syzkaller login: [ 258.647191][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 258.711484][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 258.848956][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 268.071221][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:20598' (ECDSA) to the list of known hosts. 1970/01/01 00:05:32 fuzzer started 1970/01/01 00:05:48 dialing manager at localhost:42163 [ 354.267345][ T2027] cgroup: Unknown subsys name 'net' [ 355.341035][ T2027] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:54 syscalls: 2918 1970/01/01 00:05:54 code coverage: enabled 1970/01/01 00:05:54 comparison tracing: enabled 1970/01/01 00:05:54 extra coverage: enabled 1970/01/01 00:05:54 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:54 setuid sandbox: enabled 1970/01/01 00:05:54 namespace sandbox: enabled 1970/01/01 00:05:54 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:54 fault injection: enabled 1970/01/01 00:05:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:54 net packet injection: enabled 1970/01/01 00:05:54 net device setup: enabled 1970/01/01 00:05:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:54 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:05:54 USB emulation: enabled 1970/01/01 00:05:54 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:54 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:54 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:55 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:01 fetching corpus: 50, signal 33322/36707 (executing program) 1970/01/01 00:06:04 fetching corpus: 100, signal 44437/49213 (executing program) 1970/01/01 00:06:07 fetching corpus: 150, signal 49348/55537 (executing program) 1970/01/01 00:06:10 fetching corpus: 199, signal 58867/66139 (executing program) 1970/01/01 00:06:12 fetching corpus: 249, signal 64835/73199 (executing program) 1970/01/01 00:06:14 fetching corpus: 299, signal 70219/79661 (executing program) 1970/01/01 00:06:16 fetching corpus: 349, signal 73657/84151 (executing program) 1970/01/01 00:06:18 fetching corpus: 399, signal 75511/87218 (executing program) 1970/01/01 00:06:21 fetching corpus: 449, signal 80434/92991 (executing program) 1970/01/01 00:06:25 fetching corpus: 499, signal 83068/96594 (executing program) 1970/01/01 00:06:27 fetching corpus: 549, signal 86935/101252 (executing program) 1970/01/01 00:06:31 fetching corpus: 599, signal 90106/105199 (executing program) 1970/01/01 00:06:34 fetching corpus: 649, signal 91429/107495 (executing program) 1970/01/01 00:06:37 fetching corpus: 698, signal 94890/111674 (executing program) 1970/01/01 00:06:39 fetching corpus: 748, signal 97280/114811 (executing program) 1970/01/01 00:06:42 fetching corpus: 797, signal 101757/119667 (executing program) 1970/01/01 00:06:44 fetching corpus: 847, signal 103590/122245 (executing program) 1970/01/01 00:06:46 fetching corpus: 896, signal 105290/124636 (executing program) 1970/01/01 00:06:50 fetching corpus: 946, signal 107488/127452 (executing program) 1970/01/01 00:06:52 fetching corpus: 996, signal 110364/130730 (executing program) 1970/01/01 00:06:54 fetching corpus: 1046, signal 112712/133585 (executing program) 1970/01/01 00:06:57 fetching corpus: 1096, signal 114390/135825 (executing program) 1970/01/01 00:07:01 fetching corpus: 1145, signal 117630/139283 (executing program) 1970/01/01 00:07:03 fetching corpus: 1192, signal 119265/141503 (executing program) 1970/01/01 00:07:05 fetching corpus: 1242, signal 120869/143641 (executing program) 1970/01/01 00:07:08 fetching corpus: 1292, signal 122634/145852 (executing program) 1970/01/01 00:07:10 fetching corpus: 1342, signal 126607/149724 (executing program) 1970/01/01 00:07:13 fetching corpus: 1392, signal 128371/151802 (executing program) 1970/01/01 00:07:15 fetching corpus: 1440, signal 129936/153763 (executing program) 1970/01/01 00:07:17 fetching corpus: 1490, signal 131675/155785 (executing program) 1970/01/01 00:07:19 fetching corpus: 1540, signal 132830/157341 (executing program) 1970/01/01 00:07:22 fetching corpus: 1589, signal 133855/158858 (executing program) 1970/01/01 00:07:24 fetching corpus: 1639, signal 135299/160614 (executing program) 1970/01/01 00:07:27 fetching corpus: 1688, signal 137457/162840 (executing program) 1970/01/01 00:07:30 fetching corpus: 1737, signal 139319/164823 (executing program) 1970/01/01 00:07:32 fetching corpus: 1786, signal 140621/166342 (executing program) 1970/01/01 00:07:34 fetching corpus: 1834, signal 142541/168272 (executing program) 1970/01/01 00:07:37 fetching corpus: 1884, signal 144347/170069 (executing program) 1970/01/01 00:07:39 fetching corpus: 1934, signal 145628/171516 (executing program) 1970/01/01 00:07:41 fetching corpus: 1982, signal 146669/172755 (executing program) 1970/01/01 00:07:44 fetching corpus: 2032, signal 147771/174076 (executing program) 1970/01/01 00:07:45 fetching corpus: 2082, signal 148783/175316 (executing program) 1970/01/01 00:07:48 fetching corpus: 2130, signal 149687/176473 (executing program) 1970/01/01 00:07:51 fetching corpus: 2180, signal 151167/177936 (executing program) 1970/01/01 00:07:54 fetching corpus: 2229, signal 152360/179309 (executing program) 1970/01/01 00:07:57 fetching corpus: 2279, signal 153406/180461 (executing program) 1970/01/01 00:07:59 fetching corpus: 2328, signal 154502/181647 (executing program) 1970/01/01 00:08:02 fetching corpus: 2377, signal 155271/182627 (executing program) 1970/01/01 00:08:04 fetching corpus: 2427, signal 156457/183846 (executing program) 1970/01/01 00:08:07 fetching corpus: 2476, signal 157520/185002 (executing program) 1970/01/01 00:08:09 fetching corpus: 2526, signal 158455/186044 (executing program) 1970/01/01 00:08:11 fetching corpus: 2575, signal 159621/187135 (executing program) 1970/01/01 00:08:15 fetching corpus: 2625, signal 160760/188270 (executing program) 1970/01/01 00:08:17 fetching corpus: 2674, signal 161710/189241 (executing program) 1970/01/01 00:08:19 fetching corpus: 2724, signal 162536/190147 (executing program) 1970/01/01 00:08:23 fetching corpus: 2774, signal 163798/191241 (executing program) 1970/01/01 00:08:25 fetching corpus: 2823, signal 164858/192179 (executing program) 1970/01/01 00:08:28 fetching corpus: 2873, signal 165613/192981 (executing program) 1970/01/01 00:08:31 fetching corpus: 2923, signal 166551/193851 (executing program) 1970/01/01 00:08:32 fetching corpus: 2973, signal 167220/194558 (executing program) 1970/01/01 00:08:34 fetching corpus: 3023, signal 168025/195329 (executing program) 1970/01/01 00:08:37 fetching corpus: 3073, signal 168859/196132 (executing program) 1970/01/01 00:08:40 fetching corpus: 3123, signal 170062/197050 (executing program) 1970/01/01 00:08:42 fetching corpus: 3172, signal 170779/197747 (executing program) 1970/01/01 00:08:45 fetching corpus: 3222, signal 171556/198457 (executing program) 1970/01/01 00:08:47 fetching corpus: 3272, signal 172410/199178 (executing program) 1970/01/01 00:08:49 fetching corpus: 3321, signal 173184/199880 (executing program) 1970/01/01 00:08:51 fetching corpus: 3370, signal 173730/200432 (executing program) 1970/01/01 00:08:54 fetching corpus: 3420, signal 174806/201197 (executing program) 1970/01/01 00:08:56 fetching corpus: 3470, signal 175504/201781 (executing program) 1970/01/01 00:08:58 fetching corpus: 3518, signal 176196/202373 (executing program) 1970/01/01 00:08:59 fetching corpus: 3567, signal 176673/202880 (executing program) 1970/01/01 00:09:02 fetching corpus: 3617, signal 177454/203496 (executing program) 1970/01/01 00:09:04 fetching corpus: 3667, signal 178179/204091 (executing program) 1970/01/01 00:09:06 fetching corpus: 3716, signal 179300/204769 (executing program) 1970/01/01 00:09:09 fetching corpus: 3766, signal 180160/205358 (executing program) 1970/01/01 00:09:12 fetching corpus: 3816, signal 180948/205905 (executing program) 1970/01/01 00:09:13 fetching corpus: 3864, signal 181410/206372 (executing program) 1970/01/01 00:09:15 fetching corpus: 3914, signal 182022/206846 (executing program) 1970/01/01 00:09:17 fetching corpus: 3963, signal 182596/207290 (executing program) 1970/01/01 00:09:21 fetching corpus: 4012, signal 183926/207886 (executing program) 1970/01/01 00:09:23 fetching corpus: 4062, signal 184743/208381 (executing program) 1970/01/01 00:09:25 fetching corpus: 4110, signal 185187/208775 (executing program) 1970/01/01 00:09:28 fetching corpus: 4160, signal 185998/209267 (executing program) 1970/01/01 00:09:30 fetching corpus: 4210, signal 186577/209619 (executing program) 1970/01/01 00:09:32 fetching corpus: 4259, signal 187422/210026 (executing program) 1970/01/01 00:09:34 fetching corpus: 4309, signal 187992/210374 (executing program) 1970/01/01 00:09:36 fetching corpus: 4359, signal 188526/210743 (executing program) 1970/01/01 00:09:40 fetching corpus: 4409, signal 189289/211134 (executing program) 1970/01/01 00:09:42 fetching corpus: 4459, signal 189743/211457 (executing program) 1970/01/01 00:09:43 fetching corpus: 4509, signal 190211/211775 (executing program) 1970/01/01 00:09:45 fetching corpus: 4559, signal 190995/212110 (executing program) 1970/01/01 00:09:48 fetching corpus: 4609, signal 191783/212420 (executing program) 1970/01/01 00:09:50 fetching corpus: 4656, signal 192176/212697 (executing program) 1970/01/01 00:09:52 fetching corpus: 4706, signal 192678/212995 (executing program) 1970/01/01 00:09:56 fetching corpus: 4756, signal 193299/213250 (executing program) 1970/01/01 00:09:59 fetching corpus: 4806, signal 194389/213565 (executing program) 1970/01/01 00:10:01 fetching corpus: 4856, signal 195010/213850 (executing program) 1970/01/01 00:10:04 fetching corpus: 4906, signal 195499/214068 (executing program) 1970/01/01 00:10:08 fetching corpus: 4954, signal 195982/214303 (executing program) 1970/01/01 00:10:12 fetching corpus: 5002, signal 196468/214558 (executing program) 1970/01/01 00:10:15 fetching corpus: 5051, signal 197082/214778 (executing program) 1970/01/01 00:10:18 fetching corpus: 5100, signal 197593/214979 (executing program) 1970/01/01 00:10:20 fetching corpus: 5149, signal 198508/215216 (executing program) 1970/01/01 00:10:24 fetching corpus: 5199, signal 199853/215393 (executing program) 1970/01/01 00:10:27 fetching corpus: 5249, signal 200308/215548 (executing program) 1970/01/01 00:10:28 fetching corpus: 5299, signal 200816/215669 (executing program) 1970/01/01 00:10:31 fetching corpus: 5349, signal 201430/215669 (executing program) 1970/01/01 00:10:33 fetching corpus: 5399, signal 201858/215697 (executing program) 1970/01/01 00:10:35 fetching corpus: 5449, signal 202446/215697 (executing program) 1970/01/01 00:10:39 fetching corpus: 5498, signal 203367/215700 (executing program) 1970/01/01 00:10:41 fetching corpus: 5547, signal 203757/215702 (executing program) 1970/01/01 00:10:42 fetching corpus: 5596, signal 204315/215702 (executing program) 1970/01/01 00:10:44 fetching corpus: 5646, signal 204791/215708 (executing program) 1970/01/01 00:10:48 fetching corpus: 5696, signal 205335/215708 (executing program) 1970/01/01 00:10:50 fetching corpus: 5746, signal 205744/215716 (executing program) 1970/01/01 00:10:53 fetching corpus: 5795, signal 206300/215725 (executing program) 1970/01/01 00:10:55 fetching corpus: 5845, signal 206780/215725 (executing program) 1970/01/01 00:10:57 fetching corpus: 5895, signal 207269/215732 (executing program) 1970/01/01 00:10:59 fetching corpus: 5944, signal 207848/215732 (executing program) 1970/01/01 00:11:03 fetching corpus: 5994, signal 208486/215732 (executing program) 1970/01/01 00:11:05 fetching corpus: 6044, signal 208927/215789 (executing program) 1970/01/01 00:11:07 fetching corpus: 6094, signal 209531/215800 (executing program) 1970/01/01 00:11:09 fetching corpus: 6143, signal 210036/215800 (executing program) 1970/01/01 00:11:10 fetching corpus: 6193, signal 210508/215800 (executing program) 1970/01/01 00:11:12 fetching corpus: 6243, signal 210989/215800 (executing program) 1970/01/01 00:11:16 fetching corpus: 6293, signal 211483/215800 (executing program) 1970/01/01 00:11:18 fetching corpus: 6342, signal 211839/215812 (executing program) 1970/01/01 00:11:21 fetching corpus: 6392, signal 212190/215812 (executing program) 1970/01/01 00:11:22 fetching corpus: 6440, signal 212589/215826 (executing program) 1970/01/01 00:11:26 fetching corpus: 6490, signal 213154/215826 (executing program) 1970/01/01 00:11:26 fetching corpus: 6502, signal 213229/215826 (executing program) 1970/01/01 00:11:26 fetching corpus: 6502, signal 213229/215831 (executing program) 1970/01/01 00:11:27 fetching corpus: 6502, signal 213229/215831 (executing program) 1970/01/01 00:13:25 starting 2 fuzzer processes 00:13:25 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=@ipv4_newnexthop={0x17, 0x68, 0x1}, 0x18}}, 0x0) 00:13:25 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) [ 831.351482][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 831.841929][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 833.221918][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 833.360290][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 844.373607][ T2040] device hsr_slave_0 entered promiscuous mode [ 844.403126][ T2040] device hsr_slave_1 entered promiscuous mode [ 846.221223][ T2039] device hsr_slave_0 entered promiscuous mode [ 846.273472][ T2039] device hsr_slave_1 entered promiscuous mode [ 846.289761][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 846.300494][ T2039] Cannot create hsr debugfs directory [ 853.005982][ T2040] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 853.158991][ T2040] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 853.306159][ T2040] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 853.570060][ T2040] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 854.649437][ T2039] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 854.749016][ T2039] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 854.949295][ T2039] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 855.205810][ T2039] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 865.964139][ T2040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 867.399913][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 867.564106][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 868.263238][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 868.949573][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 869.002097][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 881.550465][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 881.628165][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 882.072717][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 882.112860][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 882.390712][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 884.071370][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 884.166630][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 884.229969][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 884.259565][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 884.308593][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 884.372888][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 884.419564][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 884.989037][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 885.068386][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 885.093118][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 885.538904][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 886.471206][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 886.520410][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 886.938435][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 886.983975][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 887.326366][ T2039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 895.608092][ T2102] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 895.618246][ T2102] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 899.424013][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 899.441133][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 912.459305][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 912.550789][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 915.681006][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 915.700677][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 918.890530][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 918.952461][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 919.070058][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 919.109112][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 919.289240][ T2040] device veth0_vlan entered promiscuous mode [ 919.669870][ T2040] device veth1_vlan entered promiscuous mode [ 921.017200][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 921.071937][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 921.281704][ T2040] device veth0_macvtap entered promiscuous mode [ 921.612461][ T2040] device veth1_macvtap entered promiscuous mode [ 922.081918][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 922.740705][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 922.827438][ T2376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 923.031252][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 923.092009][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 923.259728][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 923.336419][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 923.577089][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 923.623807][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 923.665704][ T2039] device veth0_vlan entered promiscuous mode [ 924.068929][ T2040] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 924.071986][ T2040] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 924.073225][ T2040] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 924.106869][ T2040] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 924.520788][ T2039] device veth1_vlan entered promiscuous mode [ 927.019562][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 927.101869][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 927.600711][ T2039] device veth0_macvtap entered promiscuous mode [ 928.065620][ T2039] device veth1_macvtap entered promiscuous mode [ 928.190666][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 929.090930][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 929.123887][ T2669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 929.378434][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 929.441768][ T2108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 929.713632][ T2039] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.720218][ T2039] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.723722][ T2039] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.727604][ T2039] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:15:32 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:34 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=@ipv4_newnexthop={0x17, 0x68, 0x1}, 0x18}}, 0x0) 00:15:35 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:37 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=@ipv4_newnexthop={0x17, 0x68, 0x1}, 0x18}}, 0x0) 00:15:39 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:40 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=@ipv4_newnexthop={0x17, 0x68, 0x1}, 0x18}}, 0x0) 00:15:44 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:45 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:47 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:47 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:51 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:51 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x10, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}], 0x1c) sendmsg(r1, &(0x7f0000000080)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000700)='@', 0x1}], 0x1}, 0x40) 00:15:55 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xc0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 00:15:56 executing program 1: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat(r1, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x7fffdf800000, 0x0, 0x12, r2, 0x0) 00:15:57 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xc0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 00:15:59 executing program 1: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat(r1, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x7fffdf800000, 0x0, 0x12, r2, 0x0) 00:16:00 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xc0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 00:16:02 executing program 1: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat(r1, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x7fffdf800000, 0x0, 0x12, r2, 0x0) 00:16:03 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xc0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 00:16:05 executing program 1: r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat(r1, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000800000/0x800000)=nil, 0x7fffdf800000, 0x0, 0x12, r2, 0x0) 00:16:07 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xc0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 00:16:10 executing program 1: r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) r1 = dup(r0) ioctl$UFFDIO_REGISTER(r1, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000ff8000/0x8000)=nil, 0x8000}, 0x3}) 00:16:11 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xc0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 00:16:14 executing program 1: r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) r1 = dup(r0) ioctl$UFFDIO_REGISTER(r1, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000ff8000/0x8000)=nil, 0x8000}, 0x3}) 00:16:15 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xc0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe3d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 00:16:17 executing program 1: r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) r1 = dup(r0) ioctl$UFFDIO_REGISTER(r1, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000ff8000/0x8000)=nil, 0x8000}, 0x3}) 00:16:21 executing program 0: syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x4019, &(0x7f0000000640)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@noload}, {@init_itable_val={'init_itable', 0x3d, 0x2}}, {@barrier}, {@sysvgroups}, {@i_version}, {@noauto_da_alloc}]}, 0x21, 0x4ac, &(0x7f0000000700)="$eJzs3U9rHOcZAPBnRlpLtuVKbg39c6lru3XBeFerIoMLpS49tNAaSv0BXFVaq0IrrdCuXEkYan+FtrSGHkoI5JRLILmbEHJNLiHJIeSSUyAkxiEEctgwsytblrWSEstao/n9YJh5Z9b7vK+XeZ/VI+2+ARTW6Yi4HRFHIuIvETHaPZ90t7jS2bLHPbh/azrbkmi3r32a5Nezdmz6N5nj3eccjog//y7ir8mTcZtr6/NT9XptuduutBaWKs219YtzC1Oztdna4sT45OXJ6qVqtbpvY/3nFyPfP/P6lV/9/48vvvXSq6urWbdGutc2j2M/dYZeehgnMxgRf3gWwfpgoDueI/3uCN9KGhHfjYgz+f0/GgP5qwkAHGbt9mi0Rze3AYDDLs1rYEla7tYCRiJNy+VODe9UHEvrjWbrwo3GyuJMp1Y2FqX0xly9Nt6tFY5FKcna1fz4UXtiS/sXEXEyIv49dDRvl6cb9Zl+vvEBgAI7viX/fz7Uyf8AwCE33O8OAAAHTv4HgOKR/wGgeOR/ACge+R8Aikf+B4Dikf8BoFD+dPVqtrU3vv965ubaynzj5sWZWnO+vLAyXZ5uLC+VZxuN2fw7exZ2e756o7F0KRZXViutWrNVaa6tX19orCy2ruff6329VjqQUQEAOzn543vvJxFx+5dH8y02reUgV8Phlva7A0DfDPS7A0DfWO0LisvP+MA2S/Q+puefCN3d/74AB+P8D9X/oajU/6G41P+huNT/obja7cSa/wBQMGr8gN//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDc3km9JWu6uBT4SaVouR5yIiLEoJTfm6rXxiPhORLw3VBrK2tV+dxoAeErpx0l3/a/zo+dGtl49knw5lO8j4u//u/bf1alWa7manf/s4fnW3e75iX70HwDYzUae3sjjGx7cvzW9sR1kfz75TWdx0SfjD8Zgvh+OUkQce5B02x3Z+5WBfYh/+05E/GC7+EleGxnrrny6NX4W+8SBxk8fi5/m1zr77P/ie/vQFyiae9n8c2W7+y+N0/l++/t/OJ+hnl7v+S99OP8N9Jj/Tu91jG+O/r5n/DsRPxrcfv7ZiJ/0iH9uj/E/anzwr17X2i9EnN82/ySPxaq0FpYqzbX1i3MLU0O12drixPjk5cnqpWq1Wslr1JWNSvWTfv2fd/+x0/iP9Yg/vMv4f7rH8X/49m/f+MkO8X9+dvvX/9QO8bOc+LM9xn/57Gt/63Utiz/TY/y7vf4X9hj/3juvfLXHhwIAB6C5tj4/Va/Xlot4MPh8dMOBg+fvoN8zE/CsPbrp+90TAAAAAAAAAAAAAACglx0/BlTqPugpP07U5yECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwiH0dAAD//7Uj2Ds=") 00:16:21 executing program 1: r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) r1 = dup(r0) ioctl$UFFDIO_REGISTER(r1, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000ff8000/0x8000)=nil, 0x8000}, 0x3}) [ 985.352052][ T2794] loop0: detected capacity change from 0 to 512 [ 985.741506][ T2794] EXT4-fs: Mount option "i_version" will be removed by 5.20 [ 985.741506][ T2794] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 985.741506][ T2794] [ 985.782547][ T2794] EXT4-fs: Use iversion instead [ 985.782547][ T2794] [ 986.842228][ T2794] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. 00:16:27 executing program 0: syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x4019, &(0x7f0000000640)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@noload}, {@init_itable_val={'init_itable', 0x3d, 0x2}}, {@barrier}, {@sysvgroups}, {@i_version}, {@noauto_da_alloc}]}, 0x21, 0x4ac, &(0x7f0000000700)="$eJzs3U9rHOcZAPBnRlpLtuVKbg39c6lru3XBeFerIoMLpS49tNAaSv0BXFVaq0IrrdCuXEkYan+FtrSGHkoI5JRLILmbEHJNLiHJIeSSUyAkxiEEctgwsytblrWSEstao/n9YJh5Z9b7vK+XeZ/VI+2+ARTW6Yi4HRFHIuIvETHaPZ90t7jS2bLHPbh/azrbkmi3r32a5Nezdmz6N5nj3eccjog//y7ir8mTcZtr6/NT9XptuduutBaWKs219YtzC1Oztdna4sT45OXJ6qVqtbpvY/3nFyPfP/P6lV/9/48vvvXSq6urWbdGutc2j2M/dYZeehgnMxgRf3gWwfpgoDueI/3uCN9KGhHfjYgz+f0/GgP5qwkAHGbt9mi0Rze3AYDDLs1rYEla7tYCRiJNy+VODe9UHEvrjWbrwo3GyuJMp1Y2FqX0xly9Nt6tFY5FKcna1fz4UXtiS/sXEXEyIv49dDRvl6cb9Zl+vvEBgAI7viX/fz7Uyf8AwCE33O8OAAAHTv4HgOKR/wGgeOR/ACge+R8Aikf+B4Dikf8BoFD+dPVqtrU3vv965ubaynzj5sWZWnO+vLAyXZ5uLC+VZxuN2fw7exZ2e756o7F0KRZXViutWrNVaa6tX19orCy2ruff6329VjqQUQEAOzn543vvJxFx+5dH8y02reUgV8Phlva7A0DfDPS7A0DfWO0LisvP+MA2S/Q+puefCN3d/74AB+P8D9X/oajU/6G41P+huNT/obja7cSa/wBQMGr8gN//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDc3km9JWu6uBT4SaVouR5yIiLEoJTfm6rXxiPhORLw3VBrK2tV+dxoAeErpx0l3/a/zo+dGtl49knw5lO8j4u//u/bf1alWa7manf/s4fnW3e75iX70HwDYzUae3sjjGx7cvzW9sR1kfz75TWdx0SfjD8Zgvh+OUkQce5B02x3Z+5WBfYh/+05E/GC7+EleGxnrrny6NX4W+8SBxk8fi5/m1zr77P/ie/vQFyiae9n8c2W7+y+N0/l++/t/OJ+hnl7v+S99OP8N9Jj/Tu91jG+O/r5n/DsRPxrcfv7ZiJ/0iH9uj/E/anzwr17X2i9EnN82/ySPxaq0FpYqzbX1i3MLU0O12drixPjk5cnqpWq1Wslr1JWNSvWTfv2fd/+x0/iP9Yg/vMv4f7rH8X/49m/f+MkO8X9+dvvX/9QO8bOc+LM9xn/57Gt/63Utiz/TY/y7vf4X9hj/3juvfLXHhwIAB6C5tj4/Va/Xlot4MPh8dMOBg+fvoN8zE/CsPbrp+90TAAAAAAAAAAAAAACglx0/BlTqPugpP07U5yECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwiH0dAAD//7Uj2Ds=") 00:16:27 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000022c0)=ANY=[@ANYBLOB="4c00000012000101"], 0x4c}}, 0x0) recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003880)=[{&(0x7f0000000440)=""/185, 0xb9}, {&(0x7f00000015c0)=""/115, 0x73}, {&(0x7f0000001640)=""/217, 0xd9}, {&(0x7f00000027c0)=""/4096, 0x1000}, {&(0x7f00000037c0)=""/191, 0xbf}], 0x5}}], 0x1, 0x0, 0x0) [ 992.109168][ T2805] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 992.112815][ T2805] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 992.229660][ T2805] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 993.619807][ T2807] loop0: detected capacity change from 0 to 512 00:16:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000022c0)=ANY=[@ANYBLOB="4c00000012000101"], 0x4c}}, 0x0) recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003880)=[{&(0x7f0000000440)=""/185, 0xb9}, {&(0x7f00000015c0)=""/115, 0x73}, {&(0x7f0000001640)=""/217, 0xd9}, {&(0x7f00000027c0)=""/4096, 0x1000}, {&(0x7f00000037c0)=""/191, 0xbf}], 0x5}}], 0x1, 0x0, 0x0) [ 993.938671][ T2807] EXT4-fs: Mount option "i_version" will be removed by 5.20 [ 993.938671][ T2807] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 993.938671][ T2807] [ 993.940822][ T2807] EXT4-fs: Use iversion instead [ 993.940822][ T2807] [ 995.004033][ T2807] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 997.179859][ T2813] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 997.184101][ T2813] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 997.359097][ T2813] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 00:16:36 executing program 0: syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x4019, &(0x7f0000000640)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@noload}, {@init_itable_val={'init_itable', 0x3d, 0x2}}, {@barrier}, {@sysvgroups}, {@i_version}, {@noauto_da_alloc}]}, 0x21, 0x4ac, &(0x7f0000000700)="$eJzs3U9rHOcZAPBnRlpLtuVKbg39c6lru3XBeFerIoMLpS49tNAaSv0BXFVaq0IrrdCuXEkYan+FtrSGHkoI5JRLILmbEHJNLiHJIeSSUyAkxiEEctgwsytblrWSEstao/n9YJh5Z9b7vK+XeZ/VI+2+ARTW6Yi4HRFHIuIvETHaPZ90t7jS2bLHPbh/azrbkmi3r32a5Nezdmz6N5nj3eccjog//y7ir8mTcZtr6/NT9XptuduutBaWKs219YtzC1Oztdna4sT45OXJ6qVqtbpvY/3nFyPfP/P6lV/9/48vvvXSq6urWbdGutc2j2M/dYZeehgnMxgRf3gWwfpgoDueI/3uCN9KGhHfjYgz+f0/GgP5qwkAHGbt9mi0Rze3AYDDLs1rYEla7tYCRiJNy+VODe9UHEvrjWbrwo3GyuJMp1Y2FqX0xly9Nt6tFY5FKcna1fz4UXtiS/sXEXEyIv49dDRvl6cb9Zl+vvEBgAI7viX/fz7Uyf8AwCE33O8OAAAHTv4HgOKR/wGgeOR/ACge+R8Aikf+B4Dikf8BoFD+dPVqtrU3vv965ubaynzj5sWZWnO+vLAyXZ5uLC+VZxuN2fw7exZ2e756o7F0KRZXViutWrNVaa6tX19orCy2ruff6329VjqQUQEAOzn543vvJxFx+5dH8y02reUgV8Phlva7A0DfDPS7A0DfWO0LisvP+MA2S/Q+puefCN3d/74AB+P8D9X/oajU/6G41P+huNT/obja7cSa/wBQMGr8gN//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDc3km9JWu6uBT4SaVouR5yIiLEoJTfm6rXxiPhORLw3VBrK2tV+dxoAeErpx0l3/a/zo+dGtl49knw5lO8j4u//u/bf1alWa7manf/s4fnW3e75iX70HwDYzUae3sjjGx7cvzW9sR1kfz75TWdx0SfjD8Zgvh+OUkQce5B02x3Z+5WBfYh/+05E/GC7+EleGxnrrny6NX4W+8SBxk8fi5/m1zr77P/ie/vQFyiae9n8c2W7+y+N0/l++/t/OJ+hnl7v+S99OP8N9Jj/Tu91jG+O/r5n/DsRPxrcfv7ZiJ/0iH9uj/E/anzwr17X2i9EnN82/ySPxaq0FpYqzbX1i3MLU0O12drixPjk5cnqpWq1Wslr1JWNSvWTfv2fd/+x0/iP9Yg/vMv4f7rH8X/49m/f+MkO8X9+dvvX/9QO8bOc+LM9xn/57Gt/63Utiz/TY/y7vf4X9hj/3juvfLXHhwIAB6C5tj4/Va/Xlot4MPh8dMOBg+fvoN8zE/CsPbrp+90TAAAAAAAAAAAAAACglx0/BlTqPugpP07U5yECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwiH0dAAD//7Uj2Ds=") 00:16:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000022c0)=ANY=[@ANYBLOB="4c00000012000101"], 0x4c}}, 0x0) recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003880)=[{&(0x7f0000000440)=""/185, 0xb9}, {&(0x7f00000015c0)=""/115, 0x73}, {&(0x7f0000001640)=""/217, 0xd9}, {&(0x7f00000027c0)=""/4096, 0x1000}, {&(0x7f00000037c0)=""/191, 0xbf}], 0x5}}], 0x1, 0x0, 0x0) [ 1000.948958][ T2818] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1000.951247][ T2818] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1001.092766][ T2818] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1001.608658][ T2819] loop0: detected capacity change from 0 to 512 [ 1001.798690][ T2819] EXT4-fs: Mount option "i_version" will be removed by 5.20 [ 1001.798690][ T2819] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1001.798690][ T2819] [ 1001.807210][ T2819] EXT4-fs: Use iversion instead [ 1001.807210][ T2819] 00:16:40 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000022c0)=ANY=[@ANYBLOB="4c00000012000101"], 0x4c}}, 0x0) recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003880)=[{&(0x7f0000000440)=""/185, 0xb9}, {&(0x7f00000015c0)=""/115, 0x73}, {&(0x7f0000001640)=""/217, 0xd9}, {&(0x7f00000027c0)=""/4096, 0x1000}, {&(0x7f00000037c0)=""/191, 0xbf}], 0x5}}], 0x1, 0x0, 0x0) [ 1002.512871][ T2819] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1003.586096][ T2825] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1003.588620][ T2825] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1003.679907][ T2825] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. 00:16:42 executing program 0: syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x4019, &(0x7f0000000640)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4}}, {@noload}, {@init_itable_val={'init_itable', 0x3d, 0x2}}, {@barrier}, {@sysvgroups}, {@i_version}, {@noauto_da_alloc}]}, 0x21, 0x4ac, &(0x7f0000000700)="$eJzs3U9rHOcZAPBnRlpLtuVKbg39c6lru3XBeFerIoMLpS49tNAaSv0BXFVaq0IrrdCuXEkYan+FtrSGHkoI5JRLILmbEHJNLiHJIeSSUyAkxiEEctgwsytblrWSEstao/n9YJh5Z9b7vK+XeZ/VI+2+ARTW6Yi4HRFHIuIvETHaPZ90t7jS2bLHPbh/azrbkmi3r32a5Nezdmz6N5nj3eccjog//y7ir8mTcZtr6/NT9XptuduutBaWKs219YtzC1Oztdna4sT45OXJ6qVqtbpvY/3nFyPfP/P6lV/9/48vvvXSq6urWbdGutc2j2M/dYZeehgnMxgRf3gWwfpgoDueI/3uCN9KGhHfjYgz+f0/GgP5qwkAHGbt9mi0Rze3AYDDLs1rYEla7tYCRiJNy+VODe9UHEvrjWbrwo3GyuJMp1Y2FqX0xly9Nt6tFY5FKcna1fz4UXtiS/sXEXEyIv49dDRvl6cb9Zl+vvEBgAI7viX/fz7Uyf8AwCE33O8OAAAHTv4HgOKR/wGgeOR/ACge+R8Aikf+B4Dikf8BoFD+dPVqtrU3vv965ubaynzj5sWZWnO+vLAyXZ5uLC+VZxuN2fw7exZ2e756o7F0KRZXViutWrNVaa6tX19orCy2ruff6329VjqQUQEAOzn543vvJxFx+5dH8y02reUgV8Phlva7A0DfDPS7A0DfWO0LisvP+MA2S/Q+puefCN3d/74AB+P8D9X/oajU/6G41P+huNT/obja7cSa/wBQMGr8gN//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDc3km9JWu6uBT4SaVouR5yIiLEoJTfm6rXxiPhORLw3VBrK2tV+dxoAeErpx0l3/a/zo+dGtl49knw5lO8j4u//u/bf1alWa7manf/s4fnW3e75iX70HwDYzUae3sjjGx7cvzW9sR1kfz75TWdx0SfjD8Zgvh+OUkQce5B02x3Z+5WBfYh/+05E/GC7+EleGxnrrny6NX4W+8SBxk8fi5/m1zr77P/ie/vQFyiae9n8c2W7+y+N0/l++/t/OJ+hnl7v+S99OP8N9Jj/Tu91jG+O/r5n/DsRPxrcfv7ZiJ/0iH9uj/E/anzwr17X2i9EnN82/ySPxaq0FpYqzbX1i3MLU0O12drixPjk5cnqpWq1Wslr1JWNSvWTfv2fd/+x0/iP9Yg/vMv4f7rH8X/49m/f+MkO8X9+dvvX/9QO8bOc+LM9xn/57Gt/63Utiz/TY/y7vf4X9hj/3juvfLXHhwIAB6C5tj4/Va/Xlot4MPh8dMOBg+fvoN8zE/CsPbrp+90TAAAAAAAAAAAAAACglx0/BlTqPugpP07U5yECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwiH0dAAD//7Uj2Ds=") 00:16:44 executing program 1: r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1f00}, 0x8, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f00000002c0), 0x0) [ 1007.738898][ T2831] loop0: detected capacity change from 0 to 512 [ 1007.893587][ T2831] EXT4-fs: Mount option "i_version" will be removed by 5.20 [ 1007.893587][ T2831] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1007.893587][ T2831] [ 1007.897979][ T2831] EXT4-fs: Use iversion instead [ 1007.897979][ T2831] [ 1008.280234][ T2831] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. 00:16:47 executing program 1: r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1f00}, 0x8, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f00000002c0), 0x0) 00:16:51 executing program 1: r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1f00}, 0x8, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f00000002c0), 0x0) 00:16:52 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x261c0, 0x100) truncate(&(0x7f0000000240)='./file0\x00', 0x10023) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000280)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1014.737725][ T26] audit: type=1800 audit(1013.360:2): pid=2842 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="vda" ino=640 res=0 errno=0 [ 1014.959327][ T2842] fs-verity: sha512 using implementation "sha512-generic" 00:16:55 executing program 1: r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1f00}, 0x8, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f00000002c0), 0x0) 00:16:55 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x261c0, 0x100) truncate(&(0x7f0000000240)='./file0\x00', 0x10023) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000280)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1018.528692][ T26] audit: type=1800 audit(1017.160:3): pid=2847 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="vda" ino=644 res=0 errno=0 00:16:58 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$inet(r2, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000340)="9b7f", 0x2}], 0x1}, 0x0) 00:16:59 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x261c0, 0x100) truncate(&(0x7f0000000240)='./file0\x00', 0x10023) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000280)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1022.839174][ T26] audit: type=1800 audit(1021.430:4): pid=2851 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="vda" ino=644 res=0 errno=0 00:17:01 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$inet(r2, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000340)="9b7f", 0x2}], 0x1}, 0x0) 00:17:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x261c0, 0x100) truncate(&(0x7f0000000240)='./file0\x00', 0x10023) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000280)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 00:17:06 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$inet(r2, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000340)="9b7f", 0x2}], 0x1}, 0x0) [ 1028.360658][ T26] audit: type=1800 audit(1026.940:5): pid=2855 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="vda" ino=639 res=0 errno=0 00:17:11 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = fcntl$dupfd(r1, 0x0, r1) sendmsg$inet(r2, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000340)="9b7f", 0x2}], 0x1}, 0x0) 00:17:16 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlinkprop={0x20, 0x6c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x20}}, 0x0) 00:17:20 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000002100), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_INFO(r0, 0x40084146, &(0x7f0000000000)) 00:17:20 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlinkprop={0x20, 0x6c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x20}}, 0x0) 00:17:22 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000002100), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_INFO(r0, 0x40084146, &(0x7f0000000000)) 00:17:24 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlinkprop={0x20, 0x6c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x20}}, 0x0) 00:17:25 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000002100), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_INFO(r0, 0x40084146, &(0x7f0000000000)) 00:17:25 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newlinkprop={0x20, 0x6c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x20}}, 0x0) 00:17:29 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000002100), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_INFO(r0, 0x40084146, &(0x7f0000000000)) 00:17:29 executing program 0: r0 = syz_io_uring_setup(0x369c, &(0x7f0000000540), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x8, &(0x7f0000000000), 0x1000000) 00:17:32 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6erspan0\x00', 0x1}) r1 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)=r2) 00:17:32 executing program 0: r0 = syz_io_uring_setup(0x369c, &(0x7f0000000540), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x8, &(0x7f0000000000), 0x1000000) 00:17:35 executing program 0: r0 = syz_io_uring_setup(0x369c, &(0x7f0000000540), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x8, &(0x7f0000000000), 0x1000000) 00:17:37 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6erspan0\x00', 0x1}) r1 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)=r2) 00:17:39 executing program 0: r0 = syz_io_uring_setup(0x369c, &(0x7f0000000540), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x8, &(0x7f0000000000), 0x1000000) 00:17:41 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6erspan0\x00', 0x1}) r1 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)=r2) 00:17:43 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6erspan0\x00', 0x1}) r1 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)=r2) 00:17:46 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6erspan0\x00', 0x1}) r1 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)=r2) 00:17:47 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6erspan0\x00', 0x1}) r1 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)=r2) 00:17:52 executing program 1: r0 = syz_io_uring_setup(0x369c, &(0x7f0000000540), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x8, &(0x7f0000000000), 0x1000000) 00:17:52 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'ip6erspan0\x00', 0x1}) r1 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000)=r2) 00:17:55 executing program 1: r0 = syz_io_uring_setup(0x369c, &(0x7f0000000540), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x8, &(0x7f0000000000), 0x1000000) 00:17:59 executing program 1: r0 = syz_io_uring_setup(0x369c, &(0x7f0000000540), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f00000005c0), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x8, &(0x7f0000000000), 0x1000000) 00:18:00 executing program 0: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x2, &(0x7f0000002140)={{0x1, 0xffffffffffffffff, 0xee00, 0xee00, 0xee00}}) 00:18:02 executing program 0: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x2, &(0x7f0000002140)={{0x1, 0xffffffffffffffff, 0xee00, 0xee00, 0xee00}}) 00:18:05 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) 00:18:05 executing program 0: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x2, &(0x7f0000002140)={{0x1, 0xffffffffffffffff, 0xee00, 0xee00, 0xee00}}) 00:18:07 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) 00:18:08 executing program 0: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x2, &(0x7f0000002140)={{0x1, 0xffffffffffffffff, 0xee00, 0xee00, 0xee00}}) 00:18:10 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) 00:18:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000040c0)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x44354b40}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}]}, 0x38}}, 0x0) 00:18:13 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) 00:18:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000040c0)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x44354b40}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}]}, 0x38}}, 0x0) 00:18:17 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$dsp(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 00:18:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000040c0)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x44354b40}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}]}, 0x38}}, 0x0) 00:18:19 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$dsp(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 00:18:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000040c0)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x44354b40}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}]}, 0x38}}, 0x0) 00:18:22 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$dsp(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 00:18:27 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$dsp(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 00:18:28 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$dsp(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 00:18:31 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$dsp(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 00:18:34 executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 00:18:36 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mmap$dsp(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) 00:18:38 executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 00:18:42 executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 00:18:42 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 00:18:44 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 00:18:44 executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 00:18:47 executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/pid_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb702, 0x0) 00:18:47 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:18:51 executing program 0: r0 = epoll_create1(0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0xd3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)) 00:18:55 executing program 0: r0 = epoll_create1(0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0xd3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)) 00:18:56 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:18:57 executing program 0: r0 = epoll_create1(0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0xd3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)) 00:19:02 executing program 0: r0 = epoll_create1(0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0xd3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)) 00:19:05 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:05 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:14 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:15 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:23 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:24 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) [ 1174.845008][ C1] hrtimer: interrupt took 1809700 ns 00:19:34 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:36 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:46 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:48 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:56 executing program 1: r0 = epoll_create1(0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0xd3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)) 00:19:57 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @empty}], 0x10) sendto$inet(r0, &(0x7f0000000100)='=', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140), 0x200000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={0x0, 0x5, 0x5}, 0x8) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10) r4 = accept4$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, &(0x7f00000002c0)=0x10, 0x80800) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x874c9b583d4ffbe1, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {r5}}, './file0\x00'}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000200)={0x0, 0x4}, &(0x7f0000000240)=0x8) 00:19:58 executing program 1: r0 = epoll_create1(0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0xd3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)) 00:20:03 executing program 1: r0 = epoll_create1(0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0xd3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)) 00:20:07 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000014c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 00:20:07 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x16, 0x0, 0xfb, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000100)={r0, 0x0, 0x0}, 0x20) 00:20:08 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000014c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 00:20:10 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x16, 0x0, 0xfb, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000100)={r0, 0x0, 0x0}, 0x20) 00:20:11 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000014c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 00:20:12 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x16, 0x0, 0xfb, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000100)={r0, 0x0, 0x0}, 0x20) 00:20:13 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000014c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 00:20:15 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x16, 0x0, 0xfb, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f0000000100)={r0, 0x0, 0x0}, 0x20) 00:20:16 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_buf(r0, 0x1, 0x28, 0x0, &(0x7f0000000140)) 00:20:18 executing program 1: landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x1000000) 00:20:20 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_buf(r0, 0x1, 0x28, 0x0, &(0x7f0000000140)) 00:20:21 executing program 1: landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x1000000) 00:20:22 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_buf(r0, 0x1, 0x28, 0x0, &(0x7f0000000140)) 00:20:24 executing program 1: landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x1000000) 00:20:26 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_buf(r0, 0x1, 0x28, 0x0, &(0x7f0000000140)) 00:20:28 executing program 1: landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x1000000) 00:20:31 executing program 0: semtimedop(0x0, 0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x4, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0xfff7}, {}], 0x2, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xffff}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7}], 0x1, 0x0) 00:20:33 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xca}}, 0x1c}}, 0x0) 00:20:38 executing program 0: semtimedop(0x0, 0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x4, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0xfff7}, {}], 0x2, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xffff}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7}], 0x1, 0x0) 00:20:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xca}}, 0x1c}}, 0x0) 00:20:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xca}}, 0x1c}}, 0x0) 00:20:43 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv6_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0xa, 0xca}}, 0x1c}}, 0x0) 00:20:44 executing program 0: semtimedop(0x0, 0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x4, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0xfff7}, {}], 0x2, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xffff}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7}], 0x1, 0x0) 00:20:47 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2d8, 0xffffffff, 0xffffffff, 0x2d8, 0xffffffff, 0x3, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0x0, 'veth0_virt_wifi\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1b8, 0x200, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x7, 0x4, 0x0, 'syz0\x00'}}, @common=@osf={{0x50}, {'syz1\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@local, @remote, 0x0, 0x0, 'tunl0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0) [ 1250.030658][ T3146] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD 00:20:49 executing program 0: semtimedop(0x0, 0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x4, 0x0) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0xfff7}, {}], 0x2, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xffff}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000100)=[{0x0, 0x7}], 0x1, 0x0) 00:20:49 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2d8, 0xffffffff, 0xffffffff, 0x2d8, 0xffffffff, 0x3, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0x0, 'veth0_virt_wifi\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1b8, 0x200, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x7, 0x4, 0x0, 'syz0\x00'}}, @common=@osf={{0x50}, {'syz1\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@local, @remote, 0x0, 0x0, 'tunl0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0) [ 1252.657441][ T3150] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD 00:20:52 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2d8, 0xffffffff, 0xffffffff, 0x2d8, 0xffffffff, 0x3, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0x0, 'veth0_virt_wifi\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1b8, 0x200, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x7, 0x4, 0x0, 'syz0\x00'}}, @common=@osf={{0x50}, {'syz1\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@local, @remote, 0x0, 0x0, 'tunl0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0) [ 1255.362876][ T3154] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD 00:20:54 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout_data(r0, 0x107, 0x13, 0x0, 0x0) 00:20:55 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2d8, 0xffffffff, 0xffffffff, 0x2d8, 0xffffffff, 0x3, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0x0, 'veth0_virt_wifi\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1b8, 0x200, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x7, 0x4, 0x0, 'syz0\x00'}}, @common=@osf={{0x50}, {'syz1\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@local, @remote, 0x0, 0x0, 'tunl0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0) [ 1258.006588][ T3158] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD 00:20:56 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout_data(r0, 0x107, 0x13, 0x0, 0x0) 00:20:59 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x8, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:20:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout_data(r0, 0x107, 0x13, 0x0, 0x0) 00:21:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x8, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:21:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout_data(r0, 0x107, 0x13, 0x0, 0x0) 00:21:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x8, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:21:05 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0xd}]}]}]}, 0x34}}, 0x0) 00:21:06 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x8, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78) 00:21:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0xd}]}]}]}, 0x34}}, 0x0) 00:21:11 executing program 1: setreuid(0xee00, 0x0) r0 = syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x95) setreuid(0x0, 0x0) r1 = gettid() kcmp(r0, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 00:21:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0xd}]}]}]}, 0x34}}, 0x0) 00:21:13 executing program 1: setreuid(0xee00, 0x0) r0 = syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x95) setreuid(0x0, 0x0) r1 = gettid() kcmp(r0, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 00:21:14 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@setlink={0x34, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0xd}]}]}]}, 0x34}}, 0x0) 00:21:18 executing program 0: setreuid(0xee00, 0x0) r0 = syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x95) setreuid(0x0, 0x0) r1 = gettid() kcmp(r0, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 00:21:18 executing program 1: setreuid(0xee00, 0x0) r0 = syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x95) setreuid(0x0, 0x0) r1 = gettid() kcmp(r0, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 00:21:20 executing program 0: setreuid(0xee00, 0x0) r0 = syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x95) setreuid(0x0, 0x0) r1 = gettid() kcmp(r0, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 00:21:21 executing program 1: setreuid(0xee00, 0x0) r0 = syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x95) setreuid(0x0, 0x0) r1 = gettid() kcmp(r0, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 00:21:25 executing program 0: setreuid(0xee00, 0x0) r0 = syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x95) setreuid(0x0, 0x0) r1 = gettid() kcmp(r0, r1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 00:21:26 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0xf00}}, [], {0x14}}, 0x28}}, 0x0) 00:21:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0xf00}}, [], {0x14}}, 0x28}}, 0x0) 00:21:30 executing program 0: mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x5) mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) 00:21:32 executing program 0: mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x5) mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) 00:21:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0xf00}}, [], {0x14}}, 0x28}}, 0x0) 00:21:35 executing program 0: mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x5) mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) 00:21:35 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0xf00}}, [], {0x14}}, 0x28}}, 0x0) 00:21:37 executing program 0: mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x5) mlock2(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) 00:21:39 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = dup(r0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x401, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x6258}]}, 0x24}}, 0x0) 00:21:41 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000040)) 00:21:42 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = dup(r0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x401, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x6258}]}, 0x24}}, 0x0) 00:21:43 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000040)) 00:21:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = dup(r0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x401, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x6258}]}, 0x24}}, 0x0) 00:21:45 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000040)) 00:21:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = dup(r0) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x401, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x6258}]}, 0x24}}, 0x0) 00:21:48 executing program 0: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000040)) 00:21:51 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000040)) 00:21:51 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x24, 0x2, 0x0, 0x1, {{0x8}, {0x8}, [@IFLA_GTP_FD1={0x8, 0x2, r1}, @IFLA_GTP_FD0={0x8, 0x1, r1}]}}}}]}, 0x50}}, 0x0) 00:21:53 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x24, 0x2, 0x0, 0x1, {{0x8}, {0x8}, [@IFLA_GTP_FD1={0x8, 0x2, r1}, @IFLA_GTP_FD0={0x8, 0x1, r1}]}}}}]}, 0x50}}, 0x0) 00:21:53 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000040)) 00:21:56 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x24, 0x2, 0x0, 0x1, {{0x8}, {0x8}, [@IFLA_GTP_FD1={0x8, 0x2, r1}, @IFLA_GTP_FD0={0x8, 0x1, r1}]}}}}]}, 0x50}}, 0x0) 00:21:58 executing program 1: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, &(0x7f0000000040)) 00:22:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x24, 0x2, 0x0, 0x1, {{0x8}, {0x8}, [@IFLA_GTP_FD1={0x8, 0x2, r1}, @IFLA_GTP_FD0={0x8, 0x1, r1}]}}}}]}, 0x50}}, 0x0) 00:22:04 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000240)=0x49de6714, 0x4) sendto$inet(r0, &(0x7f0000000200)='u', 0xffec, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) 00:22:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1b) close_range(r0, 0xffffffffffffffff, 0x0) 00:22:09 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000240)=0x49de6714, 0x4) sendto$inet(r0, &(0x7f0000000200)='u', 0xffec, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) 00:22:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1b) close_range(r0, 0xffffffffffffffff, 0x0) 00:22:13 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000240)=0x49de6714, 0x4) sendto$inet(r0, &(0x7f0000000200)='u', 0xffec, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) 00:22:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1b) close_range(r0, 0xffffffffffffffff, 0x0) 00:22:16 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000240)=0x49de6714, 0x4) sendto$inet(r0, &(0x7f0000000200)='u', 0xffec, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) 00:22:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1b) close_range(r0, 0xffffffffffffffff, 0x0) 00:22:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1b) close_range(r0, 0xffffffffffffffff, 0x0) 00:22:26 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000240)=0x49de6714, 0x4) sendto$inet(r0, &(0x7f0000000200)='u', 0xffec, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) 00:22:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1b) close_range(r0, 0xffffffffffffffff, 0x0) 00:22:30 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000240)=0x49de6714, 0x4) sendto$inet(r0, &(0x7f0000000200)='u', 0xffec, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) 00:22:35 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1b) close_range(r0, 0xffffffffffffffff, 0x0) 00:22:36 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000240)=0x49de6714, 0x4) sendto$inet(r0, &(0x7f0000000200)='u', 0xffec, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10) 00:22:42 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:22:42 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5504, 0x0) 00:22:44 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:22:45 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5504, 0x0) 00:22:47 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5504, 0x0) 00:22:48 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:22:50 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5504, 0x0) 00:22:51 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:22:53 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:22:55 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:22:56 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:22:57 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:22:59 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:23:00 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000009c0), r0) sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a00)={0x24, r2, 0x1, 0x0, 0x0, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_LLC_PARAM_RW={0x5}]}, 0x24}}, 0x0) 00:23:03 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:23:07 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000140)=0x1, 0x4) 00:23:10 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000140)=0x1, 0x4) 00:23:13 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:23:14 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000140)=0x1, 0x4) 00:23:16 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000140)=0x1, 0x4) 00:23:19 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) [ 1401.054199][ T3332] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1401.065278][ T3332] [ 1401.065861][ T3332] ====================================================== [ 1401.066603][ T3332] WARNING: possible circular locking dependency detected [ 1401.067389][ T3332] 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Not tainted [ 1401.068273][ T3332] ------------------------------------------------------ [ 1401.069006][ T3332] syz-executor.0/3332 is trying to acquire lock: [ 1401.071184][ T3332] ffffffff84fc0408 (nci_mutex){+.+.}-{3:3}, at: virtual_nci_close+0x28/0x58 [ 1401.074048][ T3332] [ 1401.074048][ T3332] but task is already holding lock: [ 1401.075233][ T3332] ffffaf8012b57350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 1401.077099][ T3332] [ 1401.077099][ T3332] which lock already depends on the new lock. [ 1401.077099][ T3332] [ 1401.078032][ T3332] [ 1401.078032][ T3332] the existing dependency chain (in reverse order) is: [ 1401.078699][ T3332] [ 1401.078699][ T3332] -> #3 (&ndev->req_lock){+.+.}-{3:3}: [ 1401.079856][ T3332] lock_acquire.part.0+0x1d0/0x424 [ 1401.080687][ T3332] lock_acquire+0x54/0x6a [ 1401.081388][ T3332] __mutex_lock+0x114/0xade [ 1401.082091][ T3332] mutex_lock_nested+0x14/0x1c [ 1401.082925][ T3332] nci_start_poll+0x4de/0x6b8 [ 1401.083753][ T3332] nfc_start_poll+0x10c/0x1e8 [ 1401.084905][ T3332] nfc_genl_start_poll+0xfe/0x252 [ 1401.086174][ T3332] genl_family_rcv_msg_doit+0x19a/0x23c [ 1401.087009][ T3332] genl_rcv_msg+0x236/0x3ba [ 1401.087842][ T3332] netlink_rcv_skb+0xf8/0x2be [ 1401.088755][ T3332] genl_rcv+0x36/0x4c [ 1401.089675][ T3332] netlink_unicast+0x40e/0x5fe [ 1401.090613][ T3332] netlink_sendmsg+0x4e0/0x994 [ 1401.091319][ T3332] sock_sendmsg+0xa0/0xc4 [ 1401.092066][ T3332] ____sys_sendmsg+0x46e/0x484 [ 1401.092957][ T3332] ___sys_sendmsg+0x16c/0x1f6 [ 1401.093960][ T3332] __sys_sendmsg+0xba/0x150 [ 1401.095183][ T3332] sys_sendmsg+0x2c/0x3a [ 1401.095974][ T3332] ret_from_syscall+0x0/0x2 [ 1401.096670][ T3332] [ 1401.096670][ T3332] -> #2 (&genl_data->genl_data_mutex){+.+.}-{3:3}: [ 1401.098020][ T3332] lock_acquire.part.0+0x1d0/0x424 [ 1401.098988][ T3332] lock_acquire+0x54/0x6a [ 1401.099646][ T3332] __mutex_lock+0x114/0xade [ 1401.100320][ T3332] mutex_lock_nested+0x14/0x1c [ 1401.100974][ T3332] nfc_urelease_event_work+0x126/0x218 [ 1401.101823][ T3332] process_one_work+0x654/0xffe [ 1401.102908][ T3332] worker_thread+0x360/0x8fa [ 1401.103890][ T3332] kthread+0x19e/0x1fa [ 1401.105457][ T3332] ret_from_exception+0x0/0x10 [ 1401.106633][ T3332] [ 1401.106633][ T3332] -> #1 (nfc_devlist_mutex){+.+.}-{3:3}: [ 1401.108317][ T3332] lock_acquire.part.0+0x1d0/0x424 [ 1401.109412][ T3332] lock_acquire+0x54/0x6a [ 1401.110429][ T3332] __mutex_lock+0x114/0xade [ 1401.111330][ T3332] mutex_lock_nested+0x14/0x1c [ 1401.112243][ T3332] nfc_register_device+0x44/0x29e [ 1401.113408][ T3332] nci_register_device+0x538/0x612 [ 1401.114950][ T3332] virtual_ncidev_open+0x82/0x12c [ 1401.116246][ T3332] misc_open+0x272/0x2c8 [ 1401.117215][ T3332] chrdev_open+0x1d4/0x478 [ 1401.117857][ T3332] do_dentry_open+0x2a4/0x7d4 [ 1401.118911][ T3332] vfs_open+0x52/0x5e [ 1401.119628][ T3332] path_openat+0x12b6/0x189e [ 1401.120626][ T3332] do_filp_open+0x10e/0x22a [ 1401.121342][ T3332] do_sys_openat2+0x174/0x31e [ 1401.122237][ T3332] sys_openat+0xdc/0x164 [ 1401.123245][ T3332] ret_from_syscall+0x0/0x2 [ 1401.124698][ T3332] [ 1401.124698][ T3332] -> #0 (nci_mutex){+.+.}-{3:3}: [ 1401.126075][ T3332] check_noncircular+0x1de/0x1fe [ 1401.127014][ T3332] __lock_acquire+0x19a4/0x333e [ 1401.127908][ T3332] lock_acquire.part.0+0x1d0/0x424 [ 1401.128809][ T3332] lock_acquire+0x54/0x6a [ 1401.129713][ T3332] __mutex_lock+0x114/0xade [ 1401.130505][ T3332] mutex_lock_nested+0x14/0x1c [ 1401.131543][ T3332] virtual_nci_close+0x28/0x58 [ 1401.132344][ T3332] nci_close_device+0x12e/0x1de [ 1401.133451][ T3332] nci_unregister_device+0x34/0x182 [ 1401.134767][ T3332] virtual_ncidev_close+0x9c/0xbc [ 1401.136056][ T3332] __fput+0x164/0x502 [ 1401.136883][ T3332] ____fput+0x1a/0x24 [ 1401.137529][ T3332] task_work_run+0xdc/0x154 [ 1401.138509][ T3332] get_signal+0xc0c/0x1754 [ 1401.139200][ T3332] do_notify_resume+0x11a/0xa56 [ 1401.140297][ T3332] ret_from_exception+0x0/0x10 [ 1401.141097][ T3332] [ 1401.141097][ T3332] other info that might help us debug this: [ 1401.141097][ T3332] [ 1401.142245][ T3332] Chain exists of: [ 1401.142245][ T3332] nci_mutex --> &genl_data->genl_data_mutex --> &ndev->req_lock [ 1401.142245][ T3332] [ 1401.145259][ T3332] Possible unsafe locking scenario: [ 1401.145259][ T3332] [ 1401.145899][ T3332] CPU0 CPU1 [ 1401.147146][ T3332] ---- ---- [ 1401.147760][ T3332] lock(&ndev->req_lock); [ 1401.148730][ T3332] lock(&genl_data->genl_data_mutex); [ 1401.149655][ T3332] lock(&ndev->req_lock); [ 1401.150801][ T3332] lock(nci_mutex); [ 1401.151518][ T3332] [ 1401.151518][ T3332] *** DEADLOCK *** [ 1401.151518][ T3332] [ 1401.152378][ T3332] 1 lock held by syz-executor.0/3332: [ 1401.153217][ T3332] #0: ffffaf8012b57350 (&ndev->req_lock){+.+.}-{3:3}, at: nci_close_device+0x52/0x1de [ 1401.155644][ T3332] [ 1401.155644][ T3332] stack backtrace: [ 1401.156702][ T3332] CPU: 0 PID: 3332 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1401.157783][ T3332] Hardware name: riscv-virtio,qemu (DT) [ 1401.158896][ T3332] Call Trace: [ 1401.159486][ T3332] [] dump_backtrace+0x2e/0x3c [ 1401.160593][ T3332] [] show_stack+0x34/0x40 [ 1401.161450][ T3332] [] dump_stack_lvl+0xe4/0x150 [ 1401.162554][ T3332] [] dump_stack+0x1c/0x24 [ 1401.163811][ T3332] [] print_circular_bug+0x34e/0x3d8 [ 1401.165389][ T3332] [] check_noncircular+0x1de/0x1fe [ 1401.166556][ T3332] [] __lock_acquire+0x19a4/0x333e [ 1401.167317][ T3332] [] lock_acquire.part.0+0x1d0/0x424 [ 1401.168577][ T3332] [] lock_acquire+0x54/0x6a [ 1401.169324][ T3332] [] __mutex_lock+0x114/0xade [ 1401.170525][ T3332] [] mutex_lock_nested+0x14/0x1c [ 1401.171366][ T3332] [] virtual_nci_close+0x28/0x58 [ 1401.172587][ T3332] [] nci_close_device+0x12e/0x1de [ 1401.173708][ T3332] [] nci_unregister_device+0x34/0x182 [ 1401.175643][ T3332] [] virtual_ncidev_close+0x9c/0xbc [ 1401.176899][ T3332] [] __fput+0x164/0x502 [ 1401.177936][ T3332] [] ____fput+0x1a/0x24 [ 1401.178931][ T3332] [] task_work_run+0xdc/0x154 [ 1401.180134][ T3332] [] get_signal+0xc0c/0x1754 [ 1401.181119][ T3332] [] do_notify_resume+0x11a/0xa56 [ 1401.181858][ T3332] [] ret_from_exception+0x0/0x10 00:23:20 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:23:22 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:23:24 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) [ 1408.635697][ T3341] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:23:27 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:23:27 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:23:29 executing program 1: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:23:30 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000140)=0x1, 0x4) 00:23:31 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000140)=0x1, 0x4) [ 1416.396960][ T3366] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:23:35 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000140)=0x1, 0x4) 00:23:35 executing program 0: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) read$nci(r0, &(0x7f0000000200)=""/100, 0x64) write$nci(r0, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6) read$nci(r0, &(0x7f00000002c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14) read$nci(r0, &(0x7f0000000380)=""/100, 0x64) write$nci(r0, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4) sendmsg$NFC_CMD_START_POLL(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0) read$nci(r0, &(0x7f0000000500)=""/100, 0x64) write$nci(r0, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f00000005c0)=""/100, 0x64) write$nci(r0, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5) read$nci(r0, &(0x7f0000000680)=""/100, 0x64) write$nci(r0, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4) write$nci(r0, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa) sendmsg$NFC_CMD_ACTIVATE_TARGET(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) read$nci(r0, &(0x7f0000000840)=""/100, 0x64) write$nci(r0, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7) 00:23:36 executing program 1: syz_usb_connect$uac1(0x0, 0x8b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201ac82000000106b1d01014000010203010902790003016050000904000000010100000a24010800000201020c24e10400000271ff7f000309040101010102000009050109000000a800072501810000000904020000010200000904020101010200000e2402010303083f5a60dcc0886409058209"], &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa}, 0x0, 0x0}) [ 1418.676019][ T3282] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1418.925819][ T3282] usb 2-1: Using ep0 maxpacket: 16 [ 1419.086278][ T3282] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1419.166841][ T3282] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1419.168938][ T3282] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1419.170093][ T3282] usb 2-1: config 1 has no interface number 1 [ 1419.171459][ T3282] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1419.173101][ T3282] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1419.368087][ T3282] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1419.369600][ T3282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1419.370780][ T3282] usb 2-1: Product: syz [ 1419.371643][ T3282] usb 2-1: Manufacturer: syz [ 1419.372858][ T3282] usb 2-1: SerialNumber: syz [ 1420.130515][ T3282] usb 2-1: USB disconnect, device number 2 00:23:40 executing program 1: syz_usb_connect$uac1(0x0, 0x8b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201ac82000000106b1d01014000010203010902790003016050000904000000010100000a24010800000201020c24e10400000271ff7f000309040101010102000009050109000000a800072501810000000904020000010200000904020101010200000e2402010303083f5a60dcc0886409058209"], &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa}, 0x0, 0x0}) [ 1422.576108][ T2804] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1422.856212][ T2804] usb 2-1: Using ep0 maxpacket: 16 [ 1423.037019][ T2804] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1423.117362][ T2804] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1423.118841][ T2804] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1423.121194][ T2804] usb 2-1: config 1 has no interface number 1 [ 1423.123003][ T2804] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1423.127192][ T2804] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1423.286791][ T2804] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1423.288337][ T2804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1423.289465][ T2804] usb 2-1: Product: syz [ 1423.290244][ T2804] usb 2-1: Manufacturer: syz [ 1423.291330][ T2804] usb 2-1: SerialNumber: syz [ 1424.093399][ T2804] usb 2-1: USB disconnect, device number 3 [ 1424.636528][ T3386] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 00:23:44 executing program 0: syz_usb_connect$uac1(0x0, 0x8b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201ac82000000106b1d01014000010203010902790003016050000904000000010100000a24010800000201020c24e10400000271ff7f000309040101010102000009050109000000a800072501810000000904020000010200000904020101010200000e2402010303083f5a60dcc0886409058209"], &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa}, 0x0, 0x0}) 00:23:44 executing program 1: syz_usb_connect$uac1(0x0, 0x8b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201ac82000000106b1d01014000010203010902790003016050000904000000010100000a24010800000201020c24e10400000271ff7f000309040101010102000009050109000000a800072501810000000904020000010200000904020101010200000e2402010303083f5a60dcc0886409058209"], &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa}, 0x0, 0x0}) [ 1426.285905][ T2804] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1426.547963][ T2804] usb 1-1: Using ep0 maxpacket: 16 [ 1426.706880][ T2804] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1426.796534][ T2804] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1426.798071][ T2804] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1426.799339][ T2804] usb 1-1: config 1 has no interface number 1 [ 1426.800628][ T2804] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1426.801828][ T2804] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1426.986823][ T2804] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1426.988360][ T2804] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1426.989484][ T2804] usb 1-1: Product: syz [ 1426.990690][ T2804] usb 1-1: Manufacturer: syz [ 1426.991653][ T2804] usb 1-1: SerialNumber: syz [ 1427.035601][ T3267] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1427.326201][ T3267] usb 2-1: Using ep0 maxpacket: 16 [ 1427.486229][ T3267] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1427.587087][ T3267] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1427.588759][ T3267] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1427.590580][ T3267] usb 2-1: config 1 has no interface number 1 [ 1427.591922][ T3267] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1427.594051][ T3267] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1427.776772][ T3267] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1427.778663][ T3267] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1427.779870][ T3267] usb 2-1: Product: syz [ 1427.780980][ T3267] usb 2-1: Manufacturer: syz [ 1427.782191][ T3267] usb 2-1: SerialNumber: syz [ 1427.876171][ T2804] usb 1-1: USB disconnect, device number 2 [ 1428.966108][ T3267] usb 2-1: USB disconnect, device number 4 00:23:49 executing program 0: syz_usb_connect$uac1(0x0, 0x8b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201ac82000000106b1d01014000010203010902790003016050000904000000010100000a24010800000201020c24e10400000271ff7f000309040101010102000009050109000000a800072501810000000904020000010200000904020101010200000e2402010303083f5a60dcc0886409058209"], &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa}, 0x0, 0x0}) 00:23:49 executing program 1: syz_usb_connect$uac1(0x0, 0x8b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201ac82000000106b1d01014000010203010902790003016050000904000000010100000a24010800000201020c24e10400000271ff7f000309040101010102000009050109000000a800072501810000000904020000010200000904020101010200000e2402010303083f5a60dcc0886409058209"], &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa}, 0x0, 0x0}) VM DIAGNOSIS: 05:32:21 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff801139b8 sepc 000000000005547c mcause 8000000000000007 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf8024356e80 x3/gp ffffffff85863ac0 x4/tp ffffaf800ef2b080 x5/t0 ffffffff86bcb657 x6/t1 fffffffef0d796ca x7/t2 0000000000000000 x8/s0 ffffaf8024356eb0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff86bcb656 x18/s2 ffff8f800066c001 x19/s3 0000000000000005 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb686 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 0000000000000073 x29/t4 fffffffef0d796c8 x30/t5 fffffffef0d796cb x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8053d90e mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 000000000003b08a mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff805384d0 x2/sp ffffaf8012a93270 x3/gp ffffffff85863ac0 x4/tp ffffaf8009b0c8c0 x5/t0 fffff5ef00fb36ac x6/t1 fffff5ef024886bf x7/t2 00007fffd70541f5 x8/s0 ffffaf8012a93290 x9/s1 ffffaf800e2280b8 x10/a0 ffffaf800e2280c0 x11/a1 0000000000000003 x12/a2 1ffff5f001361918 x13/a3 ffffffff8053f2d0 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffaf80124435ff x18/s2 ffffaf8009b0c8c0 x19/s3 ffffaf800e228060 x20/s4 ffffffff8588a420 x21/s5 0000000000000000 x22/s6 0000000000000000 x23/s7 000000010001ad92 x24/s8 ffffaf80124434d8 x25/s9 0000000000000003 x26/s10 ffffaf800be30054 x27/s11 ffffaf800be32000 x28/t3 0000000004000000 x29/t4 fffff5ef024886bf x30/t5 fffff5ef024886c0 x31/t6 fffffffff204f201 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000