 10-1: USB disconnect, device number 39 [ 472.602464][ T6689] usblp0: removed [ 472.817091][T14987] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1926'. [ 472.849686][ T5994] usb 5-1: USB disconnect, device number 20 [ 473.348605][T14998] lo speed is unknown, defaulting to 1000 [ 473.358086][T14998] lo speed is unknown, defaulting to 1000 [ 474.685631][ T6689] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 474.900404][ T6689] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 474.904210][ T6689] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 474.907620][ T6689] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 474.912248][ T6689] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 474.916880][ T6689] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.945850][ T6689] usb 5-1: config 0 descriptor?? [ 475.183176][T15019] lo speed is unknown, defaulting to 1000 [ 475.187115][T15019] lo speed is unknown, defaulting to 1000 [ 475.414856][ T6689] plantronics 0003:047F:FFFF.0025: reserved main item tag 0xd [ 475.525781][ T6689] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 475.630614][ T5994] usb 5-1: USB disconnect, device number 21 [ 475.855696][ T6581] usb 7-1: new high-speed USB device number 51 using dummy_hcd [ 475.985658][ T34] usb 10-1: new high-speed USB device number 40 using dummy_hcd [ 476.028222][ T6581] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 476.033610][ T6581] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 476.040166][ T6581] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 476.044000][ T6581] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.052672][ T6581] usb 7-1: config 0 descriptor?? [ 476.059995][ T6581] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 476.156627][ T34] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 476.160548][ T34] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 476.164305][ T34] usb 10-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 476.174506][ T34] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 476.177525][ T34] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.180777][ T34] usb 10-1: Product: syz [ 476.182366][ T34] usb 10-1: Manufacturer: syz [ 476.184125][ T34] usb 10-1: SerialNumber: syz [ 476.209636][T15032] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1937'. [ 476.414576][ T34] usblp 10-1:1.0: usblp0: USB Unidirectional printer dev 40 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 476.605768][T15029] cgroup: none used incorrectly [ 476.618898][ T34] usb 10-1: USB disconnect, device number 40 [ 476.634506][ T34] usblp0: removed [ 477.127861][T15054] lo speed is unknown, defaulting to 1000 [ 477.132202][T15054] lo speed is unknown, defaulting to 1000 [ 477.182174][T15057] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1941'. [ 478.235598][ T6920] kernel read not supported for file /dsp1 (pid: 6920 comm: kworker/1:6) [ 478.384813][T15068] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1944'. [ 478.614961][ T6689] usb 7-1: USB disconnect, device number 51 [ 478.627888][ T6920] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 478.809867][ T6920] usb 5-1: not running at top speed; connect to a high speed hub [ 478.819074][ T6920] usb 5-1: config 6 has an invalid interface number: 138 but max is 0 [ 478.839754][ T6920] usb 5-1: config 6 has no interface number 0 [ 478.846175][ T6920] usb 5-1: config 6 interface 138 altsetting 1 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 478.865741][ T6920] usb 5-1: config 6 interface 138 altsetting 1 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 478.876315][ T6920] usb 5-1: config 6 interface 138 altsetting 1 endpoint 0xC has invalid maxpacket 512, setting to 64 [ 478.887857][ T6920] usb 5-1: config 6 interface 138 altsetting 1 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 478.895151][ T6920] usb 5-1: config 6 interface 138 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 478.905217][ T6920] usb 5-1: config 6 interface 138 altsetting 1 has a duplicate endpoint with address 0x6, skipping [ 478.912410][ T6920] usb 5-1: config 6 interface 138 has no altsetting 0 [ 478.920422][ T6920] usb 5-1: Dual-Role OTG device on HNP port [ 478.922663][ T6920] usb 5-1: New USB device found, idVendor=1410, idProduct=a021, bcdDevice=f2.da [ 478.927990][ T6920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.934043][ T6920] usb 5-1: Product: 꼺缚縢㣞鰵⺝⠑컸ῗ⍅勤▆ﱲ꾷穧ಅ㔅썴lꮪ೹뉳걇። [ 478.947865][ T6920] usb 5-1: Manufacturer: А [ 478.952819][ T6920] usb 5-1: SerialNumber: ᠊ [ 479.152023][T15078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1946'. [ 479.213082][T15083] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1946'. [ 479.318669][ T6920] usb 5-1: USB disconnect, device number 22 [ 479.359667][ T40] kauditd_printk_skb: 7 callbacks suppressed [ 479.359680][ T40] audit: type=1326 audit(1751538229.383:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.2.1945" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd4579 code=0x0 [ 479.370532][T15086] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1947'. [ 480.125597][ T5851] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 480.307240][ T5851] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 480.310364][ T5851] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 480.313980][ T5851] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 480.428093][ T5851] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 480.430963][ T5851] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.433441][ T5851] usb 5-1: Product: syz [ 480.434752][ T5851] usb 5-1: Manufacturer: syz [ 480.440443][ T5851] usb 5-1: SerialNumber: syz [ 480.816395][ T5851] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 23 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 480.979387][T15094] cgroup: none used incorrectly [ 480.996485][ T6920] usb 5-1: USB disconnect, device number 23 [ 481.015262][ T6920] usblp0: removed [ 481.395603][ T5994] usb 7-1: new high-speed USB device number 52 using dummy_hcd [ 481.547091][ T5994] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 481.550766][ T5994] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 481.555043][ T5994] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 481.558416][ T5994] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.562710][ T5994] usb 7-1: config 0 descriptor?? [ 481.569659][ T5994] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 481.735202][T15110] lo speed is unknown, defaulting to 1000 [ 481.738654][T15110] lo speed is unknown, defaulting to 1000 [ 482.325625][ T5994] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 482.487391][ T5994] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.491385][ T5994] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.505606][ T5994] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 482.510611][ T5994] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 482.513953][ T5994] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.522488][ T5994] usb 6-1: config 0 descriptor?? [ 482.842290][T15137] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6) [ 482.844405][T15137] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 482.847323][T15137] vhci_hcd vhci_hcd.0: Device attached [ 482.860737][T15138] vhci_hcd: connection closed [ 482.861053][T12886] vhci_hcd: stop threads [ 482.864329][T12886] vhci_hcd: release socket [ 482.866535][T12886] vhci_hcd: disconnect device [ 482.942867][ T5994] plantronics 0003:047F:FFFF.0026: reserved main item tag 0xd [ 482.949630][ T5994] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 483.198041][ T5851] usb 6-1: USB disconnect, device number 29 [ 483.889619][T15148] ip6erspan0: entered promiscuous mode [ 484.206617][ T6920] usb 7-1: USB disconnect, device number 52 [ 484.475652][ T6581] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 484.629849][ T6581] usb 6-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 484.633532][ T6581] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 484.638609][ T6581] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 484.641565][ T6581] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.650780][ T6581] usb 6-1: config 0 descriptor?? [ 484.659215][ T6581] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 485.884508][T15183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1971'. [ 485.925668][ T5994] usb 10-1: new high-speed USB device number 41 using dummy_hcd [ 486.080523][ T5994] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 486.085218][ T5994] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 486.089444][ T5994] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 486.092717][ T5994] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 486.095745][ T5994] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.101243][T15173] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 486.106178][ T5994] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 486.745615][ T6581] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 486.908364][ T6581] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 486.913381][ T6581] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 486.917653][ T6581] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 486.923618][ T6581] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 486.928146][ T6581] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.933634][ T6581] usb 5-1: config 0 descriptor?? [ 487.260540][ T5994] usb 6-1: USB disconnect, device number 30 [ 487.343865][ T6581] plantronics 0003:047F:FFFF.0027: reserved main item tag 0xd [ 487.356710][ T6581] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 487.602183][ T6581] usb 5-1: USB disconnect, device number 24 [ 488.172519][T15208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1980'. [ 488.355283][T15212] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1981'. [ 488.700026][ T5851] usb 10-1: USB disconnect, device number 41 [ 489.257746][ T5851] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 489.417874][ T5851] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 489.428878][ T5851] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 489.437545][ T5851] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 489.447085][ T5851] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 489.453543][ T5851] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.458908][ T5851] usb 5-1: config 0 descriptor?? [ 489.478018][ T5851] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 489.535707][T15241] netlink: 184 bytes leftover after parsing attributes in process `syz.1.1987'. [ 489.726987][T15245] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1989'. [ 489.965089][T15251] 9pnet_fd: p9_fd_create_tcp (15251): problem binding to privport [ 490.745647][ T5994] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 490.948439][ T5994] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 490.952940][ T5994] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 490.959760][ T5994] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 490.972279][ T5994] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 490.981186][ T5994] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.984399][ T5994] usb 6-1: Product: syz [ 490.987619][ T5994] usb 6-1: Manufacturer: syz [ 490.989650][ T5994] usb 6-1: SerialNumber: syz [ 491.208449][ T5994] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 31 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 491.409818][T15265] cgroup: none used incorrectly [ 491.415028][ T5994] usb 6-1: USB disconnect, device number 31 [ 491.419183][ T5994] usblp0: removed [ 491.769841][T15283] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1999'. [ 491.773920][T15283] netlink: 'syz.5.1999': attribute type 1 has an invalid length. [ 491.776687][T15283] netlink: 16070 bytes leftover after parsing attributes in process `syz.5.1999'. [ 492.013068][ T6919] usb 5-1: USB disconnect, device number 25 [ 492.031504][T15290] ip6erspan0: entered promiscuous mode [ 492.059699][T15295] vti0: entered promiscuous mode [ 492.748706][T15311] pim6reg: entered allmulticast mode [ 492.835662][T15311] pim6reg: left allmulticast mode [ 494.285419][T15332] lo speed is unknown, defaulting to 1000 [ 494.293118][T15332] lo speed is unknown, defaulting to 1000 [ 494.609789][T15343] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2016'. [ 497.279399][T15403] FAULT_INJECTION: forcing a failure. [ 497.279399][T15403] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 497.284181][T15403] CPU: 0 UID: 0 PID: 15403 Comm: syz.5.2027 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 497.284201][T15403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 497.284209][T15403] Call Trace: [ 497.284214][T15403] [ 497.284220][T15403] dump_stack_lvl+0x16c/0x1f0 [ 497.284244][T15403] should_fail_ex+0x512/0x640 [ 497.284265][T15403] _copy_from_iter+0x29f/0x16f0 [ 497.284286][T15403] ? __alloc_skb+0x200/0x380 [ 497.284305][T15403] ? __pfx__copy_from_iter+0x10/0x10 [ 497.284331][T15403] netlink_sendmsg+0x829/0xdd0 [ 497.284348][T15403] ? __pfx_netlink_sendmsg+0x10/0x10 [ 497.284363][T15403] ? __import_iovec+0x1dd/0x650 [ 497.284385][T15403] ____sys_sendmsg+0xa98/0xc70 [ 497.284402][T15403] ? __pfx_____sys_sendmsg+0x10/0x10 [ 497.284415][T15403] ? get_compat_msghdr+0x11a/0x170 [ 497.284442][T15403] ___sys_sendmsg+0x134/0x1d0 [ 497.284462][T15403] ? __pfx____sys_sendmsg+0x10/0x10 [ 497.284494][T15403] ? find_held_lock+0x2b/0x80 [ 497.284518][T15403] __sys_sendmsg+0x16d/0x220 [ 497.284537][T15403] ? __pfx___sys_sendmsg+0x10/0x10 [ 497.284562][T15403] ? rcu_is_watching+0x12/0xc0 [ 497.284577][T15403] __do_fast_syscall_32+0x7c/0x3a0 [ 497.284599][T15403] do_fast_syscall_32+0x32/0x80 [ 497.284618][T15403] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 497.284635][T15403] RIP: 0023:0xf7f63579 [ 497.284645][T15403] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 497.284657][T15403] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 497.284669][T15403] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 497.284677][T15403] RDX: 0000000000004080 RSI: 0000000000000000 RDI: 0000000000000000 [ 497.284685][T15403] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 497.284692][T15403] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 497.284699][T15403] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 497.284715][T15403] [ 497.295319][T15405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2028'. [ 497.335627][ T6581] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 497.581460][T15419] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2030'. [ 497.584334][T15419] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2030'. [ 497.868369][ T6581] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 497.871984][ T6581] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 497.876427][ T6581] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 497.881409][ T6581] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 497.884414][ T6581] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.890227][T15398] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 497.895338][ T6581] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 499.487209][ T5994] usb 5-1: USB disconnect, device number 26 [ 500.602158][T15445] netlink: 140 bytes leftover after parsing attributes in process `syz.5.2039'. [ 500.635298][T15450] FAULT_INJECTION: forcing a failure. [ 500.635298][T15450] name failslab, interval 1, probability 0, space 0, times 0 [ 500.640613][T15450] CPU: 0 UID: 0 PID: 15450 Comm: syz.5.2041 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 500.640632][T15450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 500.640639][T15450] Call Trace: [ 500.640643][T15450] [ 500.640647][T15450] dump_stack_lvl+0x16c/0x1f0 [ 500.640668][T15450] should_fail_ex+0x512/0x640 [ 500.640684][T15450] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 500.640703][T15450] should_failslab+0xc2/0x120 [ 500.640714][T15450] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 500.640730][T15450] ? __alloc_skb+0x2b2/0x380 [ 500.640748][T15450] __alloc_skb+0x2b2/0x380 [ 500.640764][T15450] ? __pfx___alloc_skb+0x10/0x10 [ 500.640780][T15450] ? tcp_fastopen_active_should_disable+0xbf/0x2e0 [ 500.640794][T15450] ? __pfx_tcp_fastopen_active_should_disable+0x10/0x10 [ 500.640810][T15450] tcp_stream_alloc_skb+0x34/0x570 [ 500.640826][T15450] tcp_connect+0x1c50/0x5480 [ 500.640850][T15450] ? __pfx_tcp_connect+0x10/0x10 [ 500.640874][T15450] tcp_sendmsg_fastopen+0x4f6/0x750 [ 500.640891][T15450] tcp_sendmsg_locked+0x190d/0x4300 [ 500.640910][T15450] ? __lock_acquire+0xb8a/0x1c90 [ 500.640929][T15450] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 500.640945][T15450] ? do_raw_spin_lock+0x12c/0x2b0 [ 500.640962][T15450] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 500.640981][T15450] ? __local_bh_enable_ip+0xa4/0x120 [ 500.640996][T15450] tcp_sendmsg+0x2e/0x50 [ 500.641008][T15450] ? __pfx_tcp_sendmsg+0x10/0x10 [ 500.641022][T15450] inet6_sendmsg+0xb9/0x140 [ 500.641041][T15450] __sys_sendto+0x376/0x520 [ 500.641057][T15450] ? __pfx___sys_sendto+0x10/0x10 [ 500.641088][T15450] ? ksys_write+0x1ac/0x250 [ 500.641104][T15450] ? __pfx_ksys_write+0x10/0x10 [ 500.641120][T15450] __ia32_sys_sendto+0xdd/0x1b0 [ 500.641135][T15450] ? lockdep_hardirqs_on+0x7c/0x110 [ 500.641151][T15450] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 500.641168][T15450] __do_fast_syscall_32+0x7c/0x3a0 [ 500.641187][T15450] do_fast_syscall_32+0x32/0x80 [ 500.641203][T15450] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 500.641217][T15450] RIP: 0023:0xf7f63579 [ 500.641227][T15450] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 500.641238][T15450] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 500.641249][T15450] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 500.641255][T15450] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000 [ 500.641262][T15450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 500.641268][T15450] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 500.641275][T15450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 500.641288][T15450] [ 500.737821][ C0] vkms_vblank_simulate: vblank timer overrun [ 500.919541][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.986426][T15466] lo speed is unknown, defaulting to 1000 [ 501.009473][T15466] lo speed is unknown, defaulting to 1000 [ 501.705670][ T5994] usb 7-1: new high-speed USB device number 53 using dummy_hcd [ 501.826092][T15472] lo speed is unknown, defaulting to 1000 [ 501.829318][T15472] lo speed is unknown, defaulting to 1000 [ 501.867566][ T5994] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 501.870613][ T5994] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 501.874652][ T5994] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 501.879343][ T5994] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.886387][ T5994] usb 7-1: config 0 descriptor?? [ 501.914633][ T5994] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 502.025685][ T6581] usb 10-1: new high-speed USB device number 42 using dummy_hcd [ 502.178610][ T6581] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 502.182391][ T6581] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 502.186370][ T6581] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 502.193509][ T6581] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 502.196674][ T6581] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.204726][T15469] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 502.218695][ T6581] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 502.712833][ T6581] usb 10-1: USB disconnect, device number 42 [ 503.822441][ T5994] usb 7-1: USB disconnect, device number 53 [ 503.887909][T15488] input: syz1 as /devices/virtual/input/input61 [ 516.086637][T15496] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 516.092694][T15496] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 516.099281][T15496] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 516.107695][T15496] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 516.110578][T15496] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 516.120954][ T5948] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 516.124734][ T5948] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 516.129860][ T5948] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 516.142688][ T5948] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 516.148876][ T5948] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 516.925568][ T1416] ================================================================== [ 516.928901][ T1416] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 516.931691][ T1416] Read of size 8 at addr ffff88804f489020 by task aoe_tx0/1416 [ 516.934978][ T1416] [ 516.936781][ T1416] CPU: 0 UID: 0 PID: 1416 Comm: aoe_tx0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 516.936798][ T1416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 516.936807][ T1416] Call Trace: [ 516.936814][ T1416] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 516.936820][ T1416] dump_stack_lvl+0x116/0x1f0 [ 516.936843][ T1416] print_report+0xcd/0x680 [ 516.936862][ T1416] ? __virt_addr_valid+0x81/0x610 [ 516.936874][ T1416] ? __phys_addr+0xe8/0x180 [ 516.936885][ T1416] ? tty_write_room+0x7d/0x90 [ 516.936899][ T1416] kasan_report+0xe0/0x110 [ 516.936908][ T1416] ? tty_write_room+0x7d/0x90 [ 516.936922][ T1416] tty_write_room+0x7d/0x90 [ 516.936934][ T1416] handle_tx+0x14f/0x630 [ 516.936948][ T1416] dev_hard_start_xmit+0x94/0x740 [ 516.936966][ T1416] __dev_queue_xmit+0x7eb/0x43e0 [ 516.936981][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 516.936997][ T1416] ? rcu_is_watching+0x12/0xc0 [ 516.937011][ T1416] ? __pfx___dev_queue_xmit+0x10/0x10 [ 516.937024][ T1416] ? rcu_is_watching+0x12/0xc0 [ 516.937035][ T1416] ? __lock_acquire+0xb8a/0x1c90 [ 516.937050][ T1416] ? __lock_acquire+0xb8a/0x1c90 [ 516.937064][ T1416] ? do_raw_spin_lock+0x12c/0x2b0 [ 516.937083][ T1416] ? rcu_is_watching+0x12/0xc0 [ 516.937094][ T1416] tx+0xcc/0x190 [ 516.937106][ T1416] ? __pfx_tx+0x10/0x10 [ 516.937116][ T1416] kthread+0x1e4/0x3e0 [ 516.937132][ T1416] ? find_held_lock+0x2b/0x80 [ 516.937142][ T1416] ? __pfx_kthread+0x10/0x10 [ 516.937158][ T1416] ? __pfx_default_wake_function+0x10/0x10 [ 516.937169][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 516.937184][ T1416] ? __kthread_parkme+0x19e/0x250 [ 516.937198][ T1416] ? __pfx_kthread+0x10/0x10 [ 516.937213][ T1416] kthread+0x3c5/0x780 [ 516.937228][ T1416] ? __pfx_kthread+0x10/0x10 [ 516.937242][ T1416] ? rcu_is_watching+0x12/0xc0 [ 516.937252][ T1416] ? __pfx_kthread+0x10/0x10 [ 516.937266][ T1416] ret_from_fork+0x5d4/0x6f0 [ 516.937281][ T1416] ? __pfx_kthread+0x10/0x10 [ 516.937295][ T1416] ret_from_fork_asm+0x1a/0x30 [ 516.937311][ T1416] [ 516.937315][ T1416] [ 517.015142][ T1416] Allocated by task 13183: [ 517.017217][ T1416] kasan_save_stack+0x33/0x60 [ 517.019700][ T1416] kasan_save_track+0x14/0x30 [ 517.022177][ T1416] __kasan_kmalloc+0xaa/0xb0 [ 517.024314][ T1416] alloc_tty_struct+0x96/0x8c0 [ 517.026347][ T1416] tty_init_dev.part.0+0x1e/0x500 [ 517.028471][ T1416] tty_open+0xa50/0xf90 [ 517.030255][ T1416] chrdev_open+0x231/0x6a0 [ 517.032172][ T1416] do_dentry_open+0x744/0x1c10 [ 517.034216][ T1416] vfs_open+0x82/0x3f0 [ 517.035997][ T1416] path_openat+0x1de4/0x2cb0 [ 517.038017][ T1416] do_filp_open+0x20b/0x470 [ 517.040004][ T1416] do_sys_openat2+0x11b/0x1d0 [ 517.042099][ T1416] __ia32_compat_sys_openat+0x16d/0x210 [ 517.044570][ T1416] __do_fast_syscall_32+0x7c/0x3a0 [ 517.046803][ T1416] do_fast_syscall_32+0x32/0x80 [ 517.048941][ T1416] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 517.051677][ T1416] [ 517.052713][ T1416] Freed by task 59: [ 517.054413][ T1416] kasan_save_stack+0x33/0x60 [ 517.056597][ T1416] kasan_save_track+0x14/0x30 [ 517.058983][ T1416] kasan_save_free_info+0x3b/0x60 [ 517.061470][ T1416] __kasan_slab_free+0x51/0x70 [ 517.063641][ T1416] kfree+0x2b4/0x4d0 [ 517.065316][ T1416] process_one_work+0x9cf/0x1b70 [ 517.067458][ T1416] worker_thread+0x6c8/0xf10 [ 517.069732][ T1416] kthread+0x3c5/0x780 [ 517.071539][ T1416] ret_from_fork+0x5d4/0x6f0 [ 517.073513][ T1416] ret_from_fork_asm+0x1a/0x30 [ 517.075685][ T1416] [ 517.076791][ T1416] Last potentially related work creation: [ 517.079551][ T1416] kasan_save_stack+0x33/0x60 [ 517.081845][ T1416] kasan_record_aux_stack+0xa7/0xc0 [ 517.084249][ T1416] insert_work+0x36/0x230 [ 517.086008][ T1416] __queue_work+0x97e/0x10f0 [ 517.087985][ T1416] queue_work_on+0x1a4/0x1f0 [ 517.089955][ T1416] release_tty+0x4de/0x5d0 [ 517.091846][ T1416] tty_release_struct+0xb7/0xe0 [ 517.093954][ T1416] tty_release+0xe2d/0x1430 [ 517.095991][ T1416] __fput+0x402/0xb70 [ 517.097825][ T1416] task_work_run+0x14d/0x240 [ 517.099977][ T1416] do_exit+0x86c/0x2bd0 [ 517.101784][ T1416] do_group_exit+0xd3/0x2a0 [ 517.103676][ T1416] get_signal+0x2673/0x26d0 [ 517.105601][ T1416] arch_do_signal_or_restart+0x8f/0x790 [ 517.107909][ T1416] exit_to_user_mode_loop+0x84/0x110 [ 517.110124][ T1416] __do_fast_syscall_32+0x2ac/0x3a0 [ 517.112304][ T1416] do_fast_syscall_32+0x32/0x80 [ 517.114538][ T1416] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 517.117786][ T1416] [ 517.119099][ T1416] The buggy address belongs to the object at ffff88804f489000 [ 517.119099][ T1416] which belongs to the cache kmalloc-cg-2k of size 2048 [ 517.125249][ T1416] The buggy address is located 32 bytes inside of [ 517.125249][ T1416] freed 2048-byte region [ffff88804f489000, ffff88804f489800) [ 517.130809][ T1416] [ 517.131836][ T1416] The buggy address belongs to the physical page: [ 517.134492][ T1416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f488 [ 517.138255][ T1416] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 517.142123][ T1416] memcg:ffff8880505c5e81 [ 517.143971][ T1416] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 517.147185][ T1416] page_type: f5(slab) [ 517.148886][ T1416] raw: 04fff00000000040 ffff88801b84c140 ffffea0001b74a00 dead000000000002 [ 517.152482][ T1416] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff8880505c5e81 [ 517.156557][ T1416] head: 04fff00000000040 ffff88801b84c140 ffffea0001b74a00 dead000000000002 [ 517.160334][ T1416] head: 0000000000000000 0000000000080008 00000000f5000000 ffff8880505c5e81 [ 517.163889][ T1416] head: 04fff00000000003 ffffea00013d2201 00000000ffffffff 00000000ffffffff [ 517.167441][ T1416] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 517.171033][ T1416] page dumped because: kasan: bad access detected [ 517.173898][ T1416] page_owner tracks the page as allocated [ 517.176970][ T1416] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5944, tgid 5944 (syz-executor), ts 46736431728, free_ts 46698488532 [ 517.186013][ T1416] post_alloc_hook+0x1c0/0x230 [ 517.188068][ T1416] get_page_from_freelist+0x1321/0x3890 [ 517.190358][ T1416] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 517.192835][ T1416] alloc_pages_mpol+0x1fb/0x550 [ 517.194885][ T1416] new_slab+0x23b/0x330 [ 517.196683][ T1416] ___slab_alloc+0xd9c/0x1940 [ 517.199641][ T1416] __slab_alloc.constprop.0+0x56/0xb0 [ 517.202290][ T1416] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 517.204961][ T1416] kmemdup_noprof+0x29/0x60 [ 517.206907][ T1416] __devinet_sysctl_register+0xbc/0x360 [ 517.209282][ T1416] devinet_sysctl_register+0x17b/0x200 [ 517.211583][ T1416] inetdev_init+0x2b8/0x5a0 [ 517.213513][ T1416] inetdev_event+0xc5f/0x18a0 [ 517.215670][ T1416] notifier_call_chain+0xbc/0x410 [ 517.218053][ T1416] call_netdevice_notifiers_info+0xbe/0x140 [ 517.220981][ T1416] register_netdevice+0x182e/0x2270 [ 517.223332][ T1416] page last free pid 5953 tgid 5953 stack trace: [ 517.225957][ T1416] __free_frozen_pages+0x7fe/0x1180 [ 517.228169][ T1416] qlist_free_all+0x4d/0x120 [ 517.230110][ T1416] kasan_quarantine_reduce+0x195/0x1e0 [ 517.232402][ T1416] __kasan_slab_alloc+0x69/0x90 [ 517.234492][ T1416] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 517.236936][ T1416] ref_tracker_alloc+0x18e/0x5b0 [ 517.239388][ T1416] netdev_queue_update_kobjects+0x2db/0x720 [ 517.242048][ T1416] netdev_register_kobject+0x28c/0x3a0 [ 517.244318][ T1416] register_netdevice+0x13dc/0x2270 [ 517.246442][ T1416] __tun_chr_ioctl+0x1f59/0x47a0 [ 517.248509][ T1416] __ia32_compat_sys_ioctl+0x23f/0x370 [ 517.250812][ T1416] __do_fast_syscall_32+0x7c/0x3a0 [ 517.253020][ T1416] do_fast_syscall_32+0x32/0x80 [ 517.255383][ T1416] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 517.258447][ T1416] [ 517.259654][ T1416] Memory state around the buggy address: [ 517.262018][ T1416] ffff88804f488f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 517.265319][ T1416] ffff88804f488f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 517.268760][ T1416] >ffff88804f489000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 517.272299][ T1416] ^ [ 517.274658][ T1416] ffff88804f489080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 517.278385][ T1416] ffff88804f489100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 517.281834][ T1416] ================================================================== [ 517.285245][ C0] vkms_vblank_simulate: vblank timer overrun [ 517.288020][ T1416] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 517.290876][ T1416] CPU: 0 UID: 0 PID: 1416 Comm: aoe_tx0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) [ 517.296683][ T1416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 517.300575][ T1416] Call Trace: [ 517.301719][ T1416] [ 517.302629][ T1416] dump_stack_lvl+0x3d/0x1f0 [ 517.304043][ T1416] panic+0x71c/0x800 [ 517.305250][ T1416] ? __pfx_panic+0x10/0x10 [ 517.306627][ T1416] ? irqentry_exit+0x3b/0x90 [ 517.308068][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 517.309703][ T1416] ? tty_write_room+0x7d/0x90 [ 517.311183][ T1416] ? check_panic_on_warn+0x1f/0xb0 [ 517.312759][ T1416] ? tty_write_room+0x7d/0x90 [ 517.314402][ T1416] check_panic_on_warn+0xab/0xb0 [ 517.316264][ T1416] end_report+0x107/0x170 [ 517.318044][ T1416] kasan_report+0xee/0x110 [ 517.319666][ T1416] ? tty_write_room+0x7d/0x90 [ 517.321166][ T1416] tty_write_room+0x7d/0x90 [ 517.322582][ T1416] handle_tx+0x14f/0x630 [ 517.323864][ T1416] dev_hard_start_xmit+0x94/0x740 [ 517.325401][ T1416] __dev_queue_xmit+0x7eb/0x43e0 [ 517.326934][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 517.328696][ T1416] ? rcu_is_watching+0x12/0xc0 [ 517.330324][ T1416] ? __pfx___dev_queue_xmit+0x10/0x10 [ 517.332218][ T1416] ? rcu_is_watching+0x12/0xc0 [ 517.333866][ T1416] ? __lock_acquire+0xb8a/0x1c90 [ 517.335415][ T1416] ? __lock_acquire+0xb8a/0x1c90 [ 517.337033][ T1416] ? do_raw_spin_lock+0x12c/0x2b0 [ 517.338649][ T1416] ? rcu_is_watching+0x12/0xc0 [ 517.340157][ T1416] tx+0xcc/0x190 [ 517.341325][ T1416] ? __pfx_tx+0x10/0x10 [ 517.342688][ T1416] kthread+0x1e4/0x3e0 [ 517.344027][ T1416] ? find_held_lock+0x2b/0x80 [ 517.345567][ T1416] ? __pfx_kthread+0x10/0x10 [ 517.347119][ T1416] ? __pfx_default_wake_function+0x10/0x10 [ 517.349269][ T1416] ? lockdep_hardirqs_on+0x7c/0x110 [ 517.351157][ T1416] ? __kthread_parkme+0x19e/0x250 [ 517.352846][ T1416] ? __pfx_kthread+0x10/0x10 [ 517.354396][ T1416] kthread+0x3c5/0x780 [ 517.355734][ T1416] ? __pfx_kthread+0x10/0x10 [ 517.357206][ T1416] ? rcu_is_watching+0x12/0xc0 [ 517.358753][ T1416] ? __pfx_kthread+0x10/0x10 [ 517.360213][ T1416] ret_from_fork+0x5d4/0x6f0 [ 517.361684][ T1416] ? __pfx_kthread+0x10/0x10 [ 517.363186][ T1416] ret_from_fork_asm+0x1a/0x30 [ 517.364866][ T1416] [ 517.367006][ T1416] Kernel Offset: disabled [ 517.368848][ T1416] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:24:27 Registers: info registers vcpu 0 CPU#0 RAX=000000000000002f RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85587925 RDI=ffffffff9b06da00 RBP=ffffffff9b06d9c0 RSP=ffffc900077af438 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=000000000000002f R14=ffffffff9b06d9c0 R15=ffffffff855878c0 RIP=ffffffff8558794f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809755f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080034000 CR3=000000005c2bb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000019283b3 RBX=0000000000000001 RCX=ffffffff8b7d0c39 RDX=0000000000000000 RSI=ffffffff8de13e4b RDI=ffffffff8c156760 RBP=ffffed1003bd9488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001 R12=0000000000000001 R13=ffff88801deca440 R14=ffffffff90a82b50 R15=0000000000000000 RIP=ffffffff8b7cf79f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809765f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f72a0470 CR3=000000006f1a4000 CR4=00352ef0 DR0=000000005ffffffd DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=ffffea0001e6e580 RCX=ffffffff822d1539 RDX=ffff88802442a440 RSI=0000000000000000 RDI=0000000000000007 RBP=ffffffff8df16440 RSP=ffffc90003bd7748 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=ffffea0001e6e148 R13=0000000000000001 R14=0000000000000000 R15=0000000000000001 RIP=ffffffff81bb86b1 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88809775f000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f26e40 CR3=000000004c9ca000 CR4=00352ef0 DR0=000000005ffffffd DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f73c3ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000003 RBX=ffffffff8e5c47c0 RCX=0000000000000002 RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff8e5c47c0 RBP=0000000000000002 RSP=ffffc9000c8af438 R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000006aad R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff8198067e RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88809785f000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7485004 CR3=000000004ec34000 CR4=00352ef0 DR0=000000005ffffffd DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000020210058 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000