last executing test programs: 2m59.447687662s ago: executing program 2 (id=4590): memfd_secret(0x80000) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x1615, &(0x7f0000000200)={0x0, 0x579c, 0x102, 0x400, 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f00000002c0)=0x8) r4 = dup(r2) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd74) r5 = syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xeaf8, 0x400, 0x7ffe, 0x40024e, 0x0, r1}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x902, 0x12) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0xfffc, 0x3, {0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x1}}}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000480)=[{0x7c, 0x115, 0x5, "ff9ecc9edf812393f0d8b81b5788aacf4a3cff179a9732d863ae57fc9f4e295a95f0bf9f722a0f8327c82de81bdf28a968203ca8edf0ae4ef73446f1a9a1dce86e5d08be3809925d023e63564997f5cead66a998c961b56f0f2106ed1c608c1f3cad586333bfb51861223b593a0667"}, {0xc, 0x14, 0x6}, {0x20, 0x29, 0x6, "e4ce4feaf4d1bd4732a5a9ee6a6196790428bd"}, {0xa8, 0x10c, 0x400, "9d61b09c365e3d3bfc958fbf48eb43fadddc2f2aedfb813cedbefade8bf29c7252747d4eb75c854d89a2c66842a2cb122ff78391b500834b035bd5bee7c06b4f9e65243f8909d416a3ba82719be74c80dfc88bb2d1c01ee52786f06a644f0163eb1c22de70a8a882b3aca234e292e5246965d61110d3b81605220f5b9d726e347faf0628d8516a1a5f55dbb4965ffdfb43aeb6c820a7767acc59df3f"}, {0x58, 0x113, 0x9, "bdce0f101f2d077789740f59a352a37988be5c24fdecffe50ae3a62904eb3821c559733e359b3bc625615cf788e23e5f7c77ecaabcc366699b768e4d794ab2fae723a384869867d12db0"}, {0xb0, 0x10a, 0x800, "b8e6ec54eccf66eb9cc88f7d5d9b29ecbade77587d80e266d6877e715eb6121ff6770467add122dd5d9c6cb78b6106814ada0f2583a6bc4d891eb7b9edc183b05ec03690bc02b21dd9084112481e86bd0781791ba773c94c78c9aaeabf62351c5c5483b527f8c0b298c7694ef197845db79d62ff51e3b83ae60d6b7d81f625f793d1930fffda7728e446db58d5d5f7ece5008068f2d0b9d306a44eef892158a7d6"}], 0x258}, 0x0, 0x40000}) io_uring_enter(r5, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) 2m58.959622677s ago: executing program 2 (id=4594): r0 = socket(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) inotify_init1(0x80000) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x1) mount$nfs4(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x0, &(0x7f00000001c0)=ANY=[]) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) r5 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r6 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r7 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {0xffff, 0xffff}, {0xfff3}}}, 0x24}}, 0x8014) 2m57.770448442s ago: executing program 2 (id=4601): r0 = socket(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) inotify_init1(0x80000) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x1) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) r5 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r5, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r6 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xff, [0x1, 0x0, 0x0, 0x4, 0x7, 0x4, 0x3, 0xfe, 0x7, 0x0, 0x3, 0x10, 0x0, 0x0, 0x0, 0x2], 0xfd, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4000, 0xa18, 0x0, 0x3dc], [0x0, 0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80, 0x80]}}}}]}, 0x88}}, 0x8014) 2m56.89749432s ago: executing program 2 (id=4604): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0x8) (fail_nth: 2) 2m56.829268379s ago: executing program 2 (id=4605): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc2c45513, &(0x7f00000000c0)={{0xa, 0x5, 0x9, 0x0, 'syz0\x00', 0x6}, 0x1, [0x400, 0xc52, 0x400, 0xa1, 0x9, 0x3, 0x8, 0xe, 0x4f, 0x8000, 0x4a3, 0x8, 0x1, 0x401, 0xfffffc00, 0xa9, 0x1, 0x7a, 0x0, 0x7, 0x7, 0x0, 0xa41, 0xfff, 0x5, 0x3, 0x9679, 0x10000, 0x5, 0xb, 0x4, 0x800, 0x7, 0x4, 0x5, 0x168, 0x81, 0x2, 0x6f6, 0x2d509e61, 0x1000, 0x9, 0x3, 0x80000001, 0x200, 0x9, 0x1, 0x6, 0x8000, 0xfffffffc, 0x731, 0x4, 0x23f, 0x9, 0x8, 0x3, 0x6cd, 0x9, 0x6, 0xa5d, 0x40000000, 0x4, 0xffff8db5, 0x3, 0x3, 0x4, 0x0, 0x2, 0x80000000, 0x3, 0x2, 0x4, 0x4, 0x5, 0x5, 0xfff, 0x3, 0x1ff, 0x280000, 0x5, 0x6, 0x8f, 0x9a8, 0x100, 0xfffffeff, 0xff, 0x1, 0x3, 0x0, 0x7, 0x7, 0x3, 0x3, 0x5496, 0x7, 0xc0000004, 0x4, 0xfffffff9, 0x8, 0x2, 0x4, 0x5, 0x6, 0x100, 0x95, 0x30, 0xffffffff, 0x10001, 0xfffffffe, 0x1, 0x3, 0x9, 0x5, 0x8, 0x8, 0x4, 0x5, 0x2, 0xd, 0x0, 0x40000000, 0x10000, 0xb, 0x806, 0x7f, 0xa398, 0x55, 0x1]}) add_key(&(0x7f0000003800)='syzkaller\x00', 0xfffffffffffffffe, 0x0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, 0x0) ioctl$HIDIOCGREPORT(0xffffffffffffffff, 0x400c4807, &(0x7f0000000040)={0x1, 0x1}) socket$can_j1939(0x1d, 0x2, 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd74) syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x4647, 0x4000, 0x0, 0x28b}, &(0x7f00000003c0), &(0x7f0000000280)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000080)='./file1\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180200000080000000000000000000008500000036000000850000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r5, r4}, 0x40) syz_emit_ethernet(0x19, &(0x7f0000000480)=ANY=[@ANYRESHEX], 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100020000fc00e3ff043900000008000300", @ANYRES32, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4040}, 0x4c040) 2m56.761634734s ago: executing program 2 (id=4607): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r1 = socket$inet(0xa, 0x801, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r2) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060009"], 0x30}}, 0x0) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x1, @private=0xa010101}, 0x10) listen(r1, 0x8) 2m41.781617272s ago: executing program 32 (id=4607): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r1 = socket$inet(0xa, 0x801, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r2) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa0800060009"], 0x30}}, 0x0) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x1, @private=0xa010101}, 0x10) listen(r1, 0x8) 4.881461174s ago: executing program 0 (id=5865): mkdir(&(0x7f0000002740)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f00000001c0)=ANY=[]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000380), 0x1, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000000)=0x2) r4 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a80)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000fcdbdf2545000e4fc79f4fd1223a7464657673696d0000000f0086cdbe637464787673697e30000008008e00000000008dcecca569923668267784aa490161582c4fba000eeae9e69dd3d6cdc53695538f34aefb58233dd43f43351732b22c1ff14573f4d894993a9846daa71547a279a05217b4138772748004e0bce540f380c510cdc91fddfe9d387ac1ff0c57c70bca33d084fe7126527dae74103c1aea4ec17fc19a94e4f267b19ae0d74d72ded4b38e39d91441a1caaf401a99326b66c4fe9336d28d7aea5c6d032b39896c5e182296d3"], 0x3c}, 0x1, 0x0, 0x0, 0x820}, 0x20004004) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="1400000010000100000000000000004d3a000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032cbd25ca4a42b8f3657ead000000030a01030000e6ff00000080020000000900010073797a30009f56000900030073797a32000000001400000011002429b002836db79fbfa1163a0b6cd2d366480cab39f6ebec0966590200000000"], 0x7c}, 0x1, 0x0, 0x0, 0x404a000}, 0x0) socket(0x80000000000000a, 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @value}) r7 = add_key$user(&(0x7f0000000200), &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000480)="a64547f02d24ef452b126e6b4ee0848331", 0x11, 0xffffffffffffffff) r8 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r7, r8, r7}, &(0x7f00000000c0)=""/80, 0x50, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xffffffff, @ipv4={'\x00', '\xff\xff', @remote}}}}, 0x104) 4.657991997s ago: executing program 1 (id=5866): mkdir(&(0x7f0000002740)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f00000001c0)=ANY=[]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000380), 0x1, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000000)=0x2) r4 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a80)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000fcdbdf2545000e4fc79f4fd1223a7464657673696d0000000f0086cdbe637464787673697e30000008008e00000000008dcecca569923668267784aa490161582c4fba000eeae9e69dd3d6cdc53695538f34aefb58233dd43f43351732b22c1ff14573f4d894993a9846daa71547a279a05217b4138772748004e0bce540f380c510cdc91fddfe9d387ac1ff0c57c70bca33d084fe7126527dae74103c1aea4ec17fc19a94e4f267b19ae0d74d72ded4b38e39d91441a1caaf401a99326b66c4fe9336d28d7aea5c6d032b39896c5e182296d3"], 0x3c}, 0x1, 0x0, 0x0, 0x820}, 0x20004004) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="1400000010000100000000000000004d3a000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032cbd25ca4a42b8f3657ead000000030a01030000e6ff00000080020000000900010073797a30009f56000900030073797a32000000001400000011002429b002836db79fbfa1163a0b6cd2d366480cab39f6ebec0966590200000000000000a564bd9173de21229c77f7e5d5474889ead6195add6588284b985b0ae9d716e2d7f6eb55f3bcbb530a71a1fce7ec27d93f7f746e21c5c5ff9a9f02bbc4d18fe67a3857e7273a65843395407b8c910015f70cfec1de296090cb13b7ba900969735bb2ab2493f7f4c47bb5470fc6b71fa418783189ab3286958a4e5b77079510f58da85674bc18f3c282bda25642385f9cec93f2e7683f0f"], 0x7c}, 0x1, 0x0, 0x0, 0x404a000}, 0x0) socket(0x80000000000000a, 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @value}) r7 = add_key$user(&(0x7f0000000200), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) r8 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r7, r8, r7}, &(0x7f00000000c0)=""/80, 0x50, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xffffffff, @ipv4={'\x00', '\xff\xff', @remote}}}}, 0x104) 3.981316828s ago: executing program 0 (id=5869): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000015280), 0x101, 0x0) pwrite64(r1, &(0x7f0000018080)='\n', 0x1, 0xa2b0) r2 = userfaultfd(0x80401) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001400)=""/4134, 0x1026}], 0x1) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) epoll_create1(0x80000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e44000720"], 0x6a) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ppoll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x1}], 0x1, 0x0, 0x0, 0x0) openat$ubi_ctrl(0xffffff9c, &(0x7f0000000280), 0x30d140, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3.98108536s ago: executing program 3 (id=5870): r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0xfc, 0x30, 0x1, 0x0, 0x0, {}, [{0xe8, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_vlan={0xa0, 0xf, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x4, 0x8, 0x2, 0x8000, 0x401}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x8e5}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x5}]}, {0x47, 0x6, "05cbc786b99b1e72748ba5c31ab80c3d592d2c8fedbae333085e404453ff0416769d8a3b120efe35ef3cb39d37b782ab7773b66ff8f298a061260141d24ed33a9e0600"}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x281b1, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, 0x0) write$dsp(0xffffffffffffffff, &(0x7f0000002000)='`', 0x88020) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x24000040) 3.818805523s ago: executing program 1 (id=5872): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0xd4, 0x30, 0x800, 0x0, 0x0, {}, [{0xc0, 0x1, [@m_ct={0x44, 0xb, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x0, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x78, 0x1, 0x0, 0x0, {{0x8}, {0xc, 0x2, 0x0, 0x1, [@TCA_IFE_TYPE={0x6, 0x5, 0x1}]}, {0x47, 0x6, "502c2c8f25bcbc4917dafc3ff61f9d829e6b624072f48c4b4834922f06bed251891038a56c30361af06cfd759ccc5aeb01b8c1166be1ee01d07631eab941fbb4993163"}, {0xc}, {0xc}}}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x20008804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xf, 0x4, 0x4, 0x5, 0x100, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000000000000f2000040"]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) modify_ldt$write(0x1, &(0x7f0000000080), 0x10) modify_ldt$read(0x0, 0x0, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000180)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x44080) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000800)={0x600, 0x1, &(0x7f0000000340)=[0x0], &(0x7f0000000480)=[0x5, 0x9, 0x800, 0x1, 0x2, 0xff], &(0x7f0000000740)=[0x0, 0x0], &(0x7f00000007c0)=[0xa00000000000000, 0x9, 0x0, 0x6, 0x0], 0x0, 0xb1d}) setsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, &(0x7f0000001380)=0x1, 0x4) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="600000001000030400000000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="0008000007500500400012800b0001006272696467650000300002800500190002000000050017000000000008000400810000000500160001000180c20000000000"], 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), r0) 3.817187058s ago: executing program 3 (id=5880): mkdir(&(0x7f0000002740)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f00000001c0)=ANY=[]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000380), 0x1, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000000)=0x2) r4 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a80)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000fcdbdf2545000e4fc79f4fd1223a7464657673696d0000000f0086cdbe637464787673697e30000008008e00000000008dcecca569923668267784aa490161582c4fba000eeae9e69dd3d6cdc53695538f34aefb58233dd43f43351732b22c1ff14573f4d894993a9846daa71547a279a05217b4138772748004e0bce540f380c510cdc91fddfe9d387ac1ff0c57c70bca33d084fe7126527dae74103c1aea4ec17fc19a94e4f267b19ae0d74d72ded4b38e39d91441a1caaf401a99326b66c4fe9336d28d7aea5c6d032b39896c5e182296d3"], 0x3c}, 0x1, 0x0, 0x0, 0x820}, 0x20004004) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="1400000010000100000000000000004d3a000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032cbd25ca4a42b8f3657ead000000030a01030000e6ff00000080020000000900010073797a30009f56000900030073797a32000000001400000011002429b002836db79fbfa1163a0b6cd2d366480cab39f6ebec0966590200000000000000a564bd9173de21229c77f7e5d5474889ead6195add6588284b985b0ae9d716e2d7f6eb55f3bcbb530a71a1fce7ec27d93f7f746e21c5c5ff9a9f02bbc4d18fe67a3857e7273a65843395407b8c910015f70cfec1de296090cb13b7ba900969735bb2ab2493f7f4c47bb5470fc6b71fa418783189ab3286958a4e5b77079510f58da85674bc18f3c282bda25642385f9cec93f2e7683f0f"], 0x7c}, 0x1, 0x0, 0x0, 0x404a000}, 0x0) socket(0x80000000000000a, 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @value}) r7 = add_key$user(&(0x7f0000000200), &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000480), 0x0, 0xffffffffffffffff) r8 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r7, r8, r7}, &(0x7f00000000c0)=""/80, 0x50, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xffffffff, @ipv4={'\x00', '\xff\xff', @remote}}}}, 0x104) 3.243594324s ago: executing program 4 (id=5873): creat(0x0, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000000)=0x2) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x14) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 3.030381308s ago: executing program 0 (id=5874): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0xfffffffffffffff7, &(0x7f0000001ac0)={&(0x7f0000000680)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r0, @ANYRESHEX=0x0, @ANYBLOB="185f9c0171da89f0dcdfc71131a6026f00787eab4b48a6930f2d4c7848dd23b13ae0150a33ce851d54509500c3b2d98b4d9f3f19a5a57b079b8456ae1b626ed4c249f2b0e8cbd3ed74f742"], 0x18}, 0x1, 0x0, 0x0, 0x4008000}, 0x48000) r1 = socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r6 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e20, 0x80000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xf}, 0x1c) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x3c0, 0x480, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x8c, r8, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x63, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac, {0x0, 0x9}}, 0x0, @default, 0x1882, @void, @val={0x1, 0x4, [{0x79, 0x1}, {0x17, 0x1}, {0x2}, {0x4}]}, @void, @val={0x4, 0x6, {0x7, 0x4, 0x1, 0x3}}, @void, @val={0x5, 0x26, {0x6, 0xac, 0x26, "4535a7d15d92ed3883177b0403cbc09fa3dbf799bd588a59887355f0766d272c4f077e"}}, @val={0x25, 0x3, {0x0, 0x38, 0x6b}}, @void, @void, @void, @void, @void, @void}}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HE_BSS_COLOR={0x4}]}, 0x8c}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000026cb3e280f3101520300000008000300", @ANYBLOB="0400b8000800b70015000000"], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x5) getsockopt$MRT6(r1, 0x29, 0xd0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) 2.69015123s ago: executing program 3 (id=5875): r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000015280), 0x101, 0x0) pwrite64(r0, &(0x7f0000018080)='\n', 0x1, 0xa2b0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e44000720"], 0x6a) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ppoll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x1}], 0x1, 0x0, 0x0, 0x0) openat$ubi_ctrl(0xffffff9c, &(0x7f0000000280), 0x30d140, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.52993204s ago: executing program 1 (id=5876): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0xfffffffffffffff7, &(0x7f0000001ac0)={&(0x7f0000000680)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r0, @ANYRESHEX=0x0, @ANYBLOB="185f9c0171da89f0dcdfc71131a6026f00787eab4b48a6930f2d4c7848dd23b13ae0150a33ce851d54509500c3b2d98b4d9f3f19a5a57b079b8456ae1b626ed4c249f2b0e8cbd3ed74f742"], 0x18}, 0x1, 0x0, 0x0, 0x4008000}, 0x48000) r1 = socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r6 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e20, 0x80000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xf}, 0x1c) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x3c0, 0x480, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x8c, r8, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x63, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac, {0x0, 0x9}}, 0x0, @default, 0x1882, @void, @val={0x1, 0x4, [{0x79, 0x1}, {0x17, 0x1}, {0x2}, {0x4}]}, @void, @val={0x4, 0x6, {0x7, 0x4, 0x1, 0x3}}, @void, @val={0x5, 0x26, {0x6, 0xac, 0x26, "4535a7d15d92ed3883177b0403cbc09fa3dbf799bd588a59887355f0766d272c4f077e"}}, @val={0x25, 0x3, {0x0, 0x38, 0x6b}}, @void, @void, @void, @void, @void, @void}}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HE_BSS_COLOR={0x4}]}, 0x8c}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000026cb3e280f3101520300000008000300", @ANYRES32=r9, @ANYBLOB="0400b8000800b70015000000"], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x5) getsockopt$MRT6(r1, 0x29, 0xd0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) 2.227937198s ago: executing program 4 (id=5877): prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f00000001c0)={0x2, &(0x7f0000000100)=[{0x8001, 0x87, 0xa, 0x7}, {0x7, 0x83, 0x1, 0x8c7}]}) r0 = socket(0x200000000000011, 0x2, 0x1) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='uid_map\x00') read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020) setrlimit(0x7, &(0x7f0000000000)={0x4, 0x6}) write$6lowpan_enable(r4, &(0x7f0000000000)='1', 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) setresuid(0x0, 0xee00, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @local}}}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x4, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c4, 0x8000000, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2], 0x0, 0xd7e60d62aa064df6}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r6 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0) mq_timedsend(r6, 0x0, 0x0, 0x6, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r6, @ANYRES16=r3], 0x0) mq_timedsend(r6, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r7, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000080), 0x4) listen(r7, 0xda90) r8 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000000)={0x2}) accept4(r7, 0x0, 0x0, 0x0) 1.830038755s ago: executing program 3 (id=5878): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffe}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xa}, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r4, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0) getgroups(0x5, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0]) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002abd700096dbdf250900020073797a3000000000080041007278650014003300626f6e6430000000000000000000000004f6f2"], 0x85}, 0x1, 0x0, 0x0, 0x4000840}, 0x24004000) socket$inet6_tcp(0xa, 0x1, 0x0) 1.829061802s ago: executing program 0 (id=5887): r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000015280), 0x101, 0x0) pwrite64(r0, &(0x7f0000018080)='\n', 0x1, 0xa2b0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e44000720"], 0x6a) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ppoll(&(0x7f0000000200)=[{0xffffffffffffffff, 0x1}], 0x1, 0x0, 0x0, 0x0) openat$ubi_ctrl(0xffffff9c, &(0x7f0000000280), 0x30d140, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.487460755s ago: executing program 1 (id=5879): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$can_bcm(0x1d, 0x2, 0x2) openat$cgroup_root(0xffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r5, 0x0, 0x0) sendmmsg$sock(r5, 0x0, 0x0, 0x40000) r6 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r6, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24) sendmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r6, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0) mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x10, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000440)) bpf$PROG_BIND_MAP(0x23, &(0x7f00000001c0)={r2, r4}, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000440)={'geneve0\x00', &(0x7f0000000340)=@ethtool_eeprom={0xc, 0x2, 0x80000001}}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.354441888s ago: executing program 4 (id=5881): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {0xffe0}, {}, {0xa, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x39, 0x1}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 1.278843987s ago: executing program 4 (id=5882): memfd_secret(0x80000) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x1615, &(0x7f0000000200)={0x0, 0x579c, 0x102, 0x400, 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f00000002c0)=0x8) r4 = dup(r2) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd74) r5 = syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xeaf8, 0x400, 0x7ffe, 0x40024e, 0x0, r1}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x902, 0x12) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x4, 0xfffc, 0x3, {0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x1}}}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000480)=[{0xc, 0x115, 0x5}, {0xc, 0x14, 0x6}, {0x84, 0x10c, 0x400, "9d61b09c365e3d3bfc958fbf48eb43fadddc2f2aedfb813cedbefade8bf29c7252747d4eb75c854d89a2c66842a2cb122ff78391b500834b035bd5bee7c06b4f9e65243f8909d416a3ba82719be74c80dfc88bb2d1c01ee52786f06a644f0163eb1c22de70a8a882b3aca234e292e5246965d61110"}, {0x50, 0x113, 0x9, "bdce0f101f2d077789740f59a352a37988be5c24fdecffe50ae3a62904eb3821c559733e359b3bc625615cf788e23e5f7c77ecaabcc366699b768e4d794ab2fae7"}, {0xb4, 0x10a, 0x800, "b8e6ec54eccf66eb9cc88f7d5d9b29ecbade77587d80e266d6877e715eb6121ff6770467add122dd5d9c6cb78b6106814ada0f2583a6bc4d891eb7b9edc183b05ec03690bc02b21dd9084112481e86bd0781791ba773c94c78c9aaeabf62351c5c5483b527f8c0b298c7694ef197845db79d62ff51e3b83ae60d6b7d81f625f793d1930fffda7728e446db58d5d5f7ece5008068f2d0b9d306a44eef892158a7d67ba1f55868"}], 0x1a0}, 0x0, 0x40000}) io_uring_enter(r5, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) 1.169913553s ago: executing program 4 (id=5883): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0)=0x2) ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000200)=0x3) pwritev(r3, &(0x7f0000000140)=[{&(0x7f0000000040)='\x00!G', 0x3}], 0x1, 0x807, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x14, 0x2d, 0x9, 0x70bd27, 0x0, {0x6}}, 0x14}}, 0x84) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r7 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r6, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)=@deltclass={0x50, 0x29, 0x400, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x4, 0x10}, {0x5, 0xffe0}, {0x6, 0xfff0}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x9}}, @TCA_RATE={0x6, 0x5, {0x0, 0x80}}, @tclass_kind_options=@c_cake={0x9}, @TCA_RATE={0x6, 0x5, {0xfd, 0xb8}}, @TCA_RATE={0x6, 0x5, {0x7, 0x3}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x503, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x4}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 1.026062403s ago: executing program 1 (id=5884): mkdir(&(0x7f0000002740)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f00000001c0)=ANY=[]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000380), 0x1, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000000)=0x2) r4 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a80)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000fcdbdf2545000e4fc79f4fd1223a7464657673696d0000000f0086cdbe637464787673697e30000008008e00000000008dcecca569923668267784aa490161582c4fba000eeae9e69dd3d6cdc53695538f34aefb58233dd43f43351732b22c1ff14573f4d894993a9846daa71547a279a05217b4138772748004e0bce540f380c510cdc91fddfe9d387ac1ff0c57c70bca33d084fe7126527dae74103c1aea4ec17fc19a94e4f267b19ae0d74d72ded4b38e39d91441a1caaf401a99326b66c4fe9336d28d7aea5c6d032b39896c5e182296d3"], 0x3c}, 0x1, 0x0, 0x0, 0x820}, 0x20004004) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="1400000010000100000000000000004d3a000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032cbd25ca4a42b8f3657ead000000030a01030000e6ff00000080020000000900010073797a30009f56000900030073797a32000000001400000011002429b002836db79fbfa1163a0b6cd2d366480cab39f6ebec0966590200000000000000a564bd9173de21229c77f7e5d5474889ead6195add6588284b985b0ae9d716e2d7f6eb55f3bcbb530a71a1fce7ec27d93f7f746e21c5c5ff9a9f02bbc4d18fe67a3857e7273a65843395407b8c910015f70cfec1de296090cb13b7ba900969735bb2ab2493f7f4c47bb5470fc6b71fa418783189ab3286958a4e5b77079510f58da85674bc18f3c282bda25642385f9cec93f2e7683f0f"], 0x7c}, 0x1, 0x0, 0x0, 0x404a000}, 0x0) socket(0x80000000000000a, 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @value}) r7 = add_key$user(&(0x7f0000000200), &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000480), 0x0, 0xffffffffffffffff) r8 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r7, r8, r7}, &(0x7f00000000c0)=""/80, 0x50, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xffffffff, @ipv4={'\x00', '\xff\xff', @remote}}}}, 0x104) 920.034102ms ago: executing program 0 (id=5885): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) socket(0x1e, 0x5, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$nl_xfrm(0x10, 0x3, 0x6) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 709.159006ms ago: executing program 4 (id=5886): r0 = syz_open_dev$loop(&(0x7f00000002c0), 0x9, 0x147282) r1 = socket$alg(0x26, 0x5, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000009feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407000000c00000001d440000000000006b0a00fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x45) r3 = accept4(r1, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_clone3(&(0x7f0000000cc0)={0x400, &(0x7f00000000c0), &(0x7f0000000100)=0x0, &(0x7f0000000140), {0x32}, &(0x7f0000000180)=""/28, 0x1c, &(0x7f0000000c40)=""/20, &(0x7f0000000c80)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0], 0x9}, 0x58) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) tgkill(r4, r5, 0x4) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) recvmmsg(r3, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r8, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe10859891d875397bab22d0000b420a9c81f40f45f819e01177d3d458dac00000000000000000000003b00", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000480)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0xf, 0x4, 0x0, 0x6, 0xb, 0xd, "fee881ab78fc179fd1f807000000000049000000deff00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x400000001000000]}}) syz_open_dev$tty1(0xc, 0x4, 0x3) 702.070144ms ago: executing program 3 (id=5895): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f28000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010023bd7000fbdbdf251400020073797a5f74756e00000000000000020005000300f0800000050005000a0000f5cc072453621e26fce6468ead0c51281301b658b880edd2f5277b0056db717224b5d37fd1272c360b7d8f1890afe4ed38284722e0b36b586a88b9dccd7c91eb28e73c9b1991ff78816eda2f3dd5a304d106747e1b2511fde476fdd25dc8f862cfa65afdc119c2b51298981a11113cec53ae778070c535db8699fa9f0ae808b7554140fc4de67b2c6f9f9504eb8c0f44862d012d876181c27540d33aa8569061df160a55d53ea84aef57aab60fb69c7c56a02b0000000000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x48000}, 0x40080c0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8041, 0x0) getpid() r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)={0x58, r3, 0x101, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "87d1ede804faf4295e6c6a4e7919358f"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0xff}, @NL80211_ATTR_PMKID={0x14, 0x55, "8605adf9363f259da08f111e6d3ba8db"}]}, 0x58}, 0x1, 0x0, 0x0, 0x814}, 0x4000000) 609.01102ms ago: executing program 0 (id=5888): creat(0x0, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000000)=0x2) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x14) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 608.637411ms ago: executing program 3 (id=5889): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0xfffffffffffffff7, &(0x7f0000001ac0)={&(0x7f0000000680)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r0, @ANYRESHEX=0x0, @ANYBLOB="185f9c0171da89f0dcdfc71131a6026f00787eab4b48a6930f2d4c7848dd23b13ae0150a33ce851d54509500c3b2d98b4d9f3f19a5a57b079b8456ae1b626ed4c249f2b0e8cbd3ed74f742"], 0x18}, 0x1, 0x0, 0x0, 0x4008000}, 0x48000) r1 = socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r6 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x4e20, 0x80000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xf}, 0x1c) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000380)={0x3c0, 0x480, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1ff, 0x3d, 0x5, 0x3, 0x53, 0x202, 0x1, 0xc}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x8c, r8, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x63, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac, {0x0, 0x9}}, 0x0, @default, 0x1882, @void, @val={0x1, 0x4, [{0x79, 0x1}, {0x17, 0x1}, {0x2}, {0x4}]}, @void, @val={0x4, 0x6, {0x7, 0x4, 0x1, 0x3}}, @void, @val={0x5, 0x26, {0x6, 0xac, 0x26, "4535a7d15d92ed3883177b0403cbc09fa3dbf799bd588a59887355f0766d272c4f077e"}}, @val={0x25, 0x3, {0x0, 0x38, 0x6b}}, @void, @void, @void, @void, @void, @void}}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_HE_BSS_COLOR={0x4}]}, 0x8c}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000026cb3e280f3101520300000008000300", @ANYRES32=r9, @ANYBLOB="0400b8000800b70015000000"], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x5) getsockopt$MRT6(r1, 0x29, 0xd0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) 0s ago: executing program 1 (id=5890): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000005c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000c40)={'vxcan0\x00'}) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f0000000100)={0xa00000, 0x1, 0x49, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x9e69, '\x00', @ptr=0x6}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000e40)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff030060010000009e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r7 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) tkill(r7, 0xb) r8 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$setsig(r8, 0xa, 0x21) utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) kernel console output (not intermixed with test programs): 27] IPVS: using max 45 ests per chain, 108000 per kthread [ 1079.214738][T24555] Cannot find add_set index 2 as target [ 1079.403873][T24564] macsec1: entered promiscuous mode [ 1079.535614][T24566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4841'. [ 1079.567108][T24570] netlink: 'syz.3.4843': attribute type 1 has an invalid length. [ 1079.660536][T24580] kAFS: No cell specified [ 1079.962919][T17722] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1079.965526][T17722] Bluetooth: hci1: Injecting HCI hardware error event [ 1079.969478][T17722] Bluetooth: hci1: hardware error 0x00 [ 1080.540116][T24602] netlink: 'syz.4.4854': attribute type 2 has an invalid length. [ 1080.542448][T24602] netlink: 'syz.4.4854': attribute type 8 has an invalid length. [ 1080.545596][T24602] netlink: 132 bytes leftover after parsing attributes in process `syz.4.4854'. [ 1080.936578][T24618] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4859'. [ 1081.189896][T24627] 9pnet_fd: Insufficient options for proto=fd [ 1081.218857][T24629] kAFS: No cell specified [ 1081.741846][T24648] netlink: 'syz.4.4871': attribute type 1 has an invalid length. [ 1082.024816][T17722] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1082.904473][T24675] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4878'. [ 1083.091335][T24686] delete_channel: no stack [ 1083.397891][T24694] FAULT_INJECTION: forcing a failure. [ 1083.397891][T24694] name failslab, interval 1, probability 0, space 0, times 0 [ 1083.401702][T24694] CPU: 1 UID: 0 PID: 24694 Comm: syz.1.4885 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1083.401730][T24694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1083.401737][T24694] Call Trace: [ 1083.401742][T24694] [ 1083.401746][T24694] dump_stack_lvl+0x16c/0x1f0 [ 1083.401763][T24694] should_fail_ex+0x512/0x640 [ 1083.401779][T24694] ? __kvmalloc_node_noprof+0x122/0x600 [ 1083.401792][T24694] should_failslab+0xc2/0x120 [ 1083.401805][T24694] __kvmalloc_node_noprof+0x135/0x600 [ 1083.401817][T24694] ? io_uring_setup+0x377/0x1ff0 [ 1083.401833][T24694] ? io_uring_setup+0x377/0x1ff0 [ 1083.401845][T24694] io_uring_setup+0x377/0x1ff0 [ 1083.401859][T24694] ? __pfx_io_uring_setup+0x10/0x10 [ 1083.401871][T24694] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1083.401886][T24694] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1083.401901][T24694] ? __fget_files+0x20e/0x3c0 [ 1083.401922][T24694] ? ksys_write+0x1b9/0x240 [ 1083.401932][T24694] ? __pfx_ksys_write+0x10/0x10 [ 1083.401944][T24694] __ia32_sys_io_uring_setup+0xc2/0x170 [ 1083.401958][T24694] __do_fast_syscall_32+0x73/0x120 [ 1083.401973][T24694] do_fast_syscall_32+0x32/0x80 [ 1083.401986][T24694] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1083.402000][T24694] RIP: 0023:0xf7fd8579 [ 1083.402009][T24694] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1083.402020][T24694] RSP: 002b:00000000f50b450c EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1083.402030][T24694] RAX: ffffffffffffffda RBX: 000000000000010d RCX: 0000000080000140 [ 1083.402037][T24694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1083.402043][T24694] RBP: 0000000080000240 R08: 0000000000000000 R09: 0000000000000000 [ 1083.402049][T24694] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1083.402055][T24694] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1083.402068][T24694] [ 1083.960200][T24701] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4894'. [ 1084.757526][T24728] delete_channel: no stack [ 1084.877525][T24732] FAULT_INJECTION: forcing a failure. [ 1084.877525][T24732] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1084.881545][T24732] CPU: 3 UID: 0 PID: 24732 Comm: syz.0.4898 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1084.881560][T24732] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1084.881567][T24732] Call Trace: [ 1084.881571][T24732] [ 1084.881575][T24732] dump_stack_lvl+0x16c/0x1f0 [ 1084.881592][T24732] should_fail_ex+0x512/0x640 [ 1084.881613][T24732] _copy_to_user+0x32/0xd0 [ 1084.881630][T24732] simple_read_from_buffer+0xcb/0x170 [ 1084.881648][T24732] proc_fail_nth_read+0x197/0x270 [ 1084.881663][T24732] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1084.881679][T24732] ? rw_verify_area+0xcf/0x680 [ 1084.881694][T24732] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1084.881709][T24732] vfs_read+0x1de/0xc70 [ 1084.881721][T24732] ? __pfx___mutex_lock+0x10/0x10 [ 1084.881734][T24732] ? __pfx_vfs_read+0x10/0x10 [ 1084.881747][T24732] ? __fget_files+0x20e/0x3c0 [ 1084.881768][T24732] ksys_read+0x12a/0x240 [ 1084.881777][T24732] ? __pfx_ksys_read+0x10/0x10 [ 1084.881788][T24732] ? rcu_is_watching+0x12/0xc0 [ 1084.881800][T24732] __do_fast_syscall_32+0x73/0x120 [ 1084.881815][T24732] do_fast_syscall_32+0x32/0x80 [ 1084.881829][T24732] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1084.881842][T24732] RIP: 0023:0xf7f43579 [ 1084.881851][T24732] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1084.881862][T24732] RSP: 002b:00000000f5066590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1084.881877][T24732] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5066620 [ 1084.881884][T24732] RDX: 000000000000000f RSI: 00000000f73d2ff4 RDI: 0000000000000000 [ 1084.881890][T24732] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1084.881896][T24732] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1084.881903][T24732] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1084.881916][T24732] [ 1084.999253][T24737] kAFS: No cell specified [ 1085.290108][T24747] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4901'. [ 1085.930285][T24754] net_ratelimit: 75 callbacks suppressed [ 1085.930297][T24754] netlink: zone id is out of range [ 1085.934050][T24754] netlink: zone id is out of range [ 1085.936141][T24754] netlink: zone id is out of range [ 1085.937949][T24754] netlink: zone id is out of range [ 1085.939529][T24754] netlink: zone id is out of range [ 1085.941141][T24754] netlink: zone id is out of range [ 1085.942867][T24754] netlink: zone id is out of range [ 1085.945400][T24754] netlink: zone id is out of range [ 1085.947552][T24754] netlink: zone id is out of range [ 1085.949707][T24754] netlink: zone id is out of range [ 1086.346747][T24768] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4907'. [ 1086.370663][T24768] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1086.373817][T24768] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1086.376514][T24768] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1086.379425][T24768] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1086.394439][T24768] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1086.397293][T24768] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1086.400084][T24768] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1086.402995][T24768] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1086.403638][T24769] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4907'. [ 1086.503043][T24771] netlink: 144 bytes leftover after parsing attributes in process `syz.4.4908'. [ 1086.808549][T24783] delete_channel: no stack [ 1086.993466][T24762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1087.216227][T24788] FAULT_INJECTION: forcing a failure. [ 1087.216227][T24788] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1087.220761][T24788] CPU: 1 UID: 0 PID: 24788 Comm: syz.1.4913 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1087.220797][T24788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1087.220807][T24788] Call Trace: [ 1087.220814][T24788] [ 1087.220820][T24788] dump_stack_lvl+0x16c/0x1f0 [ 1087.220845][T24788] should_fail_ex+0x512/0x640 [ 1087.220871][T24788] _copy_from_user+0x2e/0xd0 [ 1087.220903][T24788] io_msg_copy_hdr.isra.0+0x56e/0x910 [ 1087.220928][T24788] ? __pfx_io_msg_copy_hdr.isra.0+0x10/0x10 [ 1087.220967][T24788] io_sendmsg_setup+0xfa/0x300 [ 1087.220987][T24788] ? __pfx_io_sendmsg_setup+0x10/0x10 [ 1087.221006][T24788] ? irqentry_exit+0x3b/0x90 [ 1087.221030][T24788] ? __asan_memset+0x23/0x50 [ 1087.221056][T24788] ? io_cache_alloc_new+0xb8/0xf0 [ 1087.221077][T24788] io_sendmsg_prep+0x4a3/0x5d0 [ 1087.221100][T24788] io_submit_sqes+0x825/0x25d0 [ 1087.221136][T24788] __do_sys_io_uring_enter+0xd6a/0x1630 [ 1087.221160][T24788] ? __fget_files+0x20e/0x3c0 [ 1087.221184][T24788] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 1087.221204][T24788] ? fput+0x70/0xf0 [ 1087.221219][T24788] ? ksys_write+0x1b9/0x240 [ 1087.221234][T24788] ? __pfx_ksys_write+0x10/0x10 [ 1087.221252][T24788] ? rcu_is_watching+0x12/0xc0 [ 1087.221273][T24788] __do_fast_syscall_32+0x73/0x120 [ 1087.221290][T24788] do_fast_syscall_32+0x32/0x80 [ 1087.221304][T24788] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1087.221318][T24788] RIP: 0023:0xf7fd8579 [ 1087.221327][T24788] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1087.221339][T24788] RSP: 002b:00000000f50b455c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 1087.221349][T24788] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000000047f6 [ 1087.221357][T24788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1087.221363][T24788] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1087.221369][T24788] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1087.221375][T24788] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1087.221388][T24788] [ 1087.999922][T24800] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4916'. [ 1088.651515][T24810] 9pnet_fd: Insufficient options for proto=fd [ 1088.859295][ T5938] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1088.864135][ T5938] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1088.867440][ T5938] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1088.870799][ T5938] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1088.873917][ T5938] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1089.094918][T24811] chnl_net:caif_netlink_parms(): no params data found [ 1089.223269][T24811] bridge0: port 1(bridge_slave_0) entered blocking state [ 1089.226209][T24811] bridge0: port 1(bridge_slave_0) entered disabled state [ 1089.228561][T24811] bridge_slave_0: entered allmulticast mode [ 1089.231953][T24811] bridge_slave_0: entered promiscuous mode [ 1089.234535][T24828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4923'. [ 1089.240789][T24811] bridge0: port 2(bridge_slave_1) entered blocking state [ 1089.244043][T24811] bridge0: port 2(bridge_slave_1) entered disabled state [ 1089.246286][T24811] bridge_slave_1: entered allmulticast mode [ 1089.248932][T24811] bridge_slave_1: entered promiscuous mode [ 1089.282172][T24811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1089.287217][T24811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1089.338305][T24811] team0: Port device team_slave_0 added [ 1089.342966][T24811] team0: Port device team_slave_1 added [ 1089.373509][T24811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1089.376284][T24811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1089.386332][T24811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1089.391592][T24811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1089.394251][T24811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1089.404507][T24811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1089.502353][T24811] hsr_slave_0: entered promiscuous mode [ 1089.511123][T24811] hsr_slave_1: entered promiscuous mode [ 1089.515673][T24811] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1089.518738][T24811] Cannot create hsr debugfs directory [ 1089.529327][ T5938] Bluetooth: hci2: unexpected cc 0x2007 length: 100 > 2 [ 1089.700805][T24811] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1089.764482][T24811] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1089.772845][T24846] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4927'. [ 1089.828420][T24811] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1089.890759][T24811] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1090.021026][T24811] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1090.031544][T24811] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1090.051534][T24811] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1090.055981][T24811] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1090.106035][T24811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1090.116358][T24811] 8021q: adding VLAN 0 to HW filter on device team0 [ 1090.125280][ T103] bridge0: port 1(bridge_slave_0) entered blocking state [ 1090.128462][ T103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1090.137054][T23888] bridge0: port 2(bridge_slave_1) entered blocking state [ 1090.139235][T23888] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1090.277310][T24811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1090.307701][T24811] veth0_vlan: entered promiscuous mode [ 1090.314556][T24811] veth1_vlan: entered promiscuous mode [ 1090.357257][T24811] veth0_macvtap: entered promiscuous mode [ 1090.366580][T24811] veth1_macvtap: entered promiscuous mode [ 1090.386722][T24811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.390072][T24811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.394548][T24811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.397951][T24811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.401164][T24811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.404821][T24811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.408147][T24811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1090.412277][T24811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.419139][T24811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1090.429409][T24811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.432790][T24811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.436158][T24811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.439476][T24811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.442578][T24811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.447155][T24811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.451353][T24811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1090.455350][T24811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1090.459953][T24811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1090.475594][T24811] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1090.479531][T24811] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1090.487719][T24811] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1090.490573][T24811] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1090.551010][T24878] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4936'. [ 1090.557233][T23888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1090.569225][T23888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1090.610607][ T103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1090.613183][ T103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1090.787124][T24887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4920'. [ 1090.913990][ T5938] Bluetooth: hci4: command tx timeout [ 1091.665024][T24904] FAULT_INJECTION: forcing a failure. [ 1091.665024][T24904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1091.669908][T24904] CPU: 2 UID: 0 PID: 24904 Comm: syz.1.4944 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1091.669923][T24904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1091.669930][T24904] Call Trace: [ 1091.669935][T24904] [ 1091.669939][T24904] dump_stack_lvl+0x16c/0x1f0 [ 1091.669956][T24904] should_fail_ex+0x512/0x640 [ 1091.669973][T24904] _copy_to_user+0x32/0xd0 [ 1091.669991][T24904] simple_read_from_buffer+0xcb/0x170 [ 1091.670008][T24904] proc_fail_nth_read+0x197/0x270 [ 1091.670024][T24904] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1091.670039][T24904] ? rw_verify_area+0xcf/0x680 [ 1091.670067][T24904] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1091.670082][T24904] vfs_read+0x1de/0xc70 [ 1091.670094][T24904] ? __pfx___mutex_lock+0x10/0x10 [ 1091.670120][T24904] ? __pfx_vfs_read+0x10/0x10 [ 1091.670133][T24904] ? __fget_files+0x20e/0x3c0 [ 1091.670153][T24904] ksys_read+0x12a/0x240 [ 1091.670163][T24904] ? __pfx_ksys_read+0x10/0x10 [ 1091.670174][T24904] ? rcu_is_watching+0x12/0xc0 [ 1091.670186][T24904] __do_fast_syscall_32+0x73/0x120 [ 1091.670201][T24904] do_fast_syscall_32+0x32/0x80 [ 1091.670214][T24904] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1091.670228][T24904] RIP: 0023:0xf7fd8579 [ 1091.670237][T24904] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1091.670247][T24904] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1091.670259][T24904] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f50f6620 [ 1091.670266][T24904] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000 [ 1091.670272][T24904] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1091.670278][T24904] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1091.670284][T24904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1091.670297][T24904] [ 1091.783683][T24909] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4946'. [ 1091.812517][T24912] overlayfs: missing 'lowerdir' [ 1092.520244][T24931] Cannot find add_set index 0 as target [ 1092.813828][T24943] ebtables: wrong size: *len 264, entries_size 144, replsz 144 [ 1092.850785][T24947] net_ratelimit: 352 callbacks suppressed [ 1092.850796][T24947] IPv6: addrconf: prefix option has invalid lifetime [ 1092.982886][ T5938] Bluetooth: hci4: command tx timeout [ 1093.113537][T24948] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 1093.218706][T24961] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4964'. [ 1093.542838][ T5938] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1093.582933][ T5938] Bluetooth: hci2: Injecting HCI hardware error event [ 1093.587134][T17722] Bluetooth: hci2: hardware error 0x00 [ 1094.068743][T24989] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4977'. [ 1094.073589][T24989] IPv6: addrconf: prefix option has invalid lifetime [ 1094.181812][T25002] delete_channel: no stack [ 1094.358646][T25009] netlink: 140 bytes leftover after parsing attributes in process `syz.1.4986'. [ 1094.471429][T25017] fuse: Unknown parameter 'grou00000000000000000000' [ 1094.509490][T25019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4991'. [ 1094.639859][T25024] kAFS: No cell specified [ 1094.747432][T25027] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4989'. [ 1094.848809][T25030] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4993'. [ 1095.063050][ T5938] Bluetooth: hci4: command tx timeout [ 1095.431676][T25046] pimreg: entered allmulticast mode [ 1095.622853][T17722] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1095.689062][T25057] FAULT_INJECTION: forcing a failure. [ 1095.689062][T25057] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1095.693700][T25057] CPU: 2 UID: 0 PID: 25057 Comm: syz.1.5004 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1095.693716][T25057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1095.693723][T25057] Call Trace: [ 1095.693727][T25057] [ 1095.693732][T25057] dump_stack_lvl+0x16c/0x1f0 [ 1095.693748][T25057] should_fail_ex+0x512/0x640 [ 1095.693765][T25057] _copy_from_user+0x2e/0xd0 [ 1095.693782][T25057] get_user_ifreq+0x116/0x1c0 [ 1095.693795][T25057] compat_sock_ioctl+0x3f6/0x730 [ 1095.693811][T25057] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 1095.693828][T25057] ? fput+0x30/0xf0 [ 1095.693844][T25057] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 1095.693862][T25057] __ia32_compat_sys_ioctl+0x24c/0x360 [ 1095.693879][T25057] __do_fast_syscall_32+0x73/0x120 [ 1095.693894][T25057] do_fast_syscall_32+0x32/0x80 [ 1095.693907][T25057] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1095.693921][T25057] RIP: 0023:0xf7fd8579 [ 1095.693930][T25057] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1095.693941][T25057] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1095.693952][T25057] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008946 [ 1095.693958][T25057] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1095.693965][T25057] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1095.693971][T25057] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1095.693977][T25057] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1095.693990][T25057] [ 1095.912972][T25061] openvswitch: netlink: Message has 16 unknown bytes. [ 1095.915101][T25061] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1096.292244][T25074] bridge0: entered promiscuous mode [ 1096.296140][T25074] macvlan2: entered promiscuous mode [ 1096.401265][T25080] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5012'. [ 1097.005558][T25096] netlink: 3136 bytes leftover after parsing attributes in process `syz.3.5019'. [ 1097.143038][T17722] Bluetooth: hci4: command tx timeout [ 1097.497267][T25110] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5022'. [ 1097.502607][T25109] team0: No ports can be present during mode change [ 1097.586632][T25117] delete_channel: no stack [ 1097.949790][T25130] Bluetooth: MGMT ver 1.23 [ 1098.592344][T25160] fuse: Unknown parameter '000000000000000000030x0000000000000003' [ 1099.055625][T25165] sctp: [Deprecated]: syz.4.5042 (pid 25165) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1099.055625][T25165] Use struct sctp_sack_info instead [ 1099.065493][T25166] sctp: [Deprecated]: syz.4.5042 (pid 25166) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1099.065493][T25166] Use struct sctp_sack_info instead [ 1099.254781][T25175] FAULT_INJECTION: forcing a failure. [ 1099.254781][T25175] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1099.259978][T25175] CPU: 3 UID: 0 PID: 25175 Comm: syz.0.5046 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1099.260000][T25175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1099.260010][T25175] Call Trace: [ 1099.260016][T25175] [ 1099.260022][T25175] dump_stack_lvl+0x16c/0x1f0 [ 1099.260047][T25175] should_fail_ex+0x512/0x640 [ 1099.260074][T25175] _copy_from_user+0x2e/0xd0 [ 1099.260098][T25175] get_compat_msghdr+0xa7/0x170 [ 1099.260124][T25175] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1099.260156][T25175] ___sys_sendmsg+0x1ae/0x1d0 [ 1099.260175][T25175] ? __pfx____sys_sendmsg+0x10/0x10 [ 1099.260227][T25175] __sys_sendmsg+0x16d/0x220 [ 1099.260246][T25175] ? __pfx___sys_sendmsg+0x10/0x10 [ 1099.260271][T25175] ? rcu_is_watching+0x12/0xc0 [ 1099.260292][T25175] __do_fast_syscall_32+0x73/0x120 [ 1099.260313][T25175] do_fast_syscall_32+0x32/0x80 [ 1099.260333][T25175] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1099.260353][T25175] RIP: 0023:0xf706e579 [ 1099.260366][T25175] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1099.260382][T25175] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1099.260398][T25175] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 1099.260409][T25175] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1099.260419][T25175] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1099.260428][T25175] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1099.260437][T25175] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1099.260459][T25175] [ 1099.284602][T25176] delete_channel: no stack [ 1099.351206][T25180] x_tables: duplicate underflow at hook 1 [ 1099.480119][T25189] kAFS: No cell specified [ 1099.679217][T25196] FAULT_INJECTION: forcing a failure. [ 1099.679217][T25196] name failslab, interval 1, probability 0, space 0, times 0 [ 1099.685084][T25195] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5051'. [ 1099.686190][T25196] CPU: 2 UID: 0 PID: 25196 Comm: syz.1.5052 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1099.686206][T25196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1099.686213][T25196] Call Trace: [ 1099.686217][T25196] [ 1099.686221][T25196] dump_stack_lvl+0x16c/0x1f0 [ 1099.686239][T25196] should_fail_ex+0x512/0x640 [ 1099.686256][T25196] ? ___neigh_create+0x14e6/0x28c0 [ 1099.686270][T25196] should_failslab+0xc2/0x120 [ 1099.686283][T25196] __kmalloc_noprof+0xd2/0x510 [ 1099.686320][T25196] ___neigh_create+0x14e6/0x28c0 [ 1099.686336][T25196] ? __pfx_netif_rx_internal+0x10/0x10 [ 1099.686348][T25196] ? __pfx_dev_loopback_xmit+0x10/0x10 [ 1099.686365][T25196] ? __pfx____neigh_create+0x10/0x10 [ 1099.686381][T25196] ip6_finish_output2+0x1299/0x2020 [ 1099.686395][T25196] ? ip6_mtu+0x1a3/0x4a0 [ 1099.686414][T25196] ip6_finish_output+0x3f9/0x1360 [ 1099.686428][T25196] ip6_output+0x1f9/0x540 [ 1099.686440][T25196] ? __pfx_ip6_output+0x10/0x10 [ 1099.686452][T25196] ip6_local_out+0xcd/0x4a0 [ 1099.686468][T25196] ip6_send_skb+0x112/0x460 [ 1099.686481][T25196] ip6_push_pending_frames+0xe0/0x110 [ 1099.686494][T25196] rawv6_sendmsg+0x327c/0x4890 [ 1099.686517][T25196] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 1099.686545][T25196] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1099.686566][T25196] ? __pfx_aa_sk_perm+0x10/0x10 [ 1099.686579][T25196] ? __fget_files+0x20e/0x3c0 [ 1099.686595][T25196] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 1099.686613][T25196] ? inet_sendmsg+0x119/0x140 [ 1099.686625][T25196] inet_sendmsg+0x119/0x140 [ 1099.686639][T25196] __sys_sendto+0x431/0x510 [ 1099.686656][T25196] ? __pfx___sys_sendto+0x10/0x10 [ 1099.686684][T25196] ? ksys_write+0x1b9/0x240 [ 1099.686694][T25196] ? __pfx_ksys_write+0x10/0x10 [ 1099.686706][T25196] __ia32_sys_sendto+0xdd/0x1b0 [ 1099.686722][T25196] ? lockdep_hardirqs_on+0x7c/0x110 [ 1099.686739][T25196] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1099.686752][T25196] __do_fast_syscall_32+0x73/0x120 [ 1099.686767][T25196] do_fast_syscall_32+0x32/0x80 [ 1099.686781][T25196] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1099.686794][T25196] RIP: 0023:0xf7fd8579 [ 1099.686803][T25196] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1099.686814][T25196] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 1099.686825][T25196] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 1099.686832][T25196] RDX: 0000000000000016 RSI: 0000000000003b3a RDI: 0000000000000000 [ 1099.686838][T25196] RBP: 00000000fffffdfd R08: 0000000000000000 R09: 0000000000000000 [ 1099.686845][T25196] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1099.686851][T25196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1099.686864][T25196] [ 1100.024014][T25201] lo: entered promiscuous mode [ 1100.445380][T25228] delete_channel: no stack [ 1100.854598][T25200] lo: left promiscuous mode [ 1100.888825][T25247] kAFS: No cell specified [ 1101.086506][T25249] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5072'. [ 1101.257341][T25251] input: syz0 as /devices/virtual/input/input544 [ 1101.259493][T25251] input: failed to attach handler leds to device input544, error: -6 [ 1101.671984][T25265] tipc: Started in network mode [ 1101.673639][T25265] tipc: Node identity ac14140f, cluster identity 4711 [ 1101.676570][T25265] tipc: New replicast peer: 255.255.255.255 [ 1101.678834][T25265] tipc: Enabled bearer , priority 10 [ 1101.681925][T25265] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5078'. [ 1101.685952][T25265] tipc: Disabling bearer [ 1101.816177][T25277] MTD: Couldn't look up '': -22 [ 1101.818410][T25277] program syz.1.5084 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1101.834251][T25279] tipc: Started in network mode [ 1101.835876][T25279] tipc: Node identity ac14140f, cluster identity 4711 [ 1101.838060][T25279] tipc: New replicast peer: 255.255.255.255 [ 1101.841633][T25279] tipc: Enabled bearer , priority 10 [ 1101.907091][T25282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5082'. [ 1101.909962][T25282] bridge_slave_1: left allmulticast mode [ 1101.911826][T25282] bridge_slave_1: left promiscuous mode [ 1101.915834][T25282] bridge0: port 2(bridge_slave_1) entered disabled state [ 1101.921587][T25282] bridge_slave_0: left allmulticast mode [ 1101.924483][T25282] bridge_slave_0: left promiscuous mode [ 1101.927948][T25282] bridge0: port 1(bridge_slave_0) entered disabled state [ 1101.939915][T25287] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5088'. [ 1102.156054][T25298] kAFS: No cell specified [ 1102.350265][T25301] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5093'. [ 1102.642628][T25303] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5094'. [ 1102.759235][T25311] gfs2: gfs2 mount does not exist [ 1102.899805][T25316] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5100'. [ 1102.953626][ T9] tipc: Node number set to 2886997007 [ 1103.880870][T25349] kAFS: No cell specified [ 1104.075423][T25351] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5111'. [ 1104.510398][T25359] netlink: 'syz.0.5114': attribute type 4 has an invalid length. [ 1104.521990][T25359] netlink: 'syz.0.5114': attribute type 4 has an invalid length. [ 1105.004107][T25385] netlink: 256 bytes leftover after parsing attributes in process `syz.1.5123'. [ 1105.234873][T25401] FAULT_INJECTION: forcing a failure. [ 1105.234873][T25401] name failslab, interval 1, probability 0, space 0, times 0 [ 1105.239169][T25401] CPU: 2 UID: 0 PID: 25401 Comm: syz.1.5127 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1105.239193][T25401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1105.239204][T25401] Call Trace: [ 1105.239211][T25401] [ 1105.239219][T25401] dump_stack_lvl+0x16c/0x1f0 [ 1105.239243][T25401] should_fail_ex+0x512/0x640 [ 1105.239268][T25401] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1105.239290][T25401] should_failslab+0xc2/0x120 [ 1105.239313][T25401] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1105.239331][T25401] ? __alloc_skb+0x2b2/0x380 [ 1105.239361][T25401] __alloc_skb+0x2b2/0x380 [ 1105.239386][T25401] ? __pfx___alloc_skb+0x10/0x10 [ 1105.239413][T25401] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1105.239437][T25401] netlink_alloc_large_skb+0x69/0x130 [ 1105.239456][T25401] netlink_sendmsg+0x6a1/0xdd0 [ 1105.239478][T25401] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1105.239498][T25401] ? __import_iovec+0x1c8/0x660 [ 1105.239529][T25401] ____sys_sendmsg+0xa95/0xc70 [ 1105.239552][T25401] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1105.239573][T25401] ? get_compat_msghdr+0x11a/0x170 [ 1105.239608][T25401] ___sys_sendmsg+0x134/0x1d0 [ 1105.239626][T25401] ? __pfx____sys_sendmsg+0x10/0x10 [ 1105.239680][T25401] __sys_sendmsg+0x16d/0x220 [ 1105.239698][T25401] ? __pfx___sys_sendmsg+0x10/0x10 [ 1105.239725][T25401] ? rcu_is_watching+0x12/0xc0 [ 1105.239752][T25401] __do_fast_syscall_32+0x73/0x120 [ 1105.239776][T25401] do_fast_syscall_32+0x32/0x80 [ 1105.239796][T25401] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1105.239817][T25401] RIP: 0023:0xf7fd8579 [ 1105.239832][T25401] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1105.239848][T25401] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1105.239866][T25401] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 1105.239877][T25401] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1105.239887][T25401] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1105.239897][T25401] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1105.239907][T25401] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1105.239930][T25401] [ 1105.383895][T25407] kAFS: No cell specified [ 1105.608121][T25416] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5128'. [ 1106.278389][T25442] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 0, id = 0 [ 1107.646317][T25480] kAFS: No cell specified [ 1107.916844][T25499] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5144'. [ 1109.703933][T13331] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 1115.305758][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.308249][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.801587][T25538] trusted_key: syz.0.5153 sent an empty control message without MSG_MORE. [ 1117.806477][T25538] FAULT_INJECTION: forcing a failure. [ 1117.806477][T25538] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1117.810682][T25538] CPU: 1 UID: 0 PID: 25538 Comm: syz.0.5153 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1117.810697][T25538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1117.810703][T25538] Call Trace: [ 1117.810708][T25538] [ 1117.810712][T25538] dump_stack_lvl+0x16c/0x1f0 [ 1117.810730][T25538] should_fail_ex+0x512/0x640 [ 1117.810747][T25538] should_fail_alloc_page+0xe7/0x130 [ 1117.810762][T25538] prepare_alloc_pages+0x3c2/0x610 [ 1117.810781][T25538] __alloc_frozen_pages_noprof+0x18f/0x23a0 [ 1117.810801][T25538] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1117.810821][T25538] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1117.810837][T25538] ? policy_nodemask+0xea/0x4e0 [ 1117.810851][T25538] alloc_pages_mpol+0x1fb/0x550 [ 1117.810865][T25538] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1117.810878][T25538] ? __lock_acquire+0x5ca/0x1ba0 [ 1117.810895][T25538] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1117.810911][T25538] vma_alloc_folio_noprof+0xed/0x1e0 [ 1117.810925][T25538] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1117.810944][T25538] do_pte_missing+0x223d/0x3fb0 [ 1117.810960][T25538] __handle_mm_fault+0x103d/0x2a40 [ 1117.810974][T25538] ? __pfx___handle_mm_fault+0x10/0x10 [ 1117.810984][T25538] ? __pte_offset_map_lock+0x155/0x2f0 [ 1117.810999][T25538] ? find_held_lock+0x2b/0x80 [ 1117.811008][T25538] ? find_held_lock+0x2b/0x80 [ 1117.811026][T25538] handle_mm_fault+0x3fe/0xad0 [ 1117.811039][T25538] __get_user_pages+0x771/0x36f0 [ 1117.811061][T25538] ? __pfx___get_user_pages+0x10/0x10 [ 1117.811077][T25538] ? __pfx_down_read_killable+0x10/0x10 [ 1117.811097][T25538] __gup_longterm_locked+0x20d/0x1850 [ 1117.811117][T25538] ? try_get_folio+0x1d2/0x730 [ 1117.811132][T25538] ? __pfx___gup_longterm_locked+0x10/0x10 [ 1117.811150][T25538] ? try_get_folio+0x255/0x730 [ 1117.811166][T25538] ? sanity_check_pinned_pages+0x3ac/0x11e0 [ 1117.811196][T25538] gup_fast_fallback+0x183d/0x2650 [ 1117.811221][T25538] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1117.811239][T25538] ? __lock_acquire+0xaa4/0x1ba0 [ 1117.811254][T25538] ? is_bpf_text_address+0x94/0x1a0 [ 1117.811270][T25538] pin_user_pages_fast+0xa7/0xf0 [ 1117.811286][T25538] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 1117.811302][T25538] ? do_raw_spin_lock+0x12c/0x2b0 [ 1117.811321][T25538] iov_iter_extract_pages+0x3a2/0x2000 [ 1117.811340][T25538] ? stack_depot_save_flags+0x3e6/0xa50 [ 1117.811357][T25538] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 1117.811373][T25538] ? sock_kmalloc+0x111/0x170 [ 1117.811385][T25538] ? kasan_save_stack+0x42/0x60 [ 1117.811395][T25538] ? kasan_save_stack+0x33/0x60 [ 1117.811405][T25538] ? kasan_save_track+0x14/0x30 [ 1117.811415][T25538] ? __kasan_kmalloc+0xaa/0xb0 [ 1117.811425][T25538] ? __kmalloc_noprof+0x223/0x510 [ 1117.811435][T25538] ? sock_kmalloc+0x111/0x170 [ 1117.811446][T25538] ? af_alg_alloc_areq+0xbc/0x2e0 [ 1117.811460][T25538] ? aead_recvmsg+0x481/0x17b0 [ 1117.811470][T25538] ? sock_recvmsg+0x1f6/0x250 [ 1117.811481][T25538] ? ____sys_recvmsg+0x218/0x6b0 [ 1117.811493][T25538] ? ___sys_recvmsg+0x114/0x1a0 [ 1117.811502][T25538] ? do_recvmmsg+0x568/0x740 [ 1117.811510][T25538] ? __sys_recvmmsg+0x21c/0x280 [ 1117.811519][T25538] ? __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 1117.811530][T25538] ? __do_fast_syscall_32+0x73/0x120 [ 1117.811543][T25538] ? do_fast_syscall_32+0x32/0x80 [ 1117.811555][T25538] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1117.811572][T25538] extract_iter_to_sg+0xf6e/0x2090 [ 1117.811590][T25538] ? __pfx_extract_iter_to_sg+0x10/0x10 [ 1117.811617][T25538] af_alg_get_rsgl+0x2b8/0x7f0 [ 1117.811638][T25538] aead_recvmsg+0x4c7/0x17b0 [ 1117.811653][T25538] ? __pfx_aa_sk_perm+0x10/0x10 [ 1117.811666][T25538] ? __pfx_aead_recvmsg+0x10/0x10 [ 1117.811681][T25538] sock_recvmsg+0x1f6/0x250 [ 1117.811695][T25538] ____sys_recvmsg+0x218/0x6b0 [ 1117.811711][T25538] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1117.811723][T25538] ? import_iovec+0x86/0xb0 [ 1117.811744][T25538] ? __lock_acquire+0x5ca/0x1ba0 [ 1117.811759][T25538] ___sys_recvmsg+0x114/0x1a0 [ 1117.811769][T25538] ? __pfx____sys_recvmsg+0x10/0x10 [ 1117.811790][T25538] ? get_pid_task+0xb0/0x250 [ 1117.811816][T25538] do_recvmmsg+0x568/0x740 [ 1117.811836][T25538] ? __pfx_do_recvmmsg+0x10/0x10 [ 1117.811870][T25538] ? __fget_files+0x20e/0x3c0 [ 1117.811898][T25538] __sys_recvmmsg+0x21c/0x280 [ 1117.811914][T25538] ? __pfx___sys_recvmmsg+0x10/0x10 [ 1117.811929][T25538] ? __pfx_ksys_write+0x10/0x10 [ 1117.811946][T25538] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 1117.811963][T25538] ? lockdep_hardirqs_on+0x7c/0x110 [ 1117.811982][T25538] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1117.812004][T25538] __do_fast_syscall_32+0x73/0x120 [ 1117.812026][T25538] do_fast_syscall_32+0x32/0x80 [ 1117.812047][T25538] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1117.812068][T25538] RIP: 0023:0xf706e579 [ 1117.812081][T25538] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1117.812097][T25538] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 1117.812113][T25538] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800020c0 [ 1117.812124][T25538] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 1117.812134][T25538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1117.812143][T25538] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1117.812153][T25538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1117.812176][T25538] [ 1124.967368][T25546] netlink: 'syz.3.5157': attribute type 10 has an invalid length. [ 1124.979624][T25546] 8021q: adding VLAN 0 to HW filter on device team0 [ 1124.984733][T25546] bond0: (slave team0): Enslaving as an active interface with an up link [ 1126.078983][T25558] wireguard0: entered promiscuous mode [ 1126.080756][T25558] wireguard0: entered allmulticast mode [ 1126.171460][T25563] netlink: 'syz.0.5159': attribute type 10 has an invalid length. [ 1126.181750][T25563] veth0_vlan: left promiscuous mode [ 1126.187950][T25563] veth0_vlan: entered promiscuous mode [ 1126.192107][T25563] team0: Device veth0_vlan failed to register rx_handler [ 1126.507421][T25576] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5164'. [ 1126.514622][T25576] erspan0: entered promiscuous mode [ 1126.516539][T25576] macvtap1: entered promiscuous mode [ 1126.518283][T25576] macvtap1: entered allmulticast mode [ 1126.520070][T25576] erspan0: entered allmulticast mode [ 1126.541118][T25576] erspan0: left allmulticast mode [ 1126.542881][T25576] erspan0: left promiscuous mode [ 1127.728440][T25601] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5168'. [ 1128.834393][T25608] netlink: 'syz.4.5173': attribute type 10 has an invalid length. [ 1128.844060][T25608] veth0_vlan: left promiscuous mode [ 1128.849764][T25608] veth0_vlan: entered promiscuous mode [ 1128.855746][T25608] team0: Device veth0_vlan failed to register rx_handler [ 1130.054219][T25643] 9pnet_fd: Insufficient options for proto=fd [ 1131.480538][T25674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5191'. [ 1131.669764][T25677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5195'. [ 1131.689206][T25677] erspan0: entered promiscuous mode [ 1131.691029][T25677] macvtap2: entered promiscuous mode [ 1131.697396][T25677] macvtap2: entered allmulticast mode [ 1131.700656][T25677] erspan0: entered allmulticast mode [ 1131.771939][T25677] erspan0: left allmulticast mode [ 1131.778112][T25677] erspan0: left promiscuous mode [ 1131.866561][T25682] 9pnet_fd: Insufficient options for proto=fd [ 1132.296659][T25696] bridge0: port 3(syz_tun) entered blocking state [ 1132.299276][T25696] bridge0: port 3(syz_tun) entered disabled state [ 1132.301498][T25696] syz_tun: entered allmulticast mode [ 1132.305704][T25696] syz_tun: entered promiscuous mode [ 1132.308956][T25696] bridge0: port 3(syz_tun) entered blocking state [ 1132.311241][T25696] bridge0: port 3(syz_tun) entered forwarding state [ 1132.372415][T25701] kernel profiling enabled (shift: 63) [ 1132.374386][T25701] profiling shift: 63 too large [ 1132.378492][T25701] loop7: detected capacity change from 0 to 16384 [ 1132.718406][T25711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5204'. [ 1132.724032][T25711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5204'. [ 1132.728492][T25711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5204'. [ 1132.732423][T25711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5204'. [ 1133.301532][T25741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5207'. [ 1133.429191][T25745] FAULT_INJECTION: forcing a failure. [ 1133.429191][T25745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1133.439348][T25745] CPU: 1 UID: 0 PID: 25745 Comm: syz.0.5211 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1133.439365][T25745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1133.439372][T25745] Call Trace: [ 1133.439376][T25745] [ 1133.439380][T25745] dump_stack_lvl+0x16c/0x1f0 [ 1133.439397][T25745] should_fail_ex+0x512/0x640 [ 1133.439415][T25745] _copy_to_user+0x32/0xd0 [ 1133.439433][T25745] simple_read_from_buffer+0xcb/0x170 [ 1133.439450][T25745] proc_fail_nth_read+0x197/0x270 [ 1133.439465][T25745] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1133.439481][T25745] ? rw_verify_area+0xcf/0x680 [ 1133.439496][T25745] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1133.439511][T25745] vfs_read+0x1de/0xc70 [ 1133.439522][T25745] ? __pfx___mutex_lock+0x10/0x10 [ 1133.439535][T25745] ? __pfx_vfs_read+0x10/0x10 [ 1133.439548][T25745] ? __fget_files+0x20e/0x3c0 [ 1133.439569][T25745] ksys_read+0x12a/0x240 [ 1133.439578][T25745] ? __pfx_ksys_read+0x10/0x10 [ 1133.439587][T25745] ? rcu_is_watching+0x12/0xc0 [ 1133.439598][T25745] ? rcu_is_watching+0x12/0xc0 [ 1133.439609][T25745] __do_fast_syscall_32+0x73/0x120 [ 1133.439623][T25745] do_fast_syscall_32+0x32/0x80 [ 1133.439637][T25745] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1133.439651][T25745] RIP: 0023:0xf706e579 [ 1133.439659][T25745] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1133.439669][T25745] RSP: 002b:00000000f505e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1133.439680][T25745] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f505e620 [ 1133.439687][T25745] RDX: 000000000000000f RSI: 00000000f73d2ff4 RDI: 0000000000000000 [ 1133.439694][T25745] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1133.439700][T25745] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1133.439706][T25745] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1133.439719][T25745] [ 1134.402822][T25782] FAULT_INJECTION: forcing a failure. [ 1134.402822][T25782] name failslab, interval 1, probability 0, space 0, times 0 [ 1134.406710][T25782] CPU: 2 UID: 0 PID: 25782 Comm: syz.1.5225 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1134.406725][T25782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1134.406732][T25782] Call Trace: [ 1134.406736][T25782] [ 1134.406741][T25782] dump_stack_lvl+0x16c/0x1f0 [ 1134.406757][T25782] should_fail_ex+0x512/0x640 [ 1134.406773][T25782] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1134.406787][T25782] should_failslab+0xc2/0x120 [ 1134.406802][T25782] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1134.406819][T25782] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1134.406839][T25782] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1134.406854][T25782] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 1134.406872][T25782] alloc_inode+0x61/0x240 [ 1134.406886][T25782] new_inode+0x22/0x1c0 [ 1134.406900][T25782] hugetlbfs_get_inode+0x354/0x730 [ 1134.406914][T25782] hugetlb_file_setup+0x15b/0x620 [ 1134.406929][T25782] ksys_mmap_pgoff+0x189/0x5c0 [ 1134.406945][T25782] ? __ia32_sys_mmap_pgoff+0x11/0x1b0 [ 1134.406962][T25782] __do_fast_syscall_32+0x73/0x120 [ 1134.406976][T25782] do_fast_syscall_32+0x32/0x80 [ 1134.406990][T25782] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1134.407004][T25782] RIP: 0023:0xf7fd8579 [ 1134.407013][T25782] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1134.407023][T25782] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 00000000000000c0 [ 1134.407034][T25782] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000ff5000 [ 1134.407041][T25782] RDX: 0000000000000003 RSI: 00000000000ec071 RDI: 00000000ffffffff [ 1134.407047][T25782] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1134.407054][T25782] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1134.407060][T25782] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1134.407072][T25782] [ 1134.738719][T25809] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5235'. [ 1134.741725][T25809] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5235'. [ 1134.750329][T25809] geneve2: entered allmulticast mode [ 1134.765470][T13331] IPVS: starting estimator thread 0... [ 1134.775609][ C2] IPv4: Oversized IP packet from 172.20.20.24 [ 1134.780787][T25812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5237'. [ 1134.816745][T25815] FAULT_INJECTION: forcing a failure. [ 1134.816745][T25815] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1134.820931][T25815] CPU: 3 UID: 0 PID: 25815 Comm: syz.0.5238 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1134.820957][T25815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1134.820965][T25815] Call Trace: [ 1134.820969][T25815] [ 1134.820973][T25815] dump_stack_lvl+0x16c/0x1f0 [ 1134.820991][T25815] should_fail_ex+0x512/0x640 [ 1134.821008][T25815] _copy_to_user+0x32/0xd0 [ 1134.821026][T25815] simple_read_from_buffer+0xcb/0x170 [ 1134.821043][T25815] proc_fail_nth_read+0x197/0x270 [ 1134.821059][T25815] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1134.821075][T25815] ? rw_verify_area+0xcf/0x680 [ 1134.821090][T25815] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1134.821105][T25815] vfs_read+0x1de/0xc70 [ 1134.821117][T25815] ? __pfx___mutex_lock+0x10/0x10 [ 1134.821131][T25815] ? __pfx_vfs_read+0x10/0x10 [ 1134.821144][T25815] ? __fget_files+0x20e/0x3c0 [ 1134.821164][T25815] ksys_read+0x12a/0x240 [ 1134.821174][T25815] ? __pfx_ksys_read+0x10/0x10 [ 1134.821183][T25815] ? syscall_trace_enter+0x1cb/0x260 [ 1134.821204][T25815] ? rcu_is_watching+0x12/0xc0 [ 1134.821216][T25815] __do_fast_syscall_32+0x73/0x120 [ 1134.821231][T25815] do_fast_syscall_32+0x32/0x80 [ 1134.821244][T25815] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1134.821258][T25815] RIP: 0023:0xf706e579 [ 1134.821267][T25815] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1134.821278][T25815] RSP: 002b:00000000f505e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1134.821289][T25815] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f505e620 [ 1134.821296][T25815] RDX: 000000000000000f RSI: 00000000f73d2ff4 RDI: 0000000000000000 [ 1134.821302][T25815] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1134.821308][T25815] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1134.821314][T25815] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1134.821327][T25815] [ 1134.884178][T25810] IPVS: using max 45 ests per chain, 108000 per kthread [ 1135.025551][T25825] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 1135.132245][T25830] random: crng reseeded on system resumption [ 1135.267096][T25836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5246'. [ 1135.472052][T25853] snd_dummy snd_dummy.0: control 1:0:0:syz0:-3 is already present [ 1135.589388][T25863] overlayfs: failed to clone upperpath [ 1136.194251][T25881] overlayfs: failed to clone lowerpath [ 1136.308921][T25888] kAFS: No cell specified [ 1136.336290][T25890] kAFS: No cell specified [ 1136.946490][T25900] __nla_validate_parse: 8 callbacks suppressed [ 1136.946503][T25900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5265'. [ 1136.955456][T25900] erspan0: entered promiscuous mode [ 1136.957189][T25900] macvtap1: entered promiscuous mode [ 1136.958931][T25900] macvtap1: entered allmulticast mode [ 1136.960658][T25900] erspan0: entered allmulticast mode [ 1137.104242][T25907] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5268'. [ 1137.321000][T25926] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5274'. [ 1137.327302][T25926] erspan0: entered promiscuous mode [ 1137.329009][T25926] macvtap1: entered promiscuous mode [ 1137.330761][T25926] macvtap1: entered allmulticast mode [ 1137.332409][T25926] erspan0: entered allmulticast mode [ 1137.387557][T25930] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5275'. [ 1137.648696][T25905] exFAT-fs (nbd0): mounting with "discard" option, but the device does not support discard [ 1137.661224][T25905] syz.0.5266: attempt to access beyond end of device [ 1137.661224][T25905] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1137.668859][T25905] exFAT-fs (nbd0): unable to read boot sector [ 1137.671521][T25905] exFAT-fs (nbd0): failed to read boot sector [ 1137.674570][T25905] exFAT-fs (nbd0): failed to recognize exfat type [ 1138.025185][T25943] FAULT_INJECTION: forcing a failure. [ 1138.025185][T25943] name failslab, interval 1, probability 0, space 0, times 0 [ 1138.029129][T25943] CPU: 3 UID: 0 PID: 25943 Comm: syz.0.5279 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1138.029144][T25943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1138.029150][T25943] Call Trace: [ 1138.029154][T25943] [ 1138.029159][T25943] dump_stack_lvl+0x16c/0x1f0 [ 1138.029176][T25943] should_fail_ex+0x512/0x640 [ 1138.029192][T25943] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1138.029211][T25943] should_failslab+0xc2/0x120 [ 1138.029224][T25943] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1138.029241][T25943] ? load_msg+0x2fe/0x4a0 [ 1138.029255][T25943] ? do_mq_timedsend+0x8a4/0xc40 [ 1138.029267][T25943] do_mq_timedsend+0x8a4/0xc40 [ 1138.029278][T25943] ? __pfx_do_mq_timedsend+0x10/0x10 [ 1138.029288][T25943] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1138.029303][T25943] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1138.029318][T25943] ? __fget_files+0x20e/0x3c0 [ 1138.029337][T25943] __ia32_sys_mq_timedsend_time32+0x1cd/0x260 [ 1138.029349][T25943] ? ksys_write+0x1b9/0x240 [ 1138.029359][T25943] ? __pfx___ia32_sys_mq_timedsend_time32+0x10/0x10 [ 1138.029373][T25943] ? rcu_is_watching+0x12/0xc0 [ 1138.029385][T25943] __do_fast_syscall_32+0x73/0x120 [ 1138.029399][T25943] do_fast_syscall_32+0x32/0x80 [ 1138.029413][T25943] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1138.029430][T25943] RIP: 0023:0xf706e579 [ 1138.029439][T25943] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1138.029450][T25943] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000117 [ 1138.029461][T25943] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 1138.029468][T25943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1138.029474][T25943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1138.029480][T25943] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1138.029486][T25943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1138.029498][T25943] [ 1138.126407][T25947] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5280'. [ 1138.204231][T25950] xt_ecn: cannot match TCP bits for non-tcp packets [ 1138.539330][T17722] Bluetooth: hci4: unexpected cc 0x2007 length: 100 > 2 [ 1139.252623][T25988] kAFS: No cell specified [ 1139.472801][ T40] kauditd_printk_skb: 77 callbacks suppressed [ 1139.472817][ T40] audit: type=1326 audit(1745635663.701:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25995 comm="syz.3.5298" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f44579 code=0x0 [ 1139.507440][T25997] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5295'. [ 1139.788695][T26005] sp0: Synchronizing with TNC [ 1140.021840][T17722] Bluetooth: hci4: unexpected cc 0x2007 length: 100 > 2 [ 1140.033871][T26018] sp0: Synchronizing with TNC [ 1140.209202][T26032] kAFS: No cell specified [ 1140.241616][T26034] sp0: Synchronizing with TNC [ 1140.244239][T26034] FAULT_INJECTION: forcing a failure. [ 1140.244239][T26034] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1140.248524][T26034] CPU: 3 UID: 0 PID: 26034 Comm: syz.1.5311 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1140.248539][T26034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1140.248547][T26034] Call Trace: [ 1140.248553][T26034] [ 1140.248559][T26034] dump_stack_lvl+0x16c/0x1f0 [ 1140.248583][T26034] should_fail_ex+0x512/0x640 [ 1140.248603][T26034] _copy_to_user+0x32/0xd0 [ 1140.248620][T26034] simple_read_from_buffer+0xcb/0x170 [ 1140.248638][T26034] proc_fail_nth_read+0x197/0x270 [ 1140.248654][T26034] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1140.248669][T26034] ? rw_verify_area+0xcf/0x680 [ 1140.248684][T26034] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1140.248699][T26034] vfs_read+0x1de/0xc70 [ 1140.248710][T26034] ? __pfx___mutex_lock+0x10/0x10 [ 1140.248724][T26034] ? __pfx_vfs_read+0x10/0x10 [ 1140.248739][T26034] ? __fget_files+0x20e/0x3c0 [ 1140.248768][T26034] ksys_read+0x12a/0x240 [ 1140.248781][T26034] ? __pfx_ksys_read+0x10/0x10 [ 1140.248793][T26034] ? rcu_is_watching+0x12/0xc0 [ 1140.248805][T26034] __do_fast_syscall_32+0x73/0x120 [ 1140.248820][T26034] do_fast_syscall_32+0x32/0x80 [ 1140.248833][T26034] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1140.248847][T26034] RIP: 0023:0xf7fd8579 [ 1140.248855][T26034] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1140.248866][T26034] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1140.248876][T26034] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50f6620 [ 1140.248883][T26034] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000 [ 1140.248889][T26034] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1140.248895][T26034] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1140.248902][T26034] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1140.248914][T26034] [ 1140.437540][T26043] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5310'. [ 1140.715286][T26072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5320'. [ 1140.721657][T26072] gretap0: entered promiscuous mode [ 1140.725861][T26072] macvtap3: entered promiscuous mode [ 1140.727670][T26072] macvtap3: entered allmulticast mode [ 1140.729340][T26072] gretap0: entered allmulticast mode [ 1141.515711][T26143] overlayfs: failed to clone upperpath [ 1141.797507][T26149] overlayfs: failed to clone upperpath [ 1141.991195][T26156] kAFS: No cell specified [ 1142.188946][T26159] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5335'. [ 1142.584607][T17722] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1142.587375][T17722] Bluetooth: hci4: Injecting HCI hardware error event [ 1142.590180][T17722] Bluetooth: hci4: hardware error 0x00 [ 1142.681198][ T40] audit: type=1326 audit(1745635666.921:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.688762][ T40] audit: type=1326 audit(1745635666.921:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.720151][ T40] audit: type=1326 audit(1745635666.921:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.748704][ T40] audit: type=1326 audit(1745635666.921:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.759728][ T40] audit: type=1326 audit(1745635666.941:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.766576][ T40] audit: type=1326 audit(1745635666.941:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.773268][ T40] audit: type=1326 audit(1745635666.941:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.779829][ T40] audit: type=1326 audit(1745635666.951:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.786861][ T40] audit: type=1326 audit(1745635666.951:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26162 comm="syz.4.5336" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be579 code=0x7ffc0000 [ 1142.880772][T26170] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5339'. [ 1143.022198][T26178] bridge_slave_0: left allmulticast mode [ 1143.025242][T26178] bridge_slave_0: left promiscuous mode [ 1143.027529][T26178] bridge0: port 1(bridge_slave_0) entered disabled state [ 1143.032943][T26178] bridge_slave_1: left allmulticast mode [ 1143.035106][T26178] bridge_slave_1: left promiscuous mode [ 1143.037331][T26178] bridge0: port 2(bridge_slave_1) entered disabled state [ 1143.044741][T26178] bond0: (slave bond_slave_0): Releasing backup interface [ 1143.052033][T26178] bond0: (slave bond_slave_1): Releasing backup interface [ 1143.068437][T26180] netlink: 'syz.0.5341': attribute type 10 has an invalid length. [ 1143.072841][T26178] team0: Port device team_slave_0 removed [ 1143.078002][T26178] team0: Port device team_slave_1 removed [ 1143.080226][T26178] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1143.082574][T26178] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1143.085792][T26178] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1143.088117][T26178] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1143.138988][T26180] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1143.402365][T26189] overlayfs: failed to clone upperpath [ 1143.846852][T26201] kAFS: No cell specified [ 1144.046057][T26205] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5349'. [ 1144.553324][T26219] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5352'. [ 1144.663325][T17722] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1145.150689][T26236] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1145.158110][T26238] kAFS: No cell specified [ 1145.214980][T26241] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1145.354521][T26248] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5361'. [ 1146.189553][T26261] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5367'. [ 1146.192349][T26261] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5367'. [ 1146.202782][T26261] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5367'. [ 1146.284343][T26261] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5367'. [ 1146.379227][T26267] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5369'. [ 1146.872038][T26274] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1146.978017][T26281] overlayfs: failed to clone upperpath [ 1146.981353][T26282] kAFS: No cell specified [ 1147.211080][T26290] __nla_validate_parse: 1 callbacks suppressed [ 1147.211120][T26290] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5374'. [ 1147.287517][T26292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5378'. [ 1147.294424][T26292] erspan0: entered promiscuous mode [ 1147.296168][T26292] macvtap4: entered promiscuous mode [ 1147.297900][T26292] macvtap4: entered allmulticast mode [ 1147.299579][T26292] erspan0: entered allmulticast mode [ 1147.567867][T26301] fuse: Bad value for 'fd' [ 1148.675278][T26334] kAFS: No cell specified [ 1148.869631][T26337] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5393'. [ 1149.337104][T26341] overlayfs: failed to clone upperpath [ 1149.829420][T26364] tipc: Enabling of bearer rejected, already enabled [ 1149.834038][T26364] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5397'. [ 1149.836885][T26364] tipc: Disabling bearer [ 1149.994437][T26364] infiniband syz0: set active [ 1149.995904][T26364] infiniband syz0: added bond0 [ 1150.089105][T26364] RDS/IB: syz0: added [ 1150.090505][T26364] smc: adding ib device syz0 with port count 1 [ 1150.092447][T26364] smc: ib device syz0 port 1 has pnetid [ 1150.758031][T26379] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 1150.804114][T26382] kAFS: No cell specified [ 1151.003640][T26388] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5406'. [ 1151.720319][T26394] FAULT_INJECTION: forcing a failure. [ 1151.720319][T26394] name failslab, interval 1, probability 0, space 0, times 0 [ 1151.725214][T26394] CPU: 3 UID: 0 PID: 26394 Comm: syz.0.5410 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1151.725230][T26394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1151.725237][T26394] Call Trace: [ 1151.725243][T26394] [ 1151.725247][T26394] dump_stack_lvl+0x16c/0x1f0 [ 1151.725265][T26394] should_fail_ex+0x512/0x640 [ 1151.725281][T26394] ? fs_reclaim_acquire+0xae/0x150 [ 1151.725312][T26394] ? tomoyo_encode2+0x100/0x3e0 [ 1151.725327][T26394] should_failslab+0xc2/0x120 [ 1151.725340][T26394] __kmalloc_noprof+0xd2/0x510 [ 1151.725351][T26394] ? d_absolute_path+0x136/0x1a0 [ 1151.725367][T26394] tomoyo_encode2+0x100/0x3e0 [ 1151.725383][T26394] tomoyo_encode+0x29/0x50 [ 1151.725396][T26394] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1151.725415][T26394] tomoyo_path_number_perm+0x245/0x580 [ 1151.725426][T26394] ? tomoyo_path_number_perm+0x237/0x580 [ 1151.725440][T26394] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1151.725466][T26394] ? find_held_lock+0x2b/0x80 [ 1151.725476][T26394] ? hook_file_ioctl_common+0x145/0x410 [ 1151.725489][T26394] ? __fget_files+0x204/0x3c0 [ 1151.725507][T26394] ? __fget_files+0x20e/0x3c0 [ 1151.725522][T26394] ? fput+0x30/0xf0 [ 1151.725536][T26394] security_file_ioctl_compat+0x9b/0x240 [ 1151.725551][T26394] __ia32_compat_sys_ioctl+0xc3/0x360 [ 1151.725568][T26394] __do_fast_syscall_32+0x73/0x120 [ 1151.725583][T26394] do_fast_syscall_32+0x32/0x80 [ 1151.725596][T26394] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1151.725610][T26394] RIP: 0023:0xf706e579 [ 1151.725619][T26394] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1151.725630][T26394] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1151.725641][T26394] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 1151.725648][T26394] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000 [ 1151.725655][T26394] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1151.725661][T26394] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1151.725668][T26394] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1151.725681][T26394] [ 1151.725706][T26394] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1151.876388][T26400] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1152.637384][T26419] kAFS: No cell specified [ 1152.844940][T26432] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5421'. [ 1152.847714][T26432] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5421'. [ 1152.861287][T26426] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5417'. [ 1153.845502][ T5945] libceph: connect (1)[c::]:6789 error -101 [ 1153.848919][ T5945] libceph: mon0 (1)[c::]:6789 connect error [ 1153.890282][T26456] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1154.006801][T26463] kAFS: No cell specified [ 1154.105041][ T5945] libceph: connect (1)[c::]:6789 error -101 [ 1154.107656][ T5945] libceph: mon0 (1)[c::]:6789 connect error [ 1154.203743][T26466] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5430'. [ 1154.613138][ T5945] libceph: connect (1)[c::]:6789 error -101 [ 1154.615619][ T5945] libceph: mon0 (1)[c::]:6789 connect error [ 1154.632462][T26470] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5431'. [ 1154.685160][T26451] ceph: No mds server is up or the cluster is laggy [ 1154.736974][T26472] netlink: 'syz.3.5432': attribute type 1 has an invalid length. [ 1154.762275][T26474] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5433'. [ 1154.939560][T26479] FAULT_INJECTION: forcing a failure. [ 1154.939560][T26479] name failslab, interval 1, probability 0, space 0, times 0 [ 1154.943673][T26479] CPU: 0 UID: 0 PID: 26479 Comm: syz.0.5435 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1154.943688][T26479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1154.943695][T26479] Call Trace: [ 1154.943699][T26479] [ 1154.943703][T26479] dump_stack_lvl+0x16c/0x1f0 [ 1154.943721][T26479] should_fail_ex+0x512/0x640 [ 1154.943738][T26479] ? io_cache_alloc_new+0x45/0xf0 [ 1154.943748][T26479] should_failslab+0xc2/0x120 [ 1154.943762][T26479] __kmalloc_noprof+0xd2/0x510 [ 1154.943778][T26479] io_cache_alloc_new+0x45/0xf0 [ 1154.943788][T26479] io_arm_poll_handler+0x941/0xca0 [ 1154.943805][T26479] ? __pfx_io_arm_poll_handler+0x10/0x10 [ 1154.943823][T26479] ? rcu_is_watching+0x12/0xc0 [ 1154.943836][T26479] io_queue_async+0xaa/0x420 [ 1154.943849][T26479] io_submit_sqes+0x1720/0x25d0 [ 1154.943868][T26479] __do_sys_io_uring_enter+0xd6a/0x1630 [ 1154.943883][T26479] ? __fget_files+0x20e/0x3c0 [ 1154.943900][T26479] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 1154.943915][T26479] ? fput+0x70/0xf0 [ 1154.943927][T26479] ? ksys_write+0x1b9/0x240 [ 1154.943936][T26479] ? __pfx_ksys_write+0x10/0x10 [ 1154.943945][T26479] ? rcu_is_watching+0x12/0xc0 [ 1154.943956][T26479] ? rcu_is_watching+0x12/0xc0 [ 1154.943967][T26479] __do_fast_syscall_32+0x73/0x120 [ 1154.943987][T26479] do_fast_syscall_32+0x32/0x80 [ 1154.944001][T26479] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1154.944015][T26479] RIP: 0023:0xf706e579 [ 1154.944023][T26479] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1154.944034][T26479] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa [ 1154.944045][T26479] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000003516 [ 1154.944052][T26479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1154.944058][T26479] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1154.944064][T26479] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1154.944070][T26479] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1154.944083][T26479] [ 1155.273184][T26503] overlayfs: failed to clone upperpath [ 1155.376217][T26509] kAFS: No cell specified [ 1155.573378][T26511] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5443'. [ 1155.928615][T26517] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5446'. [ 1156.191424][T26521] loop7: detected capacity change from 0 to 16384 [ 1156.385103][T26540] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5449'. [ 1156.485450][T26524] loop7: detected capacity change from 16384 to 16383 [ 1156.504132][T26546] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5451'. [ 1157.311124][T26558] kAFS: No cell specified [ 1158.410965][T26586] __nla_validate_parse: 1 callbacks suppressed [ 1158.410996][T26586] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5465'. [ 1158.811475][T26598] FAULT_INJECTION: forcing a failure. [ 1158.811475][T26598] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1158.815874][T26598] CPU: 3 UID: 0 PID: 26598 Comm: syz.0.5471 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1158.815890][T26598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1158.815897][T26598] Call Trace: [ 1158.815901][T26598] [ 1158.815905][T26598] dump_stack_lvl+0x16c/0x1f0 [ 1158.815922][T26598] should_fail_ex+0x512/0x640 [ 1158.815946][T26598] _copy_from_user+0x2e/0xd0 [ 1158.815962][T26598] snd_seq_ioctl+0x1bf/0x410 [ 1158.815975][T26598] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 1158.815996][T26598] ? __fget_files+0x20e/0x3c0 [ 1158.816012][T26598] ? fput+0x30/0xf0 [ 1158.816026][T26598] snd_seq_ioctl_compat+0xea/0x310 [ 1158.816038][T26598] ? __pfx_snd_seq_ioctl_compat+0x10/0x10 [ 1158.816051][T26598] __ia32_compat_sys_ioctl+0x24c/0x360 [ 1158.816067][T26598] __do_fast_syscall_32+0x73/0x120 [ 1158.816082][T26598] do_fast_syscall_32+0x32/0x80 [ 1158.816096][T26598] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1158.816110][T26598] RIP: 0023:0xf706e579 [ 1158.816119][T26598] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1158.816130][T26598] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1158.816141][T26598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c08c5336 [ 1158.816148][T26598] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000 [ 1158.816154][T26598] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1158.816160][T26598] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1158.816166][T26598] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1158.816179][T26598] [ 1159.144822][T26604] kAFS: No cell specified [ 1159.366794][T26606] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5473'. [ 1159.849833][T26616] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 1160.051896][T26630] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1160.962093][T17722] Bluetooth: hci3: unexpected cc 0x2007 length: 100 > 2 [ 1161.070542][T26649] FAULT_INJECTION: forcing a failure. [ 1161.070542][T26649] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1161.077331][T26649] CPU: 3 UID: 0 PID: 26649 Comm: syz.1.5488 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1161.077348][T26649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1161.077355][T26649] Call Trace: [ 1161.077359][T26649] [ 1161.077363][T26649] dump_stack_lvl+0x16c/0x1f0 [ 1161.077380][T26649] should_fail_ex+0x512/0x640 [ 1161.077398][T26649] _copy_to_user+0x32/0xd0 [ 1161.077415][T26649] simple_read_from_buffer+0xcb/0x170 [ 1161.077433][T26649] proc_fail_nth_read+0x197/0x270 [ 1161.077448][T26649] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1161.077463][T26649] ? rw_verify_area+0xcf/0x680 [ 1161.077479][T26649] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1161.077493][T26649] vfs_read+0x1de/0xc70 [ 1161.077505][T26649] ? __pfx___mutex_lock+0x10/0x10 [ 1161.077518][T26649] ? __pfx_vfs_read+0x10/0x10 [ 1161.077531][T26649] ? __fget_files+0x20e/0x3c0 [ 1161.077552][T26649] ksys_read+0x12a/0x240 [ 1161.077561][T26649] ? __pfx_ksys_read+0x10/0x10 [ 1161.077572][T26649] ? rcu_is_watching+0x12/0xc0 [ 1161.077584][T26649] __do_fast_syscall_32+0x73/0x120 [ 1161.077599][T26649] do_fast_syscall_32+0x32/0x80 [ 1161.077613][T26649] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1161.077626][T26649] RIP: 0023:0xf7fd8579 [ 1161.077635][T26649] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1161.077646][T26649] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1161.077656][T26649] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50f6620 [ 1161.077663][T26649] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000 [ 1161.077670][T26649] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1161.077676][T26649] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1161.077682][T26649] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1161.077695][T26649] [ 1161.155740][T26651] rdma_rxe: rxe_newlink: failed to add lo [ 1161.168050][T26654] kAFS: No cell specified [ 1161.186709][T26656] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1161.387358][T26660] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5490'. [ 1161.962378][T26669] Invalid option length (1048180) for dns_resolver key [ 1162.191829][ T40] kauditd_printk_skb: 71 callbacks suppressed [ 1162.191839][ T40] audit: type=1326 audit(1745635686.431:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26685 comm="syz.0.5496" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706e579 code=0x0 [ 1162.792097][T26697] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5497'. [ 1162.806732][T26697] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1162.809690][T26697] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1162.812554][T26697] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1162.816011][T26697] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1162.819656][T26697] vxlan0: entered promiscuous mode [ 1163.113908][T26706] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5500'. [ 1163.324322][T26708] kAFS: No cell specified [ 1163.517338][T26711] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5503'. [ 1164.557316][T26733] can0: slcan on ttyS3. [ 1164.982923][T17722] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1164.986239][T17722] Bluetooth: hci3: Injecting HCI hardware error event [ 1164.990535][T17722] Bluetooth: hci3: hardware error 0x00 [ 1165.406399][T26730] can0 (unregistered): slcan off ttyS3. [ 1165.468851][T26752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5513'. [ 1165.520151][T26763] kAFS: No cell specified [ 1165.739139][T26769] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5517'. [ 1165.795949][T26771] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5519'. [ 1165.831647][T26773] netlink: 'syz.3.5520': attribute type 2 has an invalid length. [ 1165.837056][T26773] netlink: 'syz.3.5520': attribute type 1 has an invalid length. [ 1166.537156][T26783] vlan2: entered promiscuous mode [ 1166.538968][T26783] vlan2: entered allmulticast mode [ 1166.540608][T26783] veth0_vlan: entered allmulticast mode [ 1166.677006][T26789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5525'. [ 1167.062904][T17722] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1167.360099][T26801] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5529'. [ 1167.364315][T26801] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5529'. [ 1168.967149][T26835] @: renamed from vlan0 (while UP) [ 1169.135624][T26832] syz.1.5539: attempt to access beyond end of device [ 1169.135624][T26832] nbd1: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 1169.140546][T26832] gfs2: error -5 reading superblock [ 1169.230090][T26838] IPv6: Can't replace route, no match found [ 1169.798352][T26849] netlink: 'syz.1.5543': attribute type 2 has an invalid length. [ 1169.800782][T26849] netlink: 'syz.1.5543': attribute type 1 has an invalid length. [ 1169.931766][T17722] Bluetooth: hci0: unexpected cc 0x2007 length: 100 > 2 [ 1170.624377][T26873] FAULT_INJECTION: forcing a failure. [ 1170.624377][T26873] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1170.628970][T26873] CPU: 0 UID: 0 PID: 26873 Comm: syz.0.5551 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1170.628996][T26873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1170.629003][T26873] Call Trace: [ 1170.629007][T26873] [ 1170.629012][T26873] dump_stack_lvl+0x16c/0x1f0 [ 1170.629030][T26873] should_fail_ex+0x512/0x640 [ 1170.629047][T26873] _copy_from_user+0x2e/0xd0 [ 1170.629064][T26873] vhost_dev_ioctl+0x1a9/0xdc0 [ 1170.629081][T26873] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 1170.629099][T26873] vhost_vsock_dev_ioctl+0x3a5/0xb30 [ 1170.629113][T26873] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 1170.629134][T26873] ? __fget_files+0x20e/0x3c0 [ 1170.629150][T26873] ? fput+0x30/0xf0 [ 1170.629163][T26873] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 1170.629176][T26873] compat_ptr_ioctl+0x6b/0xa0 [ 1170.629189][T26873] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 1170.629203][T26873] __ia32_compat_sys_ioctl+0x24c/0x360 [ 1170.629219][T26873] __do_fast_syscall_32+0x73/0x120 [ 1170.629234][T26873] do_fast_syscall_32+0x32/0x80 [ 1170.629248][T26873] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1170.629262][T26873] RIP: 0023:0xf706e579 [ 1170.629270][T26873] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1170.629281][T26873] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1170.629292][T26873] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af03 [ 1170.629299][T26873] RDX: 0000000080000e40 RSI: 0000000000000000 RDI: 0000000000000000 [ 1170.629305][T26873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1170.629311][T26873] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1170.629317][T26873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1170.629330][T26873] [ 1171.031628][T26889] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5558'. [ 1171.051843][T26891] kAFS: No cell specified [ 1171.254042][T26906] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5559'. [ 1172.068854][T26917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5569'. [ 1172.637275][T26937] kAFS: No cell specified [ 1172.875051][T26939] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5575'. [ 1173.541330][T26930] syz.3.5574 (26930) used greatest stack depth: 19432 bytes left [ 1173.636706][T26951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5579'. [ 1174.022894][T17722] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1174.026911][T17722] Bluetooth: hci0: Injecting HCI hardware error event [ 1174.031446][ T5938] Bluetooth: hci0: hardware error 0x00 [ 1174.263558][T26967] kAFS: No cell specified [ 1174.487796][T26969] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5585'. [ 1174.698025][T26971] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1174.963699][T26978] FAULT_INJECTION: forcing a failure. [ 1174.963699][T26978] name failslab, interval 1, probability 0, space 0, times 0 [ 1174.967519][T26978] CPU: 1 UID: 0 PID: 26978 Comm: syz.0.5588 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1174.967545][T26978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1174.967552][T26978] Call Trace: [ 1174.967556][T26978] [ 1174.967561][T26978] dump_stack_lvl+0x16c/0x1f0 [ 1174.967578][T26978] should_fail_ex+0x512/0x640 [ 1174.967593][T26978] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1174.967612][T26978] should_failslab+0xc2/0x120 [ 1174.967626][T26978] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1174.967642][T26978] ? do_raw_spin_lock+0x12c/0x2b0 [ 1174.967658][T26978] ? sctp_stream_init_ext+0x4e/0x1b0 [ 1174.967672][T26978] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1174.967689][T26978] sctp_stream_init_ext+0x4e/0x1b0 [ 1174.967704][T26978] sctp_sched_set_value+0x16c/0x1c0 [ 1174.967722][T26978] sctp_setsockopt+0x2728/0xb870 [ 1174.967742][T26978] ? __pfx_sctp_setsockopt+0x10/0x10 [ 1174.967758][T26978] ? __lock_acquire+0x5ca/0x1ba0 [ 1174.967771][T26978] ? __pfx_aa_sk_perm+0x10/0x10 [ 1174.967784][T26978] ? find_held_lock+0x2b/0x80 [ 1174.967795][T26978] ? sock_common_setsockopt+0x2e/0xf0 [ 1174.967809][T26978] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1174.967822][T26978] do_sock_setsockopt+0x221/0x470 [ 1174.967834][T26978] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1174.967857][T26978] __sys_setsockopt+0x120/0x1a0 [ 1174.967880][T26978] __ia32_sys_setsockopt+0xbc/0x160 [ 1174.967896][T26978] ? lockdep_hardirqs_on+0x7c/0x110 [ 1174.967909][T26978] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1174.967923][T26978] __do_fast_syscall_32+0x73/0x120 [ 1174.967937][T26978] do_fast_syscall_32+0x32/0x80 [ 1174.967951][T26978] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1174.967964][T26978] RIP: 0023:0xf706e579 [ 1174.967973][T26978] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1174.967984][T26978] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 1174.967994][T26978] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084 [ 1174.968001][T26978] RDX: 000000000000007c RSI: 00000000800000c0 RDI: 000000006ee1bb89 [ 1174.968007][T26978] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1174.968014][T26978] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1174.968020][T26978] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1174.968033][T26978] [ 1175.024894][T26980] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5589'. [ 1175.512341][T26987] ceph: No mds server is up or the cluster is laggy [ 1175.653915][T16558] libceph: connect (1)[c::]:6789 error -22 [ 1175.656198][T16558] libceph: mon0 (1)[c::]:6789 connect error [ 1175.997558][T27009] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5598'. [ 1176.024979][T27011] kAFS: No cell specified [ 1176.102889][ T5938] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1176.207437][T27017] overlayfs: failed to clone upperpath [ 1176.222365][T27018] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5599'. [ 1176.746673][ T1416] ieee802154 phy0 wpan0: encryption failed: -22 [ 1176.748778][ T1416] ieee802154 phy1 wpan1: encryption failed: -22 [ 1176.756353][T24211] vlan2: left promiscuous mode [ 1176.757921][T24211] bond0: left promiscuous mode [ 1176.759576][T24211] bridge0: port 1(vlan2) entered disabled state [ 1176.928049][T24211] team0: Port device geneve0 removed [ 1177.192552][T24211] bond0 (unregistering): Released all slaves [ 1177.288526][T24211] bond1 (unregistering): Released all slaves [ 1177.329424][T27039] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5607'. [ 1177.527271][T27045] FAULT_INJECTION: forcing a failure. [ 1177.527271][T27045] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1177.532095][T27045] CPU: 3 UID: 0 PID: 27045 Comm: syz.1.5609 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1177.532111][T27045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1177.532118][T27045] Call Trace: [ 1177.532122][T27045] [ 1177.532126][T27045] dump_stack_lvl+0x16c/0x1f0 [ 1177.532156][T27045] should_fail_ex+0x512/0x640 [ 1177.532175][T27045] _copy_to_user+0x32/0xd0 [ 1177.532192][T27045] simple_read_from_buffer+0xcb/0x170 [ 1177.532209][T27045] proc_fail_nth_read+0x197/0x270 [ 1177.532225][T27045] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1177.532241][T27045] ? rw_verify_area+0xcf/0x680 [ 1177.532256][T27045] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1177.532271][T27045] vfs_read+0x1de/0xc70 [ 1177.532283][T27045] ? __pfx___mutex_lock+0x10/0x10 [ 1177.532296][T27045] ? __pfx_vfs_read+0x10/0x10 [ 1177.532310][T27045] ? __fget_files+0x20e/0x3c0 [ 1177.532330][T27045] ksys_read+0x12a/0x240 [ 1177.532340][T27045] ? __pfx_ksys_read+0x10/0x10 [ 1177.532351][T27045] ? rcu_is_watching+0x12/0xc0 [ 1177.532363][T27045] __do_fast_syscall_32+0x73/0x120 [ 1177.532378][T27045] do_fast_syscall_32+0x32/0x80 [ 1177.532392][T27045] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1177.532417][T27045] RIP: 0023:0xf7fd8579 [ 1177.532427][T27045] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1177.532437][T27045] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1177.532448][T27045] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50f6620 [ 1177.532455][T27045] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000 [ 1177.532461][T27045] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1177.532467][T27045] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1177.532473][T27045] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1177.532487][T27045] [ 1177.703216][T27047] ntfs3(sr0): Primary boot signature is not NTFS. [ 1177.713385][T27047] ntfs3(sr0): try to read out of volume at offset 0xf800 [ 1177.763252][T27047] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 1177.827720][T24211] hsr_slave_0: left promiscuous mode [ 1177.830549][T24211] hsr_slave_1: left promiscuous mode [ 1177.862040][T24211] veth1_macvtap: left promiscuous mode [ 1177.874249][T24211] veth0_macvtap: left promiscuous mode [ 1177.882621][T24211] veth1_vlan: left promiscuous mode [ 1177.891135][T24211] veth0_vlan: left promiscuous mode [ 1178.287294][ T1244] smc: removing ib device syz1 [ 1178.310723][T27057] overlayfs: failed to clone upperpath [ 1178.602564][T27065] overlayfs: failed to clone upperpath [ 1178.605899][T27065] Invalid ELF header magic: != ELF [ 1178.672941][T27061] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5615'. [ 1178.875683][ T40] audit: type=1326 audit(1745635703.111:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27077 comm="syz.1.5620" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fd8579 code=0x0 [ 1178.926581][T27079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5620'. [ 1179.835735][T27079] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 1179.839495][T27079] gretap1: entered promiscuous mode [ 1179.841238][T27079] gretap1: entered allmulticast mode [ 1179.871819][T27084] FAULT_INJECTION: forcing a failure. [ 1179.871819][T27084] name failslab, interval 1, probability 0, space 0, times 0 [ 1179.876691][T27084] CPU: 1 UID: 0 PID: 27084 Comm: syz.0.5622 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1179.876706][T27084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1179.876713][T27084] Call Trace: [ 1179.876717][T27084] [ 1179.876722][T27084] dump_stack_lvl+0x16c/0x1f0 [ 1179.876739][T27084] should_fail_ex+0x512/0x640 [ 1179.876754][T27084] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1179.876773][T27084] should_failslab+0xc2/0x120 [ 1179.876786][T27084] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1179.876803][T27084] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1179.876816][T27084] ? kobject_uevent_env+0x265/0x1870 [ 1179.876834][T27084] kobject_uevent_env+0x265/0x1870 [ 1179.876850][T27084] ? __pfx_dev_uevent_name+0x10/0x10 [ 1179.876868][T27084] ? __fget_files+0x20e/0x3c0 [ 1179.876887][T27084] lo_ioctl+0x40e/0x27e0 [ 1179.876902][T27084] ? stack_depot_save_flags+0x28/0xa50 [ 1179.876918][T27084] ? __lock_acquire+0xaa4/0x1ba0 [ 1179.876934][T27084] ? kasan_save_stack+0x42/0x60 [ 1179.876944][T27084] ? kasan_save_stack+0x33/0x60 [ 1179.876954][T27084] ? kasan_save_track+0x14/0x30 [ 1179.876964][T27084] ? kasan_save_free_info+0x3b/0x60 [ 1179.876979][T27084] ? __kasan_slab_free+0x51/0x70 [ 1179.876989][T27084] ? kfree+0x2b6/0x4d0 [ 1179.877004][T27084] ? tomoyo_path_number_perm+0x470/0x580 [ 1179.877016][T27084] ? security_file_ioctl_compat+0x9b/0x240 [ 1179.877029][T27084] ? __ia32_compat_sys_ioctl+0xc3/0x360 [ 1179.877043][T27084] ? __do_fast_syscall_32+0x73/0x120 [ 1179.877072][T27084] ? do_fast_syscall_32+0x32/0x80 [ 1179.877084][T27084] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1179.877103][T27084] ? __pfx_lo_ioctl+0x10/0x10 [ 1179.877130][T27084] ? kasan_quarantine_put+0x10a/0x240 [ 1179.877141][T27084] ? lockdep_hardirqs_on+0x7c/0x110 [ 1179.877155][T27084] ? find_held_lock+0x2b/0x80 [ 1179.877164][T27084] ? tomoyo_path_number_perm+0x295/0x580 [ 1179.877178][T27084] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1179.877194][T27084] ? blkdev_common_ioctl+0x1dd/0x2480 [ 1179.877206][T27084] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1179.877218][T27084] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1179.877232][T27084] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 1179.877244][T27084] ? do_vfs_ioctl+0x512/0x1990 [ 1179.877258][T27084] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1179.877281][T27084] lo_compat_ioctl+0xb9/0x170 [ 1179.877296][T27084] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 1179.877311][T27084] compat_blkdev_ioctl+0x2eb/0x7a0 [ 1179.877324][T27084] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 1179.877335][T27084] ? fput+0x30/0xf0 [ 1179.877349][T27084] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 1179.877361][T27084] __ia32_compat_sys_ioctl+0x24c/0x360 [ 1179.877378][T27084] __do_fast_syscall_32+0x73/0x120 [ 1179.877392][T27084] do_fast_syscall_32+0x32/0x80 [ 1179.877405][T27084] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1179.877418][T27084] RIP: 0023:0xf706e579 [ 1179.877427][T27084] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1179.877438][T27084] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1179.877448][T27084] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c06 [ 1179.877455][T27084] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 1179.877462][T27084] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1179.877468][T27084] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1179.877474][T27084] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1179.877487][T27084] [ 1180.043831][T27092] netlink: 'syz.0.5625': attribute type 21 has an invalid length. [ 1180.050713][T27092] netlink: 156 bytes leftover after parsing attributes in process `syz.0.5625'. [ 1180.184411][T27104] overlayfs: failed to clone upperpath [ 1180.225413][T27110] netlink: 'syz.3.5632': attribute type 3 has an invalid length. [ 1180.228017][T27110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5632'. [ 1180.245051][T27112] FAULT_INJECTION: forcing a failure. [ 1180.245051][T27112] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1180.249043][T27112] CPU: 0 UID: 0 PID: 27112 Comm: syz.0.5633 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1180.249058][T27112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1180.249065][T27112] Call Trace: [ 1180.249069][T27112] [ 1180.249073][T27112] dump_stack_lvl+0x16c/0x1f0 [ 1180.249090][T27112] should_fail_ex+0x512/0x640 [ 1180.249108][T27112] _copy_to_user+0x32/0xd0 [ 1180.249125][T27112] simple_read_from_buffer+0xcb/0x170 [ 1180.249142][T27112] proc_fail_nth_read+0x197/0x270 [ 1180.249158][T27112] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1180.249174][T27112] ? rw_verify_area+0xcf/0x680 [ 1180.249189][T27112] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1180.249203][T27112] vfs_read+0x1de/0xc70 [ 1180.249215][T27112] ? __pfx___mutex_lock+0x10/0x10 [ 1180.249228][T27112] ? __pfx_vfs_read+0x10/0x10 [ 1180.249242][T27112] ? __fget_files+0x20e/0x3c0 [ 1180.249262][T27112] ksys_read+0x12a/0x240 [ 1180.249271][T27112] ? __pfx_ksys_read+0x10/0x10 [ 1180.249282][T27112] ? rcu_is_watching+0x12/0xc0 [ 1180.249294][T27112] __do_fast_syscall_32+0x73/0x120 [ 1180.249309][T27112] do_fast_syscall_32+0x32/0x80 [ 1180.249322][T27112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1180.249336][T27112] RIP: 0023:0xf706e579 [ 1180.249345][T27112] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1180.249356][T27112] RSP: 002b:00000000f505e590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1180.249366][T27112] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f505e620 [ 1180.249373][T27112] RDX: 000000000000000f RSI: 00000000f73d2ff4 RDI: 0000000000000000 [ 1180.249379][T27112] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1180.249386][T27112] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1180.249392][T27112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1180.249405][T27112] [ 1180.285622][T27116] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5635'. [ 1180.344942][T27121] FAULT_INJECTION: forcing a failure. [ 1180.344942][T27121] name failslab, interval 1, probability 0, space 0, times 0 [ 1180.348880][T27121] CPU: 2 UID: 0 PID: 27121 Comm: syz.0.5637 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1180.348896][T27121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1180.348903][T27121] Call Trace: [ 1180.348908][T27121] [ 1180.348912][T27121] dump_stack_lvl+0x16c/0x1f0 [ 1180.348930][T27121] should_fail_ex+0x512/0x640 [ 1180.348945][T27121] ? fs_reclaim_acquire+0xae/0x150 [ 1180.348962][T27121] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1180.348978][T27121] should_failslab+0xc2/0x120 [ 1180.348992][T27121] __kmalloc_noprof+0xd2/0x510 [ 1180.349007][T27121] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1180.349023][T27121] ? tomoyo_profile+0x47/0x60 [ 1180.349040][T27121] tomoyo_path_number_perm+0x245/0x580 [ 1180.349052][T27121] ? tomoyo_path_number_perm+0x237/0x580 [ 1180.349065][T27121] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1180.349095][T27121] ? find_held_lock+0x2b/0x80 [ 1180.349105][T27121] ? hook_file_ioctl_common+0x145/0x410 [ 1180.349117][T27121] ? __fget_files+0x204/0x3c0 [ 1180.349135][T27121] ? __fget_files+0x20e/0x3c0 [ 1180.349150][T27121] ? fput+0x30/0xf0 [ 1180.349164][T27121] security_file_ioctl_compat+0x9b/0x240 [ 1180.349180][T27121] __ia32_compat_sys_ioctl+0xc3/0x360 [ 1180.349196][T27121] __do_fast_syscall_32+0x73/0x120 [ 1180.349211][T27121] do_fast_syscall_32+0x32/0x80 [ 1180.349225][T27121] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1180.349238][T27121] RIP: 0023:0xf706e579 [ 1180.349247][T27121] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1180.349258][T27121] RSP: 002b:00000000f505e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1180.349269][T27121] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000001277 [ 1180.349275][T27121] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 1180.349282][T27121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1180.349288][T27121] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1180.349294][T27121] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1180.349307][T27121] [ 1180.349311][T27121] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1180.627503][T27128] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5638'. [ 1181.404705][T27146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5647'. [ 1181.407426][T27146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5647'. [ 1181.431680][T27149] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1181.450689][T27151] kAFS: No cell specified [ 1181.683142][T27156] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5649'. [ 1182.415182][T27172] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5651'. [ 1183.056043][T27187] netlink: 'syz.4.5658': attribute type 178 has an invalid length. [ 1183.118211][T27194] overlayfs: failed to clone upperpath [ 1183.147735][T27197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5659'. [ 1184.069908][T27224] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5667'. [ 1184.373896][T27232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5672'. [ 1184.875696][T27241] netlink: 'syz.3.5675': attribute type 4 has an invalid length. [ 1184.878303][T27241] netlink: 152 bytes leftover after parsing attributes in process `syz.3.5675'. [ 1184.892938][T27241] : renamed from bond0 (while UP) [ 1185.003277][T27244] kAFS: No cell specified [ 1185.004857][T27245] kAFS: No cell specified [ 1185.017307][T27247] overlayfs: missing 'lowerdir' [ 1185.308163][T27261] FAULT_INJECTION: forcing a failure. [ 1185.308163][T27261] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1185.313800][T27261] CPU: 0 UID: 0 PID: 27261 Comm: syz.1.5683 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1185.313825][T27261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1185.313835][T27261] Call Trace: [ 1185.313842][T27261] [ 1185.313849][T27261] dump_stack_lvl+0x16c/0x1f0 [ 1185.313874][T27261] should_fail_ex+0x512/0x640 [ 1185.313902][T27261] _copy_from_user+0x2e/0xd0 [ 1185.313927][T27261] get_compat_msghdr+0xa7/0x170 [ 1185.313954][T27261] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1185.313987][T27261] ___sys_sendmsg+0x1ae/0x1d0 [ 1185.314006][T27261] ? __pfx____sys_sendmsg+0x10/0x10 [ 1185.314063][T27261] __sys_sendmsg+0x16d/0x220 [ 1185.314080][T27261] ? __pfx___sys_sendmsg+0x10/0x10 [ 1185.314104][T27261] ? rcu_is_watching+0x12/0xc0 [ 1185.314122][T27261] ? rcu_is_watching+0x12/0xc0 [ 1185.314141][T27261] __do_fast_syscall_32+0x73/0x120 [ 1185.314164][T27261] do_fast_syscall_32+0x32/0x80 [ 1185.314185][T27261] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1185.314206][T27261] RIP: 0023:0xf7fd8579 [ 1185.314219][T27261] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1185.314236][T27261] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 1185.314252][T27261] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000400 [ 1185.314263][T27261] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1185.314274][T27261] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1185.314284][T27261] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1185.314294][T27261] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1185.314317][T27261] [ 1185.373305][T27262] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5677'. [ 1185.425245][T27258] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5676'. [ 1186.111128][T27279] overlayfs: failed to clone upperpath [ 1186.147053][T27272] syz.1.5685: attempt to access beyond end of device [ 1186.147053][T27272] nbd1: rw=4096, sector=0, nr_sectors = 2 limit=0 [ 1186.151445][T27272] XFS (nbd1): SB validate failed with error -5. [ 1186.863329][T27302] kAFS: No cell specified [ 1186.958958][T27310] __nla_validate_parse: 4 callbacks suppressed [ 1186.958976][T27310] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5696'. [ 1186.965850][T27310] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5696'. [ 1187.057930][T27314] kAFS: No cell specified [ 1187.125931][T27317] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5694'. [ 1187.661610][T27322] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1187.761530][T27326] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5700'. [ 1188.115921][T27349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5706'. [ 1188.118792][T27349] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5706'. [ 1188.216010][T27354] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5708'. [ 1188.222574][T27354] erspan0: entered promiscuous mode [ 1188.240725][T27356] kAFS: No cell specified [ 1188.245401][T27354] macvtap1: entered promiscuous mode [ 1188.247343][T27354] macvtap1: entered allmulticast mode [ 1188.250177][T27354] erspan0: entered allmulticast mode [ 1188.279161][T27354] erspan0: left allmulticast mode [ 1188.280884][T27354] erspan0: left promiscuous mode [ 1188.316481][T27358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5710'. [ 1188.494995][T27363] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5709'. [ 1188.645596][T27364] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5711'. [ 1188.685819][T27366] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1188.926097][T27340] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 1189.002176][T27373] kAFS: No cell specified [ 1189.929162][T27393] FAULT_INJECTION: forcing a failure. [ 1189.929162][T27393] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1189.934271][T27393] CPU: 3 UID: 0 PID: 27393 Comm: syz.1.5721 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1189.934288][T27393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1189.934295][T27393] Call Trace: [ 1189.934300][T27393] [ 1189.934305][T27393] dump_stack_lvl+0x16c/0x1f0 [ 1189.934322][T27393] should_fail_ex+0x512/0x640 [ 1189.934339][T27393] _copy_from_user+0x2e/0xd0 [ 1189.934356][T27393] get_sg_io_hdr+0x151/0x840 [ 1189.934373][T27393] ? do_raw_write_lock+0x11c/0x3a0 [ 1189.934390][T27393] ? find_held_lock+0x2b/0x80 [ 1189.934401][T27393] ? __pfx_get_sg_io_hdr+0x10/0x10 [ 1189.934418][T27393] ? _raw_write_unlock_irqrestore+0x3b/0x80 [ 1189.934431][T27393] ? sg_add_request+0x2c4/0x380 [ 1189.934447][T27393] sg_new_write.isra.0+0x159/0xab0 [ 1189.934464][T27393] ? __pfx_sg_new_write.isra.0+0x10/0x10 [ 1189.934487][T27393] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1189.934503][T27393] ? do_vfs_ioctl+0x512/0x1990 [ 1189.934520][T27393] sg_ioctl+0x189c/0x27f0 [ 1189.934538][T27393] ? __pfx_sg_ioctl+0x10/0x10 [ 1189.934554][T27393] ? find_held_lock+0x2b/0x80 [ 1189.934563][T27393] ? hook_file_ioctl_common+0x145/0x410 [ 1189.934579][T27393] ? __fget_files+0x20e/0x3c0 [ 1189.934594][T27393] ? fput+0x30/0xf0 [ 1189.934607][T27393] ? __pfx_sg_ioctl+0x10/0x10 [ 1189.934621][T27393] compat_ptr_ioctl+0x6b/0xa0 [ 1189.934634][T27393] ? __pfx_compat_ptr_ioctl+0x10/0x10 [ 1189.934648][T27393] __ia32_compat_sys_ioctl+0x24c/0x360 [ 1189.934664][T27393] __do_fast_syscall_32+0x73/0x120 [ 1189.934680][T27393] do_fast_syscall_32+0x32/0x80 [ 1189.934694][T27393] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1189.934708][T27393] RIP: 0023:0xf7fd8579 [ 1189.934716][T27393] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1189.934727][T27393] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 1189.934738][T27393] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000002285 [ 1189.934745][T27393] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 1189.934752][T27393] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1189.934758][T27393] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1189.934764][T27393] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1189.934777][T27393] [ 1189.959046][T27397] kAFS: No cell specified [ 1190.061338][T27407] bridge0: port 3(syz_tun) entered blocking state [ 1190.065497][T27407] bridge0: port 3(syz_tun) entered disabled state [ 1190.069214][T27407] syz_tun: entered allmulticast mode [ 1190.071766][T27407] syz_tun: entered promiscuous mode [ 1190.073860][T27407] bridge0: port 3(syz_tun) entered blocking state [ 1190.075905][T27407] bridge0: port 3(syz_tun) entered forwarding state [ 1190.121969][T27409] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1190.999130][T27433] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1191.007704][T27435] kAFS: No cell specified [ 1191.911606][T27454] kernel profiling enabled (shift: 17) [ 1191.987439][T27458] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 1192.066082][T27461] __nla_validate_parse: 12 callbacks suppressed [ 1192.066094][T27461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5743'. [ 1192.292217][T27470] overlayfs: failed to clone upperpath [ 1192.585397][T27475] kAFS: No cell specified [ 1192.779723][T27477] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5748'. [ 1193.482105][T27490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5752'. [ 1193.539900][T27494] 9pnet_fd: Insufficient options for proto=fd [ 1193.580153][T27498] overlayfs: failed to clone upperpath [ 1193.647808][T27485] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5751'. [ 1193.865299][T27509] kAFS: No cell specified [ 1194.059000][T27512] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5760'. [ 1194.844625][T27522] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5763'. [ 1194.889232][T27524] bridge0: port 1(syz_tun) entered blocking state [ 1194.891485][T27524] bridge0: port 1(syz_tun) entered disabled state [ 1194.894573][T27524] syz_tun: entered allmulticast mode [ 1194.901466][T27524] syz_tun: entered promiscuous mode [ 1194.905889][T27524] bridge0: port 1(syz_tun) entered blocking state [ 1194.907927][T27524] bridge0: port 1(syz_tun) entered forwarding state [ 1194.961043][ T40] audit: type=1326 audit(1745635719.201:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27526 comm="syz.3.5765" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f44579 code=0x0 [ 1195.014151][T27530] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5765'. [ 1195.019471][T27530] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 1195.023466][T27530] gretap1: entered promiscuous mode [ 1195.025119][T27530] gretap1: entered allmulticast mode [ 1195.228253][T27532] overlayfs: failed to clone upperpath [ 1195.521374][T27537] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1195.760918][T27544] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5769'. [ 1195.956868][T27548] kAFS: No cell specified [ 1196.088952][T27552] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5772'. [ 1196.129619][T27554] kAFS: No cell specified [ 1196.229026][T27549] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5771'. [ 1196.861570][T27570] overlayfs: failed to clone upperpath [ 1197.108854][T27584] __nla_validate_parse: 1 callbacks suppressed [ 1197.108866][T27584] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5782'. [ 1197.133703][T27584] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1197.141697][T27584] CIFS mount error: No usable UNC path provided in device string! [ 1197.141697][T27584] [ 1197.155782][T27584] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1197.167628][T27584] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 1197.188468][T27584] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5782'. [ 1197.220457][T27596] kAFS: No cell specified [ 1197.502475][T27613] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5788'. [ 1197.663843][T27614] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5789'. [ 1197.991705][T27616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5790'. [ 1198.330660][T27628] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1198.805314][T27638] kAFS: No cell specified [ 1198.810303][T27640] netlink: 'syz.1.5796': attribute type 2 has an invalid length. [ 1198.812756][T27640] netlink: 'syz.1.5796': attribute type 1 has an invalid length. [ 1199.024876][T27642] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5797'. [ 1199.415000][T27645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5799'. [ 1199.454941][T27649] kAFS: No cell specified [ 1199.799294][T27651] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5801'. [ 1199.838922][T27661] overlayfs: failed to clone upperpath [ 1199.856612][T27663] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5803'. [ 1200.338487][T27671] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1200.387697][T27674] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5809'. [ 1200.995564][T27688] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1200.998998][T27690] kAFS: No cell specified [ 1201.628130][T27700] syz.4.5816: page allocation failure: order:0, mode:0x340cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_THISNODE), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1201.633517][T27700] CPU: 0 UID: 0 PID: 27700 Comm: syz.4.5816 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1201.633533][T27700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1201.633551][T27700] Call Trace: [ 1201.633556][T27700] [ 1201.633560][T27700] dump_stack_lvl+0x16c/0x1f0 [ 1201.633577][T27700] warn_alloc+0x248/0x3a0 [ 1201.633591][T27700] ? __pfx_warn_alloc+0x10/0x10 [ 1201.633601][T27700] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1201.633620][T27700] ? __pfx_get_page_from_freelist+0x10/0x10 [ 1201.633637][T27700] ? __pfx___might_resched+0x10/0x10 [ 1201.633652][T27700] __alloc_frozen_pages_noprof+0x141a/0x23a0 [ 1201.633670][T27700] ? find_held_lock+0x2b/0x80 [ 1201.633681][T27700] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1201.633696][T27700] ? lock_acquire+0x179/0x350 [ 1201.633718][T27700] __folio_alloc_noprof+0x11/0x220 [ 1201.633730][T27700] alloc_migration_target+0x2bf/0x6f0 [ 1201.633747][T27700] migrate_pages_batch+0x3bc/0x31a0 [ 1201.633764][T27700] ? __pfx_alloc_migration_target+0x10/0x10 [ 1201.633777][T27700] ? page_table_check_set+0x979/0xb50 [ 1201.633793][T27700] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1201.633813][T27700] migrate_pages_sync+0x12d/0x8a0 [ 1201.633828][T27700] ? __pfx_alloc_migration_target+0x10/0x10 [ 1201.633843][T27700] ? finish_task_switch.isra.0+0x221/0xc10 [ 1201.633854][T27700] ? lockdep_hardirqs_on+0x7c/0x110 [ 1201.633867][T27700] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1201.633885][T27700] ? __lock_acquire+0xaa4/0x1ba0 [ 1201.633900][T27700] migrate_pages+0x1b28/0x2350 [ 1201.633916][T27700] ? __pfx_alloc_migration_target+0x10/0x10 [ 1201.633933][T27700] ? __pfx_migrate_pages+0x10/0x10 [ 1201.633950][T27700] ? __lock_acquire+0xaa4/0x1ba0 [ 1201.633965][T27700] ? mtree_load+0x325/0xa40 [ 1201.633980][T27700] move_pages_and_store_status+0xf1/0x230 [ 1201.633996][T27700] ? __pfx_move_pages_and_store_status+0x10/0x10 [ 1201.634012][T27700] ? __might_fault+0x13b/0x190 [ 1201.634028][T27700] kernel_move_pages+0xc30/0x13a0 [ 1201.634046][T27700] ? __pfx_kernel_move_pages+0x10/0x10 [ 1201.634068][T27700] ? rcu_is_watching+0x12/0xc0 [ 1201.634079][T27700] __ia32_sys_move_pages+0xdd/0x1b0 [ 1201.634094][T27700] ? lockdep_hardirqs_on+0x7c/0x110 [ 1201.634106][T27700] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 1201.634120][T27700] __do_fast_syscall_32+0x73/0x120 [ 1201.634134][T27700] do_fast_syscall_32+0x32/0x80 [ 1201.634147][T27700] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1201.634161][T27700] RIP: 0023:0xf70be579 [ 1201.634170][T27700] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1201.634180][T27700] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 000000000000013d [ 1201.634190][T27700] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000002064 [ 1201.634197][T27700] RDX: 0000000080000040 RSI: 0000000080001180 RDI: 0000000080000000 [ 1201.634204][T27700] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1201.634210][T27700] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1201.634216][T27700] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1201.634229][T27700] [ 1201.634737][T27700] Mem-Info: [ 1201.639897][T27705] kAFS: No cell specified [ 1201.647828][T27700] active_anon:12953 inactive_anon:4989 isolated_anon:0 [ 1201.647828][T27700] active_file:4192 inactive_file:15148 isolated_file:0 [ 1201.647828][T27700] unevictable:1768 dirty:272 writeback:0 [ 1201.647828][T27700] slab_reclaimable:6141 slab_unreclaimable:69628 [ 1201.647828][T27700] mapped:29640 shmem:15237 pagetables:803 [ 1201.647828][T27700] sec_pagetables:334 bounce:0 [ 1201.647828][T27700] kernel_misc_reclaimable:0 [ 1201.647828][T27700] free:55915 free_pcp:439 free_cma:0 [ 1201.749216][T27700] Node 0 active_anon:340kB inactive_anon:248kB active_file:0kB inactive_file:64kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:200kB dirty:0kB writeback:0kB shmem:5928kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9072kB pagetables:824kB sec_pagetables:1188kB all_unreclaimable? no Balloon:0kB [ 1201.763964][T27700] Node 1 active_anon:62872kB inactive_anon:19708kB active_file:16768kB inactive_file:60528kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:129760kB dirty:1088kB writeback:0kB shmem:66420kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:6144kB writeback_tmp:0kB kernel_stack:3060kB pagetables:2388kB sec_pagetables:148kB all_unreclaimable? no Balloon:0kB [ 1201.774443][T27700] Node 0 DMA free:2512kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1201.782556][T27700] lowmem_reserve[]: 0 293 293 293 293 [ 1201.784347][T27700] Node 0 DMA32 free:30304kB boost:30252kB min:43700kB low:47060kB high:50420kB reserved_highatomic:2048KB active_anon:320kB inactive_anon:248kB active_file:0kB inactive_file:64kB unevictable:3536kB writepending:0kB present:1032196kB managed:300272kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1201.793031][T27700] lowmem_reserve[]: 0 0 0 0 0 [ 1201.794506][T27700] Node 1 DMA32 free:174008kB boost:0kB min:47148kB low:58932kB high:70716kB reserved_highatomic:6144KB active_anon:62832kB inactive_anon:19708kB active_file:16768kB inactive_file:60528kB unevictable:3536kB writepending:1088kB present:1048432kB managed:948284kB mlocked:0kB bounce:0kB free_pcp:6628kB local_pcp:1160kB free_cma:0kB [ 1201.803993][T27700] lowmem_reserve[]: 0 0 0 0 0 [ 1201.832740][T27700] Node 0 DMA: 14*4kB (UM) 24*8kB (UM) 12*16kB (UM) 11*32kB (UM) 1*64kB (M) 1*128kB (M) 2*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2520kB [ 1201.837359][T27700] Node 0 DMA32: 446*4kB (UME) 252*8kB (UME) 151*16kB (UME) 297*32kB (UME) 102*64kB (UME) 33*128kB (UME) 9*256kB (M) 3*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 30312kB [ 1201.842623][T27700] Node 1 DMA32: 293*4kB (UMEH) 388*8kB (UMEH) 214*16kB (UMEH) 342*32kB (UEH) 218*64kB (UMEH) 101*128kB (UE) 64*256kB (UME) 36*512kB (UM) 29*1024kB (UM) 14*2048kB (UM) 9*4096kB (UM) = 175572kB [ 1201.848646][T27700] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1201.851631][T27700] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1201.855402][T27700] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1201.858417][T27700] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 1201.861321][T27700] 37783 total pagecache pages [ 1201.863143][T27700] 356 pages in swap cache [ 1201.864741][T27700] Free swap = 110756kB [ 1201.866184][T27700] Total swap = 124996kB [ 1201.867524][T27700] 524155 pages RAM [ 1201.868720][T27700] 0 pages HighMem/MovableOnly [ 1201.870226][T27700] 208176 pages reserved [ 1201.871594][T27700] 0 pages cma reserved [ 1202.216262][T27715] __nla_validate_parse: 2 callbacks suppressed [ 1202.216272][T27715] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5821'. [ 1202.418842][T27725] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5819'. [ 1202.672480][T27730] snd_dummy snd_dummy.0: control 1:0:0:syz0:-3 is already present [ 1203.296357][T27737] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1203.590378][T27751] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5831'. [ 1203.648215][T27756] kAFS: No cell specified [ 1203.852786][T27759] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5833'. [ 1204.234571][T27766] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5835'. [ 1204.608301][T27776] kAFS: No cell specified [ 1204.829935][T27782] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5841'. [ 1204.831318][T27780] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5839'. [ 1204.859602][T27784] kAFS: No cell specified [ 1205.030603][T27787] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1205.079401][T27788] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5842'. [ 1205.405029][T15436] IPVS: starting estimator thread 0... [ 1205.502848][T27796] IPVS: using max 45 ests per chain, 108000 per kthread [ 1205.519788][T27798] kAFS: No cell specified [ 1206.023150][T27799] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5845'. [ 1206.698046][T27818] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5851'. [ 1206.839311][T27825] kAFS: No cell specified [ 1206.845790][T27826] kAFS: No cell specified [ 1207.276004][T27827] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5861'. [ 1207.301293][T27828] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5853'. [ 1207.631832][T27837] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5854'. [ 1208.462090][T27853] kAFS: No cell specified [ 1208.683787][T27855] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5862'. [ 1209.735981][T27869] kAFS: No cell specified [ 1209.916707][T27872] kAFS: No cell specified [ 1210.006889][T27874] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5865'. [ 1210.116482][T27875] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5866'. [ 1210.807406][T27887] kAFS: No cell specified [ 1211.010985][T27893] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5880'. [ 1211.145694][T27892] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5872'. [ 1212.407635][ T40] audit: type=1326 audit(1745635736.651:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27909 comm="syz.4.5877" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70be579 code=0x0 [ 1213.058137][T27919] tipc: New replicast peer: 255.255.255.255 [ 1213.061507][T27919] tipc: Enabled bearer , priority 10 [ 1213.068371][T27919] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5878'. [ 1213.071225][T27919] tipc: Disabling bearer [ 1213.108689][T27921] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1213.591406][T27933] kAFS: No cell specified [ 1213.788657][T27938] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5884'. [ 1213.925493][T27942] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5895'. [ 1213.928805][T27942] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5895'. [ 1214.735739][T27941] ================================================================== [ 1214.738175][T27941] BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x132/0x320 [ 1214.740558][T27941] Write of size 4064 at addr ffffc90006819020 by task syz.4.5886/27941 [ 1214.744213][T27941] [ 1214.745274][T27941] CPU: 2 UID: 0 PID: 27941 Comm: syz.4.5886 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1214.745289][T27941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1214.745296][T27941] Call Trace: [ 1214.745301][T27941] [ 1214.745305][T27941] dump_stack_lvl+0x116/0x1f0 [ 1214.745322][T27941] print_report+0xc3/0x670 [ 1214.745335][T27941] ? __virt_addr_valid+0x5e/0x590 [ 1214.745350][T27941] ? vrealloc_noprof+0x132/0x320 [ 1214.745367][T27941] kasan_report+0xe0/0x110 [ 1214.745379][T27941] ? vrealloc_noprof+0x132/0x320 [ 1214.745397][T27941] kasan_check_range+0xef/0x1a0 [ 1214.745413][T27941] __asan_memset+0x23/0x50 [ 1214.745429][T27941] vrealloc_noprof+0x132/0x320 [ 1214.745446][T27941] push_insn_history+0x2ae/0x6c0 [ 1214.745459][T27941] do_check_common+0xbd3/0xc2a0 [ 1214.745481][T27941] ? __pfx_do_check_common+0x10/0x10 [ 1214.745492][T27941] ? lockdep_hardirqs_on+0x7c/0x110 [ 1214.745505][T27941] ? kfree+0x2b6/0x4d0 [ 1214.745521][T27941] ? bpf_check+0x6c86/0xb460 [ 1214.745531][T27941] ? bpf_check+0x7b2f/0xb460 [ 1214.745542][T27941] bpf_check+0x7f51/0xb460 [ 1214.745557][T27941] ? __pfx_bpf_check+0x10/0x10 [ 1214.745567][T27941] ? pcpu_alloc_noprof+0x949/0x1470 [ 1214.745582][T27941] ? __lock_acquire+0xaa4/0x1ba0 [ 1214.745600][T27941] ? find_held_lock+0x2b/0x80 [ 1214.745611][T27941] ? __asan_memset+0x23/0x50 [ 1214.745627][T27941] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 1214.745642][T27941] bpf_prog_load+0xe41/0x2490 [ 1214.745657][T27941] ? __pfx_bpf_prog_load+0x10/0x10 [ 1214.745671][T27941] ? __pfx___futex_wait+0x10/0x10 [ 1214.745690][T27941] ? bpf_lsm_bpf+0x9/0x10 [ 1214.745700][T27941] __sys_bpf+0x433c/0x4d80 [ 1214.745715][T27941] ? __pfx___sys_bpf+0x10/0x10 [ 1214.745729][T27941] ? percpu_counter_add_batch+0xb8/0x1f0 [ 1214.745743][T27941] ? errseq_sample+0x53/0x70 [ 1214.745759][T27941] ? file_init_path+0x4fe/0x760 [ 1214.745773][T27941] ? do_futex+0x122/0x350 [ 1214.745783][T27941] ? __pfx_do_futex+0x10/0x10 [ 1214.745797][T27941] ? xfd_validate_state+0x5d/0x180 [ 1214.745814][T27941] ? rcu_is_watching+0x12/0xc0 [ 1214.745825][T27941] __ia32_sys_bpf+0x76/0xe0 [ 1214.745841][T27941] __do_fast_syscall_32+0x73/0x120 [ 1214.745855][T27941] do_fast_syscall_32+0x32/0x80 [ 1214.745868][T27941] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1214.745882][T27941] RIP: 0023:0xf70be579 [ 1214.745890][T27941] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1214.745902][T27941] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 1214.745912][T27941] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0 [ 1214.745919][T27941] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 1214.745926][T27941] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1214.745932][T27941] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1214.745939][T27941] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1214.745948][T27941] [ 1214.745952][T27941] [ 1214.835894][T27941] The buggy address belongs to the virtual mapping at [ 1214.835894][T27941] [ffffc900067f9000, ffffc9000681b000) created by: [ 1214.835894][T27941] kvrealloc_noprof+0x7d/0xd0 [ 1214.840963][T27941] [ 1214.841705][T27941] The buggy address belongs to the physical page: [ 1214.843595][T27941] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x299 pfn:0x598c5 [ 1214.846175][T27941] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 1214.848290][T27941] raw: 04fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1214.850779][T27941] raw: 0000000000000299 0000000000000000 00000001ffffffff 0000000000000000 [ 1214.853285][T27941] page dumped because: kasan: bad access detected [ 1214.855180][T27941] page_owner tracks the page as allocated [ 1214.856893][T27941] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102cc2(GFP_HIGHUSER|__GFP_NOWARN), pid 27941, tgid 27940 (syz.4.5886), ts 1214735647522, free_ts 1214674338421 [ 1214.862118][T27941] post_alloc_hook+0x181/0x1b0 [ 1214.863611][T27941] get_page_from_freelist+0x135c/0x3920 [ 1214.865325][T27941] __alloc_frozen_pages_noprof+0x5a8/0x23a0 [ 1214.867147][T27941] alloc_pages_mpol+0x1fb/0x550 [ 1214.868665][T27941] alloc_pages_noprof+0x131/0x390 [ 1214.870235][T27941] __vmalloc_node_range_noprof+0x732/0x1540 [ 1214.872042][T27941] __kvmalloc_node_noprof+0x2ff/0x600 [ 1214.873654][T27941] kvrealloc_noprof+0x7d/0xd0 [ 1214.875092][T27941] push_insn_history+0x2ae/0x6c0 [ 1214.876557][T27941] do_check_common+0xbd3/0xc2a0 [ 1214.878014][T27941] bpf_check+0x7f51/0xb460 [ 1214.879357][T27941] bpf_prog_load+0xe41/0x2490 [ 1214.880797][T27941] __sys_bpf+0x433c/0x4d80 [ 1214.882135][T27941] __ia32_sys_bpf+0x76/0xe0 [ 1214.883522][T27941] __do_fast_syscall_32+0x73/0x120 [ 1214.885049][T27941] do_fast_syscall_32+0x32/0x80 [ 1214.886510][T27941] page last free pid 27941 tgid 27940 stack trace: [ 1214.888439][T27941] __free_frozen_pages+0x69d/0xff0 [ 1214.890047][T27941] tlb_remove_table_rcu+0x116/0x1a0 [ 1214.891669][T27941] rcu_core+0x799/0x14e0 [ 1214.892996][T27941] handle_softirqs+0x216/0x8e0 [ 1214.894496][T27941] __irq_exit_rcu+0x109/0x170 [ 1214.895959][T27941] irq_exit_rcu+0x9/0x30 [ 1214.897284][T27941] sysvec_call_function_single+0xa4/0xc0 [ 1214.899031][T27941] asm_sysvec_call_function_single+0x1a/0x20 [ 1214.900888][T27941] [ 1214.901656][T27941] Memory state around the buggy address: [ 1214.903383][T27941] ffffc90006818f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1214.905796][T27941] ffffc90006818f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1214.908169][T27941] >ffffc90006819000: 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1214.910537][T27941] ^ [ 1214.912060][T27941] ffffc90006819080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1214.914445][T27941] ffffc90006819100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1214.916939][T27941] ================================================================== [ 1214.973520][T27941] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1214.975779][T27941] CPU: 2 UID: 0 PID: 27941 Comm: syz.4.5886 Not tainted 6.15.0-rc3-syzkaller-00244-gc3137514f1f1 #0 PREEMPT(full) [ 1214.979595][T27941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1214.982905][T27941] Call Trace: [ 1214.983960][T27941] [ 1214.984893][T27941] dump_stack_lvl+0x3d/0x1f0 [ 1214.986357][T27941] panic+0x71c/0x800 [ 1214.987596][T27941] ? __pfx_panic+0x10/0x10 [ 1214.988995][T27941] ? rcu_is_watching+0x12/0xc0 [ 1214.990567][T27941] ? preempt_schedule_thunk+0x16/0x30 [ 1214.992235][T27941] ? vrealloc_noprof+0x132/0x320 [ 1214.993785][T27941] ? preempt_schedule_common+0x44/0xc0 [ 1214.995388][T27941] ? vrealloc_noprof+0x132/0x320 [ 1214.996896][T27941] check_panic_on_warn+0xab/0xb0 [ 1214.998397][T27941] end_report+0x107/0x170 [ 1214.999743][T27941] kasan_report+0xee/0x110 [ 1215.001074][T27941] ? vrealloc_noprof+0x132/0x320 [ 1215.002566][T27941] kasan_check_range+0xef/0x1a0 [ 1215.004031][T27941] __asan_memset+0x23/0x50 [ 1215.005392][T27941] vrealloc_noprof+0x132/0x320 [ 1215.006814][T27941] push_insn_history+0x2ae/0x6c0 [ 1215.008264][T27941] do_check_common+0xbd3/0xc2a0 [ 1215.010011][T27941] ? __pfx_do_check_common+0x10/0x10 [ 1215.012022][T27941] ? lockdep_hardirqs_on+0x7c/0x110 [ 1215.013599][T27941] ? kfree+0x2b6/0x4d0 [ 1215.014873][T27941] ? bpf_check+0x6c86/0xb460 [ 1215.016298][T27941] ? bpf_check+0x7b2f/0xb460 [ 1215.017740][T27941] bpf_check+0x7f51/0xb460 [ 1215.019120][T27941] ? __pfx_bpf_check+0x10/0x10 [ 1215.020571][T27941] ? pcpu_alloc_noprof+0x949/0x1470 [ 1215.022154][T27941] ? __lock_acquire+0xaa4/0x1ba0 [ 1215.023670][T27941] ? find_held_lock+0x2b/0x80 [ 1215.025065][T27941] ? __asan_memset+0x23/0x50 [ 1215.026446][T27941] ? bpf_obj_name_cpy+0x14a/0x1a0 [ 1215.027964][T27941] bpf_prog_load+0xe41/0x2490 [ 1215.029513][T27941] ? __pfx_bpf_prog_load+0x10/0x10 [ 1215.031113][T27941] ? __pfx___futex_wait+0x10/0x10 [ 1215.032615][T27941] ? bpf_lsm_bpf+0x9/0x10 [ 1215.033931][T27941] __sys_bpf+0x433c/0x4d80 [ 1215.035287][T27941] ? __pfx___sys_bpf+0x10/0x10 [ 1215.036730][T27941] ? percpu_counter_add_batch+0xb8/0x1f0 [ 1215.038411][T27941] ? errseq_sample+0x53/0x70 [ 1215.039809][T27941] ? file_init_path+0x4fe/0x760 [ 1215.041289][T27941] ? do_futex+0x122/0x350 [ 1215.042590][T27941] ? __pfx_do_futex+0x10/0x10 [ 1215.044015][T27941] ? xfd_validate_state+0x5d/0x180 [ 1215.045540][T27941] ? rcu_is_watching+0x12/0xc0 [ 1215.046992][T27941] __ia32_sys_bpf+0x76/0xe0 [ 1215.048386][T27941] __do_fast_syscall_32+0x73/0x120 [ 1215.050209][T27941] do_fast_syscall_32+0x32/0x80 [ 1215.051906][T27941] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1215.053775][T27941] RIP: 0023:0xf70be579 [ 1215.055029][T27941] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 1215.060823][T27941] RSP: 002b:00000000f50ae55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 1215.063259][T27941] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800017c0 [ 1215.065626][T27941] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 1215.067994][T27941] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1215.070374][T27941] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1215.072728][T27941] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1215.075120][T27941] [ 1215.076703][T27941] Kernel Offset: disabled [ 1215.078022][T27941] Rebooting in 86400 seconds.. VM DIAGNOSIS: 02:48:59 Registers: info registers vcpu 0 CPU#0 RAX=000000000186d26f RBX=0000000000000000 RCX=ffffffff8b68c3e9 RDX=0000000000000000 RSI=ffffffff8dbd9985 RDI=ffffffff8bf467a0 RBP=fffffbfff1c12ee8 RSP=ffffffff8e007e10 R8 =0000000000000001 R9 =ffffed10056465bd R10=ffff88802b232deb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e097740 R14=ffffffff90850d10 R15=0000000000000000 RIP=ffffffff8b68ac7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977ef000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000003080dffc CR3=000000004da72000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000002 RBX=0000000000000002 RCX=ffffffff81fc2114 RDX=ffff8880226f0000 RSI=ffffffff81fc2122 RDI=0000000000000006 RBP=ffff88801b0df088 RSP=ffffc900067bf618 R8 =0000000000000006 R9 =00000000000ea000 R10=0000000000b36000 R11=0000000000000000 R12=ffff88804dd3f680 R13=00000000000ea000 R14=0000000000b36000 R15=ffffc900067bf9d8 RIP=ffffffff81baab81 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880978ef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008013a018 CR3=000000004da72000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000031 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff854bf175 RDI=ffffffff9addcb80 RBP=ffffffff9addcb40 RSP=ffffc90004f9ef00 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000074697257 R12=0000000000000000 R13=0000000000000031 R14=ffffffff9addcb40 R15=ffffffff854bf110 RIP=ffffffff854bf19f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880979ef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000008013d018 CR3=00000000137b6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000005000000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=ffff88802b4414a0 RCX=ffffc9002dc90000 RDX=0000000000080000 RSI=ffffffff81ae9cb3 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc900043e7258 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed1005688295 R13=0000000000000001 R14=dffffc0000000000 R15=ffff88802b53b180 RIP=ffffffff81ae9cba RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097aef000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000801bf018 CR3=00000000137b6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 29ac418597875aba 0c46905c1d049245 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e79fb2b5f947f57 4c0ab2dcadb9689b ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f219c4d60641460f 267d634130c68d67 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4fba814992cefec2 a61d7aaaa41f64c7 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003540 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 838a9fb600000000 8da620b600800100 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00800100000002e0 000002e000800100 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000002e001a5233d 842e165e000002e0 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000002e0901d8c7e 901c6cf4000002e0 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 133825acaf83deee f133e23bd711da9a ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 08a61aff963f58e4 ba2e2b6a1278af8e ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000