last executing test programs: 15m39.594392563s ago: executing program 3 (id=8): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) syz_fuse_handle_req(r3, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r3, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf408006a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ccc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6b3f0000f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784753f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a748cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d9f95e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x8000, 0x1ff}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1) close(r3) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) socket$inet_udp(0x2, 0x2, 0x0) 15m37.763685785s ago: executing program 3 (id=12): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="180000000000000000000095000000000010009c07b346cb5e13f8772644f4971e732de04fedad572bac3404f614c6921cc6566233111a04388a1dd9abd53082a556d3870cc36484b7afd31929aee457d4af6b6ec2d0aec2be5822d676d4d9c11f086b9ee55435fa635bf655e9a79e6ef3c3e8ad04cf1da9c1a928f766b975a31f0c49d8b56581c9304a570a7c27812e5da8d9143ea1ecc8e0f700befc1d70bf4fa9b153672e1e6924fddc"], &(0x7f0000000140)='syzkaller\x00'}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000004340), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000004b40)={0x0, 0x0, &(0x7f0000004b00)={&(0x7f00000049c0)={0x2c, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40002002) openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, r5}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0xf, &(0x7f00000008c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYRES16=r4, @ANYRES64, @ANYRES32, @ANYRES32=r5], 0x50) openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) 15m35.396056668s ago: executing program 3 (id=17): r0 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0) pwrite64(r0, &(0x7f0000000000)="a5", 0xfffffe8c, 0x2) r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) close(r1) fcntl$setstatus(r1, 0x4, 0x2c00) r2 = gettid() fcntl$setown(r1, 0x8, r2) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_CLAIM_PORT(r3, 0x80045519, &(0x7f0000000480)=0x1) 15m35.05311745s ago: executing program 3 (id=19): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x7, &(0x7f0000000200)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) fcntl$notify(r3, 0x402, 0x19) sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x134, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x134}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="3c0100001a000100feffffff00010000e0000002000000000000000000000000fc0100000000000000000000000000010001071c4e2300050a0000203a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000fc020000000800000000000000000001fe000000000000009201000000000010a39b000000000000ffff0000000000001c250811000000000500000000000000feffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffefffffffc8300000000000080800000053500000200010020000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001d00fffeffff"], 0x13c}}, 0x844) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r7, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001800dd8d000000ba7e9698ed1fbfa80e000000000002"], 0x3c}}, 0x0) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r9, &(0x7f0000000000)={0x27}, 0x62) r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r10, &(0x7f0000000000)={0x27}, 0x74) sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0) connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x3, 0x0, [{0x23a, 0x0, 0x42}, {0x960, 0x0, 0xdf}, {0x40000325}]}) syz_usb_connect$uac1(0x0, 0xaa, 0x0, 0x0) 15m29.350466639s ago: executing program 3 (id=29): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x14, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f0000000140)={0x0, @multicast2, 0x4e22, 0x4, 'lblc\x00', 0x20, 0x0, 0x6a}, 0x2c) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x50) fsetxattr$security_evm(r3, &(0x7f00000000c0), &(0x7f0000000240)=ANY=[@ANYBLOB="03"], 0x9, 0x0) renameat2(r3, &(0x7f00000003c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r4, 0x0, 0xa}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r5 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r6, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r5, {0x1}}, './file0\x00'}) r7 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001300)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd22, 0x2, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}}, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000600)={@empty, @remote, r8}, 0xc) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x2, 0xa}, {0x0, 0x9}, {0xffff, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_TTL={0x5, 0x43, 0xf}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4010}, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000100)=0x14) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0xc6280) syz_usb_connect$cdc_ecm(0x6, 0x77, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x65, 0x1, 0x1, 0xfc, 0x58, 0x0, [{{0x9, 0x4, 0x0, 0x6, 0x3, 0x2, 0x6, 0x0, 0x2, {{0x7, 0x24, 0x6, 0x0, 0x0, "e765"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0xa, 0xaa, 0x4, 0x22}, [@acm={0x4, 0x24, 0x2, 0x1}, @country_functional={0x10, 0x24, 0x7, 0x4, 0xfe8, [0x0, 0x100, 0x9, 0xcef, 0x0]}, @mbim={0xc, 0x24, 0x1b, 0x1, 0xb7, 0x1, 0x1, 0xb5, 0x72}, @mbim_extended={0x8, 0x24, 0x1c, 0x7, 0x40, 0x5}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x7, 0x8, 0xb}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x6, 0x7, 0x8}}}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x300, 0x7, 0x5, 0x8, 0x20, 0x9}, 0x7b, &(0x7f0000000340)={0x5, 0xf, 0x7b, 0x4, [@generic={0x51, 0x10, 0xa, "dd6c57027f878d48b4871e9ea80831ca3af3c3dcbf9b4ccdeb97156a33d5bde658290f47374a24d9394d0c17eb32ba8f8964e3795da2bc5ecdc04e3c8572e056d3812779886e2e4af98259dd971c"}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x7, 0x3, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x40, "12c17a985333ff44c7ca0b5bf5f2080e"}, @ss_cap={0xa, 0x10, 0x3, 0x7d9c01d171942142, 0xc, 0x6, 0x3, 0x2}]}, 0x3, [{0x102, &(0x7f0000000640)=@string={0x102, 0x3, "623c8a416c8d3f0ad30cf6597b8843a02385558c7c2ed4b59a9055ac4540d21061f9bc5db483ebde026d1029cea0758c9b9b22822cbc4e8d097c32eb8de2c6f539e0979375039daf1a8c28d14791e8c54e1eb4c117d0388777ce4a5418123ed8eb0934298f6818ef66f19b11a1ee32f32f62c7256577c82b0929721b1d4deb140ec0c2d7974d0532a22c696222b8ed60fa7bdbb9e2c8922c43ca71d98a0480ffce482780754c61fcb858b1398bd857ff5f2505e0daa31211a916626405de760d110533e8c8a61c123a47d37e2e6824b2e4422612d74ed1ab1e127a2acd71c8d9ac4d1951d90b1c291aa4eaee95e6a834823c6bac0c26b156763c8f856d7f3c68"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x44f}}, {0xdf, &(0x7f00000004c0)=@string={0xdf, 0x3, "42df542150be7411d39c9c59c7b3f1b230804e873d1c2c13fa093ee4aa0f164fe6dc8106b6feaffae814d39215ccb2a9483675a438b971c6b9758da01db7a628783dfa0d2997ac5c68a0c71f1e3fd4438a1cd5ca5eaa93ba5696d8bff11e999ad64c47952445d72a496c51ef5c910e378878802300be976ca90739cb345557f6f65897d62688f6f92f8a9e961c361864b75a0e3f33d046d3fab8645474e9ae82e36d4f088778b16d6d6ab74f88e30034c20e1fee7e2123e98f297c00dd91a4bc4f16c02577f1c31e902f8eaa93464e2c5cc4d7ab21a748b733c75ba78d"}}]}) 15m26.175737184s ago: executing program 3 (id=37): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) mount(&(0x7f0000000480)=@loop={'/dev/loop', 0x0}, &(0x7f0000000640)='./cgroup\x00', &(0x7f0000000680)='v7\x00', 0x1000448, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYRES64, @ANYRES16, @ANYRES16, @ANYRESHEX=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) dup3(r1, r0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x9) ioperm(0x0, 0x83, 0x1f) gettid() r5 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "ae8726ab5188a0f5067e3bd54759496126c86baf237e45829712ce015304b94835019543b83b67ddd04d71425cd7e91c2002d71e8c58555fea7b2b3e9571a19f", 0x23}, 0x48, 0xfffffffffffffffd) keyctl$clear(0x7, r5) preadv2(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f00000005c0)=""/251, 0xfb}, {&(0x7f0000000000)=""/159, 0x9f}, {&(0x7f00000004c0)=""/246, 0xf6}, {&(0x7f00000003c0)=""/181, 0xb5}], 0x4, 0x0, 0x805, 0x1) 15m10.892253181s ago: executing program 32 (id=37): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) mount(&(0x7f0000000480)=@loop={'/dev/loop', 0x0}, &(0x7f0000000640)='./cgroup\x00', &(0x7f0000000680)='v7\x00', 0x1000448, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='ntfs3\x00', 0x1000080, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYRES64, @ANYRES16, @ANYRES16, @ANYRESHEX=r2], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) dup3(r1, r0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x9) ioperm(0x0, 0x83, 0x1f) gettid() r5 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000100)={0x0, "ae8726ab5188a0f5067e3bd54759496126c86baf237e45829712ce015304b94835019543b83b67ddd04d71425cd7e91c2002d71e8c58555fea7b2b3e9571a19f", 0x23}, 0x48, 0xfffffffffffffffd) keyctl$clear(0x7, r5) preadv2(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f00000005c0)=""/251, 0xfb}, {&(0x7f0000000000)=""/159, 0x9f}, {&(0x7f00000004c0)=""/246, 0xf6}, {&(0x7f00000003c0)=""/181, 0xb5}], 0x4, 0x0, 0x805, 0x1) 14m33.125313622s ago: executing program 4 (id=284): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa0000000000000150300000ad04e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000010000008e000000c9e700000100", @ANYRES32, @ANYRES32, @ANYBLOB], 0x50) syz_open_dev$vcsn(0x0, 0x1, 0x1) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 14m32.252101209s ago: executing program 4 (id=287): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) socket$nl_rdma(0x10, 0x3, 0x14) ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000300)=0x5) r2 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0xb211, 0x13580, 0x0, 0x1d7}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6375fd82}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWTABLE={0x1c, 0x0, 0xa, 0x401, 0x0, 0x0, {0x3}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xa4}}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r2, 0x0, 0x0}) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x101400) prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000080)) io_uring_enter(r2, 0x54, 0x0, 0x0, 0x0, 0x0) 14m31.863888144s ago: executing program 4 (id=295): sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000740)=ANY=[@ANYBLOB="980000000a529fa31cb2bf78a624c16e99bbc28c0425521b83ecd2e04b0b3e11bcc00d6cd8998c042b53000c36054793251b1008", @ANYRES16, @ANYBLOB="010000000000000000000100000068000880640000803c0009801c0000800600010002000000080002007f00000105000300030000001c000080060001"], 0x98}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB="50020000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000080001000000000004000480080002000100000010000c7d0c000b8008000a00b4ed000004000880c8000c802400e73608000900f36aad4208200a156878badf10076800d5441e0f080009002bd49f3b0c"], 0x250}}, 0x0) 14m31.39745466s ago: executing program 4 (id=296): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @hyper}, 0x10) listen(r1, 0x0) (async) accept4$unix(r1, 0x0, 0x0, 0x0) openat$vga_arbiter(0xffffff9c, &(0x7f00000001c0), 0x20040, 0x0) (async) r2 = syz_open_dev$sndpcmc(&(0x7f0000000a00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r2, 0xc0884123, &(0x7f0000000540)={0x6, "2a706672c53752888bd93143d15222879ee2f962f9b454852d8869179f724e890df60abf6d845a6fcd0077ae7a5309aa352ae62457edd9038681fc7484636258", {0x8000000000000000, 0xb}}) (async) r3 = syz_open_dev$MSR(&(0x7f0000000000), 0xffffffff, 0x0) read$msr(r3, &(0x7f0000000200)=""/73, 0x49) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x20, 0x70bd2b, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x20, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x80000000}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x1, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x7, 0x3}}}}]}]}, 0x70}}, 0x20040000) r4 = socket$nl_route(0x10, 0x3, 0x0) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x200023, 0x0) (async, rerun: 32) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5], 0x90}}, 0x0) (rerun: 32) 14m30.395408481s ago: executing program 4 (id=305): r0 = syz_io_uring_setup(0x121d, &(0x7f0000000500)={0x0, 0x7d10, 0x80, 0x3, 0x1000034e}, &(0x7f0000000040)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = socket(0x2a, 0x2, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23457}) io_uring_enter(r0, 0x498d, 0x3, 0x20, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) socket$qrtr(0x2a, 0x2, 0x0) syz_init_net_socket$llc(0x1a, 0x7, 0x0) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1001, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000032680)=""/102386, 0x18ff2) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}]}) r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000940)='./file0\x00', 0x0, 0x0) mknodat(r8, &(0x7f00000003c0)='./file0\x00', 0x200, 0x80000001) chdir(&(0x7f00000000c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 14m30.165424099s ago: executing program 4 (id=307): r0 = fsopen(&(0x7f0000000000)='befs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000780)='d\xad\n{(x\x99\x99\xad}\xd40\xac|\xf9\x1d\\\xaeW&\x94\x18\xc4q\xd9]\xb8\xe1/\xee2\x83\x87\xbd\xa6\xe8r\x9cV\xf4\xecm\x96\xd9\v8\xa01\xd2\x11LQD\x15\xe9rE\xa35\xfaA\xc7O\xb8yI\'&\x00\x00\x00\x00\x19\xacz\xae\x90\xa8\xe7%\xd6\xef\xf4\xf7s\xed\xfc\xaaS\x94\\\xf4D\x8djk\xdb2\xed\x99\xee\xa6f\xe3\xe9s\xd8u\xc5hP\xfc\x05J)\x1b>\x0f\x9c\x02\xc7F`\xb7\xcf0\tI\xcfW\xf8\x9c\xd7\xdd9\xde\xed\xc3\xa9K\xcd\xba\x86\x89\xa0\xc8\xc7[\xd9a\xb9.\xe1;\xc2\xd2<3\x0f\x02\bG\xac\xba\xbcEl%\xb4\x01\xe8\xa5\xf2E,Z[\x9f\x8c.\xd5\xee\x89\xbf\x93d\xb3\x13\xed,\xb88O\xc1\xc0I\xae\x88of,t&6\xa8JN\xab\x00DtH)\xf5\xab\xcf\xcaP{\x04u\xbdjI3\xae\x03\xb2AZ\x99!\x80\xe4\x97%\x94u\xfe[\xd3\x88\xd7\xe1\x02\x1cO\xf8p\x83\xbb;\xb9{X\x13B\xb9y.\x94\xbd@\xa6\xaa;\xd3\x10\x12\'\xc1bK|\xc4\xfe@\xba\x9b\xc1:\xfep\t\x00\x00\x00\xa87\x06\x00\xa1\xd5\x95\xc8X\xc2Z\x8d\xca\x98\x8b@\xb3\xbc\xc6\xf7\x88\xc5w\xdfB0\x999\x03\xb2\xf1QG1}\x8a\xba\xdd\x9c\xa8\x04\xe4\x16\x9b\x1dp2\x0fIj\x04F\x0f\v5\xe0@uhr', &(0x7f0000000600)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\xa4\x9cU\xc4\fA\xb79\xfe\xe7?\xa1W\x9f\xec^_N\f0\xb7~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x15\xcf\x86\x14Q\x1bg\x19\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x8, [0x201, 0x9, 0x0, 0x0, 0x6, 0x8001, 0x4, 0x4, 0x4d, 0x8001, 0x1, 0xfff7, 0x3, 0x6, 0x2, 0x5, 0xbc, 0x8, 0x200, 0x7, 0x6, 0x800, 0x7, 0x3f35, 0xb, 0x9, 0x5, 0xc, 0x1, 0x2, 0x7f, 0x9, 0x7c1, 0x6, 0xff, 0x10, 0x9, 0x8, 0xbbc5, 0x7, 0xb7, 0x6, 0xfffa, 0x0, 0x2, 0x0, 0x4, 0x5], 0xb2}}) (async, rerun: 64) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) (rerun: 64) sched_setscheduler(0x0, 0x6, &(0x7f0000000080)=0x4) (async) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0xc) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES8=r1], 0x28}, 0x1, 0x0, 0x0, 0x20048055}, 0x20004000) (async, rerun: 32) read$msr(r2, &(0x7f0000019540)=""/102361, 0xffffffffffffffc3) (rerun: 32) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x7c, 0x0, &(0x7f0000000340)="cbb4415213c9173f632e12c7b56bd7ece4e9f881ec131ea3e49b06c4352eb1ae0443d4a124b9af53135c751fa7ebc63dd6e5df2c31945a29f7631028039de7d23b87971c38d9b21911d10fe99426aef5f930d4ef5a751677dc04559f21d9f1b1dd77342b9eedc764c8a4e444e76c6f0ca009d97e53f8ebd38c0d2e5f", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) (async) writev(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) fchown(r2, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) (async) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x15, 0x2, &(0x7f0000000540)=ANY=[@ANYRESDEC=r3, @ANYRES64, @ANYRES16=r2, @ANYRESHEX=r3, @ANYBLOB="3b4066c2419dfe1fc9faf42f3b41a0afa35c4d0068a0777491fb3b2fbb66c42ddc06f418db085aabe7a2826cffe444c7f151dcd3293275e5587e1317b055126d84eb76da43e2d43a1bdc613fdb7bfafad691fa1c4b7ddc2c9ac5e07a716c6da99018de", @ANYRESDEC=0x0, @ANYRESOCT=r4], &(0x7f0000000400)='GPL\x00', 0x1000000, 0x0, 0x0, 0x41100, 0x3c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) r5 = socket(0x11, 0x5, 0x8001) (async) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, 0x0, 0x0) (async, rerun: 64) connect$inet6(r5, 0x0, 0x0) (async, rerun: 64) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x220b01, 0x0) (async) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000234082, 0x0) r8 = dup(r7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) socket$inet(0x2, 0x4000000000000001, 0x0) 14m15.081306993s ago: executing program 33 (id=307): r0 = fsopen(&(0x7f0000000000)='befs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000780)='d\xad\n{(x\x99\x99\xad}\xd40\xac|\xf9\x1d\\\xaeW&\x94\x18\xc4q\xd9]\xb8\xe1/\xee2\x83\x87\xbd\xa6\xe8r\x9cV\xf4\xecm\x96\xd9\v8\xa01\xd2\x11LQD\x15\xe9rE\xa35\xfaA\xc7O\xb8yI\'&\x00\x00\x00\x00\x19\xacz\xae\x90\xa8\xe7%\xd6\xef\xf4\xf7s\xed\xfc\xaaS\x94\\\xf4D\x8djk\xdb2\xed\x99\xee\xa6f\xe3\xe9s\xd8u\xc5hP\xfc\x05J)\x1b>\x0f\x9c\x02\xc7F`\xb7\xcf0\tI\xcfW\xf8\x9c\xd7\xdd9\xde\xed\xc3\xa9K\xcd\xba\x86\x89\xa0\xc8\xc7[\xd9a\xb9.\xe1;\xc2\xd2<3\x0f\x02\bG\xac\xba\xbcEl%\xb4\x01\xe8\xa5\xf2E,Z[\x9f\x8c.\xd5\xee\x89\xbf\x93d\xb3\x13\xed,\xb88O\xc1\xc0I\xae\x88of,t&6\xa8JN\xab\x00DtH)\xf5\xab\xcf\xcaP{\x04u\xbdjI3\xae\x03\xb2AZ\x99!\x80\xe4\x97%\x94u\xfe[\xd3\x88\xd7\xe1\x02\x1cO\xf8p\x83\xbb;\xb9{X\x13B\xb9y.\x94\xbd@\xa6\xaa;\xd3\x10\x12\'\xc1bK|\xc4\xfe@\xba\x9b\xc1:\xfep\t\x00\x00\x00\xa87\x06\x00\xa1\xd5\x95\xc8X\xc2Z\x8d\xca\x98\x8b@\xb3\xbc\xc6\xf7\x88\xc5w\xdfB0\x999\x03\xb2\xf1QG1}\x8a\xba\xdd\x9c\xa8\x04\xe4\x16\x9b\x1dp2\x0fIj\x04F\x0f\v5\xe0@uhr', &(0x7f0000000600)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\xa4\x9cU\xc4\fA\xb79\xfe\xe7?\xa1W\x9f\xec^_N\f0\xb7~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x15\xcf\x86\x14Q\x1bg\x19\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x3b) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x8, [0x201, 0x9, 0x0, 0x0, 0x6, 0x8001, 0x4, 0x4, 0x4d, 0x8001, 0x1, 0xfff7, 0x3, 0x6, 0x2, 0x5, 0xbc, 0x8, 0x200, 0x7, 0x6, 0x800, 0x7, 0x3f35, 0xb, 0x9, 0x5, 0xc, 0x1, 0x2, 0x7f, 0x9, 0x7c1, 0x6, 0xff, 0x10, 0x9, 0x8, 0xbbc5, 0x7, 0xb7, 0x6, 0xfffa, 0x0, 0x2, 0x0, 0x4, 0x5], 0xb2}}) (async, rerun: 64) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x8b}, 0x0) (rerun: 64) sched_setscheduler(0x0, 0x6, &(0x7f0000000080)=0x4) (async) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0xc) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRES8=r1], 0x28}, 0x1, 0x0, 0x0, 0x20048055}, 0x20004000) (async, rerun: 32) read$msr(r2, &(0x7f0000019540)=""/102361, 0xffffffffffffffc3) (rerun: 32) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x7c, 0x0, &(0x7f0000000340)="cbb4415213c9173f632e12c7b56bd7ece4e9f881ec131ea3e49b06c4352eb1ae0443d4a124b9af53135c751fa7ebc63dd6e5df2c31945a29f7631028039de7d23b87971c38d9b21911d10fe99426aef5f930d4ef5a751677dc04559f21d9f1b1dd77342b9eedc764c8a4e444e76c6f0ca009d97e53f8ebd38c0d2e5f", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) (async) writev(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) fchown(r2, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) (async) r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0xd, 0x141341) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x15, 0x2, &(0x7f0000000540)=ANY=[@ANYRESDEC=r3, @ANYRES64, @ANYRES16=r2, @ANYRESHEX=r3, @ANYBLOB="3b4066c2419dfe1fc9faf42f3b41a0afa35c4d0068a0777491fb3b2fbb66c42ddc06f418db085aabe7a2826cffe444c7f151dcd3293275e5587e1317b055126d84eb76da43e2d43a1bdc613fdb7bfafad691fa1c4b7ddc2c9ac5e07a716c6da99018de", @ANYRESDEC=0x0, @ANYRESOCT=r4], &(0x7f0000000400)='GPL\x00', 0x1000000, 0x0, 0x0, 0x41100, 0x3c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) r5 = socket(0x11, 0x5, 0x8001) (async) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, 0x0, 0x0) (async, rerun: 64) connect$inet6(r5, 0x0, 0x0) (async, rerun: 64) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x220b01, 0x0) (async) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000234082, 0x0) r8 = dup(r7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) socket$inet(0x2, 0x4000000000000001, 0x0) 5m57.079653538s ago: executing program 1 (id=3093): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x800000}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) futex(&(0x7f0000000300)=0x1, 0x8, 0x1, &(0x7f0000000500), &(0x7f0000000540)=0x1, 0x2) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r4, 0x8000000000000003}, 0x18) prlimit64(r0, 0x4, &(0x7f00000001c0)={0x6, 0x6400}, &(0x7f0000000280)) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r5, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001480)}, 0x2) connect$packet(r5, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14) shutdown(r5, 0x1) socket$inet6_mptcp(0xa, 0x1, 0x106) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 5m55.406729818s ago: executing program 1 (id=3103): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x2}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f0000000340), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000300)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="950000000000000000000000000d770300e1ff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000100000000001fe8000000000000000000000000000bb00000000000000000a0000ffffffffff", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000000000000000000000000a000000000000feffffffff7f400002000000000000080000000000000000010000004400050000000000000000000000000000000000000000003c00000002000000ffffffff00000000000000000000000006000000040100"/176], 0xfc}}, 0x0) 5m54.370752284s ago: executing program 1 (id=3106): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) futex(&(0x7f0000000300)=0x1, 0x8, 0x1, &(0x7f0000000500), &(0x7f0000000540)=0x1, 0x2) bind$can_j1939(r3, &(0x7f0000000040)={0x1d, r4, 0x8000000000000003}, 0x18) prlimit64(r0, 0x4, &(0x7f00000001c0)={0x6, 0x6400}, &(0x7f0000000280)) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r5, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001480)}, 0x2) connect$packet(r5, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14) shutdown(r5, 0x1) socket$inet6_mptcp(0xa, 0x1, 0x106) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 5m52.770937667s ago: executing program 1 (id=3113): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3}) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x0, 0x1000001, 0x11, r2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, 0x0}, 0x94) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0xfffffffffffffffe, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f00000007c0)='./file0/file0\x00', 0x0, 0x1000, 0x0) mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000440)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x10a5840, 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', r4, &(0x7f0000000640)='./file0/file0\x00', 0x272) stat(0x0, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80000, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e20, 0x8, @remote, 0xb}, 0x1c) setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0xfef3, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000641100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0) sendmsg$NFNL_MSG_COMPAT_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB="38000000000b010100000000005500000800034000000000110001002f70726f632f6d6473746174000000000900024000001af0934717d912449c435a271bf0b8a26c913d8f9e7b211fdcc922b82e48882c822530f9e04f8a1196e6d343f637d1579547fe99bd89a2be31b4d6c31d680cecd97caa46f96ea65fcb14242ca2c6a88b000154a1c8fb9e75d7cccd784a1969f949e1c6d65fd67e50129bf8973379361d5f41a8f0ff008a97ff875d21fae8b33dfb5fc0dd24ec8c20a29afb94063b8d4faca570d2ca77278fa816d0e1a7c36620047fa62759a0e33703193ba6f56784c29416b26fdaa2515d8f5083f4f3fe20"], 0x38}}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x22081) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r6}, 0x10) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000c80)=@filter={'filter\x00', 0x4, 0x4, 0x4fc, 0xffffffff, 0x348, 0x348, 0x348, 0xfeffffff, 0xffffffff, 0x434, 0x434, 0x434, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x1dc, 0x200, 0x0, {}, [@common=@rt={{0x138}, {0x5, [0x3ff, 0x5], 0x5, 0x20, 0x2, [@dev={0xfe, 0x80, '\x00', 0x32}, @mcast2, @remote, @dev={0xfe, 0x80, '\x00', 0xd}, @private0, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, @private2, @local, @remote, @mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x38}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'], 0xa}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0x124, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0x200}, {0x9b}], 0x1, 0x1}}, @common=@dst={{0x48}, {0x3ff, 0x4, 0x0, [0x0, 0x6, 0x1, 0x7, 0xb950, 0x0, 0x3, 0x5, 0x1000, 0x5, 0x9, 0x5, 0x2, 0xa14, 0x7, 0x4], 0xa}}]}, @REJECT={0x24}}, {{@uncond, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@eui64={{0x24}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x558) 5m52.470652001s ago: executing program 1 (id=3115): syz_emit_ethernet(0x27, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffff1134420300004000000062cf004ab77f8437"], 0x0) io_uring_setup(0x5ea4, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000c80)={'syz1\x00', {0x4, 0x3, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xfffffff7, 0x7f, 0x5, 0x9, 0x7ffffffa, 0x0, 0x2046, 0x838, 0xffffff0c, 0x3, 0x101, 0x9, 0x2, 0x4, 0x3, 0x4, 0x3, 0x8, 0x0, 0x800, 0x6, 0x4bdc, 0x5, 0x10001, 0x7, 0x4, 0x77, 0xd, 0x7, 0xd, 0x401, 0x7, 0x8, 0xc687, 0x200, 0xff, 0x1, 0x0, 0xfffffe01, 0x0, 0x59e6, 0x101, 0x2, 0xdb, 0x1, 0xe, 0x9, 0xf, 0x4, 0x1, 0xffffffff, 0x0, 0x7f, 0x2000009, 0x6, 0x23c2, 0x0, 0xc10d, 0x7, 0xb, 0x2, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x7f, 0x3, 0x6, 0x9, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x1, 0x10000, 0x3, 0x9f3, 0x1, 0x0, 0xe842, 0xff6, 0xca, 0x9, 0x7, 0x40, 0x6, 0x1d, 0xffc, 0xc7, 0x2ff, 0xf, 0x1, 0x550, 0x2, 0x3, 0x8, 0x80000001, 0x0, 0x3d, 0x13d, 0x501, 0x9, 0x3, 0x9f, 0xe2d9, 0x783, 0x5, 0x0, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x100, 0x1], [0x62e2adfb, 0x9f57, 0x4, 0x3, 0x9c, 0x8, 0x1, 0xfffffff7, 0x1, 0x2, 0x4, 0x4, 0x6, 0x4800000, 0x0, 0x9, 0x3, 0x9, 0x5, 0x5, 0x41ede6f8, 0x7, 0xffff8000, 0x8, 0x1003, 0x5, 0x10001, 0xfff, 0x0, 0x8, 0xffff2f9e, 0x9, 0x6, 0x6, 0x8, 0x3ff, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0x6, 0xd3, 0x2, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x2, 0xcb11, 0x100, 0x7ff, 0x2, 0x5, 0x6, 0x4, 0x5, 0xa0, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x7, 0x2, 0x6, 0x5, 0xfffffffa, 0x10001, 0x2, 0x1, 0x2, 0x2, 0x9, 0x2, 0xc53, 0x2, 0x7, 0x80000009, 0x5, 0x5, 0x2, 0xffffff7f, 0x0, 0x1, 0x5, 0x8, 0xc6d9, 0x631, 0x200, 0x4, 0x1, 0x4, 0x5, 0xe, 0xffff, 0x5, 0x7ff, 0x6, 0x10, 0x6, 0x1, 0x6, 0x80000000, 0x3, 0x3, 0x7, 0xd, 0x2, 0x2, 0x4, 0x4, 0x3, 0x7, 0x8001, 0x0, 0x5, 0xb9, 0xfff, 0x400, 0x22, 0x2, 0x75, 0x7]}, 0x45c) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x3) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_open_dev$dri(0x0, 0x1ff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat$cgroup_devices(r2, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) openat$vimc2(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0), 0x0, 0x0}) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYRESHEX=r2, @ANYRESOCT=0x0, @ANYRES8=r0, @ANYRES8=r3, @ANYRESDEC=r1], 0x9) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4) sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010025bd7000fcdbdf253f00000008000300", @ANYRESDEC=r5, @ANYRES64=0x0], 0x3c}, 0x1, 0x0, 0x0, 0x4004090}, 0x4004000) r6 = socket$packet(0x11, 0x3, 0x300) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000002f000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000040)=r7, 0x4) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x14, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2, 0x0, 0x7}}, 0x14}}, 0x0) 5m52.100982752s ago: executing program 1 (id=3117): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setrlimit(0x3, &(0x7f0000000000)={0x3ff, 0x8001}) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$vsock_stream(0x28, 0x1, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x40000100) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1e, &(0x7f0000000040)=0x9, 0x22) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0xe64, 0xb, @loopback, 0x2}, 0x1c) r1 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) r4 = syz_io_uring_setup(0x49b, &(0x7f0000002180)={0x0, 0xa365, 0x100, 0x3, 0x1b0}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000040)={0x0, 0x0, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x2, r3, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}}) 5m51.9683377s ago: executing program 34 (id=3117): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) setrlimit(0x3, &(0x7f0000000000)={0x3ff, 0x8001}) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$vsock_stream(0x28, 0x1, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x40000100) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1e, &(0x7f0000000040)=0x9, 0x22) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0xe64, 0xb, @loopback, 0x2}, 0x1c) r1 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x8ad01, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) r4 = syz_io_uring_setup(0x49b, &(0x7f0000002180)={0x0, 0xa365, 0x100, 0x3, 0x1b0}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000040)={0x0, 0x0, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x2, r3, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}}) 8.653432113s ago: executing program 0 (id=4753): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x70bd2d, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 8.335851141s ago: executing program 0 (id=4754): syz_open_dev$swradio(&(0x7f00000001c0), 0x0, 0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x844}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r1 = syz_io_uring_setup(0x10f, &(0x7f0000000400)={0x0, 0x334e, 0x800, 0x1, 0x316}, &(0x7f0000000280)=0x0, &(0x7f0000000040)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x187100}) io_uring_enter(r1, 0x7277, 0x0, 0x28, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 7.117258072s ago: executing program 0 (id=4757): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5, r0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r1) syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[], 0x0) ioctl$EVIOCRMFF(r1, 0x550c, &(0x7f0000000400)=0x5b35) 7.001525685s ago: executing program 6 (id=4758): socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x800000}, 0x18) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) futex(&(0x7f0000000300)=0x1, 0x8, 0x1, &(0x7f0000000500), &(0x7f0000000540)=0x1, 0x2) bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r5, 0x8000000000000003}, 0x18) prlimit64(r0, 0x4, &(0x7f00000001c0)={0x6, 0x6400}, &(0x7f0000000280)) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) recvmsg(r6, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001480)}, 0x2) connect$packet(r6, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14) shutdown(r6, 0x1) socket$inet6_mptcp(0xa, 0x1, 0x106) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 5.927807525s ago: executing program 6 (id=4761): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x2) futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) clock_gettime(0x0, &(0x7f0000000080)) mlock2(&(0x7f0000495000/0x2000)=nil, 0x2000, 0x0) get_mempolicy(0x0, 0x0, 0x3c, &(0x7f0000ff9000/0x1000)=nil, 0x3) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) 5.116955626s ago: executing program 5 (id=4764): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffc, 0x3, 0x4, @scatter={0x0, 0x0, 0x0}, &(0x7f00000008c0)="939e00", 0x0, 0xffffffff, 0x40, 0x2, 0x0}) socket$kcm(0x2d, 0x2, 0x0) r1 = socket(0x10, 0x3, 0xa) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000080000000b0000000600000000000000", @ANYRES32, @ANYBLOB="02cb00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00@\x00'/28], 0x50) sendfile(r1, 0xffffffffffffffff, 0x0, 0x7fffffffffffffff) sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="10df2500"/16], 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x4) unshare(0x2a020400) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc08c5332, &(0x7f0000000400)) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r5, 0x0, 0xfffe}, 0x38) connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2d, 0x3, 0x4000}, 0xc) 4.913189297s ago: executing program 6 (id=4765): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x6, 0x8, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$netlink(0x10, 0x3, 0x6) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/zoneinfo\x00', 0x0, 0x0) pread64(r2, &(0x7f0000000080)=""/181, 0xb5, 0x365) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="149d3c855a229580bf000000ffdbdf25037c0000"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000000c0)='mm_page_alloc\x00', r1, 0x0, 0x7}, 0xd) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000140)={0x0, 0x0, 0x20, 0x0, 0xab, &(0x7f0000000a40)="bfaf422b00eb67e6529b59d5f04eaebdffa9ffb5b8680fc9f0750276d997ae303f8b51d3ed343c5b52fe5515e07ee6367e7cacb9eef97f0e85f4d50c3a39b9706357408f5c460e6d74ef603383ca87dcf35cbbc13421d22b0afc2607130f72724fa1698ffcb07838626332687ac9ef81328cec2927e953f67830398ea2a2403d855f993158e082ac1a3829acbf1867b516ff4f0b7673d54a20b72e4e98d92111e86644bade1247e812d6a113b23e11b2bfdeb3fa45a0cf8b922d573faa5b85000074fedbc4b779377120e968eef0946a9beb6861186f18d81fe4a662ccbce5d321ba2181abe3a1153d38d1121d6977e8a2d6f5fa1930634b1651e2c9fa5984c3c119e46b3562c137e714fce62e488b588b672781333fb08dd29ebd1b005721928358921a7f6190f7fe8a8bbb5d5e3d2e2ce8da85680dec4aee7b68c07c879fc128876e7f4c909b0fb13681e9fc23e693bfc6ecfe1cd3b9354d01205a877dc67ee6c5ffa874d1ee825788670a7b4fbbf599f9c6f67e5460d92aea85f9531fd2e3ec26091b86371a060b5003c3fa4430e127ecc4dccfe0e27004528220cfa78e81a098b412d92b623fe46d90d626f80fde32025c344e31e2ce50f5c630429d488b78c4059e14f4fa6b0c0d586eddf0492296303a1b8ae422faf0b2f439f42e30f5ffd5e5aae6b3154999e69071437f1733c456032ab0b281e7d3dc3bf9f297982df6d80bcd5bd16e68bc48836c1d623c5e6923ea104e673d1d0ec74c4c9e7f2c375d745f235375f45c70e45eea80f114c8261fdbef6e59de4df0c39bf132eb4603bde56b1f5b5c3f14de7a8fd83e1a2c863791541dabb01081951bd146b29494a54201f2ece984b90bd0a6d611a8363ac528e67ab810839bdff75afe41a12980fa80ebccb32bbbafb2d8800066773955506099dff81505459ffbe15c3dfdb3b49339687b2122dd4e5660658606ea568481dd5b59e934ac576d3b0a75a3e6996b5f809b9258e4c66a4532835e41fa311e7a1864ee2c8767ea739c469bfb111d2dce82306193fc0c913c321a5fb4515be447f44ee05c1ebbfe3601c835294a659100990811e13cf79a94be74efed38044a580ba9d3506e2a5d019614882dc8a3633dd367feaec7c89fae3df82f3b3d32eac822c5d578926b4e144016472aa765c5358248a087d20f6f1c85c2d5b95aa9d4e9dab2df8550bfa85565c1438a31c3ddeda01bfc8a806ce7f7969101ff8e3ded1f0c6a82262c9a128ca98dc1d768cac8be1eba00f91aa07b9a6a83155c9fde58ace35b7035c117069d2d41407cee17fa7ed7ce192b88b115f7d67cca5861e346735a256697f4db129b5781bf0e83b0d56b46dd03cdbb232eaef6a314f0f3a18e0458469110ad44a09430b87cb160cc150ba022807463a16ef6c4a009963f41ff55bb470c3073de7d958fb53a2e5be0dc84"}) 4.875549453s ago: executing program 6 (id=4766): syz_open_dev$swradio(&(0x7f00000001c0), 0x0, 0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x844}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r1 = syz_io_uring_setup(0x10f, &(0x7f0000000400)={0x0, 0x334e, 0x800, 0x1, 0x316}, &(0x7f0000000280)=0x0, &(0x7f0000000040)=0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x187100}) io_uring_enter(r1, 0x7277, 0x0, 0x28, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 4.495378307s ago: executing program 2 (id=4768): syz_io_uring_setup(0x890, 0x0, &(0x7f0000000240), 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000600)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) r2 = gettid() timer_settime(0x0, 0x0, 0x0, 0x0) ptrace$poke(0x4, r2, 0x0, 0x7) mq_open(&(0x7f0000001600)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\aXg\xbb\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x8a=\x0f\n*\x8a\x99\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5\x00\x00\x00\x00\x00\x00\x00\x01\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbbV\x1a\x8a\x03#T\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8', 0x40, 0xb, 0x0) r3 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x42, 0x154) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r4, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="687567653d616d776179732c687567653d7769749d11f4d7e04dedade0d102ae1b48304812d7303be61ad8a0d48bc55de427cea3598c272183c27a3d15a4f347025dd86748326e246eab90b324cc7bf97763c1cf02317ed7dfb60a497cb6b727d0b3d82f53659999e5e51246460c9fdf7dcc6d8b1183925e3dad628612a1acac912a71fbbf56f91fe4e486536db0469e87c03c292dbdaaa507fd56805f06ac5434700f176e8de0727daced202e5e0438c8376036a8baec0c5546249768f10658409bb2e2d5a2d524698eb37f12a24cf81bf603200ee61b99f3d119aba1fe480f82ba83786bdc7685303142100341a4aac86fee28629abc899935c997ffc5a9139acbc86a21e5"]) chdir(&(0x7f0000000140)='./file0\x00') r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f00000005c0), 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000500)='./file0/file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75", @ANYRESOCT=r6, @ANYRES64=r6]) recvmmsg(r5, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0xffffffffffffff2f}], 0x1}, 0x8000}], 0x3fffffffffffdfc, 0x10002, 0x0) sendmsg$can_bcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYRESDEC=r6, @ANYRES64=r7, @ANYRES64=r0], 0x48}}, 0x0) 4.134421774s ago: executing program 5 (id=4769): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@loopback, 0x0, 0x8, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) (async) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x70bd2b, 0xffffffff, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x2, 0xa}}, [@migrate={0x50, 0x11, [{@in=@local, @in=@broadcast, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@private=0xa010100, 0x3c, 0x4, 0x0, 0x2, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x44000}, 0x0) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) (async) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6800000010000108fdffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0000000000400016803c0001800c0005"], 0x68}, 0x1, 0x0, 0x0, 0x44004}, 0x0) (async) sendmsg$NL80211_CMD_ASSOCIATE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x30, r6, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0xd, {0xe, 0x9, 0x3a8, 0x6}}}, @NL80211_ATTR_SSID={0x4}]}, 0x30}}, 0xc00) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000400)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="05022cbd7000f9dbdf25120000003173cffff28c6f5f736c6176655fff"], 0x34}}, 0x0) (async, rerun: 32) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x1, 0x3}, 0x0) (async, rerun: 32) sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000007900), 0x847, 0x10162, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x30, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x18207}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8}, {0x4}}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) (async) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x3}}}}}]}}]}}, 0x0) (async) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="52fb64364baa3f901787a470c8b8767a87fb253f9cb6730f011facb0c2b0800a9976b7fd8a3083ebc241", @ANYRES32=r2, @ANYRES8, @ANYRESOCT], 0x34}, 0x1, 0x0, 0x0, 0x4b9702dee4ac411b}, 0x4004854) socket$inet_udplite(0x2, 0x2, 0x88) (async) openat$sr(0xffffff9c, &(0x7f00000000c0), 0x100, 0x0) socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x1, 0x803, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) 3.977694693s ago: executing program 5 (id=4770): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x2) futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) clock_gettime(0x0, &(0x7f0000000080)) mlock2(&(0x7f0000495000/0x2000)=nil, 0x2000, 0x0) get_mempolicy(0x0, 0x0, 0x3c, &(0x7f0000ff9000/0x1000)=nil, 0x3) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) 3.934162128s ago: executing program 0 (id=4771): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000280)=0x6) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x4) io_uring_enter(0xffffffffffffffff, 0x7cda, 0xec02, 0x28, &(0x7f0000000640)={[0xd7, 0x8]}, 0x8) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) accept4$bt_l2cap(r5, 0x0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) get_robust_list(r0, &(0x7f00000004c0)=&(0x7f00000003c0)={&(0x7f0000000280), 0x0, &(0x7f0000000340)={&(0x7f0000000300)}}, &(0x7f0000000500)=0xc) sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x85, 0x8, 0xff}, 0x9c) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f00000000c0)={'comedi_bond\x00', [0x2f, 0x80, 0x10006, 0x4, 0x1, 0xcc7, 0x8, 0x17, 0xa, 0x24c, 0xfff, 0x7, 0x5, 0x5, 0x4, 0x105, 0x8, 0x2000002, 0x2009, 0x1, 0x89, 0x6, 0x0, 0x30001e5a, 0x1000b, 0x7, 0x9, 0x8, 0x6, 0x3fd, 0xfffffffd]}) 3.896021723s ago: executing program 6 (id=4772): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') lseek(r1, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @empty, 0x400}, 0x1c) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00') r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000001b00)={0x0, 0x34325842, 0x1, @discrete={0x1, 0x100}}) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4b0, 0x2fc, 0x18c, 0x203, 0x0, 0x19030000, 0x3e8, 0x2e0, 0x2e0, 0x3e8, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d4, 0x2fc, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {0xfffc, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {0xffff}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4, 0x0, 0x10}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x50c) socket(0x40000000015, 0x5, 0x0) r5 = syz_io_uring_setup(0x6023, &(0x7f0000000140)={0x0, 0x2, 0x2000}, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x6000, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r5, 0x7a98, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r8 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r8, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) ioctl$AUTOFS_IOC_FAIL(r2, 0x9361, 0xa90b) bpf$PROG_LOAD(0x5, &(0x7f0000019240)={0x1b, 0xb, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = syz_open_procfs(0x0, &(0x7f00000190c0)='net/ip_tables_targets\x00') pread64(r9, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000080)=0xe) ioctl$TIOCVHANGUP(r10, 0x5437, 0x200000000000000) socket$nl_generic(0x10, 0x3, 0x10) 2.736653098s ago: executing program 2 (id=4773): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 32) bpf$MAP_CREATE(0x0, 0x0, 0x48) (rerun: 32) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x4001af84, &(0x7f0000000000)) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) (async, rerun: 32) r1 = socket$inet_smc(0x2b, 0x1, 0x0) (rerun: 32) r2 = open(0x0, 0x0, 0x6c) fcntl$notify(r2, 0x402, 0x5) (async) preadv(r2, 0x0, 0x0, 0x0, 0x0) r3 = syz_io_uring_setup(0x7b52, &(0x7f00000004c0)={0x0, 0x3524, 0x200, 0x400003, 0xf3, 0x0, r2}, &(0x7f0000000080), &(0x7f00000000c0)) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000380)={0x0, 0x0}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) (async, rerun: 64) sendmmsg$unix(r5, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)="3b5ab466cbaf6b2371a089ccb61d19e312fdff8a46eb814f6c7d635c3fc7600a9230fa01ea048a0801c07a29d4eeef5efca338230547df597c1d61f0669474d5a38f9f6e428bd1d0f074f42130fbddd1797ee1b1e9e15641f6b7ab60c1cdbef0612df99313a91b9f589dcfb25f2bfba9c00c20e84291385bc440cd6c2d4bc3cfd52d249cc93e7d3991d85f79daa42fad9fca78e71dd00661a289404b34", 0x9d}], 0x1, &(0x7f0000000400)=ANY=[@ANYBLOB="14e500002fdeaf62a3313834", @ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="180000000100000002000000", @ANYRES32=r6, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="280000000100000001000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=r5, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32, @ANYRES32], 0x54, 0x4040015}}], 0x1, 0x800) (async, rerun: 64) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) (async) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) (async) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket$igmp6(0xa, 0x3, 0x2) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) r8 = socket$netlink(0x10, 0x3, 0x0) (async) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="580000ce200001000000000000006f5215b98ae3a800000a0020f700000001000000001400110076657465001400030076657468315f766c616e00000000000014e61f763826cf9208d9653717134cd2da6533d294bd7dabd804a80b39849c34c2360f96cb69bf0c25dfd804c7a0d514e658eeab4ad6a7cc2c7833be93ceabd5f90981714b6c88e5b164bbf1f723d1f670cad3fa1b0e7b2d7a68c76682f4fc1d11292161e270abcf5bf4d76d661cd5e6"], 0x58}, 0x1, 0x0, 0x0, 0x24048844}, 0x0) (async, rerun: 32) sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) (async, rerun: 32) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x106}}, 0x20) (async) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000003c0)={0x2, 'ip6_vti0\x00', 0x1}, 0x18) 2.65781978s ago: executing program 2 (id=4774): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x2) futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) clock_gettime(0x0, &(0x7f0000000080)) mlock2(&(0x7f0000495000/0x2000)=nil, 0x2000, 0x0) get_mempolicy(0x0, 0x0, 0x3c, &(0x7f0000ff9000/0x1000)=nil, 0x3) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) 2.344639565s ago: executing program 0 (id=4775): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000280)=0x6) sched_setaffinity(r3, 0x0, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffeffffffffff", 0x45}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010) io_uring_enter(0xffffffffffffffff, 0x7cda, 0xec02, 0x28, &(0x7f0000000640)={[0xd7, 0x8]}, 0x8) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) accept4$bt_l2cap(r6, 0x0, 0x0, 0x0) r7 = dup(r5) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) get_robust_list(r0, &(0x7f00000004c0)=&(0x7f00000003c0)={&(0x7f0000000280), 0x0, &(0x7f0000000340)={&(0x7f0000000300)}}, &(0x7f0000000500)=0xc) sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r8 = dup(r5) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x85, 0x8, 0xff}, 0x9c) 2.184821245s ago: executing program 5 (id=4776): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000280)=0x6) sched_setaffinity(r3, 0x0, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffeffffffffff", 0x45}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010) io_uring_enter(0xffffffffffffffff, 0x7cda, 0xec02, 0x28, &(0x7f0000000640)={[0xd7, 0x8]}, 0x8) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) accept4$bt_l2cap(r6, 0x0, 0x0, 0x0) r7 = dup(r5) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) get_robust_list(r0, &(0x7f00000004c0)=&(0x7f00000003c0)={&(0x7f0000000280), 0x0, &(0x7f0000000340)={&(0x7f0000000300)}}, &(0x7f0000000500)=0xc) sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r8 = dup(r5) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x85, 0x8, 0xff}, 0x9c) 1.777437014s ago: executing program 2 (id=4777): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040041}, 0x4044009) ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x3e, 0x4e51c327, 0x4, 0xa0, 0x1, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x1, 0x4}, 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'pcl711\x00', [0xf27, 0x80000000, 0x2, 0xa, 0xe, 0x5, 0x8, 0x3, 0x8, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x100006, 0x101, 0xfffffffe, 0x7f, 0x3, 0x40000003, 0x89, 0xca9f, 0x0, 0x20001e58, 0xffffffff, 0xe66, 0x3, 0x8, 0x4085, 0x0, 0xfffffff8]}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) preadv(r4, &(0x7f00000002c0)=[{&(0x7f0000000500)=""/94, 0x5e}], 0x1, 0x4, 0x8) ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000080)={0x4000000, 0x5, 0x3}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f00000001c0)={@val, @void, @eth={@broadcast, @remote, @void, {@mpls_mc={0x8848, {[], @llc={@snap={0x1, 0xaa, "c6", "38e727", 0x892f, "f194bbb62e9078604b914a492e94a906c24228433151722878e8ac676139ecb54263efc32ec631838384a12aab2c4e12986504853ba450884d6e4c71480b65bd1515bfd5e1fb21c27d428474cc5d8db6f85f1eb57c3ff68e219b54b46c4e53327d8ed73c6bca0ef6fdf698368aa177830848f8f5dd6cda9bb6f0ea6e47b9453154b76f81212a35456a740ccff8efa9"}}}}}}}, 0xa9) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) socket$inet6_udplite(0xa, 0x2, 0x88) 409.715348ms ago: executing program 0 (id=4778): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f0000000340)={'ip6tnl0\x00', 0x0, 0x4, 0xfa, 0x7, 0x9, 0x1, @remote, @mcast2, 0x80, 0x20, 0x1}}) (fail_nth: 19) 347.249106ms ago: executing program 2 (id=4779): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}, {0x7, 0x0, 0xb, 0x0, 0x0, 0xffff}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) 297.445604ms ago: executing program 2 (id=4781): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) signalfd(0xffffffffffffffff, 0x0, 0x0) unshare(0x8000000) r0 = semget$private(0x0, 0x4000, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f00000001c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0xa, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @multicast2, @local, @rand_addr=0x8}}}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000380)={0xa, 0x4e23, 0xfffffffc, @loopback}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2c}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x800) listen(r2, 0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8) sendmmsg$inet6(r1, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)="89", 0x1}], 0x1}}], 0x1, 0x20000000) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000080)={0x0, 0x1, 0x3}, 0x8) openat$userio(0xffffff9c, &(0x7f0000000180), 0x2000, 0x0) stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)) 177.67472ms ago: executing program 5 (id=4782): r0 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0cc5640, &(0x7f0000000340)={0x8, @sdr={0x33424752, 0x8}}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x6, 0x8, 0x1}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000000c0)='mm_page_alloc\x00', r2, 0x0, 0x7}, 0xd) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)={@private, @empty, 0x0}, &(0x7f0000000240)=0xc) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000280)={0x0, @remote, @remote}, &(0x7f00000002c0)=0xc) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'ip_vti0\x00', &(0x7f0000000440)={'tunl0\x00', 0x0, 0x80, 0x8, 0x9, 0xffffffff, {{0x31, 0x4, 0x3, 0x20, 0xc4, 0x65, 0x0, 0x5, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x19}, @private=0xa010101, {[@ra={0x94, 0x4}, @cipso={0x86, 0x5c, 0x2, [{0x6, 0x9, "9db43412667726"}, {0x7, 0xe, "4c5022e570b9f982c25ae9fd"}, {0x2, 0xc, "605e35c06ab8fc73d2cd"}, {0x6, 0x12, "07cf0554c4f081552d7a57aa2bf3b6f2"}, {0x7, 0x12, "65f78974441a6ecf0a7fbd977bf1840e"}, {0x1, 0xf, "2858b28c23f401b9719e76bcde"}]}, @rr={0x7, 0x1f, 0x4, [@initdev={0xac, 0x1e, 0x1, 0x0}, @local, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, @rand_addr=0x64010100, @multicast1]}, @noop, @timestamp_addr={0x44, 0x24, 0xc6, 0x1, 0xb, [{@remote, 0x2}, {@local, 0x10001}, {@rand_addr=0x64010102, 0xff}, {@dev={0xac, 0x14, 0x14, 0x14}, 0xc9b9}]}, @end, @rr={0x7, 0xb, 0xfe, [@rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0xc}]}]}}}}}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$gtp(&(0x7f0000000300), r8) r10 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r10, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="400000001000370400000000fcdbdf2500000000", @ANYRES32=r11, @ANYBLOB="890c04000000000020001280080001006774700014000280050005"], 0x40}}, 0x0) sendmsg$GTP_CMD_DELPDP(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01002cbd7000ffdbdf250100000008000200010000ef08000100", @ANYRES32=r11, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x8004}, 0x4) r12 = socket$netlink(0x10, 0x3, 0x0) r13 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r13, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r13, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r14, @ANYBLOB="01000000000000001c0012000c00010062"], 0x3c}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000005c0)={'syztnl2\x00', &(0x7f0000000540)={'syztnl2\x00', 0x0, 0x4, 0x0, 0x6, 0x7, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @local, 0x40, 0x80, 0x7, 0x9}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000840)={'sit0\x00', &(0x7f0000000700)={'syztnl1\x00', 0x0, 0x80, 0x20, 0x1, 0xedf9, {{0x39, 0x4, 0x0, 0x6, 0xe4, 0x65, 0x0, 0x3d, 0x2f, 0x0, @multicast2, @multicast2, {[@timestamp_addr={0x44, 0x34, 0xff, 0x1, 0x1, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x54c}, {@loopback, 0x80000000}, {@multicast1, 0x99c2}, {@rand_addr=0x64010102, 0x3}, {@remote, 0x9}, {@multicast1, 0x632}]}, @end, @timestamp_addr={0x44, 0x14, 0x9, 0x1, 0x1, [{@dev={0xac, 0x14, 0x14, 0x1b}, 0xcc}, {@multicast1, 0xa3}]}, @ssrr={0x89, 0x17, 0x14, [@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp_prespec={0x44, 0x24, 0x5e, 0x3, 0x0, [{@dev={0xac, 0x14, 0x14, 0x41}, 0x16f}, {@rand_addr=0x64010102, 0x7fffffff}, {@empty, 0x5}, {@empty}]}, @timestamp_prespec={0x44, 0x24, 0x8f, 0x3, 0x9, [{@empty, 0x10}, {@dev={0xac, 0x14, 0x14, 0x12}, 0x2}, {@local}, {@multicast1, 0x4}]}, @timestamp_prespec={0x44, 0x24, 0x24, 0x3, 0x3, [{@local, 0x4}, {@multicast1, 0x8}, {@dev={0xac, 0x14, 0x14, 0x33}, 0x7}, {@rand_addr=0x64010100, 0x3ff}]}, @end]}}}}}) sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f00000008c0)={&(0x7f0000000080), 0xc, &(0x7f0000000880)={&(0x7f0000000a40)={0x178, r4, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x178}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000040) 64.815244ms ago: executing program 5 (id=4783): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000280)=0x6) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$kcm(0x10, 0x2, 0x4) io_uring_enter(0xffffffffffffffff, 0x7cda, 0xec02, 0x28, &(0x7f0000000640)={[0xd7, 0x8]}, 0x8) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) accept4$bt_l2cap(r5, 0x0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) get_robust_list(r0, &(0x7f00000004c0)=&(0x7f00000003c0)={&(0x7f0000000280), 0x0, &(0x7f0000000340)={&(0x7f0000000300)}}, &(0x7f0000000500)=0xc) sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x85, 0x8, 0xff}, 0x9c) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f00000000c0)={'comedi_bond\x00', [0x2f, 0x80, 0x10006, 0x4, 0x1, 0xcc7, 0x8, 0x17, 0xa, 0x24c, 0xfff, 0x7, 0x5, 0x5, 0x4, 0x105, 0x8, 0x2000002, 0x2009, 0x1, 0x89, 0x6, 0x0, 0x30001e5a, 0x1000b, 0x7, 0x9, 0x8, 0x6, 0x3fd, 0xfffffffd]}) 0s ago: executing program 6 (id=4784): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) r1 = socket$phonet(0x23, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'}) ioctl$F2FS_IOC_SET_COMPRESS_OPTION(0xffffffffffffffff, 0x4002f516, &(0x7f0000000040)={0x12, 0xa}) (async) ioctl$F2FS_IOC_SET_COMPRESS_OPTION(0xffffffffffffffff, 0x4002f516, &(0x7f0000000040)={0x12, 0xa}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) io_uring_setup(0x8001612, &(0x7f0000000200)={0x0, 0x0, 0x20000, 0x40000}) socket$nl_route(0x10, 0x3, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5) (async) mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x404, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file2'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './bus/file0'}}, {@redirect_dir_off}]}) (async) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x404, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file2'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './bus/file0'}}, {@redirect_dir_off}]}) r2 = open(&(0x7f0000000140)='./bus/file0\x00', 0x181082, 0x0) mknodat$loop(r2, &(0x7f0000001600)='./bus\x00', 0x0, 0x0) (async) mknodat$loop(r2, &(0x7f0000001600)='./bus\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') llistxattr(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) linkat(r2, &(0x7f0000000100)='./file1\x00', r2, &(0x7f0000000240)='./file0\x00', 0x0) unlink(&(0x7f00000002c0)='./file0\x00') (async) unlink(&(0x7f00000002c0)='./file0\x00') socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r3, &(0x7f0000000180)={0xa, 0x0, 0x1, @local, 0x7, 0x4}, 0x20) sendmmsg(r3, &(0x7f0000000140), 0x0, 0x804) (async) sendmmsg(r3, &(0x7f0000000140), 0x0, 0x804) inotify_add_watch(0xffffffffffffffff, 0x0, 0xa4000960) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000004060101fffff00000000000000000000500010007000000"], 0x1c}}, 0x0) (async) sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000004060101fffff00000000000000000000500010007000000"], 0x1c}}, 0x0) kernel console output (not intermixed with test programs): fail_usercopy, interval 1, probability 0, space 0, times 0 [ 777.531154][T19375] CPU: 2 UID: 0 PID: 19375 Comm: syz.2.3745 Tainted: G L syzkaller #0 PREEMPT(full) [ 777.531189][T19375] Tainted: [L]=SOFTLOCKUP [ 777.531196][T19375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 777.531208][T19375] Call Trace: [ 777.531215][T19375] [ 777.531223][T19375] dump_stack_lvl+0x16c/0x1f0 [ 777.531254][T19375] should_fail_ex+0x512/0x640 [ 777.531279][T19375] _copy_to_user+0x32/0xd0 [ 777.531301][T19375] simple_read_from_buffer+0xcb/0x170 [ 777.531329][T19375] proc_fail_nth_read+0x197/0x240 [ 777.531361][T19375] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 777.531393][T19375] ? rw_verify_area+0xcf/0x6c0 [ 777.531417][T19375] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 777.531444][T19375] vfs_read+0x1e4/0xcf0 [ 777.531467][T19375] ? __pfx___mutex_lock+0x10/0x10 [ 777.531495][T19375] ? __pfx_vfs_read+0x10/0x10 [ 777.531515][T19375] ? find_held_lock+0x2b/0x80 [ 777.531545][T19375] ? __fget_files+0x20e/0x3c0 [ 777.531579][T19375] ksys_read+0x12a/0x250 [ 777.531604][T19375] ? __pfx_ksys_read+0x10/0x10 [ 777.531628][T19375] ? syscall_user_dispatch+0x78/0x140 [ 777.531652][T19375] ? do_user_addr_fault+0x843/0x1370 [ 777.531680][T19375] __do_fast_syscall_32+0xe8/0x680 [ 777.531710][T19375] do_fast_syscall_32+0x32/0x80 [ 777.531739][T19375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 777.531760][T19375] RIP: 0023:0xf7f75579 [ 777.531775][T19375] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 777.531792][T19375] RSP: 002b:00000000f5466590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 777.531810][T19375] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5466620 [ 777.531822][T19375] RDX: 000000000000000f RSI: 00000000f7406ff4 RDI: 0000000000000000 [ 777.531833][T19375] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 777.531843][T19375] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 777.531854][T19375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 777.531879][T19375] [ 778.957011][T19401] siw: device registration error -23 [ 779.662113][T19412] faux_driver vkms: [drm] Unknown color mode 7; guessing buffer size. [ 779.749790][T19412] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 780.129364][T19412] hub 8-0:1.0: USB hub found [ 780.131432][T19412] hub 8-0:1.0: 1 port detected [ 780.493309][T19430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3761'. [ 780.882099][T19435] XFS (nullb0): Invalid superblock magic number [ 781.635350][T19450] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3764'. [ 781.639115][T19450] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3764'. [ 781.706458][T19456] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3767'. [ 781.898004][T19466] rdma_rxe: rxe_newlink: failed to add syz_tun [ 782.252194][T19474] FAULT_INJECTION: forcing a failure. [ 782.252194][T19474] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 782.256791][T19474] CPU: 2 UID: 0 PID: 19474 Comm: syz.2.3773 Tainted: G L syzkaller #0 PREEMPT(full) [ 782.256836][T19474] Tainted: [L]=SOFTLOCKUP [ 782.256841][T19474] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 782.256848][T19474] Call Trace: [ 782.256852][T19474] [ 782.256858][T19474] dump_stack_lvl+0x16c/0x1f0 [ 782.256878][T19474] should_fail_ex+0x512/0x640 [ 782.256893][T19474] _copy_from_user+0x2e/0xd0 [ 782.256907][T19474] get_user_ifreq+0x116/0x1c0 [ 782.256923][T19474] sock_ioctl+0x586/0x6b0 [ 782.256939][T19474] ? __pfx_sock_ioctl+0x10/0x10 [ 782.256956][T19474] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 782.256990][T19474] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 782.257012][T19474] compat_sock_ioctl+0x58b/0x730 [ 782.257023][T19474] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 782.257033][T19474] ? hook_file_ioctl_common+0x144/0x410 [ 782.257067][T19474] ? __fget_files+0x20e/0x3c0 [ 782.257092][T19474] ? fput+0x70/0xf0 [ 782.257116][T19474] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 782.257131][T19474] __ia32_compat_sys_ioctl+0x242/0x370 [ 782.257158][T19474] __do_fast_syscall_32+0xe8/0x680 [ 782.257189][T19474] do_fast_syscall_32+0x32/0x80 [ 782.257213][T19474] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 782.257228][T19474] RIP: 0023:0xf7f75579 [ 782.257237][T19474] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 782.257248][T19474] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 782.257259][T19474] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f1 [ 782.257267][T19474] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 782.257273][T19474] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 782.257279][T19474] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 782.257286][T19474] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 782.257299][T19474] [ 783.365089][T19495] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3779'. [ 783.538287][T19498] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3780'. [ 784.051697][T19515] x_tables: duplicate underflow at hook 1 [ 784.056465][T19515] hub 8-0:1.0: USB hub found [ 784.058451][T19515] hub 8-0:1.0: 1 port detected [ 784.535478][T19522] xt_TCPMSS: Only works on TCP SYN packets [ 785.403462][T19542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3794'. [ 785.409204][T19542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3794'. [ 786.734198][T19560] x_tables: duplicate underflow at hook 1 [ 786.743793][T19560] hub 8-0:1.0: USB hub found [ 786.747693][T19560] hub 8-0:1.0: 1 port detected [ 788.095116][T19565] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 788.095242][T19566] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 788.099488][T19565] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 788.102404][T19566] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 788.111400][T19566] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 788.111503][T19565] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 788.115912][T19566] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 788.116536][T19565] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 788.123680][T19565] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 788.125958][T19566] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 788.127996][T19565] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 788.130782][T19566] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 788.139738][T19565] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 788.144102][T19565] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 789.321855][ T40] audit: type=1326 audit(789.191:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19598 comm="syz.0.3812" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x0 [ 790.833869][T19623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3819'. [ 790.838152][T19623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3819'. [ 792.188786][T19641] x_tables: duplicate underflow at hook 1 [ 792.192055][T19641] hub 8-0:1.0: USB hub found [ 792.194682][T19641] hub 8-0:1.0: 1 port detected [ 793.201063][T19650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3827'. [ 793.204166][T19650] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 793.291684][T19650] create_pit_timer: 6 callbacks suppressed [ 793.291700][T19650] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 793.423219][ T40] audit: type=1326 audit(793.301:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19647 comm="syz.0.3827" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f15579 code=0x0 [ 793.793777][T19669] loop2: detected capacity change from 0 to 7 [ 793.797194][T19669] Dev loop2: unable to read RDB block 7 [ 793.799599][T19669] loop2: AHDI p1 p2 p3 [ 793.801414][T19669] loop2: partition table partially beyond EOD, truncated [ 793.812672][T19669] loop2: p1 start 1601398130 is beyond EOD, truncated [ 793.815978][T19669] loop2: p2 start 1702059890 is beyond EOD, truncated [ 794.173764][T19675] x_tables: duplicate underflow at hook 1 [ 795.623070][T17704] usb 11-1: new high-speed USB device number 3 using dummy_hcd [ 795.633766][ T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 795.763059][T17704] usb 11-1: device descriptor read/64, error -71 [ 795.795166][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 795.798833][ T24] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 795.801944][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 795.819860][ T24] usb 5-1: config 0 descriptor?? [ 796.023016][T17704] usb 11-1: new high-speed USB device number 4 using dummy_hcd [ 796.025324][ T24] usbhid 5-1:0.0: can't add hid device: -71 [ 796.028058][ T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 796.032387][ T24] usb 5-1: USB disconnect, device number 16 [ 796.152998][T17704] usb 11-1: device descriptor read/64, error -71 [ 796.263248][T17704] usb usb11-port1: attempt power cycle [ 796.463053][ T24] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 796.603122][ T24] usb 5-1: device descriptor read/64, error -71 [ 796.613089][T17704] usb 11-1: new high-speed USB device number 5 using dummy_hcd [ 796.633436][T17704] usb 11-1: device descriptor read/8, error -71 [ 796.843204][ T24] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 796.873007][T17704] usb 11-1: new high-speed USB device number 6 using dummy_hcd [ 796.893450][T17704] usb 11-1: device descriptor read/8, error -71 [ 796.973044][ T24] usb 5-1: device descriptor read/64, error -71 [ 797.003362][T17704] usb usb11-port1: unable to enumerate USB device [ 797.083347][ T24] usb usb5-port1: attempt power cycle [ 797.423061][ T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 797.443947][ T24] usb 5-1: device descriptor read/8, error -71 [ 797.484108][T19703] netlink: 72 bytes leftover after parsing attributes in process `syz.5.3842'. [ 797.518967][T19705] rdma_rxe: rxe_newlink: failed to add syz_tun [ 797.683014][ T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 797.703510][ T24] usb 5-1: device descriptor read/8, error -71 [ 797.813512][ T24] usb usb5-port1: unable to enumerate USB device [ 797.910092][T19713] veth1_to_bond: entered allmulticast mode [ 797.919216][T19713] random: crng reseeded on system resumption [ 798.834768][T19712] veth1_to_bond: left allmulticast mode [ 800.010231][T19740] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3851'. [ 800.027813][T19737] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3851'. [ 800.034544][T19737] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.036912][T19737] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.054378][T19737] bridge_slave_1: left allmulticast mode [ 800.056225][T19737] bridge_slave_1: left promiscuous mode [ 800.059525][T19737] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.105793][T19737] bridge_slave_0: left allmulticast mode [ 800.107651][T19737] bridge_slave_0: left promiscuous mode [ 800.109599][T19737] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.706428][T19760] syz1: rxe_newlink: already configured on syz_tun [ 801.128603][T19765] loop2: detected capacity change from 0 to 7 [ 801.130913][T19765] Dev loop2: unable to read RDB block 7 [ 801.132655][T19765] loop2: AHDI p1 p2 p3 [ 801.135119][T19765] loop2: partition table partially beyond EOD, truncated [ 801.137328][T19765] loop2: p1 start 1601398130 is beyond EOD, truncated [ 801.139309][T19765] loop2: p2 start 1702059890 is beyond EOD, truncated [ 801.163868][T19766] block device autoloading is deprecated and will be removed. [ 801.418587][T19778] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3864'. [ 801.516063][T19781] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3865'. [ 802.483667][T19812] x_tables: duplicate underflow at hook 1 [ 803.926764][T19822] netlink: 'syz.2.3875': attribute type 2 has an invalid length. [ 805.920578][T19867] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3888'. [ 806.074845][ T6010] libceph: connect (1)[c::]:6789 error -101 [ 806.077099][ T6010] libceph: mon0 (1)[c::]:6789 connect error [ 806.079438][ T6010] libceph: connect (1)[c::]:6789 error -101 [ 806.081679][ T6010] libceph: mon0 (1)[c::]:6789 connect error [ 806.343227][ T6010] libceph: connect (1)[c::]:6789 error -101 [ 806.351025][ T6010] libceph: mon0 (1)[c::]:6789 connect error [ 806.606654][T19887] FAULT_INJECTION: forcing a failure. [ 806.606654][T19887] name failslab, interval 1, probability 0, space 0, times 0 [ 806.612300][T19887] CPU: 1 UID: 0 PID: 19887 Comm: syz.5.3895 Tainted: G L syzkaller #0 PREEMPT(full) [ 806.612331][T19887] Tainted: [L]=SOFTLOCKUP [ 806.612338][T19887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 806.612351][T19887] Call Trace: [ 806.612359][T19887] [ 806.612368][T19887] dump_stack_lvl+0x16c/0x1f0 [ 806.612400][T19887] should_fail_ex+0x512/0x640 [ 806.612421][T19887] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 806.612447][T19887] should_failslab+0xc2/0x120 [ 806.612476][T19887] kmem_cache_alloc_node_noprof+0x86/0x800 [ 806.612499][T19887] ? __alloc_skb+0x156/0x410 [ 806.612519][T19887] ? __alloc_skb+0x35d/0x410 [ 806.612543][T19887] ? __alloc_skb+0x156/0x410 [ 806.612560][T19887] __alloc_skb+0x156/0x410 [ 806.612648][T19887] ? __alloc_skb+0x35d/0x410 [ 806.612673][T19887] ? __pfx___alloc_skb+0x10/0x10 [ 806.612707][T19887] ? find_held_lock+0x2b/0x80 [ 806.612737][T19887] netlink_ack+0x15d/0xb80 [ 806.612774][T19887] netlink_rcv_skb+0x332/0x420 [ 806.612801][T19887] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 806.612827][T19887] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 806.612872][T19887] ? netlink_deliver_tap+0x1ae/0xd30 [ 806.612903][T19887] netlink_unicast+0x5aa/0x870 [ 806.612964][T19887] ? __pfx_netlink_unicast+0x10/0x10 [ 806.613002][T19887] netlink_sendmsg+0x8c8/0xdd0 [ 806.613035][T19887] ? __pfx_netlink_sendmsg+0x10/0x10 [ 806.613065][T19887] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 806.613102][T19887] sock_write_iter+0x566/0x610 [ 806.613133][T19887] ? __pfx_sock_write_iter+0x10/0x10 [ 806.613176][T19887] ? __lock_acquire+0x436/0x2890 [ 806.613199][T19887] do_iter_readv_writev+0x662/0x9e0 [ 806.613229][T19887] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 806.613254][T19887] ? common_file_perm+0x1b1/0x500 [ 806.613281][T19887] ? bpf_lsm_file_permission+0x9/0x10 [ 806.613304][T19887] ? security_file_permission+0x71/0x210 [ 806.613329][T19887] ? rw_verify_area+0xcf/0x6c0 [ 806.613356][T19887] vfs_writev+0x35f/0xde0 [ 806.613389][T19887] ? __pfx_vfs_writev+0x10/0x10 [ 806.613417][T19887] ? find_held_lock+0x2b/0x80 [ 806.613457][T19887] ? __fget_files+0x20e/0x3c0 [ 806.613481][T19887] ? __fget_files+0x160/0x3c0 [ 806.613513][T19887] ? do_writev+0x28c/0x340 [ 806.613536][T19887] do_writev+0x28c/0x340 [ 806.613562][T19887] ? __pfx_do_writev+0x10/0x10 [ 806.613588][T19887] ? do_user_addr_fault+0x843/0x1370 [ 806.613615][T19887] __do_fast_syscall_32+0xe8/0x680 [ 806.613649][T19887] do_fast_syscall_32+0x32/0x80 [ 806.613679][T19887] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 806.613704][T19887] RIP: 0023:0xf70fd579 [ 806.613720][T19887] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 806.613739][T19887] RSP: 002b:00000000f54ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 806.613758][T19887] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 806.613772][T19887] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 806.613782][T19887] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 806.613792][T19887] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 806.613801][T19887] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 806.613823][T19887] [ 806.788300][T19869] ceph: No mds server is up or the cluster is laggy [ 808.093666][T19918] loop2: detected capacity change from 0 to 7 [ 808.111501][T19918] Dev loop2: unable to read RDB block 7 [ 808.114138][T19918] loop2: AHDI p1 p2 p3 [ 808.119355][T19918] loop2: partition table partially beyond EOD, truncated [ 808.125087][T19918] loop2: p1 start 1601398130 is beyond EOD, truncated [ 808.127520][T19918] loop2: p2 start 1702059890 is beyond EOD, truncated [ 808.182211][T19924] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3906'. [ 808.262023][T19933] usb usb5: usbfs: process 19933 (syz.0.3903) did not claim interface 0 before use [ 808.285548][T19935] rdma_rxe: rxe_newlink: failed to add syz_tun [ 808.619712][T19933] wg2 speed is unknown, defaulting to 1000 [ 808.714190][T19927] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3908'. [ 808.803246][T19945] tmpfs: Bad value for 'mpol' [ 808.813644][T19945] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3911'. [ 808.860832][T19934] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 808.863106][T19934] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 808.866793][T19934] vhci_hcd vhci_hcd.0: Device attached [ 808.878181][T19934] random: crng reseeded on system resumption [ 809.119792][T19947] vhci_hcd: connection closed [ 809.119947][T18159] vhci_hcd vhci_hcd.2: stop threads [ 809.132980][T18159] vhci_hcd vhci_hcd.2: release socket [ 809.134826][T18159] vhci_hcd vhci_hcd.2: disconnect device [ 809.143777][T17704] usb 42-1: enqueue for inactive port 0 [ 809.382989][ T34] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 809.542996][ T34] usb 5-1: Using ep0 maxpacket: 32 [ 809.653550][ T34] usb 5-1: unable to get BOS descriptor or descriptor too short [ 809.656887][ T34] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 809.659381][ T34] usb 5-1: can't read configurations, error -71 [ 809.666405][T17704] usb usb42-port1: attempt power cycle [ 810.214296][T19985] x_tables: duplicate underflow at hook 1 [ 810.405817][T17704] usb usb42-port1: unable to enumerate USB device [ 810.416595][T19993] syz1: rxe_newlink: already configured on syz_tun [ 810.968423][T20006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3922'. [ 811.352188][T20015] netlink: zone id is out of range [ 811.354540][T20015] netlink: zone id is out of range [ 811.356370][T20015] netlink: set zone limit has 8 unknown bytes [ 811.741777][T20019] 9pnet_virtio: no channels available for device syz [ 811.748142][T20019] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 811.809056][T20019] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 811.812512][T20019] overlayfs: failed to look up (tracing) for ino (-66) [ 811.894817][T20018] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3928'. [ 811.929085][T20018] bond1 (unregistering): Released all slaves [ 812.579763][T20024] tmpfs: Bad value for 'mpol' [ 812.626076][T20024] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3925'. [ 812.815315][T20030] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3931'. [ 813.144644][T20032] syz1: rxe_newlink: already configured on syz_tun [ 813.399576][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.402395][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.214821][T20058] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 814.217799][T20058] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 814.221253][T20058] vhci_hcd vhci_hcd.0: Device attached [ 814.393294][ T6010] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 814.453013][ T6010] usb 37-1: new full-speed USB device number 4 using vhci_hcd [ 814.510221][T20065] comedi comedi0: Minor 2 could not be opened [ 814.606645][T20060] vhci_hcd: connection reset by peer [ 814.609280][T15410] vhci_hcd vhci_hcd.0: stop threads [ 814.611014][T15410] vhci_hcd vhci_hcd.0: release socket [ 814.619692][T15410] vhci_hcd vhci_hcd.0: disconnect device [ 814.919137][T20067] FAULT_INJECTION: forcing a failure. [ 814.919137][T20067] name failslab, interval 1, probability 0, space 0, times 0 [ 814.924847][T20067] CPU: 1 UID: 0 PID: 20067 Comm: syz.5.3942 Tainted: G L syzkaller #0 PREEMPT(full) [ 814.924878][T20067] Tainted: [L]=SOFTLOCKUP [ 814.924884][T20067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 814.924894][T20067] Call Trace: [ 814.924916][T20067] [ 814.924926][T20067] dump_stack_lvl+0x16c/0x1f0 [ 814.924957][T20067] should_fail_ex+0x512/0x640 [ 814.924978][T20067] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 814.925003][T20067] should_failslab+0xc2/0x120 [ 814.925032][T20067] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 814.925055][T20067] ? alloc_inode+0x64/0x240 [ 814.925079][T20067] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 814.925106][T20067] ? alloc_inode+0x64/0x240 [ 814.925124][T20067] alloc_inode+0x64/0x240 [ 814.925144][T20067] new_inode+0x22/0x1c0 [ 814.925166][T20067] __debugfs_create_file+0x105/0x530 [ 814.925198][T20067] debugfs_create_file_full+0x41/0x60 [ 814.925219][T20067] ? __pfx_ip6_tnl_dev_setup+0x10/0x10 [ 814.925242][T20067] ref_tracker_dir_debugfs+0x19d/0x2f0 [ 814.925264][T20067] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 814.925306][T20067] ? alloc_netdev_mqs+0xd7/0x1550 [ 814.925331][T20067] ? lockdep_init_map_type+0x5c/0x270 [ 814.925353][T20067] alloc_netdev_mqs+0x314/0x1550 [ 814.925383][T20067] ip6_tnl_locate+0x3d1/0x7a0 [ 814.925408][T20067] ? __might_fault+0xe3/0x190 [ 814.925431][T20067] ? __pfx_ip6_tnl_locate+0x10/0x10 [ 814.925463][T20067] ip6_tnl_siocdevprivate+0x339/0x6b0 [ 814.925493][T20067] ? __pfx_ip6_tnl_siocdevprivate+0x10/0x10 [ 814.925518][T20067] ? do_fast_syscall_32+0x32/0x80 [ 814.925544][T20067] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 814.925585][T20067] ? full_name_hash+0xbc/0x110 [ 814.925604][T20067] ? netdev_name_node_lookup+0x127/0x180 [ 814.925629][T20067] dev_ifsioc+0x8ee/0x1ee0 [ 814.925653][T20067] ? __pfx_dev_ifsioc+0x10/0x10 [ 814.925674][T20067] ? __pfx___mutex_lock+0x10/0x10 [ 814.925710][T20067] ? dev_load+0x8e/0x240 [ 814.925736][T20067] dev_ioctl+0x1b2/0x1060 [ 814.925760][T20067] sock_ioctl+0x5b3/0x6b0 [ 814.925779][T20067] ? __pfx_sock_ioctl+0x10/0x10 [ 814.925797][T20067] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 814.925829][T20067] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 814.925853][T20067] compat_sock_ioctl+0x58b/0x730 [ 814.925874][T20067] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 814.925891][T20067] ? hook_file_ioctl_common+0x144/0x410 [ 814.925917][T20067] ? __fget_files+0x20e/0x3c0 [ 814.925940][T20067] ? fput+0x70/0xf0 [ 814.925965][T20067] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 814.925980][T20067] __ia32_compat_sys_ioctl+0x242/0x370 [ 814.926006][T20067] __do_fast_syscall_32+0xe8/0x680 [ 814.926035][T20067] do_fast_syscall_32+0x32/0x80 [ 814.926062][T20067] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 814.926085][T20067] RIP: 0023:0xf70fd579 [ 814.926098][T20067] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 814.926117][T20067] RSP: 002b:00000000f54ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 814.926135][T20067] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f1 [ 814.926146][T20067] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 814.926156][T20067] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 814.926167][T20067] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 814.926178][T20067] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 814.926201][T20067] [ 814.926268][T20067] debugfs: out of free dentries, can not create file 'netdev@ffff888054d34618' [ 815.497027][T20082] FAULT_INJECTION: forcing a failure. [ 815.497027][T20082] name failslab, interval 1, probability 0, space 0, times 0 [ 815.502394][T20082] CPU: 3 UID: 0 PID: 20082 Comm: syz.5.3948 Tainted: G L syzkaller #0 PREEMPT(full) [ 815.502425][T20082] Tainted: [L]=SOFTLOCKUP [ 815.502432][T20082] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 815.502444][T20082] Call Trace: [ 815.502451][T20082] [ 815.502459][T20082] dump_stack_lvl+0x16c/0x1f0 [ 815.502513][T20082] should_fail_ex+0x512/0x640 [ 815.502536][T20082] ? kmem_cache_alloc_noprof+0x62/0x770 [ 815.502561][T20082] should_failslab+0xc2/0x120 [ 815.502590][T20082] kmem_cache_alloc_noprof+0x83/0x770 [ 815.502613][T20082] ? getname_flags.part.0+0x4c/0x550 [ 815.502640][T20082] ? getname_flags.part.0+0x4c/0x550 [ 815.502659][T20082] getname_flags.part.0+0x4c/0x550 [ 815.502697][T20082] getname_flags+0x93/0xf0 [ 815.502723][T20082] user_path_at+0x24/0x60 [ 815.502748][T20082] do_fchownat+0xf9/0x200 [ 815.502782][T20082] ? __pfx_do_fchownat+0x10/0x10 [ 815.502803][T20082] ? __pfx_ksys_write+0x10/0x10 [ 815.502833][T20082] __ia32_sys_fchownat+0xba/0x150 [ 815.502853][T20082] ? lockdep_hardirqs_on+0x7c/0x110 [ 815.502895][T20082] __do_fast_syscall_32+0xe8/0x680 [ 815.502940][T20082] do_fast_syscall_32+0x32/0x80 [ 815.502968][T20082] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 815.503006][T20082] RIP: 0023:0xf70fd579 [ 815.503021][T20082] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 815.503039][T20082] RSP: 002b:00000000f54ed55c EFLAGS: 00000296 ORIG_RAX: 000000000000012a [ 815.503056][T20082] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100 [ 815.503066][T20082] RDX: 000000000000ee01 RSI: 000000000000ee01 RDI: 0000000000001000 [ 815.503076][T20082] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 815.503085][T20082] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 815.503095][T20082] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 815.503120][T20082] [ 816.065469][T20092] 9p: Bad value for 'rfdno' [ 816.320341][T20105] loop6: detected capacity change from 0 to 2560 [ 816.322775][T20105] buffer_io_error: 6 callbacks suppressed [ 816.322783][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.327423][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.330182][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.352838][T20107] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3955'. [ 816.356359][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.359058][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.370214][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.373236][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.374198][T20107] bond6 (unregistering): Released all slaves [ 816.375947][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.380670][T20105] ldm_validate_partition_table(): Disk read failed. [ 816.384434][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.387289][T20105] Buffer I/O error on dev loop6, logical block 0, async page read [ 816.389933][T20105] Dev loop6: unable to read RDB block 0 [ 816.392005][T20105] loop6: unable to read partition table [ 816.394455][T20105] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 816.554511][T20112] FAULT_INJECTION: forcing a failure. [ 816.554511][T20112] name failslab, interval 1, probability 0, space 0, times 0 [ 816.559929][ T5348] ldm_validate_partition_table(): Disk read failed. [ 816.560246][T20112] CPU: 1 UID: 0 PID: 20112 Comm: syz.6.3956 Tainted: G L syzkaller #0 PREEMPT(full) [ 816.560271][T20112] Tainted: [L]=SOFTLOCKUP [ 816.560277][T20112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 816.560288][T20112] Call Trace: [ 816.560294][T20112] [ 816.560301][T20112] dump_stack_lvl+0x16c/0x1f0 [ 816.560329][T20112] should_fail_ex+0x512/0x640 [ 816.560345][T20112] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 816.560370][T20112] should_failslab+0xc2/0x120 [ 816.560395][T20112] kmem_cache_alloc_node_noprof+0x86/0x800 [ 816.560415][T20112] ? __alloc_skb+0x156/0x410 [ 816.560432][T20112] ? __alloc_skb+0x35d/0x410 [ 816.560453][T20112] ? __alloc_skb+0x156/0x410 [ 816.560469][T20112] __alloc_skb+0x156/0x410 [ 816.560515][T20112] ? __alloc_skb+0x35d/0x410 [ 816.560534][T20112] ? __pfx___alloc_skb+0x10/0x10 [ 816.560556][T20112] ? find_held_lock+0x2b/0x80 [ 816.560578][T20112] netlink_ack+0x15d/0xb80 [ 816.560609][T20112] netlink_rcv_skb+0x332/0x420 [ 816.560632][T20112] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 816.560652][T20112] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 816.560672][T20112] ? netlink_deliver_tap+0x1ae/0xd30 [ 816.560690][T20112] netlink_unicast+0x5aa/0x870 [ 816.560707][T20112] ? __pfx_netlink_unicast+0x10/0x10 [ 816.560728][T20112] netlink_sendmsg+0x8c8/0xdd0 [ 816.560746][T20112] ? __pfx_netlink_sendmsg+0x10/0x10 [ 816.560763][T20112] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 816.560793][T20112] sock_write_iter+0x566/0x610 [ 816.560819][T20112] ? __pfx_sock_write_iter+0x10/0x10 [ 816.560848][T20112] ? __lock_acquire+0x436/0x2890 [ 816.560867][T20112] do_iter_readv_writev+0x662/0x9e0 [ 816.560891][T20112] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 816.560913][T20112] ? common_file_perm+0x1b1/0x500 [ 816.560935][T20112] ? bpf_lsm_file_permission+0x9/0x10 [ 816.560954][T20112] ? security_file_permission+0x71/0x210 [ 816.560976][T20112] ? rw_verify_area+0xcf/0x6c0 [ 816.560998][T20112] vfs_writev+0x35f/0xde0 [ 816.561025][T20112] ? __pfx_vfs_writev+0x10/0x10 [ 816.561048][T20112] ? find_held_lock+0x2b/0x80 [ 816.561082][T20112] ? __fget_files+0x20e/0x3c0 [ 816.561103][T20112] ? __fget_files+0x160/0x3c0 [ 816.561121][T20112] ? do_writev+0x28c/0x340 [ 816.561135][T20112] do_writev+0x28c/0x340 [ 816.561150][T20112] ? __pfx_do_writev+0x10/0x10 [ 816.561165][T20112] ? do_user_addr_fault+0x843/0x1370 [ 816.561182][T20112] __do_fast_syscall_32+0xe8/0x680 [ 816.561201][T20112] do_fast_syscall_32+0x32/0x80 [ 816.561236][T20112] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 816.561250][T20112] RIP: 0023:0xf70cd579 [ 816.561259][T20112] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 816.561270][T20112] RSP: 002b:00000000f54bd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000092 [ 816.561281][T20112] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 816.561289][T20112] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 816.561295][T20112] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 816.561302][T20112] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 816.561308][T20112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 816.561322][T20112] [ 816.693859][ T5348] Dev loop6: unable to read RDB block 0 [ 816.697009][ T5348] loop6: unable to read partition table [ 816.748284][ T5348] ldm_validate_partition_table(): Disk read failed. [ 816.751769][ T5348] Dev loop6: unable to read RDB block 0 [ 816.755261][ T5348] loop6: unable to read partition table [ 816.803662][T20117] openvswitch: netlink: IP tunnel TTL not specified. [ 817.103075][T17704] usb 11-1: new high-speed USB device number 7 using dummy_hcd [ 817.233097][T17704] usb 11-1: device descriptor read/64, error -71 [ 817.493032][T17704] usb 11-1: new high-speed USB device number 8 using dummy_hcd [ 817.650897][T17704] usb 11-1: device descriptor read/64, error -71 [ 817.763214][T17704] usb usb11-port1: attempt power cycle [ 818.113019][T17704] usb 11-1: new high-speed USB device number 9 using dummy_hcd [ 818.133718][T17704] usb 11-1: device descriptor read/8, error -71 [ 818.215222][T20131] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4) [ 818.217486][T20131] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 818.223399][T20131] vhci_hcd vhci_hcd.0: Device attached [ 818.373064][T17704] usb 11-1: new high-speed USB device number 10 using dummy_hcd [ 818.393678][T17704] usb 11-1: device descriptor read/8, error -71 [ 818.396845][T20132] vhci_hcd: connection closed [ 818.397154][T18161] vhci_hcd vhci_hcd.5: stop threads [ 818.400624][T18161] vhci_hcd vhci_hcd.5: release socket [ 818.405785][T18161] vhci_hcd vhci_hcd.5: disconnect device [ 818.513264][T17704] usb usb11-port1: unable to enumerate USB device [ 819.543908][ T6010] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 820.449639][T20164] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3972'. [ 820.523240][T20166] rdma_rxe: rxe_newlink: failed to add syz_tun [ 820.945053][T20170] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3975'. [ 820.945455][T20171] FAULT_INJECTION: forcing a failure. [ 820.945455][T20171] name failslab, interval 1, probability 0, space 0, times 0 [ 820.955032][T20171] CPU: 2 UID: 0 PID: 20171 Comm: syz.5.3974 Tainted: G L syzkaller #0 PREEMPT(full) [ 820.955051][T20171] Tainted: [L]=SOFTLOCKUP [ 820.955055][T20171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 820.955062][T20171] Call Trace: [ 820.955066][T20171] [ 820.955070][T20171] dump_stack_lvl+0x16c/0x1f0 [ 820.955092][T20171] should_fail_ex+0x512/0x640 [ 820.955106][T20171] ? __kmalloc_node_noprof+0xcd/0x930 [ 820.955123][T20171] should_failslab+0xc2/0x120 [ 820.955141][T20171] __kmalloc_node_noprof+0xee/0x930 [ 820.955155][T20171] ? __get_vm_area_node+0x1dc/0x330 [ 820.955172][T20171] ? __vmalloc_node_range_noprof+0x405/0x16b0 [ 820.955186][T20171] ? __vmalloc_node_range_noprof+0x405/0x16b0 [ 820.955197][T20171] __vmalloc_node_range_noprof+0x405/0x16b0 [ 820.955212][T20171] ? bpf_prog_alloc_no_stats+0x58/0x600 [ 820.955229][T20171] ? __pfx___might_resched+0x10/0x10 [ 820.955245][T20171] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 820.955257][T20171] ? should_fail_alloc_page+0xee/0x130 [ 820.955275][T20171] ? rcu_is_watching+0x12/0xc0 [ 820.955292][T20171] ? trace_mm_page_alloc+0x11b/0x180 [ 820.955310][T20171] ? bpf_prog_alloc_no_stats+0x58/0x600 [ 820.955324][T20171] __vmalloc_node_noprof+0xad/0xf0 [ 820.955335][T20171] ? bpf_prog_alloc_no_stats+0x58/0x600 [ 820.955350][T20171] __vmalloc_noprof+0xa3/0x120 [ 820.955360][T20171] ? __pfx___vmalloc_noprof+0x10/0x10 [ 820.955373][T20171] ? apparmor_capable+0x1d7/0x4e0 [ 820.955386][T20171] bpf_prog_alloc_no_stats+0x58/0x600 [ 820.955399][T20171] ? security_capable+0x7e/0x260 [ 820.955418][T20171] bpf_prog_alloc+0x3b/0x230 [ 820.955431][T20171] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 820.955449][T20171] bpf_prog_load+0x19bc/0x2cc0 [ 820.955465][T20171] ? _parse_integer_limit+0x17f/0x1d0 [ 820.955490][T20171] ? __pfx_bpf_prog_load+0x10/0x10 [ 820.955506][T20171] ? __lock_acquire+0x436/0x2890 [ 820.955530][T20171] __sys_bpf+0x3e72/0x4980 [ 820.955542][T20171] ? __pfx___sys_bpf+0x10/0x10 [ 820.955552][T20171] ? find_held_lock+0x2b/0x80 [ 820.955570][T20171] ? find_held_lock+0x2b/0x80 [ 820.955587][T20171] ? __mutex_unlock_slowpath+0x161/0x790 [ 820.955611][T20171] ? fput+0x70/0xf0 [ 820.955622][T20171] ? ksys_write+0x1ac/0x250 [ 820.955638][T20171] ? __pfx_ksys_write+0x10/0x10 [ 820.955655][T20171] __ia32_sys_bpf+0x76/0xe0 [ 820.955665][T20171] ? lockdep_hardirqs_on+0x7c/0x110 [ 820.955682][T20171] __do_fast_syscall_32+0xe8/0x680 [ 820.955700][T20171] do_fast_syscall_32+0x32/0x80 [ 820.955718][T20171] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 820.955732][T20171] RIP: 0023:0xf70fd579 [ 820.955742][T20171] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 820.955753][T20171] RSP: 002b:00000000f54ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 820.955764][T20171] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0 [ 820.955771][T20171] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 820.955777][T20171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 820.955784][T20171] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 820.955790][T20171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 820.955803][T20171] [ 820.955809][T20171] syz.5.3974: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 821.110157][T20171] CPU: 3 UID: 0 PID: 20171 Comm: syz.5.3974 Tainted: G L syzkaller #0 PREEMPT(full) [ 821.110190][T20171] Tainted: [L]=SOFTLOCKUP [ 821.110196][T20171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 821.110209][T20171] Call Trace: [ 821.110215][T20171] [ 821.110222][T20171] dump_stack_lvl+0x16c/0x1f0 [ 821.110255][T20171] warn_alloc+0x248/0x3a0 [ 821.110278][T20171] ? __pfx_warn_alloc+0x10/0x10 [ 821.110368][T20171] ? lockdep_hardirqs_on+0x7c/0x110 [ 821.110400][T20171] ? should_fail_ex+0x354/0x640 [ 821.110422][T20171] ? rcu_is_watching+0x12/0xc0 [ 821.110447][T20171] ? trace_kmalloc+0x2b/0xb0 [ 821.110471][T20171] ? __kmalloc_node_noprof+0x372/0x930 [ 821.110492][T20171] ? __get_vm_area_node+0x1dc/0x330 [ 821.110517][T20171] ? __vmalloc_node_range_noprof+0x405/0x16b0 [ 821.110540][T20171] __vmalloc_node_range_noprof+0x1309/0x16b0 [ 821.110573][T20171] ? bpf_prog_alloc_no_stats+0x58/0x600 [ 821.110602][T20171] ? __pfx___might_resched+0x10/0x10 [ 821.110627][T20171] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 821.110645][T20171] ? should_fail_alloc_page+0xee/0x130 [ 821.110679][T20171] ? rcu_is_watching+0x12/0xc0 [ 821.110702][T20171] ? trace_mm_page_alloc+0x11b/0x180 [ 821.110729][T20171] ? bpf_prog_alloc_no_stats+0x58/0x600 [ 821.110750][T20171] __vmalloc_node_noprof+0xad/0xf0 [ 821.110767][T20171] ? bpf_prog_alloc_no_stats+0x58/0x600 [ 821.110790][T20171] __vmalloc_noprof+0xa3/0x120 [ 821.110807][T20171] ? __pfx___vmalloc_noprof+0x10/0x10 [ 821.110827][T20171] ? apparmor_capable+0x1d7/0x4e0 [ 821.110846][T20171] bpf_prog_alloc_no_stats+0x58/0x600 [ 821.110866][T20171] ? security_capable+0x7e/0x260 [ 821.110898][T20171] bpf_prog_alloc+0x3b/0x230 [ 821.110917][T20171] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 821.110944][T20171] bpf_prog_load+0x19bc/0x2cc0 [ 821.110968][T20171] ? _parse_integer_limit+0x17f/0x1d0 [ 821.110998][T20171] ? __pfx_bpf_prog_load+0x10/0x10 [ 821.111021][T20171] ? __lock_acquire+0x436/0x2890 [ 821.111061][T20171] __sys_bpf+0x3e72/0x4980 [ 821.111080][T20171] ? __pfx___sys_bpf+0x10/0x10 [ 821.111096][T20171] ? find_held_lock+0x2b/0x80 [ 821.111122][T20171] ? find_held_lock+0x2b/0x80 [ 821.111148][T20171] ? __mutex_unlock_slowpath+0x161/0x790 [ 821.111186][T20171] ? fput+0x70/0xf0 [ 821.111203][T20171] ? ksys_write+0x1ac/0x250 [ 821.111226][T20171] ? __pfx_ksys_write+0x10/0x10 [ 821.111254][T20171] __ia32_sys_bpf+0x76/0xe0 [ 821.111270][T20171] ? lockdep_hardirqs_on+0x7c/0x110 [ 821.111294][T20171] __do_fast_syscall_32+0xe8/0x680 [ 821.111321][T20171] do_fast_syscall_32+0x32/0x80 [ 821.111347][T20171] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 821.111369][T20171] RIP: 0023:0xf70fd579 [ 821.111385][T20171] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 821.111401][T20171] RSP: 002b:00000000f54ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 821.111418][T20171] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0 [ 821.111429][T20171] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 821.111438][T20171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 821.111449][T20171] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 821.111458][T20171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 821.111479][T20171] [ 821.111486][T20171] Mem-Info: [ 821.265933][T20171] active_anon:4836 inactive_anon:3512 isolated_anon:0 [ 821.265933][T20171] active_file:4835 inactive_file:15956 isolated_file:0 [ 821.265933][T20171] unevictable:3793 dirty:816 writeback:0 [ 821.265933][T20171] slab_reclaimable:6934 slab_unreclaimable:62362 [ 821.265933][T20171] mapped:27232 shmem:4799 pagetables:1369 [ 821.265933][T20171] sec_pagetables:328 bounce:0 [ 821.265933][T20171] kernel_misc_reclaimable:0 [ 821.265933][T20171] free:43093 free_pcp:18435 free_cma:0 [ 821.285519][T20171] Node 0 active_anon:0kB inactive_anon:44kB active_file:132kB inactive_file:152kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:64kB dirty:4kB writeback:0kB shmem:4320kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9248kB pagetables:1480kB sec_pagetables:1164kB all_unreclaimable? yes Balloon:0kB [ 821.301584][T20171] Node 1 active_anon:19444kB inactive_anon:14004kB active_file:19208kB inactive_file:63672kB unevictable:9728kB isolated(anon):1200kB isolated(file):0kB mapped:108864kB dirty:3260kB writeback:0kB shmem:14876kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:5148kB pagetables:3896kB sec_pagetables:148kB all_unreclaimable? no Balloon:0kB [ 821.315930][T20171] Node 0 DMA free:2192kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:60kB local_pcp:32kB free_cma:0kB [ 821.329536][T20171] lowmem_reserve[]: 0 289 289 289 289 [ 821.331937][T20171] Node 0 DMA32 free:24108kB boost:16384kB min:29716kB low:33048kB high:36380kB reserved_highatomic:4096KB free_highatomic:520KB active_anon:0kB inactive_anon:44kB active_file:132kB inactive_file:152kB unevictable:3536kB writepending:4kB zspages:32kB present:1032196kB managed:296816kB mlocked:0kB bounce:0kB free_pcp:12748kB local_pcp:2232kB free_cma:0kB [ 821.347803][T20171] lowmem_reserve[]: 0 0 0 0 0 [ 821.350002][T20171] Node 1 DMA32 free:137320kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19344kB inactive_anon:14004kB active_file:19208kB inactive_file:63672kB unevictable:11528kB writepending:3260kB zspages:3728kB present:1048432kB managed:948212kB mlocked:8256kB bounce:0kB free_pcp:70596kB local_pcp:8376kB free_cma:0kB [ 821.369205][T20171] lowmem_reserve[]: 0 0 0 0 0 [ 821.371486][T20171] Node 0 DMA: 28*4kB (U) 10*8kB (U) 11*16kB (U) 11*32kB (U) 7*64kB (U) 2*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 2192kB [ 821.378081][T20171] Node 0 DMA32: 97*4kB (UMH) 453*8kB (UMEH) 260*16kB (UMEH) 142*32kB (UMEH) 92*64kB (UMEH) 31*128kB (UMEH) 6*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24108kB [ 821.398123][T20171] Node 1 DMA32: 2920*4kB (UME) 3118*8kB (UM) 2593*16kB (UME) 93*32kB (UME) 148*64kB (UME) 86*128kB (UME) 33*256kB (UME) 20*512kB (UME) 4*1024kB (M) 3*2048kB (U) 0*4096kB = 130496kB [ 821.418517][T20171] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 821.428368][T20171] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 821.432740][T20171] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 821.437046][T20171] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 821.453150][T20171] 26711 total pagecache pages [ 821.456571][T20171] 549 pages in swap cache [ 821.460936][T20171] Free swap = 112604kB [ 821.464078][T20171] Total swap = 124996kB [ 821.467284][T20171] 524155 pages RAM [ 821.471435][T20171] 0 pages HighMem/MovableOnly [ 821.476299][T20171] 209058 pages reserved [ 821.479701][T20171] 0 pages cma reserved [ 821.950536][T20190] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3982'. [ 821.953665][T20190] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3982'. [ 822.064974][T20195] x_tables: duplicate underflow at hook 1 [ 823.572236][T20210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3987'. [ 823.633094][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 825.793122][T20233] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3994'. [ 825.837972][T20236] loop2: detected capacity change from 0 to 7 [ 825.842441][T20236] Dev loop2: unable to read RDB block 7 [ 825.845997][T20236] loop2: AHDI p1 p2 p3 [ 825.848032][T20236] loop2: partition table partially beyond EOD, truncated [ 825.855069][T20236] loop2: p1 start 1601398130 is beyond EOD, truncated [ 825.858385][T20236] loop2: p2 start 1702059890 is beyond EOD, truncated [ 825.896320][T20233] bond3 (unregistering): Released all slaves [ 826.567829][T20249] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3996'. [ 826.596642][T20249] wireguard0: entered promiscuous mode [ 826.599211][T20249] wireguard0: entered allmulticast mode [ 828.369348][T20287] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4009'. [ 829.601985][T20310] rdma_rxe: rxe_newlink: failed to add syz_tun [ 829.922528][T20316] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4018'. [ 830.488420][T20328] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7) [ 830.490611][T20328] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 830.503270][T20328] vhci_hcd vhci_hcd.0: Device attached [ 830.783182][ T6010] usb 48-1: SetAddress Request (43) to port 0 [ 830.785280][ T6010] usb 48-1: new SuperSpeed USB device number 43 using vhci_hcd [ 830.917238][ T40] audit: type=1326 audit(830.791:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 830.934291][ T40] audit: type=1326 audit(830.791:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 830.947850][ T40] audit: type=1326 audit(830.791:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 830.982787][T20331] vhci_hcd: connection reset by peer [ 830.991755][T20338] pim6reg: entered allmulticast mode [ 831.019050][ T40] audit: type=1326 audit(830.791:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 831.024444][T15397] vhci_hcd vhci_hcd.5: stop threads [ 831.026644][ T40] audit: type=1326 audit(830.791:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 831.028064][T15397] vhci_hcd vhci_hcd.5: release socket [ 831.035209][ T40] audit: type=1326 audit(830.791:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 831.046949][ T40] audit: type=1326 audit(830.791:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 831.046988][T15397] vhci_hcd vhci_hcd.5: disconnect device [ 831.057493][ T40] audit: type=1326 audit(830.801:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 831.065996][ T40] audit: type=1326 audit(830.831:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=14 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 831.076710][ T40] audit: type=1326 audit(830.831:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20333 comm="syz.2.4022" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000 [ 831.752798][T20345] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 831.754972][T20345] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 831.757659][T20345] vhci_hcd vhci_hcd.0: Device attached [ 831.822200][T20347] vhci_hcd: connection closed [ 831.822387][T15410] vhci_hcd vhci_hcd.0: stop threads [ 831.826502][T15410] vhci_hcd vhci_hcd.0: release socket [ 831.828392][T15410] vhci_hcd vhci_hcd.0: disconnect device [ 831.910760][T20352] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4028'. [ 832.084599][T20358] bond2: entered promiscuous mode [ 832.087250][T20358] 8021q: adding VLAN 0 to HW filter on device bond2 [ 832.889116][T20358] 8021q: adding VLAN 0 to HW filter on device bond3 [ 832.891875][T20358] bond3: entered promiscuous mode [ 832.894576][T20358] bond2: (slave bond3): Enslaving as an active interface with an up link [ 832.934146][T20363] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4031'. [ 833.075681][T20368] input: syz1 as /devices/virtual/input/input21 [ 835.186434][T20395] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4038'. [ 835.346446][T20399] bond3: entered promiscuous mode [ 835.350128][T20399] 8021q: adding VLAN 0 to HW filter on device bond3 [ 835.369224][T20405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4039'. [ 835.375259][T20397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4039'. [ 835.388638][T20404] 8021q: adding VLAN 0 to HW filter on device bond4 [ 835.394584][T20404] bond4: entered promiscuous mode [ 835.397202][T20404] bond3: (slave bond4): Enslaving as an active interface with an up link [ 835.607534][T20416] netlink: 76 bytes leftover after parsing attributes in process `syz.5.4041'. [ 835.641763][T20414] wg2 speed is unknown, defaulting to 1000 [ 835.751343][T20414] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.4044'. [ 835.883244][ T6010] usb 48-1: device descriptor read/8, error -110 [ 836.287231][ T6010] usb usb48-port1: attempt power cycle [ 836.325873][T20431] FAULT_INJECTION: forcing a failure. [ 836.325873][T20431] name failslab, interval 1, probability 0, space 0, times 0 [ 836.331982][T20431] CPU: 2 UID: 0 PID: 20431 Comm: syz.6.4049 Tainted: G L syzkaller #0 PREEMPT(full) [ 836.332012][T20431] Tainted: [L]=SOFTLOCKUP [ 836.332019][T20431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 836.332030][T20431] Call Trace: [ 836.332037][T20431] [ 836.332045][T20431] dump_stack_lvl+0x16c/0x1f0 [ 836.332077][T20431] should_fail_ex+0x512/0x640 [ 836.332098][T20431] ? fs_reclaim_acquire+0xae/0x150 [ 836.332130][T20431] should_failslab+0xc2/0x120 [ 836.332158][T20431] __kmalloc_noprof+0xeb/0x910 [ 836.332179][T20431] ? tomoyo_encode2+0x100/0x3e0 [ 836.332208][T20431] ? tomoyo_encode2+0x100/0x3e0 [ 836.332231][T20431] tomoyo_encode2+0x100/0x3e0 [ 836.332258][T20431] tomoyo_encode+0x29/0x50 [ 836.332281][T20431] tomoyo_realpath_from_path+0x18f/0x6e0 [ 836.332339][T20431] tomoyo_path_number_perm+0x245/0x580 [ 836.332362][T20431] ? tomoyo_path_number_perm+0x237/0x580 [ 836.332383][T20431] ? kernel_text_address+0xb6/0x100 [ 836.332405][T20431] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 836.332426][T20431] ? arch_stack_walk+0xa6/0x100 [ 836.332472][T20431] ? __kasan_slab_free+0x5f/0x80 [ 836.332498][T20431] ? kmem_cache_free+0x2d8/0x770 [ 836.332520][T20431] ? putname+0xf5/0x1a0 [ 836.332535][T20431] ? user_path_at+0x44/0x60 [ 836.332557][T20431] ? do_fchownat+0xf9/0x200 [ 836.332574][T20431] ? __ia32_sys_fchownat+0xba/0x150 [ 836.332597][T20431] ? from_kuid+0x8d/0xd0 [ 836.332630][T20431] ? __pfx_from_kuid+0x10/0x10 [ 836.332676][T20431] tomoyo_path_chown+0x173/0x1b0 [ 836.332704][T20431] ? __pfx_tomoyo_path_chown+0x10/0x10 [ 836.332733][T20431] ? from_vfsuid+0xea/0x140 [ 836.332755][T20431] ? __pfx_from_vfsuid+0x10/0x10 [ 836.332780][T20431] security_path_chown+0x12a/0x2e0 [ 836.332802][T20431] chown_common+0x3d3/0x680 [ 836.332827][T20431] ? __pfx_chown_common+0x10/0x10 [ 836.332856][T20431] ? mnt_get_write_access+0x1e9/0x2f0 [ 836.332883][T20431] do_fchownat+0x1a7/0x200 [ 836.332902][T20431] ? __pfx_do_fchownat+0x10/0x10 [ 836.332938][T20431] ? __pfx_ksys_write+0x10/0x10 [ 836.332962][T20431] ? __do_compat_sys_rt_sigreturn+0x1ba/0x270 [ 836.332987][T20431] __ia32_sys_fchownat+0xba/0x150 [ 836.333006][T20431] ? lockdep_hardirqs_on+0x7c/0x110 [ 836.333033][T20431] __do_fast_syscall_32+0xe8/0x680 [ 836.333064][T20431] do_fast_syscall_32+0x32/0x80 [ 836.333092][T20431] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 836.333115][T20431] RIP: 0023:0xf70cd579 [ 836.333130][T20431] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 836.333147][T20431] RSP: 002b:00000000f54bd55c EFLAGS: 00000296 ORIG_RAX: 000000000000012a [ 836.333165][T20431] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000100 [ 836.333177][T20431] RDX: 000000000000ee01 RSI: 000000000000ee01 RDI: 0000000000001000 [ 836.333188][T20431] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 836.333198][T20431] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 836.333209][T20431] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 836.333234][T20431] [ 836.479962][T20431] ERROR: Out of memory at tomoyo_realpath_from_path. [ 836.606182][T20436] netlink: 'syz.5.4050': attribute type 8 has an invalid length. [ 836.609666][T20436] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4050'. [ 836.634597][T20436] bond0: entered promiscuous mode [ 836.637404][T20436] bond0: left promiscuous mode [ 836.950136][T20440] bond5: entered promiscuous mode [ 836.952834][T20440] 8021q: adding VLAN 0 to HW filter on device bond5 [ 836.964702][ T6010] usb usb48-port1: unable to enumerate USB device [ 836.999576][T20443] 8021q: adding VLAN 0 to HW filter on device bond6 [ 837.012574][T20446] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4052'. [ 837.028730][T20443] bond6: entered promiscuous mode [ 837.035647][T20443] bond5: (slave bond6): Enslaving as an active interface with an up link [ 839.036663][ T24] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 839.126129][T20495] overlayfs: missing 'lowerdir' [ 839.991752][T20506] FAULT_INJECTION: forcing a failure. [ 839.991752][T20506] name failslab, interval 1, probability 0, space 0, times 0 [ 840.055665][T20506] CPU: 1 UID: 0 PID: 20506 Comm: syz.5.4072 Tainted: G L syzkaller #0 PREEMPT(full) [ 840.055686][T20506] Tainted: [L]=SOFTLOCKUP [ 840.055690][T20506] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 840.055697][T20506] Call Trace: [ 840.055702][T20506] [ 840.055706][T20506] dump_stack_lvl+0x16c/0x1f0 [ 840.055727][T20506] should_fail_ex+0x512/0x640 [ 840.055741][T20506] ? fs_reclaim_acquire+0xae/0x150 [ 840.055760][T20506] should_failslab+0xc2/0x120 [ 840.055777][T20506] __kmalloc_noprof+0xeb/0x910 [ 840.055790][T20506] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 840.055810][T20506] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 840.055825][T20506] tomoyo_realpath_from_path+0xc2/0x6e0 [ 840.055841][T20506] ? tomoyo_profile+0x47/0x60 [ 840.055859][T20506] tomoyo_path_number_perm+0x245/0x580 [ 840.055872][T20506] ? tomoyo_path_number_perm+0x237/0x580 [ 840.055886][T20506] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 840.055913][T20506] ? find_held_lock+0x2b/0x80 [ 840.055928][T20506] ? hook_file_ioctl_common+0x144/0x410 [ 840.055955][T20506] ? __fget_files+0x20e/0x3c0 [ 840.055973][T20506] ? fput+0x70/0xf0 [ 840.055986][T20506] security_file_ioctl_compat+0x9b/0x240 [ 840.056001][T20506] __ia32_compat_sys_ioctl+0xc3/0x370 [ 840.056017][T20506] __do_fast_syscall_32+0xe8/0x680 [ 840.056037][T20506] do_fast_syscall_32+0x32/0x80 [ 840.056054][T20506] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 840.056068][T20506] RIP: 0023:0xf70fd579 [ 840.056077][T20506] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 840.056088][T20506] RSP: 002b:00000000f54ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 840.056099][T20506] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000083c0550b [ 840.056106][T20506] RDX: 0000000080000400 RSI: 0000000000000000 RDI: 0000000000000000 [ 840.056113][T20506] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 840.056119][T20506] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 840.056126][T20506] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 840.056140][T20506] [ 840.056175][T20506] ERROR: Out of memory at tomoyo_realpath_from_path. [ 840.801881][T20518] netlink: 'syz.6.4076': attribute type 1 has an invalid length. [ 840.826696][T20518] 8021q: adding VLAN 0 to HW filter on device bond7 [ 840.924774][T20528] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4079'. [ 840.934233][T20528] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4079'. [ 841.226232][T20540] syz1: rxe_newlink: already configured on syz_tun [ 842.215890][T20544] FAULT_INJECTION: forcing a failure. [ 842.215890][T20544] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 842.220597][T20544] CPU: 2 UID: 0 PID: 20544 Comm: syz.0.4084 Tainted: G L syzkaller #0 PREEMPT(full) [ 842.220617][T20544] Tainted: [L]=SOFTLOCKUP [ 842.220622][T20544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 842.220629][T20544] Call Trace: [ 842.220634][T20544] [ 842.220639][T20544] dump_stack_lvl+0x16c/0x1f0 [ 842.220661][T20544] should_fail_ex+0x512/0x640 [ 842.220677][T20544] __fpu_restore_sig+0xfe/0x1370 [ 842.220697][T20544] ? __lock_acquire+0x436/0x2890 [ 842.220711][T20544] ? __pfx___fpu_restore_sig+0x10/0x10 [ 842.220738][T20544] ? __might_fault+0xe3/0x190 [ 842.220752][T20544] ? __might_fault+0x13b/0x190 [ 842.220767][T20544] fpu__restore_sig+0x151/0x190 [ 842.220786][T20544] ia32_restore_sigcontext+0x44a/0x630 [ 842.220800][T20544] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 842.220816][T20544] ? rcu_is_watching+0x12/0xc0 [ 842.220832][T20544] ? _raw_spin_unlock_irq+0x23/0x50 [ 842.220848][T20544] ? lockdep_hardirqs_on+0x7c/0x110 [ 842.220868][T20544] __do_compat_sys_rt_sigreturn+0x18c/0x270 [ 842.220881][T20544] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 842.220896][T20544] ? rcu_is_watching+0x12/0xc0 [ 842.220913][T20544] do_int80_emulation+0x104/0x480 [ 842.220934][T20544] asm_int80_emulation+0x1a/0x20 [ 842.220945][T20544] RIP: 0023:0xf7f15579 [ 842.220955][T20544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 842.220967][T20544] RSP: 002b:00000000f5406590 EFLAGS: 00000293 [ 842.220977][T20544] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00000000f5406610 [ 842.220984][T20544] RDX: 0000000000000001 RSI: 00000000f73a6ff4 RDI: 0000000000000000 [ 842.220991][T20544] RBP: 00000000f73d4f80 R08: 0000000000000000 R09: 0000000000000000 [ 842.220998][T20544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 842.221005][T20544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 842.221019][T20544] [ 842.647632][T20567] FAULT_INJECTION: forcing a failure. [ 842.647632][T20567] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 842.654005][T20567] CPU: 2 UID: 0 PID: 20567 Comm: syz.5.4091 Tainted: G L syzkaller #0 PREEMPT(full) [ 842.654033][T20567] Tainted: [L]=SOFTLOCKUP [ 842.654039][T20567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 842.654050][T20567] Call Trace: [ 842.654056][T20567] [ 842.654062][T20567] dump_stack_lvl+0x16c/0x1f0 [ 842.654094][T20567] should_fail_ex+0x512/0x640 [ 842.654114][T20567] _copy_from_user+0x2e/0xd0 [ 842.654152][T20567] bpf_prog_load+0x1e89/0x2cc0 [ 842.654178][T20567] ? _parse_integer_limit+0x17f/0x1d0 [ 842.654205][T20567] ? __pfx_bpf_prog_load+0x10/0x10 [ 842.654230][T20567] ? __lock_acquire+0x436/0x2890 [ 842.654267][T20567] __sys_bpf+0x3e72/0x4980 [ 842.654289][T20567] ? __pfx___sys_bpf+0x10/0x10 [ 842.654304][T20567] ? find_held_lock+0x2b/0x80 [ 842.654329][T20567] ? find_held_lock+0x2b/0x80 [ 842.654356][T20567] ? __mutex_unlock_slowpath+0x161/0x790 [ 842.654395][T20567] ? fput+0x70/0xf0 [ 842.654412][T20567] ? ksys_write+0x1ac/0x250 [ 842.654435][T20567] ? __pfx_ksys_write+0x10/0x10 [ 842.654466][T20567] __ia32_sys_bpf+0x76/0xe0 [ 842.654484][T20567] ? lockdep_hardirqs_on+0x7c/0x110 [ 842.654517][T20567] __do_fast_syscall_32+0xe8/0x680 [ 842.654547][T20567] do_fast_syscall_32+0x32/0x80 [ 842.654572][T20567] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 842.654596][T20567] RIP: 0023:0xf70fd579 [ 842.654613][T20567] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 842.654633][T20567] RSP: 002b:00000000f54ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 842.654653][T20567] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0 [ 842.654666][T20567] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 842.654677][T20567] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 842.654686][T20567] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 842.654697][T20567] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 842.654716][T20567] [ 842.833915][T20563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 842.840593][T20563] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 842.906905][T20563] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 842.913092][ T5938] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 842.913277][ T5950] Bluetooth: hci2: command 0x1003 tx timeout [ 842.928414][T20563] vxlan0: left promiscuous mode [ 842.957237][T20563] bond1: left promiscuous mode [ 842.960317][T20563] bond2: left promiscuous mode [ 842.968427][T15254] syz1: Port: 1 Link DOWN [ 842.968834][ T12] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 256 - 0 [ 842.977311][ T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 843.043040][ T12] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 256 - 0 [ 843.046820][ T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 843.050707][ T12] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 256 - 0 [ 843.054777][ T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 843.058409][ T12] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 256 - 0 [ 843.062215][ T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 843.123576][T20569] can0: slcan on pty24. [ 843.293302][T20568] can0 (unregistered): slcan off pty24. [ 843.945125][T20587] netlink: 'syz.6.4098': attribute type 1 has an invalid length. [ 843.969034][T20587] bond8: entered promiscuous mode [ 843.972805][T20587] 8021q: adding VLAN 0 to HW filter on device bond8 [ 844.251155][T20587] 8021q: adding VLAN 0 to HW filter on device bond9 [ 844.256958][T20587] bond9: entered promiscuous mode [ 844.263149][T20587] bond8: (slave bond9): Enslaving as an active interface with an up link [ 846.314274][T20621] netlink: 76 bytes leftover after parsing attributes in process `syz.6.4105'. [ 846.637310][T20620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4106'. [ 847.058229][T20629] netlink: 'syz.2.4108': attribute type 1 has an invalid length. [ 847.147083][T20629] bond4: entered promiscuous mode [ 847.155088][T20629] 8021q: adding VLAN 0 to HW filter on device bond4 [ 847.177568][T20631] 8021q: adding VLAN 0 to HW filter on device bond5 [ 847.183250][T20631] bond5: entered promiscuous mode [ 847.185857][T20631] bond4: (slave bond5): Enslaving as an active interface with an up link [ 849.106136][T20679] x_tables: duplicate underflow at hook 1 [ 849.108546][T20679] hub 8-0:1.0: USB hub found [ 849.110263][T20679] hub 8-0:1.0: 1 port detected [ 850.103928][T20696] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 851.525625][T20711] netlink: 'syz.2.4128': attribute type 1 has an invalid length. [ 851.547238][T20711] bond6: entered promiscuous mode [ 851.550359][T20711] 8021q: adding VLAN 0 to HW filter on device bond6 [ 851.575628][T20711] 8021q: adding VLAN 0 to HW filter on device bond7 [ 851.578463][T20711] bond7: entered promiscuous mode [ 851.580647][T20711] bond6: (slave bond7): Enslaving as an active interface with an up link [ 851.684494][T20716] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4130'. [ 852.557990][T20746] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 852.643229][T20743] FAULT_INJECTION: forcing a failure. [ 852.643229][T20743] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 852.647445][T20743] CPU: 3 UID: 0 PID: 20743 Comm: syz.5.4137 Tainted: G L syzkaller #0 PREEMPT(full) [ 852.647464][T20743] Tainted: [L]=SOFTLOCKUP [ 852.647468][T20743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 852.647475][T20743] Call Trace: [ 852.647479][T20743] [ 852.647484][T20743] dump_stack_lvl+0x16c/0x1f0 [ 852.647504][T20743] should_fail_ex+0x512/0x640 [ 852.647519][T20743] copy_fpstate_to_sigframe+0x827/0xad0 [ 852.647540][T20743] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 852.647557][T20743] ? posixtimer_deliver_signal+0x105/0x6b0 [ 852.647575][T20743] ? posixtimer_deliver_signal+0x1c7/0x6b0 [ 852.647588][T20743] ? x86_task_fpu+0x5f/0x90 [ 852.647603][T20743] get_sigframe+0x4a8/0x9c0 [ 852.647620][T20743] ? __pfx_get_sigframe+0x10/0x10 [ 852.647636][T20743] ? _raw_spin_unlock_irq+0x23/0x50 [ 852.647651][T20743] ? siginfo_layout+0x177/0x290 [ 852.647668][T20743] ia32_setup_rt_frame+0xe4/0xb30 [ 852.647681][T20743] ? find_held_lock+0x2b/0x80 [ 852.647696][T20743] ? __pfx_ia32_setup_rt_frame+0x10/0x10 [ 852.647712][T20743] arch_do_signal_or_restart+0x475/0x7a0 [ 852.647728][T20743] ? kvm_sched_clock_read+0x11/0x20 [ 852.647743][T20743] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 852.647758][T20743] ? sched_clock_cpu+0x6c/0x530 [ 852.647779][T20743] ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10 [ 852.647794][T20743] irqentry_exit+0x38a/0x8c0 [ 852.647812][T20743] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 852.647825][T20743] RIP: 0023:0xf70fd579 [ 852.647833][T20743] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 852.647844][T20743] RSP: 002b:00000000f54ed590 EFLAGS: 00000293 [ 852.647854][T20743] RAX: 0000000000000001 RBX: 0000000000000004 RCX: 00000000f70fd579 [ 852.647861][T20743] RDX: 0000000000000001 RSI: 00000000f7496ff4 RDI: 0000000000000000 [ 852.647867][T20743] RBP: 00000000f74c4f80 R08: 0000000000000000 R09: 0000000000000000 [ 852.647874][T20743] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 852.647880][T20743] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 852.647894][T20743] [ 853.661973][T20764] 9p: Bad value for 'rfdno' [ 853.929200][T20770] netlink: 'syz.6.4147': attribute type 1 has an invalid length. [ 853.953477][T20770] bond10: entered promiscuous mode [ 853.956133][T20770] 8021q: adding VLAN 0 to HW filter on device bond10 [ 853.981691][T20770] 8021q: adding VLAN 0 to HW filter on device bond11 [ 853.986244][T20770] bond11: entered promiscuous mode [ 853.988541][T20770] bond10: (slave bond11): Enslaving as an active interface with an up link [ 854.602706][T20787] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 855.053324][T20803] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4157'. [ 855.207706][T20803] bond12 (unregistering): Released all slaves [ 856.066612][T20825] syzkaller0: entered promiscuous mode [ 856.069043][T20825] syzkaller0: entered allmulticast mode [ 856.159485][T20832] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 856.568863][T20842] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4167'. [ 857.425940][T20864] wg2 speed is unknown, defaulting to 1000 [ 857.429592][T20868] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 858.040629][T20883] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4181'. [ 858.197109][T20883] bond6 (unregistering): Released all slaves [ 858.907372][T20902] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4183'. [ 858.999426][T20907] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4187'. [ 859.142102][T20902] wireguard0: entered promiscuous mode [ 859.144989][T20902] wireguard0: entered allmulticast mode [ 861.809070][T20963] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 864.775921][T20999] loop2: detected capacity change from 0 to 7 [ 864.784560][T20999] Dev loop2: unable to read RDB block 7 [ 864.786460][T20999] loop2: AHDI p1 p2 p3 [ 864.787832][T20999] loop2: partition table partially beyond EOD, truncated [ 864.790180][T20999] loop2: p1 start 1601398130 is beyond EOD, truncated [ 864.792398][T20999] loop2: p2 start 1702059890 is beyond EOD, truncated [ 865.162761][T21004] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 867.686811][T21041] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 870.909495][T21106] bond12 (unregistering): Released all slaves [ 871.513518][T21115] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 872.529066][T21135] netlink: 72 bytes leftover after parsing attributes in process `syz.5.4256'. [ 872.577651][T21139] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 873.327844][T21170] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 873.805766][T21177] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4267'. [ 873.863061][T21177] wireguard0: entered promiscuous mode [ 873.865288][T21177] wireguard0: entered allmulticast mode [ 874.212378][T21182] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4271'. [ 874.601651][T21200] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 874.843110][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 874.847155][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 876.232387][T21230] x_tables: duplicate underflow at hook 1 [ 877.168717][T21249] Bluetooth: MGMT ver 1.23 [ 877.181406][T21248] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4293'. [ 877.261162][T21253] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4294'. [ 877.404708][T21254] bond8 (unregistering): Released all slaves [ 878.108055][T21270] FAULT_INJECTION: forcing a failure. [ 878.108055][T21270] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 878.112338][T21270] CPU: 2 UID: 0 PID: 21270 Comm: syz.5.4300 Tainted: G L syzkaller #0 PREEMPT(full) [ 878.112357][T21270] Tainted: [L]=SOFTLOCKUP [ 878.112361][T21270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 878.112369][T21270] Call Trace: [ 878.112373][T21270] [ 878.112378][T21270] dump_stack_lvl+0x16c/0x1f0 [ 878.112412][T21270] should_fail_ex+0x512/0x640 [ 878.112428][T21270] _copy_to_user+0x32/0xd0 [ 878.112442][T21270] simple_read_from_buffer+0xcb/0x170 [ 878.112460][T21270] proc_fail_nth_read+0x197/0x240 [ 878.112479][T21270] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 878.112498][T21270] ? rw_verify_area+0xcf/0x6c0 [ 878.112513][T21270] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 878.112531][T21270] vfs_read+0x1e4/0xcf0 [ 878.112548][T21270] ? __pfx___mutex_lock+0x10/0x10 [ 878.112567][T21270] ? __pfx_vfs_read+0x10/0x10 [ 878.112581][T21270] ? find_held_lock+0x2b/0x80 [ 878.112599][T21270] ? __fget_files+0x20e/0x3c0 [ 878.112619][T21270] ksys_read+0x12a/0x250 [ 878.112635][T21270] ? __pfx_ksys_read+0x10/0x10 [ 878.112655][T21270] __do_fast_syscall_32+0xe8/0x680 [ 878.112674][T21270] do_fast_syscall_32+0x32/0x80 [ 878.112692][T21270] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 878.112706][T21270] RIP: 0023:0xf70fd579 [ 878.112715][T21270] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 878.112727][T21270] RSP: 002b:00000000f54ed590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 878.112738][T21270] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54ed620 [ 878.112745][T21270] RDX: 000000000000000f RSI: 00000000f7496ff4 RDI: 0000000000000000 [ 878.112751][T21270] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 878.112758][T21270] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 878.112764][T21270] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 878.112779][T21270] [ 883.153056][T14689] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 883.324723][T14689] usb 11-1: config index 0 descriptor too short (expected 39, got 27) [ 883.328518][T14689] usb 11-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 883.332015][T14689] usb 11-1: config 0 interface 0 has no altsetting 0 [ 883.343263][T14689] usb 11-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 883.347472][T14689] usb 11-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 883.354801][T14689] usb 11-1: Product: syz [ 883.356519][T14689] usb 11-1: Manufacturer: syz [ 883.358495][T14689] usb 11-1: SerialNumber: syz [ 883.376383][T14689] usb 11-1: config 0 descriptor?? [ 883.392746][T14689] hub 11-1:0.0: bad descriptor, ignoring hub [ 883.397322][T14689] hub 11-1:0.0: probe with driver hub failed with error -5 [ 883.427400][T14689] usb 11-1: selecting invalid altsetting 0 [ 884.026684][ T6052] usb 11-1: USB disconnect, device number 11 [ 884.423250][T14689] usb 11-1: new full-speed USB device number 12 using dummy_hcd [ 884.824316][T14689] usb 11-1: device descriptor read/64, error -71 [ 885.063075][T14689] usb 11-1: new full-speed USB device number 13 using dummy_hcd [ 885.194579][T14689] usb 11-1: device descriptor read/64, error -71 [ 885.333372][T14689] usb usb11-port1: attempt power cycle [ 885.853092][T14689] usb 11-1: new full-speed USB device number 14 using dummy_hcd [ 886.063027][T14689] usb 11-1: device not accepting address 14, error -71 [ 887.704389][T21414] FAULT_INJECTION: forcing a failure. [ 887.704389][T21414] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 887.708994][T21414] CPU: 2 UID: 0 PID: 21414 Comm: syz.0.4342 Tainted: G L syzkaller #0 PREEMPT(full) [ 887.709013][T21414] Tainted: [L]=SOFTLOCKUP [ 887.709017][T21414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 887.709024][T21414] Call Trace: [ 887.709029][T21414] [ 887.709034][T21414] dump_stack_lvl+0x16c/0x1f0 [ 887.709055][T21414] should_fail_ex+0x512/0x640 [ 887.709071][T21414] should_fail_alloc_page+0xe7/0x130 [ 887.709093][T21414] prepare_alloc_pages+0x401/0x670 [ 887.709112][T21414] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 887.709127][T21414] ? should_fail_alloc_page+0xee/0x130 [ 887.709145][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.709161][T21414] ? trace_mm_page_alloc+0x11b/0x180 [ 887.709177][T21414] ? __alloc_frozen_pages_noprof+0x292/0x2430 [ 887.709193][T21414] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 887.709207][T21414] ? find_held_lock+0x2b/0x80 [ 887.709222][T21414] ? is_bpf_text_address+0x8a/0x1a0 [ 887.709238][T21414] ? bpf_ksym_find+0x124/0x1c0 [ 887.709251][T21414] ? kernel_text_address+0x8d/0x100 [ 887.709265][T21414] ? __kernel_text_address+0xd/0x40 [ 887.709277][T21414] ? unwind_get_return_address+0x59/0xa0 [ 887.709296][T21414] alloc_pages_bulk_noprof+0x77a/0x1410 [ 887.709310][T21414] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 887.709328][T21414] ? policy_nodemask+0xea/0x4e0 [ 887.709347][T21414] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 887.709361][T21414] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 887.709384][T21414] __kasan_populate_vmalloc+0xfb/0x220 [ 887.709402][T21414] alloc_vmap_area+0x98d/0x2a50 [ 887.709424][T21414] ? __pfx_alloc_vmap_area+0x10/0x10 [ 887.709443][T21414] __get_vm_area_node+0x1ca/0x330 [ 887.709463][T21414] __vmalloc_node_range_noprof+0x247/0x16b0 [ 887.709474][T21414] ? bpf_check+0x1b8/0xc820 [ 887.709490][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.709507][T21414] ? bpf_check+0x1b8/0xc820 [ 887.709521][T21414] ? rcu_read_unlock+0x17/0x60 [ 887.709533][T21414] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 887.709544][T21414] ? ___kmalloc_large_node+0x97/0x150 [ 887.709555][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.709571][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.709586][T21414] ? trace_kmalloc+0x2b/0xb0 [ 887.709602][T21414] ? __kvmalloc_node_noprof.cold+0x61/0x8e [ 887.709620][T21414] ? bpf_check+0x1b8/0xc820 [ 887.709634][T21414] __vmalloc_node_noprof+0xad/0xf0 [ 887.709644][T21414] ? bpf_check+0x1b8/0xc820 [ 887.709660][T21414] bpf_check+0x1b8/0xc820 [ 887.709680][T21414] ? pcpu_memcg_post_alloc_hook+0x2d7/0x690 [ 887.709696][T21414] ? __pfx_bpf_check+0x10/0x10 [ 887.709715][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.709729][T21414] ? ktime_get_with_offset+0x26e/0x3b0 [ 887.709741][T21414] ? __asan_memset+0x23/0x50 [ 887.709753][T21414] ? lsm_blob_alloc+0x2b/0x90 [ 887.709852][T21414] ? bpf_lsm_bpf_prog_load+0x9/0x10 [ 887.709870][T21414] bpf_prog_load+0x114e/0x2cc0 [ 887.709886][T21414] ? _parse_integer_limit+0x17f/0x1d0 [ 887.709905][T21414] ? __pfx_bpf_prog_load+0x10/0x10 [ 887.709921][T21414] ? __lock_acquire+0x436/0x2890 [ 887.709945][T21414] __sys_bpf+0x3e72/0x4980 [ 887.709957][T21414] ? __pfx___sys_bpf+0x10/0x10 [ 887.709967][T21414] ? find_held_lock+0x2b/0x80 [ 887.709984][T21414] ? find_held_lock+0x2b/0x80 [ 887.710001][T21414] ? __mutex_unlock_slowpath+0x161/0x790 [ 887.710026][T21414] ? fput+0x70/0xf0 [ 887.710037][T21414] ? ksys_write+0x1ac/0x250 [ 887.710052][T21414] ? __pfx_ksys_write+0x10/0x10 [ 887.710072][T21414] __ia32_sys_bpf+0x76/0xe0 [ 887.710082][T21414] ? lockdep_hardirqs_on+0x7c/0x110 [ 887.710099][T21414] __do_fast_syscall_32+0xe8/0x680 [ 887.710117][T21414] do_fast_syscall_32+0x32/0x80 [ 887.710135][T21414] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 887.710152][T21414] RIP: 0023:0xf7f15579 [ 887.710162][T21414] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 887.710173][T21414] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 887.710184][T21414] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0 [ 887.710191][T21414] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 887.710197][T21414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 887.710203][T21414] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 887.710210][T21414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 887.710223][T21414] [ 887.710255][T21414] syz.0.4342: vmalloc error: size 1536, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 887.876027][T21414] CPU: 2 UID: 0 PID: 21414 Comm: syz.0.4342 Tainted: G L syzkaller #0 PREEMPT(full) [ 887.876046][T21414] Tainted: [L]=SOFTLOCKUP [ 887.876050][T21414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 887.876057][T21414] Call Trace: [ 887.876061][T21414] [ 887.876066][T21414] dump_stack_lvl+0x16c/0x1f0 [ 887.876087][T21414] warn_alloc+0x248/0x3a0 [ 887.876102][T21414] ? __pfx_warn_alloc+0x10/0x10 [ 887.876115][T21414] ? kfree+0x2f8/0x6e0 [ 887.876127][T21414] ? __get_vm_area_node+0x2cd/0x330 [ 887.876146][T21414] ? __get_vm_area_node+0x2cd/0x330 [ 887.876167][T21414] ? __get_vm_area_node+0x1dc/0x330 [ 887.876183][T21414] ? __get_vm_area_node+0x208/0x330 [ 887.876203][T21414] __vmalloc_node_range_noprof+0xbe0/0x16b0 [ 887.876216][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.876234][T21414] ? bpf_check+0x1b8/0xc820 [ 887.876250][T21414] ? rcu_read_unlock+0x17/0x60 [ 887.876262][T21414] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 887.876273][T21414] ? ___kmalloc_large_node+0x97/0x150 [ 887.876284][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.876300][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.876314][T21414] ? trace_kmalloc+0x2b/0xb0 [ 887.876330][T21414] ? __kvmalloc_node_noprof.cold+0x61/0x8e [ 887.876348][T21414] ? bpf_check+0x1b8/0xc820 [ 887.876362][T21414] __vmalloc_node_noprof+0xad/0xf0 [ 887.876372][T21414] ? bpf_check+0x1b8/0xc820 [ 887.876388][T21414] bpf_check+0x1b8/0xc820 [ 887.876407][T21414] ? pcpu_memcg_post_alloc_hook+0x2d7/0x690 [ 887.876501][T21414] ? __pfx_bpf_check+0x10/0x10 [ 887.876520][T21414] ? rcu_is_watching+0x12/0xc0 [ 887.876535][T21414] ? ktime_get_with_offset+0x26e/0x3b0 [ 887.876547][T21414] ? __asan_memset+0x23/0x50 [ 887.876560][T21414] ? lsm_blob_alloc+0x2b/0x90 [ 887.876576][T21414] ? bpf_lsm_bpf_prog_load+0x9/0x10 [ 887.876594][T21414] bpf_prog_load+0x114e/0x2cc0 [ 887.876611][T21414] ? _parse_integer_limit+0x17f/0x1d0 [ 887.876630][T21414] ? __pfx_bpf_prog_load+0x10/0x10 [ 887.876646][T21414] ? __lock_acquire+0x436/0x2890 [ 887.876670][T21414] __sys_bpf+0x3e72/0x4980 [ 887.876682][T21414] ? __pfx___sys_bpf+0x10/0x10 [ 887.876692][T21414] ? find_held_lock+0x2b/0x80 [ 887.876709][T21414] ? find_held_lock+0x2b/0x80 [ 887.876726][T21414] ? __mutex_unlock_slowpath+0x161/0x790 [ 887.876751][T21414] ? fput+0x70/0xf0 [ 887.876763][T21414] ? ksys_write+0x1ac/0x250 [ 887.876778][T21414] ? __pfx_ksys_write+0x10/0x10 [ 887.876796][T21414] __ia32_sys_bpf+0x76/0xe0 [ 887.876806][T21414] ? lockdep_hardirqs_on+0x7c/0x110 [ 887.876823][T21414] __do_fast_syscall_32+0xe8/0x680 [ 887.876842][T21414] do_fast_syscall_32+0x32/0x80 [ 887.876859][T21414] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 887.876873][T21414] RIP: 0023:0xf7f15579 [ 887.876883][T21414] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 887.876894][T21414] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 887.876905][T21414] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0 [ 887.876912][T21414] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 887.876919][T21414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 887.876925][T21414] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 887.876931][T21414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 887.876944][T21414] [ 887.876949][T21414] Mem-Info: [ 887.998850][T21414] active_anon:7374 inactive_anon:2432 isolated_anon:0 [ 887.998850][T21414] active_file:4841 inactive_file:15928 isolated_file:0 [ 887.998850][T21414] unevictable:1812 dirty:325 writeback:0 [ 887.998850][T21414] slab_reclaimable:6718 slab_unreclaimable:62824 [ 887.998850][T21414] mapped:27337 shmem:7579 pagetables:1369 [ 887.998850][T21414] sec_pagetables:331 bounce:0 [ 887.998850][T21414] kernel_misc_reclaimable:0 [ 887.998850][T21414] free:50669 free_pcp:10505 free_cma:0 [ 888.013964][T21414] Node 0 active_anon:64kB inactive_anon:2412kB active_file:132kB inactive_file:152kB unevictable:3560kB isolated(anon):0kB isolated(file):0kB mapped:2432kB dirty:4kB writeback:0kB shmem:6688kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9248kB pagetables:1492kB sec_pagetables:1164kB all_unreclaimable? yes Balloon:0kB [ 888.024200][T21414] Node 1 active_anon:29932kB inactive_anon:7316kB active_file:19232kB inactive_file:63560kB unevictable:3688kB isolated(anon):0kB isolated(file):0kB mapped:106916kB dirty:1296kB writeback:0kB shmem:23628kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5508kB pagetables:3984kB sec_pagetables:160kB all_unreclaimable? no Balloon:0kB [ 888.044759][T21414] Node 0 DMA free:2264kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 888.057038][T21414] lowmem_reserve[]: 0 289 289 289 289 [ 888.059499][T21414] Node 0 DMA32 free:30808kB boost:22528kB min:35860kB low:39192kB high:42524kB reserved_highatomic:4096KB free_highatomic:508KB active_anon:64kB inactive_anon:2412kB active_file:132kB inactive_file:152kB unevictable:3560kB writepending:4kB zspages:728kB present:1032196kB managed:296816kB mlocked:24kB bounce:0kB free_pcp:2872kB local_pcp:2872kB free_cma:0kB [ 888.074162][T21414] lowmem_reserve[]: 0 0 0 0 0 [ 888.076317][T21414] Node 1 DMA32 free:164072kB boost:61440kB min:108584kB low:120368kB high:132152kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31932kB inactive_anon:7316kB active_file:19232kB inactive_file:63560kB unevictable:3688kB writepending:1296kB zspages:4344kB present:1048432kB managed:948212kB mlocked:152kB bounce:0kB free_pcp:42460kB local_pcp:14584kB free_cma:0kB [ 888.091111][T21414] lowmem_reserve[]: 0 0 0 0 0 [ 888.093408][T21414] Node 0 DMA: 32*4kB (U) 11*8kB (U) 12*16kB (U) 10*32kB (U) 8*64kB (U) 2*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 2264kB [ 888.099697][T21414] Node 0 DMA32: 394*4kB (UH) 460*8kB (UMEH) 281*16kB (UMEH) 348*32kB (UEH) 71*64kB (UMEH) 18*128kB (UME) 12*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 30808kB [ 888.110452][T21414] Node 1 DMA32: 1120*4kB (UM) 3269*8kB (UE) 2580*16kB (UE) 777*32kB (UME) 160*64kB (UE) 92*128kB (UME) 38*256kB (UME) 18*512kB (M) 11*1024kB (M) 2*2048kB (M) 0*4096kB = 153096kB [ 888.117058][T21414] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 888.120280][T21414] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 888.123576][T21414] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 888.126764][T21414] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 888.129902][T21414] 29994 total pagecache pages [ 888.131536][T21414] 548 pages in swap cache [ 888.133354][T21414] Free swap = 106544kB [ 888.134817][T21414] Total swap = 124996kB [ 888.136280][T21414] 524155 pages RAM [ 888.137622][T21414] 0 pages HighMem/MovableOnly [ 888.139240][T21414] 209058 pages reserved [ 888.140685][T21414] 0 pages cma reserved [ 888.673938][T21431] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4343'. [ 888.759784][T21433] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4346'. [ 888.779310][T21431] wireguard0: entered promiscuous mode [ 888.797410][T21431] wireguard0: entered allmulticast mode [ 889.206964][T21441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4350'. [ 889.219786][T21441] bond8 (unregistering): Released all slaves [ 889.237345][T21442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4349'. [ 889.241084][T21442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4349'. [ 892.360330][T21494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4366'. [ 892.397222][T21494] bond6 (unregistering): Released all slaves [ 895.462214][T21539] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6) [ 895.465324][T21539] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 895.469102][T21539] vhci_hcd vhci_hcd.0: Device attached [ 895.588825][T21543] x_tables: duplicate underflow at hook 1 [ 895.606246][T21543] hub 8-0:1.0: USB hub found [ 895.608385][T21543] hub 8-0:1.0: 1 port detected [ 895.640846][T21540] vhci_hcd: connection closed [ 895.641031][ T12] vhci_hcd vhci_hcd.6: stop threads [ 895.652969][ T12] vhci_hcd vhci_hcd.6: release socket [ 895.654870][ T12] vhci_hcd vhci_hcd.6: disconnect device [ 898.250755][ T40] kauditd_printk_skb: 26 callbacks suppressed [ 898.250767][ T40] audit: type=1326 audit(898.121:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21585 comm="syz.6.4392" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x0 [ 898.736086][T21591] netlink: 'syz.0.4393': attribute type 1 has an invalid length. [ 898.750295][T21591] bond6: entered promiscuous mode [ 898.752183][T21591] 8021q: adding VLAN 0 to HW filter on device bond6 [ 900.248865][T21622] netlink: 'syz.2.4405': attribute type 1 has an invalid length. [ 900.265929][T21622] bond8: entered promiscuous mode [ 900.268275][T21622] 8021q: adding VLAN 0 to HW filter on device bond8 [ 900.610030][T21630] hub 8-0:1.0: USB hub found [ 900.612176][T21630] hub 8-0:1.0: 1 port detected [ 903.315019][T21653] netlink: 'syz.0.4415': attribute type 1 has an invalid length. [ 903.436869][T21653] bond7: entered promiscuous mode [ 903.439664][T21653] 8021q: adding VLAN 0 to HW filter on device bond7 [ 905.184545][T21686] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 905.676629][T21692] netlink: 'syz.2.4428': attribute type 1 has an invalid length. [ 905.691072][T21692] bond9: entered promiscuous mode [ 905.695007][T21692] 8021q: adding VLAN 0 to HW filter on device bond9 [ 906.861865][T21721] x_tables: duplicate underflow at hook 1 [ 908.356190][T21732] netlink: 'syz.0.4438': attribute type 1 has an invalid length. [ 908.399683][T21732] bond8: entered promiscuous mode [ 908.413064][T21732] 8021q: adding VLAN 0 to HW filter on device bond8 [ 909.699925][T21766] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4448'. [ 909.780525][T21770] netlink: 'syz.0.4450': attribute type 1 has an invalid length. [ 909.806811][T21770] bond9: entered promiscuous mode [ 909.809215][T21770] 8021q: adding VLAN 0 to HW filter on device bond9 [ 910.129728][T21782] input: syz1 as /devices/virtual/input/input22 [ 910.334826][T21784] x_tables: duplicate underflow at hook 1 [ 910.338265][T21784] hub 8-0:1.0: USB hub found [ 910.343090][T21784] hub 8-0:1.0: 1 port detected [ 913.159632][T21830] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4466'. [ 913.182045][T21830] wireguard0: entered promiscuous mode [ 913.184829][T21830] wireguard0: entered allmulticast mode [ 913.440449][T21835] hub 8-0:1.0: USB hub found [ 913.443734][T21835] hub 8-0:1.0: 1 port detected [ 913.880689][T21845] netlink: 'syz.2.4472': attribute type 1 has an invalid length. [ 913.893525][T21845] bond10: entered promiscuous mode [ 913.895561][T21845] 8021q: adding VLAN 0 to HW filter on device bond10 [ 915.744951][T21876] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4481'. [ 915.765660][T21876] wireguard0: entered promiscuous mode [ 915.767713][T21876] wireguard0: entered allmulticast mode [ 919.931409][T21945] netlink: 'syz.0.4500': attribute type 1 has an invalid length. [ 919.943817][T21945] bond10: entered promiscuous mode [ 919.945749][T21945] 8021q: adding VLAN 0 to HW filter on device bond10 [ 920.823642][T21969] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(7) [ 920.825890][T21969] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 920.830599][T21969] vhci_hcd vhci_hcd.0: Device attached [ 921.099580][T15218] usb 49-1: new low-speed USB device number 2 using vhci_hcd [ 921.582757][T21970] vhci_hcd: connection reset by peer [ 921.585619][T18159] vhci_hcd vhci_hcd.6: stop threads [ 921.588012][T18159] vhci_hcd vhci_hcd.6: release socket [ 921.590475][T18159] vhci_hcd vhci_hcd.6: disconnect device [ 922.538037][T21984] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4510'. [ 923.229645][T21999] 9p: Bad value for 'rfdno' [ 926.193149][T15218] vhci_hcd vhci_hcd.6: vhci_device speed not set [ 926.717015][T22019] overlay: ./bus is not a directory [ 930.390814][T22086] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 930.393058][T22086] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 930.416173][T22086] vhci_hcd vhci_hcd.0: Device attached [ 930.587328][T22088] vhci_hcd: connection closed [ 930.587602][T18159] vhci_hcd vhci_hcd.2: stop threads [ 930.590951][T18159] vhci_hcd vhci_hcd.2: release socket [ 930.593418][T18159] vhci_hcd vhci_hcd.2: disconnect device [ 930.603055][ T6010] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 933.163933][T22132] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7) [ 933.166115][T22132] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 933.182749][T22132] vhci_hcd vhci_hcd.0: Device attached [ 933.463593][ T24] usb 47-1: new low-speed USB device number 3 using vhci_hcd [ 933.985775][T22133] vhci_hcd: connection reset by peer [ 933.988519][T15397] vhci_hcd vhci_hcd.5: stop threads [ 933.990489][T15397] vhci_hcd vhci_hcd.5: release socket [ 933.992771][T15397] vhci_hcd vhci_hcd.5: disconnect device [ 934.321926][T22156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4553'. [ 935.665163][T22170] wg2 speed is unknown, defaulting to 1000 [ 936.276466][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.278455][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.757008][T22204] FAULT_INJECTION: forcing a failure. [ 937.757008][T22204] name failslab, interval 1, probability 0, space 0, times 0 [ 937.761295][T22204] CPU: 2 UID: 0 PID: 22204 Comm: syz.2.4566 Tainted: G L syzkaller #0 PREEMPT(full) [ 937.761326][T22204] Tainted: [L]=SOFTLOCKUP [ 937.761331][T22204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 937.761338][T22204] Call Trace: [ 937.761343][T22204] [ 937.761348][T22204] dump_stack_lvl+0x16c/0x1f0 [ 937.761370][T22204] should_fail_ex+0x512/0x640 [ 937.761382][T22204] ? __kvmalloc_node_noprof+0x129/0xa40 [ 937.761400][T22204] should_failslab+0xc2/0x120 [ 937.761418][T22204] __kvmalloc_node_noprof+0x14a/0xa40 [ 937.761434][T22204] ? seq_read_iter+0x830/0x12d0 [ 937.761452][T22204] ? seq_read_iter+0x830/0x12d0 [ 937.761466][T22204] seq_read_iter+0x830/0x12d0 [ 937.761490][T22204] proc_reg_read_iter+0x220/0x310 [ 937.761506][T22204] vfs_read+0x8bf/0xcf0 [ 937.761525][T22204] ? __pfx_vfs_read+0x10/0x10 [ 937.761539][T22204] ? find_held_lock+0x2b/0x80 [ 937.761562][T22204] ksys_read+0x12a/0x250 [ 937.761578][T22204] ? __pfx_ksys_read+0x10/0x10 [ 937.761597][T22204] __do_fast_syscall_32+0xe8/0x680 [ 937.761617][T22204] do_fast_syscall_32+0x32/0x80 [ 937.761635][T22204] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 937.761649][T22204] RIP: 0023:0xf7f75579 [ 937.761658][T22204] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 937.761669][T22204] RSP: 002b:00000000f544555c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 937.761681][T22204] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000200 [ 937.761689][T22204] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000 [ 937.761695][T22204] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 937.761702][T22204] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 937.761708][T22204] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 937.761723][T22204] [ 938.578966][T22210] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 938.589304][ T24] vhci_hcd vhci_hcd.5: vhci_device speed not set [ 939.007645][T22224] binder: BINDER_SET_CONTEXT_MGR already set [ 939.009761][T22224] binder: 22222:22224 ioctl 4018620d 80000040 returned -16 [ 939.686018][T22242] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4577'. [ 943.065133][T22278] overlay: ./bus is not a directory [ 943.144317][T22280] tmpfs: Bad value for 'mpol' [ 945.053610][T22300] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4592'. [ 945.192773][T22300] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4592'. [ 945.249933][T22300] netlink: 96 bytes leftover after parsing attributes in process `syz.6.4592'. [ 946.417234][T22318] x_tables: duplicate underflow at hook 1 [ 946.421210][T22318] hub 8-0:1.0: USB hub found [ 946.423979][T22318] hub 8-0:1.0: 1 port detected [ 949.205271][T22360] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4609'. [ 949.272187][T22360] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4609'. [ 949.286085][T22360] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4609'. [ 954.659894][T22408] overlayfs: overlapping lowerdir path [ 954.842340][T22410] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4619'. [ 954.900790][T22410] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4619'. [ 954.910754][T22410] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4619'. [ 956.316706][T22420] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 956.753062][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 957.218173][T22448] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4630'. [ 957.232445][T22448] wireguard0: entered promiscuous mode [ 957.235513][T22448] wireguard0: entered allmulticast mode [ 958.753000][T19350] usb 11-1: new high-speed USB device number 16 using dummy_hcd [ 958.883153][T19350] usb 11-1: device descriptor read/64, error -71 [ 959.130436][T22471] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4638'. [ 959.145298][T19350] usb 11-1: new high-speed USB device number 17 using dummy_hcd [ 959.373066][T19350] usb 11-1: device descriptor read/64, error -71 [ 959.553009][T19350] usb usb11-port1: attempt power cycle [ 960.003047][T19350] usb 11-1: new high-speed USB device number 18 using dummy_hcd [ 960.023737][T19350] usb 11-1: device descriptor read/8, error -71 [ 960.263097][T19350] usb 11-1: new high-speed USB device number 19 using dummy_hcd [ 960.283965][T19350] usb 11-1: device descriptor read/8, error -71 [ 960.394496][T19350] usb usb11-port1: unable to enumerate USB device [ 964.137092][ T6052] libceph: connect (1)[c::]:6789 error -101 [ 964.139319][ T6052] libceph: mon0 (1)[c::]:6789 connect error [ 964.187449][T22524] ceph: No mds server is up or the cluster is laggy [ 964.217673][T22527] vxfs: WRONG superblock magic 00000000 at 1 [ 964.221056][T22527] vxfs: WRONG superblock magic 00000000 at 8 [ 964.222805][T22527] vxfs: can't find superblock. [ 964.423124][T19350] usb 11-1: new high-speed USB device number 20 using dummy_hcd [ 964.563190][T19350] usb 11-1: device descriptor read/64, error -71 [ 964.823314][T19350] usb 11-1: new high-speed USB device number 21 using dummy_hcd [ 964.921805][T22536] overlayfs: overlapping lowerdir path [ 964.963077][T19350] usb 11-1: device descriptor read/64, error -71 [ 965.073405][T19350] usb usb11-port1: attempt power cycle [ 965.423037][T19350] usb 11-1: new high-speed USB device number 22 using dummy_hcd [ 965.453400][T19350] usb 11-1: device descriptor read/8, error -71 [ 965.713067][T19350] usb 11-1: new high-speed USB device number 23 using dummy_hcd [ 965.733782][T19350] usb 11-1: device descriptor read/8, error -71 [ 965.853331][T19350] usb usb11-port1: unable to enumerate USB device [ 966.514792][T22544] netlink: 'syz.0.4656': attribute type 1 has an invalid length. [ 966.554023][T22544] bond12: entered promiscuous mode [ 966.556120][T22544] 8021q: adding VLAN 0 to HW filter on device bond12 [ 966.559497][T22544] FAULT_INJECTION: forcing a failure. [ 966.559497][T22544] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 966.564918][T22544] CPU: 0 UID: 0 PID: 22544 Comm: syz.0.4656 Tainted: G L syzkaller #0 PREEMPT(full) [ 966.564938][T22544] Tainted: [L]=SOFTLOCKUP [ 966.564943][T22544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 966.564950][T22544] Call Trace: [ 966.564955][T22544] [ 966.564960][T22544] dump_stack_lvl+0x16c/0x1f0 [ 966.564982][T22544] should_fail_ex+0x512/0x640 [ 966.564998][T22544] _copy_from_user+0x2e/0xd0 [ 966.565011][T22544] get_compat_msghdr+0xa7/0x170 [ 966.565026][T22544] ? __pfx_get_compat_msghdr+0x10/0x10 [ 966.565045][T22544] ___sys_sendmsg+0x1ae/0x1d0 [ 966.565061][T22544] ? __pfx____sys_sendmsg+0x10/0x10 [ 966.565081][T22544] ? find_held_lock+0x2b/0x80 [ 966.565105][T22544] __sys_sendmsg+0x16d/0x220 [ 966.565119][T22544] ? __pfx___sys_sendmsg+0x10/0x10 [ 966.565144][T22544] ? do_user_addr_fault+0x843/0x1370 [ 966.565161][T22544] __do_fast_syscall_32+0xe8/0x680 [ 966.565182][T22544] do_fast_syscall_32+0x32/0x80 [ 966.565200][T22544] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 966.565214][T22544] RIP: 0023:0xf7f15579 [ 966.565224][T22544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 966.565235][T22544] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 966.565246][T22544] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280 [ 966.565253][T22544] RDX: 000000000000c0b0 RSI: 0000000000000000 RDI: 0000000000000000 [ 966.565260][T22544] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 966.565266][T22544] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 966.565272][T22544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 966.565286][T22544] [ 966.953733][T22552] Cannot find del_set index 1 as target [ 968.793390][T22582] overlayfs: overlapping lowerdir path [ 969.578820][T22585] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4666'. [ 971.193037][T15218] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 971.353010][T15218] usb 5-1: Using ep0 maxpacket: 16 [ 971.356065][T15218] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 971.358851][T15218] usb 5-1: config 0 has no interface number 0 [ 971.362449][T15218] usb 5-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 971.366220][T15218] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 971.369787][T15218] usb 5-1: Product: syz [ 971.371374][T15218] usb 5-1: Manufacturer: syz [ 971.373071][T15218] usb 5-1: SerialNumber: syz [ 971.376156][T15218] usb 5-1: config 0 descriptor?? [ 971.379033][T15218] hub 5-1:0.132: bad descriptor, ignoring hub [ 971.381110][T15218] hub 5-1:0.132: probe with driver hub failed with error -5 [ 971.390179][T15218] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.132/input/input23 [ 971.399737][T15218] input: failed to attach handler mousedev to device input23, error: -2 [ 971.775839][ T10] usb 5-1: USB disconnect, device number 24 [ 977.098018][T22668] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4687'. [ 977.348363][T22670] FAULT_INJECTION: forcing a failure. [ 977.348363][T22670] name failslab, interval 1, probability 0, space 0, times 0 [ 977.355344][T22670] CPU: 1 UID: 0 PID: 22670 Comm: syz.0.4688 Tainted: G L syzkaller #0 PREEMPT(full) [ 977.355365][T22670] Tainted: [L]=SOFTLOCKUP [ 977.355369][T22670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 977.355375][T22670] Call Trace: [ 977.355380][T22670] [ 977.355385][T22670] dump_stack_lvl+0x16c/0x1f0 [ 977.355407][T22670] should_fail_ex+0x512/0x640 [ 977.355421][T22670] ? __kvmalloc_node_noprof+0x129/0xa40 [ 977.355439][T22670] should_failslab+0xc2/0x120 [ 977.355456][T22670] __kvmalloc_node_noprof+0x14a/0xa40 [ 977.355486][T22670] ? alloc_netdev_mqs+0xf8a/0x1550 [ 977.355507][T22670] ? alloc_netdev_mqs+0xf8a/0x1550 [ 977.355521][T22670] alloc_netdev_mqs+0xf8a/0x1550 [ 977.355539][T22670] ip6_tnl_locate+0x3d1/0x7a0 [ 977.355555][T22670] ? __might_fault+0xe3/0x190 [ 977.355570][T22670] ? __pfx_ip6_tnl_locate+0x10/0x10 [ 977.355590][T22670] ip6_tnl_siocdevprivate+0x339/0x6b0 [ 977.355608][T22670] ? __pfx_ip6_tnl_siocdevprivate+0x10/0x10 [ 977.355624][T22670] ? do_fast_syscall_32+0x32/0x80 [ 977.355641][T22670] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 977.355663][T22670] ? full_name_hash+0xbc/0x110 [ 977.355675][T22670] ? netdev_name_node_lookup+0x127/0x180 [ 977.355690][T22670] dev_ifsioc+0x8ee/0x1ee0 [ 977.355705][T22670] ? __pfx_dev_ifsioc+0x10/0x10 [ 977.355717][T22670] ? __pfx___mutex_lock+0x10/0x10 [ 977.355740][T22670] ? dev_load+0x8e/0x240 [ 977.355756][T22670] dev_ioctl+0x1b2/0x1060 [ 977.355771][T22670] sock_ioctl+0x5b3/0x6b0 [ 977.355782][T22670] ? __pfx_sock_ioctl+0x10/0x10 [ 977.355792][T22670] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 977.355812][T22670] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 977.355828][T22670] compat_sock_ioctl+0x58b/0x730 [ 977.355840][T22670] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 977.355850][T22670] ? hook_file_ioctl_common+0x144/0x410 [ 977.355866][T22670] ? __fget_files+0x20e/0x3c0 [ 977.355881][T22670] ? fput+0x70/0xf0 [ 977.355895][T22670] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 977.355904][T22670] __ia32_compat_sys_ioctl+0x242/0x370 [ 977.355920][T22670] __do_fast_syscall_32+0xe8/0x680 [ 977.355939][T22670] do_fast_syscall_32+0x32/0x80 [ 977.355956][T22670] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 977.355969][T22670] RIP: 0023:0xf7f15579 [ 977.355978][T22670] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 977.355989][T22670] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 977.356000][T22670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f1 [ 977.356007][T22670] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 977.356014][T22670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 977.356020][T22670] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 977.356026][T22670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 977.356046][T22670] [ 977.468544][T22665] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 977.883301][T22675] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4690'. [ 977.886106][T22675] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4690'. [ 979.249428][T22696] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4698'. [ 979.254599][T22696] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4698'. [ 980.524250][ T6052] libceph: connect (1)[c::]:6789 error -101 [ 980.526415][ T6052] libceph: mon0 (1)[c::]:6789 connect error [ 980.556961][T22715] ceph: No mds server is up or the cluster is laggy [ 980.562322][T22721] bridge0: entered allmulticast mode [ 980.566711][T22721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4701'. [ 980.571698][T22721] erspan0: left allmulticast mode [ 980.574353][T22721] erspan0: left promiscuous mode [ 980.576712][T22721] bridge0: port 1(erspan0) entered disabled state [ 980.623633][T22721] bridge0 (unregistering): left allmulticast mode [ 981.335335][T22736] 9p: Bad value for 'wfdno' [ 981.987060][T22752] FAULT_INJECTION: forcing a failure. [ 981.987060][T22752] name failslab, interval 1, probability 0, space 0, times 0 [ 981.992798][T22752] CPU: 1 UID: 0 PID: 22752 Comm: syz.0.4713 Tainted: G L syzkaller #0 PREEMPT(full) [ 981.992828][T22752] Tainted: [L]=SOFTLOCKUP [ 981.992835][T22752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 981.992847][T22752] Call Trace: [ 981.992854][T22752] [ 981.992863][T22752] dump_stack_lvl+0x16c/0x1f0 [ 981.992895][T22752] should_fail_ex+0x512/0x640 [ 981.992934][T22752] ? __kmalloc_node_noprof+0xcd/0x930 [ 981.992963][T22752] should_failslab+0xc2/0x120 [ 981.992991][T22752] __kmalloc_node_noprof+0xee/0x930 [ 981.993014][T22752] ? __get_vm_area_node+0x1dc/0x330 [ 981.993042][T22752] ? __vmalloc_node_range_noprof+0x405/0x16b0 [ 981.993072][T22752] ? __vmalloc_node_range_noprof+0x405/0x16b0 [ 981.993089][T22752] __vmalloc_node_range_noprof+0x405/0x16b0 [ 981.993115][T22752] ? bpf_check+0x1b8/0xc820 [ 981.993139][T22752] ? rcu_read_unlock+0x17/0x60 [ 981.993160][T22752] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 981.993178][T22752] ? ___kmalloc_large_node+0x97/0x150 [ 981.993194][T22752] ? rcu_is_watching+0x12/0xc0 [ 981.993219][T22752] ? rcu_is_watching+0x12/0xc0 [ 981.993243][T22752] ? trace_kmalloc+0x2b/0xb0 [ 981.993267][T22752] ? __kvmalloc_node_noprof.cold+0x61/0x8e [ 981.993295][T22752] ? bpf_check+0x1b8/0xc820 [ 981.993315][T22752] __vmalloc_node_noprof+0xad/0xf0 [ 981.993332][T22752] ? bpf_check+0x1b8/0xc820 [ 981.993358][T22752] bpf_check+0x1b8/0xc820 [ 981.993391][T22752] ? pcpu_memcg_post_alloc_hook+0x2d7/0x690 [ 981.993417][T22752] ? __pfx_bpf_check+0x10/0x10 [ 981.993447][T22752] ? rcu_is_watching+0x12/0xc0 [ 981.993471][T22752] ? ktime_get_with_offset+0x26e/0x3b0 [ 981.993491][T22752] ? __asan_memset+0x23/0x50 [ 981.993511][T22752] ? lsm_blob_alloc+0x2b/0x90 [ 981.993537][T22752] ? bpf_lsm_bpf_prog_load+0x9/0x10 [ 981.993565][T22752] bpf_prog_load+0x114e/0x2cc0 [ 981.993591][T22752] ? _parse_integer_limit+0x17f/0x1d0 [ 981.993622][T22752] ? __pfx_bpf_prog_load+0x10/0x10 [ 981.993647][T22752] ? __lock_acquire+0x436/0x2890 [ 981.993690][T22752] __sys_bpf+0x3e72/0x4980 [ 981.993712][T22752] ? __pfx___sys_bpf+0x10/0x10 [ 981.993728][T22752] ? find_held_lock+0x2b/0x80 [ 981.993756][T22752] ? find_held_lock+0x2b/0x80 [ 981.993784][T22752] ? __mutex_unlock_slowpath+0x161/0x790 [ 981.993826][T22752] ? fput+0x70/0xf0 [ 981.993844][T22752] ? ksys_write+0x1ac/0x250 [ 981.993869][T22752] ? __pfx_ksys_write+0x10/0x10 [ 981.993897][T22752] __ia32_sys_bpf+0x76/0xe0 [ 981.993915][T22752] ? lockdep_hardirqs_on+0x7c/0x110 [ 981.993941][T22752] __do_fast_syscall_32+0xe8/0x680 [ 981.993973][T22752] do_fast_syscall_32+0x32/0x80 [ 981.994002][T22752] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 981.994024][T22752] RIP: 0023:0xf7f15579 [ 981.994038][T22752] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 981.994062][T22752] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 981.994080][T22752] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0 [ 981.994092][T22752] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 981.994103][T22752] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 981.994114][T22752] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 981.994125][T22752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 981.994148][T22752] [ 982.134490][T22752] syz.0.4713: vmalloc error: size 4096, failed to allocated page array size 8, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 982.140139][T22752] CPU: 1 UID: 0 PID: 22752 Comm: syz.0.4713 Tainted: G L syzkaller #0 PREEMPT(full) [ 982.140158][T22752] Tainted: [L]=SOFTLOCKUP [ 982.140162][T22752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 982.140169][T22752] Call Trace: [ 982.140173][T22752] [ 982.140179][T22752] dump_stack_lvl+0x16c/0x1f0 [ 982.140199][T22752] warn_alloc+0x248/0x3a0 [ 982.140214][T22752] ? __pfx_warn_alloc+0x10/0x10 [ 982.140226][T22752] ? dump_stack_lvl+0x1a3/0x1f0 [ 982.140243][T22752] ? should_fail_ex+0x354/0x640 [ 982.140258][T22752] ? rcu_is_watching+0x12/0xc0 [ 982.140278][T22752] ? trace_kmalloc+0x2b/0xb0 [ 982.140294][T22752] ? __kmalloc_node_noprof+0x372/0x930 [ 982.140309][T22752] ? __get_vm_area_node+0x1dc/0x330 [ 982.140329][T22752] ? __vmalloc_node_range_noprof+0x405/0x16b0 [ 982.140344][T22752] __vmalloc_node_range_noprof+0x1309/0x16b0 [ 982.140363][T22752] ? bpf_check+0x1b8/0xc820 [ 982.140381][T22752] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 982.140393][T22752] ? ___kmalloc_large_node+0x97/0x150 [ 982.140403][T22752] ? rcu_is_watching+0x12/0xc0 [ 982.140419][T22752] ? rcu_is_watching+0x12/0xc0 [ 982.140434][T22752] ? trace_kmalloc+0x2b/0xb0 [ 982.140450][T22752] ? __kvmalloc_node_noprof.cold+0x61/0x8e [ 982.140468][T22752] ? bpf_check+0x1b8/0xc820 [ 982.140482][T22752] __vmalloc_node_noprof+0xad/0xf0 [ 982.140493][T22752] ? bpf_check+0x1b8/0xc820 [ 982.140508][T22752] bpf_check+0x1b8/0xc820 [ 982.140528][T22752] ? pcpu_memcg_post_alloc_hook+0x2d7/0x690 [ 982.140544][T22752] ? __pfx_bpf_check+0x10/0x10 [ 982.140563][T22752] ? rcu_is_watching+0x12/0xc0 [ 982.140578][T22752] ? ktime_get_with_offset+0x26e/0x3b0 [ 982.140590][T22752] ? __asan_memset+0x23/0x50 [ 982.140603][T22752] ? lsm_blob_alloc+0x2b/0x90 [ 982.140619][T22752] ? bpf_lsm_bpf_prog_load+0x9/0x10 [ 982.140636][T22752] bpf_prog_load+0x114e/0x2cc0 [ 982.140653][T22752] ? _parse_integer_limit+0x17f/0x1d0 [ 982.140672][T22752] ? __pfx_bpf_prog_load+0x10/0x10 [ 982.140688][T22752] ? __lock_acquire+0x436/0x2890 [ 982.140713][T22752] __sys_bpf+0x3e72/0x4980 [ 982.140725][T22752] ? __pfx___sys_bpf+0x10/0x10 [ 982.140734][T22752] ? find_held_lock+0x2b/0x80 [ 982.140752][T22752] ? find_held_lock+0x2b/0x80 [ 982.140768][T22752] ? __mutex_unlock_slowpath+0x161/0x790 [ 982.140794][T22752] ? fput+0x70/0xf0 [ 982.140804][T22752] ? ksys_write+0x1ac/0x250 [ 982.140820][T22752] ? __pfx_ksys_write+0x10/0x10 [ 982.140837][T22752] __ia32_sys_bpf+0x76/0xe0 [ 982.140848][T22752] ? lockdep_hardirqs_on+0x7c/0x110 [ 982.140864][T22752] __do_fast_syscall_32+0xe8/0x680 [ 982.140883][T22752] do_fast_syscall_32+0x32/0x80 [ 982.140901][T22752] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 982.140915][T22752] RIP: 0023:0xf7f15579 [ 982.140924][T22752] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 982.140935][T22752] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 982.140945][T22752] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800004c0 [ 982.140952][T22752] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 982.140959][T22752] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 982.140965][T22752] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 982.140971][T22752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 982.140984][T22752] [ 982.140988][T22752] Mem-Info: [ 982.256144][T22752] active_anon:2501 inactive_anon:1756 isolated_anon:0 [ 982.256144][T22752] active_file:2077 inactive_file:7241 isolated_file:0 [ 982.256144][T22752] unevictable:1768 dirty:657 writeback:0 [ 982.256144][T22752] slab_reclaimable:6923 slab_unreclaimable:64930 [ 982.256144][T22752] mapped:23630 shmem:3328 pagetables:1374 [ 982.256144][T22752] sec_pagetables:335 bounce:0 [ 982.256144][T22752] kernel_misc_reclaimable:0 [ 982.256144][T22752] free:55116 free_pcp:20105 free_cma:0 [ 982.270886][T22752] Node 0 active_anon:0kB inactive_anon:44kB active_file:132kB inactive_file:152kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:64kB dirty:4kB writeback:0kB shmem:4320kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9184kB pagetables:1480kB sec_pagetables:1164kB all_unreclaimable? yes Balloon:0kB [ 982.280886][T22752] Node 1 active_anon:9004kB inactive_anon:6980kB active_file:8176kB inactive_file:28812kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:94456kB dirty:2624kB writeback:0kB shmem:7992kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5836kB pagetables:4016kB sec_pagetables:176kB all_unreclaimable? no Balloon:0kB [ 982.291269][T22752] Node 0 DMA free:2276kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 982.301258][T22752] lowmem_reserve[]: 0 289 289 289 289 [ 982.303391][T22752] Node 0 DMA32 free:35008kB boost:22528kB min:35860kB low:39192kB high:42524kB reserved_highatomic:2048KB free_highatomic:400KB active_anon:0kB inactive_anon:44kB active_file:132kB inactive_file:152kB unevictable:3536kB writepending:4kB zspages:732kB present:1032196kB managed:296816kB mlocked:0kB bounce:0kB free_pcp:1844kB local_pcp:324kB free_cma:0kB [ 982.314175][T22752] lowmem_reserve[]: 0 0 0 0 0 [ 982.315863][T22752] Node 1 DMA32 free:189780kB boost:40960kB min:88104kB low:99888kB high:111672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:6604kB inactive_anon:6980kB active_file:8176kB inactive_file:28812kB unevictable:3536kB writepending:2624kB zspages:5184kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:75744kB local_pcp:14708kB free_cma:0kB [ 982.327006][T22752] lowmem_reserve[]: 0 0 0 0 0 [ 982.328706][T22752] Node 0 DMA: 31*4kB (U) 11*8kB (U) 13*16kB (U) 10*32kB (U) 8*64kB (U) 2*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 2276kB [ 982.333674][T22752] Node 0 DMA32: 440*4kB (UMH) 494*8kB (UMEH) 295*16kB (UMEH) 392*32kB (UMEH) 96*64kB (UME) 26*128kB (UME) 10*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 35008kB [ 982.339357][T22752] Node 1 DMA32: 4216*4kB (UME) 4216*8kB (UME) 2818*16kB (UME) 184*32kB (UME) 348*64kB (UME) 168*128kB (UME) 80*256kB (UM) 29*512kB (UM) 9*1024kB (UM) 0*2048kB 0*4096kB = 189888kB [ 982.345754][T22752] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 982.348922][T22752] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 982.352020][T22752] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 982.355477][T22752] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 982.358917][T22752] 11857 total pagecache pages [ 982.360823][T22752] 690 pages in swap cache [ 982.362540][T22752] Free swap = 101224kB [ 982.364375][T22752] Total swap = 124996kB [ 982.365909][T22752] 524155 pages RAM [ 982.367677][T22752] 0 pages HighMem/MovableOnly [ 982.369437][T22752] 209058 pages reserved [ 982.371078][T22752] 0 pages cma reserved [ 982.634290][T22757] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4714'. [ 983.263112][ T24] usb 11-1: new high-speed USB device number 24 using dummy_hcd [ 983.269199][T22771] lo speed is unknown, defaulting to 1000 [ 983.271475][T22771] lo speed is unknown, defaulting to 1000 [ 983.274945][T22771] lo speed is unknown, defaulting to 1000 [ 983.297052][T22771] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 983.369464][T22771] lo speed is unknown, defaulting to 1000 [ 983.374532][T22771] lo speed is unknown, defaulting to 1000 [ 983.379182][T22771] lo speed is unknown, defaulting to 1000 [ 983.385799][T22771] lo speed is unknown, defaulting to 1000 [ 983.413117][ T24] usb 11-1: device descriptor read/64, error -71 [ 983.663056][ T24] usb 11-1: new high-speed USB device number 25 using dummy_hcd [ 983.793309][ T24] usb 11-1: device descriptor read/64, error -71 [ 983.906204][ T24] usb usb11-port1: attempt power cycle [ 984.243135][ T24] usb 11-1: new high-speed USB device number 26 using dummy_hcd [ 984.263610][ T24] usb 11-1: device descriptor read/8, error -71 [ 984.504531][ T24] usb 11-1: new high-speed USB device number 27 using dummy_hcd [ 984.534842][ T24] usb 11-1: device descriptor read/8, error -71 [ 984.643312][ T24] usb usb11-port1: unable to enumerate USB device [ 986.498136][ T6052] hid_parser_main: 5 callbacks suppressed [ 986.498150][ T6052] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 986.523195][ T6052] hid-generic 0000:0000:0000.0003: hidraw1: HID v0.00 Device [syz1] on syz0 [ 987.743119][ T6052] usb 10-1: new high-speed USB device number 19 using dummy_hcd [ 987.873072][ T6052] usb 10-1: device descriptor read/64, error -71 [ 988.103791][T22838] loop2: detected capacity change from 0 to 7 [ 988.106360][T22838] Dev loop2: unable to read RDB block 7 [ 988.108272][T22838] loop2: AHDI p1 p2 p3 [ 988.109771][T22838] loop2: partition table partially beyond EOD, truncated [ 988.112235][T22838] loop2: p1 start 1601398130 is beyond EOD, truncated [ 988.115394][T22838] loop2: p2 start 1702059890 is beyond EOD, truncated [ 988.133028][ T6052] usb 10-1: new high-speed USB device number 20 using dummy_hcd [ 988.333176][ T6052] usb 10-1: device descriptor read/64, error -71 [ 988.453337][ T6052] usb usb10-port1: attempt power cycle [ 988.590847][ T40] audit: type=1326 audit(988.461:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22829 comm="syz.6.4733" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd579 code=0x7fc00000 [ 988.833063][ T6052] usb 10-1: new high-speed USB device number 21 using dummy_hcd [ 988.864389][ T6052] usb 10-1: device descriptor read/8, error -71 [ 988.908657][T22853] siw: device registration error -23 [ 989.174044][ T6052] usb 10-1: new high-speed USB device number 22 using dummy_hcd [ 989.233477][ T6052] usb 10-1: device descriptor read/8, error -71 [ 989.343316][ T6052] usb usb10-port1: unable to enumerate USB device [ 992.225390][T22893] x_tables: duplicate underflow at hook 1 [ 992.231716][T22893] hub 8-0:1.0: USB hub found [ 992.237345][T22893] hub 8-0:1.0: 1 port detected [ 992.695913][ T6052] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 992.713190][ T6052] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz1] on syz0 [ 992.729146][T22900] netlink: 'syz.0.4753': attribute type 1 has an invalid length. [ 992.748579][T22900] bond13: entered promiscuous mode [ 992.750525][T22900] 8021q: adding VLAN 0 to HW filter on device bond13 [ 992.825843][T22900] 8021q: adding VLAN 0 to HW filter on device bond14 [ 992.829205][T22900] bond13: (slave bond14): making interface the new active one [ 992.831657][T22900] bond14: entered promiscuous mode [ 992.856717][T22900] bond13: (slave bond14): Enslaving as an active interface with an up link [ 994.608535][T22924] xt_bpf: check failed: parse error [ 994.933083][ T34] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 995.093196][ T34] usb 5-1: device descriptor read/64, error -71 [ 995.343078][ T34] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 995.473106][ T34] usb 5-1: device descriptor read/64, error -71 [ 995.583450][ T34] usb usb5-port1: attempt power cycle [ 995.923009][ T34] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 995.953466][ T34] usb 5-1: device descriptor read/8, error -71 [ 996.203080][ T34] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 996.243447][ T34] usb 5-1: device descriptor read/8, error -71 [ 996.363707][ T34] usb usb5-port1: unable to enumerate USB device [ 997.237897][T22967] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4769'. [ 997.715438][ T1418] ieee802154 phy0 wpan0: encryption failed: -22 [ 997.717880][ T1418] ieee802154 phy1 wpan1: encryption failed: -22 [ 997.765397][T22983] xt_bpf: check failed: parse error [ 1001.187231][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1001.194935][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1001.200087][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1001.202900][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1001.205015][T23021] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4782'. [ 1001.213419][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1001.214074][T23021] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4782'. [ 1001.221877][T23021] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4782'. [ 1001.245408][ T5950] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1001.254603][ T5950] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1001.259042][ T5950] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1001.263076][ T5950] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1001.269792][ T5950] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1001.382435][T15410] smc: removing ib device syz1 [ 1001.446888][T23018] wg2 speed is unknown, defaulting to 1000 [ 1001.470220][T23029] overlayfs: failed to resolve './file2': -2 [ 1001.472624][T23028] overlayfs: failed to resolve './file2': -2 [ 1001.646238][T23018] lo speed is unknown, defaulting to 1000 [ 1001.970629][T15410] ------------[ cut here ]------------ [ 1001.972776][T15410] GID entry ref leak for dev syz1 index 2 ref=4 [ 1001.975196][T15410] WARNING: drivers/infiniband/core/cache.c:806 at gid_table_release_one+0x1ad/0x450, CPU#3: kworker/u32:9/15410 [ 1001.979096][T15410] Modules linked in: [ 1001.981003][T15410] CPU: 3 UID: 0 PID: 15410 Comm: kworker/u32:9 Tainted: G L syzkaller #0 PREEMPT(full) [ 1001.984929][T15410] Tainted: [L]=SOFTLOCKUP [ 1001.986379][T15410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 1001.989865][T15410] Workqueue: ib-unreg-wq ib_unregister_work [ 1001.991829][T15410] RIP: 0010:gid_table_release_one+0x1b6/0x450 [ 1001.994223][T15410] Code: 4c 24 38 48 c1 e8 03 4d 01 fc 48 89 44 24 08 eb 54 48 89 34 24 e8 7a 6a 4f f9 48 8d 3d 23 8b 26 08 48 8b 34 24 89 e9 44 89 f2 <67> 48 0f b9 3a e8 60 6a 4f f9 48 89 d8 41 83 c6 01 48 c1 e8 03 42 [ 1002.000792][T15410] RSP: 0018:ffffc900078d7ac8 EFLAGS: 00010293 [ 1002.002792][T15410] RAX: 0000000000000000 RBX: ffff888023b82200 RCX: 0000000000000004 [ 1002.005669][T15410] RDX: 0000000000000002 RSI: ffff888070728d00 RDI: ffffffff90958ba0 [ 1002.008359][T15410] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed10050db0c0 [ 1002.010953][T15410] R10: ffff8880286d8603 R11: 0000000000002ba1 R12: ffffed100477045b [ 1002.014283][T15410] R13: ffff88804b7d8000 R14: 0000000000000002 R15: dffffc0000000000 [ 1002.019245][T15410] FS: 0000000000000000(0000) GS:ffff8880979fc000(0000) knlGS:0000000000000000 [ 1002.023829][T15410] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1002.026618][T15410] CR2: 00000000f72d6a60 CR3: 00000000240a4000 CR4: 0000000000352ef0 [ 1002.029939][T15410] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1002.033501][T15410] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1002.036576][T15410] Call Trace: [ 1002.037999][T15410] [ 1002.039427][T15410] ib_device_release+0xef/0x1e0 [ 1002.041642][T15410] ? __pfx_ib_device_release+0x10/0x10 [ 1002.044643][T15410] device_release+0xa4/0x240 [ 1002.046691][T15410] kobject_put+0x1ef/0x6f0 [ 1002.048647][T15410] put_device+0x1f/0x30 [ 1002.050450][T15410] process_one_work+0x9ba/0x1b20 [ 1002.052603][T15410] ? __pfx_netdevice_event_work_handler+0x10/0x10 [ 1002.055829][T15410] ? __pfx_process_one_work+0x10/0x10 [ 1002.058142][T15410] ? assign_work+0x1a0/0x250 [ 1002.060163][T15410] worker_thread+0x6c8/0xf10 [ 1002.062169][T15410] ? __kthread_parkme+0x19e/0x250 [ 1002.064844][T15410] ? __pfx_worker_thread+0x10/0x10 [ 1002.067063][T15410] kthread+0x3c5/0x780 [ 1002.068601][T15410] ? __pfx_kthread+0x10/0x10 [ 1002.070432][T15410] ? rcu_is_watching+0x12/0xc0 [ 1002.072502][T15410] ? __pfx_kthread+0x10/0x10 [ 1002.074981][T15410] ret_from_fork+0x983/0xb10 [ 1002.077017][T15410] ? __pfx_ret_from_fork+0x10/0x10 [ 1002.079233][T15410] ? __switch_to+0x7af/0x10d0 [ 1002.081260][T15410] ? __pfx_kthread+0x10/0x10 [ 1002.083782][T15410] ret_from_fork_asm+0x1a/0x30 [ 1002.085877][T15410] [ 1002.087230][T15410] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1002.090249][T15410] CPU: 3 UID: 0 PID: 15410 Comm: kworker/u32:9 Tainted: G L syzkaller #0 PREEMPT(full) [ 1002.094965][T15410] Tainted: [L]=SOFTLOCKUP [ 1002.096857][T15410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1002.101384][T15410] Workqueue: ib-unreg-wq ib_unregister_work [ 1002.104080][T15410] Call Trace: [ 1002.105521][T15410] [ 1002.106842][T15410] dump_stack_lvl+0x3d/0x1f0 [ 1002.108602][T15410] vpanic+0x640/0x6f0 [ 1002.109974][T15410] ? gid_table_release_one+0x1ad/0x450 [ 1002.111865][T15410] panic+0xca/0xd0 [ 1002.113143][T15410] ? __pfx_panic+0x10/0x10 [ 1002.114657][T15410] ? check_panic_on_warn+0x1f/0xb0 [ 1002.116409][T15410] check_panic_on_warn+0xab/0xb0 [ 1002.118079][T15410] __warn+0x108/0x3c0 [ 1002.119450][T15410] __report_bug+0x2a0/0x520 [ 1002.120987][T15410] ? gid_table_release_one+0x1ad/0x450 [ 1002.122850][T15410] ? __pfx___report_bug+0x10/0x10 [ 1002.124646][T15410] report_bug_entry+0xe1/0x290 [ 1002.126647][T15410] ? gid_table_release_one+0x1b6/0x450 [ 1002.128818][T15410] handle_bug+0x18a/0x260 [ 1002.130372][T15410] exc_invalid_op+0x17/0x50 [ 1002.132195][T15410] asm_exc_invalid_op+0x1a/0x20 [ 1002.134134][T15410] RIP: 0010:gid_table_release_one+0x1b6/0x450 [ 1002.136179][T15410] Code: 4c 24 38 48 c1 e8 03 4d 01 fc 48 89 44 24 08 eb 54 48 89 34 24 e8 7a 6a 4f f9 48 8d 3d 23 8b 26 08 48 8b 34 24 89 e9 44 89 f2 <67> 48 0f b9 3a e8 60 6a 4f f9 48 89 d8 41 83 c6 01 48 c1 e8 03 42 [ 1002.143090][T15410] RSP: 0018:ffffc900078d7ac8 EFLAGS: 00010293 [ 1002.145317][T15410] RAX: 0000000000000000 RBX: ffff888023b82200 RCX: 0000000000000004 [ 1002.148025][T15410] RDX: 0000000000000002 RSI: ffff888070728d00 RDI: ffffffff90958ba0 [ 1002.150661][T15410] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed10050db0c0 [ 1002.153301][T15410] R10: ffff8880286d8603 R11: 0000000000002ba1 R12: ffffed100477045b [ 1002.155893][T15410] R13: ffff88804b7d8000 R14: 0000000000000002 R15: dffffc0000000000 [ 1002.159207][T15410] ? gid_table_release_one+0x1a6/0x450 [ 1002.161011][T15410] ib_device_release+0xef/0x1e0 [ 1002.162598][T15410] ? __pfx_ib_device_release+0x10/0x10 [ 1002.164512][T15410] device_release+0xa4/0x240 [ 1002.166121][T15410] kobject_put+0x1ef/0x6f0 [ 1002.168048][T15410] put_device+0x1f/0x30 [ 1002.169853][T15410] process_one_work+0x9ba/0x1b20 [ 1002.171749][T15410] ? __pfx_netdevice_event_work_handler+0x10/0x10 [ 1002.173885][T15410] ? __pfx_process_one_work+0x10/0x10 [ 1002.175691][T15410] ? assign_work+0x1a0/0x250 [ 1002.177265][T15410] worker_thread+0x6c8/0xf10 [ 1002.178833][T15410] ? __kthread_parkme+0x19e/0x250 [ 1002.180540][T15410] ? __pfx_worker_thread+0x10/0x10 [ 1002.182237][T15410] kthread+0x3c5/0x780 [ 1002.183611][T15410] ? __pfx_kthread+0x10/0x10 [ 1002.185191][T15410] ? rcu_is_watching+0x12/0xc0 [ 1002.186796][T15410] ? __pfx_kthread+0x10/0x10 [ 1002.188317][T15410] ret_from_fork+0x983/0xb10 [ 1002.189819][T15410] ? __pfx_ret_from_fork+0x10/0x10 [ 1002.191586][T15410] ? __switch_to+0x7af/0x10d0 [ 1002.193261][T15410] ? __pfx_kthread+0x10/0x10 [ 1002.194830][T15410] ret_from_fork_asm+0x1a/0x30 [ 1002.196480][T15410] [ 1002.198068][T15410] Kernel Offset: disabled [ 1002.199526][T15410] Rebooting in 86400 seconds..