last executing test programs: 10.989587662s ago: executing program 4 (id=2118): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed00", 0x10, 0x3a, 0xff, @remote={0xfe, 0xc0}, @mcast2, {[], @ndisc_ra}}}}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) 10.804674907s ago: executing program 4 (id=2121): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$sock_int(r3, 0x1, 0x2e, 0x0, &(0x7f0000004500)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r4, &(0x7f0000000000)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000010000000853a6e1d127e5d5292f3b9e67925d96d34b70244f25560e8a01161d39c2fd200ad0f9fe1a4903b6bdad0aca2777873287cad6c24404fe323db091f3913431ce0858a5ecc0bc481c4d31ac1cb548f19d5596e87dc3f3cec115a8c7d16540fbbfd3e5c2b33fe0a15100bb12af"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$sock_SIOCGIFBR(r8, 0x8940, &(0x7f0000000000)=@generic={0x1, 0xfffffffffffffffd}) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x10020f58, 0x0, [{0x0, 0x0, 0x4}, {}, {0x0, 0x4}, {}, {}, {0x0, 0x8}, {0x0, 0xb, 0xff}, {0x0, 0xfe}, {0x0, 0x80, 0x5}, {}, {0x0, 0x0, 0x8f, '\x00', 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x1}, {}, {}, {}, {0x0, 0xfe, 0x0, '\x00', 0x8}, {}, {0x0, 0xa, 0x0, '\x00', 0x20}, {0x0, 0x0, 0x0, '\x00', 0x46}, {0x0, 0x7}, {0x0, 0x0, 0x0, '\x00', 0x5}, {0x0, 0x0, 0x0, '\x00', 0x20}, {0x0, 0x0, 0x2}]}}) ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f00000000c0)={0x8, 0x80}) r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) pwritev2(r9, &(0x7f00000006c0)=[{&(0x7f0000000080)='7', 0x1}], 0x1, 0x6e45, 0x0, 0x0) 10.002496504s ago: executing program 1 (id=2124): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd28710000000000000109022400010000000009040100010300000009210200000122050009058103"], 0x0) syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x21e, &(0x7f00000005c0)="$eJzsmL9vEzEUx792LpcEEIKlAwsDlSiCJs1l6RJBkZCYEFLLrwkielQlaYPSQ6KREKpYWGBjQGJh4B9g6NCJgY1/AAkGQEJiIAMDC4vRs30Xt9dw0VGmvs9gfe337Of34ntDwDDMvuXrl1+fn56fXTgD4BAmUbLr3wuAEEZLx//Ti/unnzcvvHzz8fW71cMPt3aeR1uU2r5Q/kt8D8DbuQIeJZGS3b9JTNrJAmSir0DilNXXIFC1+hYkrlodQuCG1Xcd3SX/avXOcies3u52FknM0FCnIaChsfN+gw2BRTtXSinh2NfW++1WpxP2HOFZ2y6mXCIJ1p5I1a8IH4M5iaZzP6ri9SePN2ge12bGqV8dEnWbRAMC83Z9FqW4NqYkTv7HvOH5hVT+u2ZLrmTISrJsRPPnnhSLhA8jjk7nO2eK0jmXNh1Bnvtg+64ihiaq5N6kPPLpaOFlv8Wz9gfNEevSuFk8qwD4T5m6IlcWsZgYbL1Pm75lbVciO4QY//2Ux71z/CHmr1gF/bb8l4qNutiHTdM/1CuBk05/8pz+UYtW7tXW1vvTyyutpXApXA2CRumgselGVNNjqu8N+3NF96cDzvnFEb6+9PGgFUW9uhl94aOCKOoFeh44n838ZvfHTbstwkUAJ8yE2qafnFhIxRC+8ZHal9RU2olhGIZhGIZhGIZhGIZhGCYXxyH0v6AZBJe1958AAAD//wDHYZU=") lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000400)=@known='system.posix_acl_default\x00', 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x0, 0xd, 0x5, {0x5, 0x22, "4a20ee"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000700)={0x24, 0x0, &(0x7f0000000580)={0x0, 0x3, 0xd, @string={0xd, 0x3, "48abd1c171855e761978a9"}}, 0x0, 0x0}, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r3}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_PROTOCOL={0x5}]}}}]}, 0x50}}, 0x0) 9.147697346s ago: executing program 4 (id=2127): setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000003600)={&(0x7f0000000080)=@id, 0x10, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000002700)=""/22, 0x16}}], 0x1, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {0x8}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x5, 'broadcast-link\x00'}]}]}, 0x2c}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x50, r1, 0x42c, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xbaf3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4084005) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r4, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f00000004c0)=""/78, &(0x7f0000000400)=0x4e) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r4, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000740)={0x0, @can={0x1d, r4}, @l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, 0x3}, @ethernet={0x1}, 0x0, 0x0, 0x0, 0x0, 0x107, &(0x7f0000000700)='pim6reg1\x00', 0x3, 0x1, 0x9}) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r7, 0x40000}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r1, @ANYBLOB="00042dbd7000fddbdf250c0000002c000380080002003f000000080003000400000008000300000000800800030008000000080002000500000025bb0cb8000580140002800800020001000000080004000600000008000100657468003c000280080002000700000008000100140000000800010017000000080001001f0000000800020002000000080002000700000008000100100000000c000280080001000000000007000100696200002400028008000400ff00000008000400040000000800020006680000080001001100000008000100756470001c000280080004000100000008000200010000000800030009"], 0xf8}, 0x1, 0x0, 0x0, 0x8800}, 0x10) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000280)={r8, 0x0, r9}) 8.758846608s ago: executing program 4 (id=2130): gettid() socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) lstat(0x0, &(0x7f0000001c80)) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, 0x0, 0x0) ioctl$PPPOEIOCSFWD(r2, 0x4008b100, 0x0) 8.198508585s ago: executing program 2 (id=2134): syz_mount_image$msdos(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000380), 0x1, 0x2c4, &(0x7f00000003c0)="$eJzs3T1rW1ccBvBT1bWLi1+mQrv00C7tcnHdL1ARbDARJDhWSDIErvF1IqRIRlcQyWTwniVzxowmY7ZAyBfwB8iezUvw5CkKlhy/xSFDkC/Gvx+I88CD4BzEFf/lcnbvPHtUX8+T9bQTSv/HUAohlPZDmB2koR8O19Igj4eTtsI/7148f3rr7r3r5UplYTnGxfLKf/Mxxuk/3jx+8vLPt51fbr+afj0Rdmbv736Yf7/z685vux9XHtbyWMtjs9WJaVxttTrpaiOLa7W8nsR4s5GleRZrzTxrn+rXG62NjV5Mm2tTkxvtLM9j2uzFetaLnVbstHsxfZDWmjFJkjg1GfiW6vbycloueheMVrtdTg+e4Ykvmup2IRsCAApl/r/KzP9XwcH8P374/J5m/gcAAAAAAAAAAAAAgMtgv9+f6ff7M5/Xs5+i98do+f2vthMv7v0cwt5Wt9qtDtdhv7hUWZiLA7PH39rrdqs/HvX/Dvt4uv8pTB728+f24+Hvv4b9QXftRuVMPxHWRn98AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhI4pFz7/dPkq/1w7S4VFmYO/d+/7Hw+9iFHQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvkve26ynjUbWFgRBOApF/zMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxTu+9LvonQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCkvLdZTxuNrD3CUPQZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALpNPAQAA///JXtD+") (fail_nth: 5) 7.983427184s ago: executing program 2 (id=2135): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='sched_switch\x00', r0}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') readv(r2, &(0x7f00000009c0)=[{&(0x7f0000000300)=""/198, 0xc6}, {&(0x7f00000004c0)=""/253, 0xfd}, {&(0x7f0000000400)=""/49, 0x31}, {&(0x7f00000005c0)=""/13, 0xd}, {&(0x7f0000001940)=""/4096, 0x1000}], 0x5) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r2, 0xc2604111, &(0x7f0000000580)={0x6, [[0xc, 0x1ff0000, 0x9, 0x5bff, 0x9e9d, 0xa05, 0x80000008, 0x7], [0x76, 0x81, 0x3, 0x80000, 0x1000, 0x66b, 0x10001, 0x10000], [0x4, 0x7fffffff, 0x2, 0xfffffff8, 0x8, 0xd0, 0x3ff, 0x6]], '\x00', [{0x6, 0x2, 0x1, 0x1, 0x1, 0x1}, {0x7, 0x2, 0x0, 0x1}, {0x6, 0x3, 0x0, 0x0, 0x1, 0x1}, {0x5, 0x6, 0x0, 0x0, 0x1, 0x1}, {0x7, 0x10001, 0x1, 0x0, 0x1}, {0x3ff, 0xf577, 0x0, 0x0, 0x1}, {0xe, 0xed, 0x0, 0x1, 0x1, 0x1}, {0x7f, 0xcf9, 0x0, 0x0, 0x0, 0x1}, {0xfffffc9c, 0x4, 0x0, 0x1, 0x0, 0x1}, {0x3, 0x7, 0x0, 0x1, 0x1}, {0x2, 0x7, 0x0, 0x1, 0x1}, {0x0, 0x9, 0x1, 0x1}], '\x00', 0x8003}) add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000080)="010000000000000000000000000000f3021a1a00000c77fc1f", 0x19, 0xfffffffffffffffd) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000740)={0x1, 0x0, [{0xc148a9985d388242, 0x80, &(0x7f0000000400)=""/128}]}) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000280)=0x4000000) r4 = dup2(r3, r3) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000040)=0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x80fe, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483e0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 7.930048148s ago: executing program 3 (id=2136): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x3ff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) mkdir(0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@ipv6_getroute={0x20, 0x1a, 0x1, 0x0, 0x25dfdbff, {}, [@RTA_METRICS={0x4}]}, 0x20}}, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) 6.935539191s ago: executing program 3 (id=2138): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xf, &(0x7f00000001c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6) r0 = getpid() sched_setscheduler(0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x80, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}]}]}, 0x80}}, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = getpid() sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1) recvmmsg(r2, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000400)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000640)=""/251, 0xfb}], 0x2}}], 0x40002db, 0x2, 0x0) syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000540)='./file0\x00', 0x20810004, &(0x7f0000000300)=ANY=[], 0x9, 0x14dd, &(0x7f0000003f80)="$eJzs3AlwVsW2KOBe3b1DiBF/IzIEevXa8IsBmoiIyCAiMoiIiIiIyCQCAkZERARECMgkYkBE5klEhoCAyBAhYpjnQebJyEFEREQmmQT6FZ5zH/cczy3ue+e8x63K+qq60iv7X2t3Z6Xy772r8v/cZWiNRjWrNiAi8S+Bv35JFULECiEGCiFuE0IEQoiyCWUTrh3PrSD1XzsJ+/d6Jv1mr4DdTNz/nI37n7Nx/3M27n/Oxv3P2bj/ORv3P2fj/jOWk22dWfB2Hjl38PP/nIzf/3M27n/Oxv3P2bj/ORv3P2fj/uds3P+cjfufs3H/GcvJbvbzZx43d9zs3z/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYznDBX+dFkL8x/xmr4sxxhhjjDHGGGP/Pj7XzV4BY4wxxhhjjDHG/t8DIYUSWgQiRuQSsSK3iBO3iHhxq8gjbhMRcbtIEHeIvOJOkU/kFwVEQZEoConCwggUVpAIRRFRVETFXaKYuFskieKihCgpnCglksU9orS4V5QR94my4n5RTjwgyosKoqKoJB4UlcVDoop4WFQVj4hqorqoIWqKR0Ut8ZioLR4XdcQToq54UtQTT4n64mnRQDwjGopnRSPxnGgsnhdNRFPRTDQXLf6v8t8SPcTboqfoJVJFb9FHvCP6in6ivxggBop3xSDxnhgs3hdpYogYKj4Qw8SHYrj4SIwQI8UoMVqMEWPFODFeTBATxSTxsZgsPhFTxKdiqpgmposZIl3MFLPEZ2K2mCPmis/FPPGFmC8WiIVikcgQX4rFYonIFF+JpeJrkSWWieVihVgpVonVYo1YK9aJ9WKD2Cg2ic1ii9gqvhHbxHaxQ+wUu8RusUfsFfvEfnFAfCuyxXf/h/nn/yG/KwgQIEGCBg0xEAOxEAtxEAfxEA95IA9EIAIJkAB5IS/kg3xQAApAIiRCYSgMCAgEBEWgCEQhCsWgGCRBEpSAEuDAQTIkQ2m4F8pAGSgLZaEclIPyUAEqQCWoBJWhMlSBKlAVqkI1qAY1oAY8Co/CY1AbakMdqAN1oS7Ug3pQH+pDA2gADaEhNIJG0BgaQxNoAs2gGbSAFtASWkIraAVtoA20hbbQHtpDCqRAB+gA7aAjdIJO0Bk6QxfoAl2hG3SDt+AteBvehl5QTfaGPtAH+kJf6A8DYAC8C4PgPXgP3oc0GAJD4QP4AD6E4XAORsBIGAWjoLIcC+NgPJCcCJNgEkyGyTAFpsBUmAbTYAakw0yYBbNgNsyBOfA5zIMv4AtYAAtgEWRABiyGJZAJmbAUzkMWLIPlsAJWwipYCWtgLayB9bAB1sMm2ARbYAt8A9/AaNgOO2En7IbdsBf2wn7YD2mQDdlwEA7CITgEh+EwHIEjcBSOwjE4BsfhOJyAE3ASTsFpOAVn4Sycg/NwAS7AJbgEl+GNxB8b7i6+Lk3Ia7TUMkbGyFgZK+NknIyX8TKPzCMjMiITZILMK/PKfDKfLCALyESZKAvLwhIlSpKhLCKLyKiMymKymEySSbKELCGddDJZJsvSsrQsI8vIsvJ+WU4+IMvLCrK1qyQrycqyjasiH5ZVZVVZTVaXNWRNWVPWkrVkbVlb1pF1ZF1ZV9aTT8n6sjf0h2fktc40kkOgsRwKTWRT2Uw2lx/CC7KlHA6tZGvZRr4kR8IIaC9buhT5iuwgx0FH+ZocD6/LznIidJFvyq6ym+wu35I9ZCvXU/aSU6G37CNnQF/ZT/aXA+RsqC6vdayGfF+mySFyqPxALoIP5XD5kRwhR8pRcrQcI8fKcXK8nCAn5hLyYzlZfiKnyE/lVDlNTpczZLqcKWfJz+RsOUfOlZ/LefILOV8ukAvlIpkhv5SL5RKZKb+SS+XXMksuk8vlCrlSrpKr5Rq5Vq6T6+UGuVFukpvlFrlVfiO3ye1yh9wpd8ndco/cK/fJ/fKA/FZmy+/kQfkXeUh+Lw/LH+QR+aM8Kn+Sx+TP8rj8RZ6Qv8qT8pQ8Lc/Is/I3eU6elxfkRXlJ/i4vyyvyqvRSKFBSKaVVoGJULhWrcqs4dYuKV7eqPOo2FVG3qwR1h8qr7lT5VH5VQBVUiaqQKqyMQmUVqVAVUUVVVN2liqm7VZIqrkqoksqpUipZ3aNKq3tVGXWfKqvuV+XUA6q8qqAqqkrqQVVZPaSqqIdVVfWIqqaqqxqqpnpU1VKPqdrqcVVHPaHqqidVPfWUqq+eVg3UM6qhelY1Us+pxup51UQ1Vc1Uc9VCvaBaqhdVK9VatVEvqbaqnWqvXlYp6hXVQb2qOqrXVCf1uuqs3lBd1Juqq+qmuqsr6qryqqfqpVJVb9VHvaP6qn6qvxqgBqp31SD1nhqs3ldpaogaqj5Qw9SHarj6SI1QI9UoNVqNUWPVODVeTVAT1ST1sZqsPlFT1KdqqpqmpqsZKl3NVP3/VmnufyP/k3+SP/iPs29RW9U3apvarnaonWqX2q32qD1qn9qnDqgDKltlq4PqoDqkDqnD6rA6oo6oo+qoOqaOqePquDqhTqiT6pS6qM6os+o3dU6dV+fVRXVJXVKX//YzEBq01EprHegYnUvH6tw6Tt+i4/WtOo++TUf07TpB36Hz6jt1Pp1fF9AFdaIupAtro1FbTTrURXRRHdV36WL6bp2ki+sSuqR2upRO1vf8y/k3Wl8L3UK31C11K91Kt9FtdFvdVrfX7XWKTtEddAfdUXfUnXQn3Vl31l10F91Vd9XddXfdQ/fQPXVPnapTdR/9ju6r++n+eoAeqN/Vg/QgPVgP1mk6TQ/VQ/UwPUwP18P1CD1Cj9Kj9Bg9Ro/T4/QEPUFP0pP0ZD1ZT9FT9FQ9VU/X03W6Ttez9Cw9W8/Wc/VcPU/P0/P1fL1QL9QZOkMv1ot1ps7US/VSnaWX6WV6hV6hV+lVeo1eo9fpdXqD3qA36U06S2/VW/U2vU3v0Dv0Lr1L79F79D69Tx/QB3S2ztYH9UF9SB/Sh/VhfUQf0Uf1UX1MH9PH9XF9Qp/QJ/VJfVqf1mf1WX1On9MX9AV9SV/Sl/VlfVVfvXbZF8hABjrQQUwQE8QGsUFcEBfEB/FBniBPEAkiQUKQEOQN7gzyBfmDAkHBIDEoFBQOTICBDSgIgyJB0SAa3BUUC+4OkoLiQYmgZOCCUkFycE9QOrg3KBPcF5QN7g/KBQ8E5YMKQcWgUvBgUDl4KKgSPBxUDR4JqgXVgxpBzeDRoFbwWFA7eDyoEzwR1A2eDOoFTwX1g6eDBsEzQcPg2aBR8FzQOHg+aBI0DZoFzYMW/9b63p/L/6LraXqZVNPb9DHvmL6mn+lvBpiB5l0zyLxnBpv3TZoZYoaaD8ww86EZbj4yI8xIM8qMNmPMWDPOjDcTzEQzyXxsJptPzBTzqZlqppnpZoZJNzPNLPOZmW3mmLnmczPPfGHmmwVmoVlkMsyXZrFZYjLNV2ap+dpkmWVmuVlhVppVZrVZY9aadWa92WA2mk1ms9litppvzDaz3ewwO80us9vsMXvNPrPfHDDfmmzznTlo/mIOme/NYfODOWJ+NEfNT+aY+dkcN7+YE+ZXc9KcMqfNGXPW/GbOmfPmgrloLpnfzWVzxVw1/trF/bW3d9SoMQZjMBZjMQ7jMB7jMQ/mwQhGMAETMC/mxXyYDwtgAUzERCyMhfEaQsIiWASjGMViWAyTMAlLYAl06DAZk7E0lsYyWAbLYlksh+WwPJbHilgRH8QH8SF8CB/Gh/ERfASrY3WsiTWxFtbC2lgb62AdrIt1sR7Ww/pYHxtgA2yIDbERNsLG2BibYBNshs2wBbbAltgSW2ErbINtsC22xfbYHlMwBTtgB+yIHbETdsLO2Bm7YBfsil2xO3bHHtgDe2JPTMVU7IN9sC/2xf7YHwfiQByEg3AwDsY0TMOhOBSH4TAcjsNxBI7EUTgax+BYHIfjcQJOxEk4CSfjZJyCU3AqTsXpOB3TMR1n4SycjbNxLs7FeTgP5+N8XIgLMQMzcDEuxkzMxKW4FLMwC5fjclyJK3E1rsa1uBbX43rciBtxM27GrbgVt+E23IE7cBfuwj24B/fhPjyABzAbs/EgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8CSexNN4Gs/iWTyH5/ACXsBL+Dtexit4FT3G2tw2zt5i4+2tNo+9zf5jXMAWtIm2kC1sjc1n8/9djNbaJFvclrAlrbOlbLK9509xeVvBVrSV7IO2sn3IVvlTXMs+Zmvbx20d+4StaR/9u7iufdLWs8/Z+vZ528A2tQ1tc9vIPmcb2+dtE9vUNrPNbVvbzra3L9sU+4rtYF/9U7zYLrFr7Tq73m6w++x+e8FetMfsz/aS/d32tL3sQPuuHWTfs4Pt+zbNDvlTPMqOtmPsWDvOjrcT7MQ/xdPtDJtuZ9pZ9jM72875U5xhv7TzbKadbxfYhXbRH/G1NWXar+xS+7XNssvscrvCrrSr7Gq75n+vdYXdZDfbLXaP3Wu32e12h91pd9ndf8TX9nHAfmuz7Xf2qP3JHrLf28P2uD1if/wjvra/4/YXe8L+ak/aU/a0PWPP2t/sOXv+j/1f2/sZe8Vetd4KApKkSFNAMZSLYik3xdEtFE+3Uh66jSJ0OyXQHZSX7qR8lJ8KUEFKpEJUmAwhWSIKqQgVpSjdRcXobkqi4lSCSpKjUpRM91BpupfK0H1Ulu6ncvQAlacKVJEq0YNUmR6iKvQwVaVHqBpVpxpUkx6lWvQY1abHqQ49QXXpSapHT1F9epoa0DPUkJ6lRvQcNabnqQk1pWbUnFrQC9SSXqRW1Jra0EvUltpRe3qZUugV6kCvUkd6jTrR69SZ3qAu9CZ1pW7Und6iHvQ29aRelEq9qQ+9Q32pH/WnATSQ3qVB9B4NpvcpjYbQUPqAhtGHNJw+ohE0kkbRaBpDY2kcjacJNJEm0cc0mT6hKfQpTaVpNJ1mUDrNpFn0Gc2mOTSXPqd59AXNpwW0kBZRBn1Ji2kJZdJXtJS+pixaRstpBa2kVbSa1tBaWkfraQNtpE20mbbQVvqGttF22kE7aRftpj20l/bRfjpA31I2fUcH6S90iL6nw/QDHaEf6Sj9RMfoZzpOv9AJ+pVO0ik6TWfoLP1G5+g8XaCLdIl+p8t0ha6SJxFCKEMV6jAIY8JcYWyYO4wLbwnjw1vDPOFtYSS8PUwI7wjzhneG+cL8YYGwYJgYFgoLhybE0IYUhmGRsGgYDe8Ki4V3h0lh8bBEWDJ0YakwObwnLB3eG5YJ7wvLhveH5cIHwvJhhfC5JyqFD4aVw4fCKuHDYdXwkbBaWD2sEdYMHw1rhY+FtcPHwzrhE2GZ8MmwXvhUWD98OmwQPhM2DJ8NG4XPhY3D58MmYdOwWdg8bBG+ELYMXwxbha3DNuFLYduwXdg+fDlMCV8JO4Sv3vB4atg77BO+E74Tev+4WhhdFM2IfhldHF0SzYx+FV0a/TqaFV0WXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEvW+Zi7hwEmnnHaBi3G5XKzL7eLcLS7e3eryuNtcxN3uEtwdLq+70+Vz+V0BV9AlukKusDMOnXXkQlfEFXVRd5cr5u52Sa64K+FKOudKuWTX3LVwLVxL96Jr5Vq7Nu4l95Jr59q5l93L7hXXwb3qOrrXXCf3uuvs3nBvuDddV9fNdXdvuR7ubdfT9XKpLtX1cX1cX9fX9Xf93UA30A1yg9xgN9iluTQ31A11w9wwN9wNdyPcCDfKjXJj3Bg3zo1zE9wEN8lNcpPdZDfFTXFT3VQ33U136S7dzXKz3Gw32811c928pHluvpvvFrqFLsNluMVusct0mW6pW+qyXJZb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3bZ7qA76A65Q+6w+8EdcT+6o+4nd8z97I67X9wJ96s76U650+6MO+t+c+fceXfBXXSX3O/usrvirjrvJkU+jkyOfBKZEvk0MjUyLTI9MiOSHpkZmRX5LDI7MicyN/J5ZF7ki8j8yILIwsiiSEbky8jiyJJIZuSryNLI15GsyLLI8siKyMrIqoj3hbaFvogv6qP+Ll/M3+2TfHFfwpf0zpfyyf4eX9rfGyP8fb6sv9+X8w/48r6Cr+if9018U9/MN/ct/Au+pX/Rt/KtfRv/km/r2/n2/mWf4l/xHfyrvqN/zXfyr/vO/g3fxb/pu/puvrt/y/fwb/uevpdP9b19H/+O7+v7+f5+gB/o3/WD/Ht+sH/fp/khfqj/wA/zH/rh/iM/wo/0o/xoP8aP9eP8eD/BT/ST/Md+sv/ET/Gf+ql+mp/uZ/h0P9PP8p/52X6On+s/9/P8F36+X+AX+kU+w3/pF/slPtN/5Zf6r32WX+aX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q//Gb/Pb/Q6/0+/yu/0ev9fv8/v9Af+tz/bf+YP+L/6Q/94f9j/4I/5Hf9T/5I/5n/1x/4s/4X/1J/0pf9qf8Wf9b/6cP+8v+Iv+kv/dX/ZX/FX+nzXGGGOMsf8WdYPjvf/J9+TfxjV9hBC3bi945B9rbsz313k/mdg2IoR4pVeXZ/5jVKuWmpr6t9dmKREUXSCEiFzPjxHX42WijWgnUkRrUfqfrq+f7HaJblA/er8Qcf8pJ1Zcj6/Xv/e/qD923g3rLxAiqej1nNzieny9fpn/on7+ljeon/v7SUK0+k858eJ6fL1+snhRvCpS/u6VjDHGGGOMMcbYX/WTFTvd6P722v15or6ek0tcj290f84YY4wxxhhjjLGb7/Vu3V9+ISWldSee8IQn/7MmUghx085+s/8yMcYYY4wxxv7drl/03+yVMMYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjOdf/j48Tu9l7ZIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxm62/xUAAP//9kMzGA==") r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x200, 0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0) sendfile(r5, r6, 0x0, 0xf800) 6.642588535s ago: executing program 2 (id=2139): open(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) listen(r1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8) close(r2) 5.222260174s ago: executing program 1 (id=2140): setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000003600)={&(0x7f0000000080)=@id, 0x10, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000002700)=""/22, 0x16}}], 0x1, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {0x8}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x5, 'broadcast-link\x00'}]}]}, 0x2c}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x50, r1, 0x42c, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xbaf3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4084005) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r4, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f00000004c0)=""/78, &(0x7f0000000400)=0x4e) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r4, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000740)={0x0, @can={0x1d, r4}, @l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, 0x3}, @ethernet={0x1}, 0x0, 0x0, 0x0, 0x0, 0x107, &(0x7f0000000700)='pim6reg1\x00', 0x3, 0x1, 0x9}) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r7, 0x40000}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r1, @ANYBLOB="00042dbd7000fddbdf250c0000002c000380080002003f000000080003000400000008000300000000800800030008000000080002000500000025bb0cb8000580140002800800020001000000080004000600000008000100657468003c000280080002000700000008000100140000000800010017000000080001001f0000000800020002000000080002000700000008000100100000000c000280080001000000000007000100696200002400028008000400ff00000008000400040000000800020006680000080001001100000008000100756470001c000280080004000100000008000200010000000800030009"], 0xf8}, 0x1, 0x0, 0x0, 0x8800}, 0x10) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000280)={r8, 0x0, r9}) 4.758108222s ago: executing program 2 (id=2141): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r3, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1000000000000007, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix={0xffffffff, 0x0, 0x34424752, 0x0, 0x0, 0x3, 0x6, 0x0, 0x0, 0x3, 0x0, 0x1}}) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @loopback={0x0, 0xffffac1414aa}, [], "1e520b4c951ee12e"}}}}}}}, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r5, 0x40047451, &(0x7f0000001880)=0x5) ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r5, &(0x7f0000000080)=[{&(0x7f00000004c0)="00214717a70700000000030600710a5e31163ceb9d0471200000000500000000000000ffff03425d4d50e7182ce0ab6d000041a15be2d9d13cd1cb0c238e61cfd6a5d7cd0eaa50e027db032ddbfe85e53b87eb950a45", 0x56}], 0x1, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000180)="c280776925afa0d02cf073781a95de6dbe4a8e3d04cdcd5455cd59f713b03b0a3427eb1b0cd33d3883068a674a8b86b9fcb5c7a867c73c3daeb32a9927131fa6db77a8fc9eb81e9a08f4000ed5b35549d1c661c7aa95e30a99d4579f38913a3871739b6a43c74ecbbe2eb9715c6f6ae595cf36a1f3dd47110ca07fb561d98cfa952b047dd1b422ff0e9da1296b8ca0125ee5879d", 0x94}, {&(0x7f0000000440)="2e3e8c3a32f26d88f1c147f4d936b37b81ea26500384ba2632d0e679ed00d0576341dda2e8dd0e77ae389715d8ef6083c102a2413bcc509e1129faaf135bf28a6c0446cc7788c4d059518c9b", 0x4c}, {&(0x7f00000004c0)="34f6b7fdcb43fd5ba09489f55c67173f1bbed3e3018b6b7b5cc23e1aac55865012e0d953ec5d135e2c9b62f2e561906d17406891f7bf4942ae36010b45b7723a465a5022bb101fe2b66ce392e95906f319748a98493c37210adef82f3b7c7e3fb3ab2475035eaae85fb5792bf6da588183823e88039565c5a7a27264151a0ad2", 0x80}, {&(0x7f0000000640)="a028b21f27e26baa0165c2318bbf9724ea193534a44fb2964f8e7ceb9aab725386973b0d693323aa2a301699958b6126444ee85280a7aadc2819bab7c4d02040a1d2119a3511aaba710d59051e51cf7496d8348c2a5a262b2035a00e0c845a3a4469674630e9912e36e5ce4b184cdd24f711c2757fb64eb59782c2678e81b0a83bfe74640d1617e07bf32546bca3e690a34b631f17a02627a778893dfb8b5b1ce1bd686ecf6814f97ff2abf57999add9ea1d6eaf0740cdb3c8dfd05b9af0f20c25390c85d59c8d007eb594d5a3013b26618bc25a64f96d46bc22bb6f62a9ad76015da82dd0c8c10c4649", 0xea}, {&(0x7f0000000580)="d71f9eda96aa8571f7fb591ee102240f35e07631e36e60a013052e7363da77158b43bef2641aefb08ccd0cbd117893d9b2c19cfce18d604a7928a3ffb9524dca2e94dac688cd2b9f2b3fec4cead533eca51592e863b143b080b9f349fe0991b43d3d556183", 0x65}], 0x5}}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000c00)="f9d6ca28172747b477cd9a4d748f", 0xe}, {&(0x7f0000000c40)="7b72c64f5388a6ad8ba2a2a413a15490818134b74f8cb2dfac1f7c929d3886fda14011d3725c25fb41ecc64722a02d1b5975740e9d3c87f228ec559850256db1bdf2c3ff8af57f5bae921e99670a9dbf86c93a5d8c8fdcb103304e8f4ed450c18735dc42c41772f67984512d586602090286d043e4d149e34deb3ccddec2c791de5ed3a3b3c775d347fec9f90090da4effa0bc76eea77404b56fadc37b94df5a09b88317c7a64a3ec91ea6bec02f883d19bb0b2414d06fb97c65b006ca00869b25f3696edc27fc64ecaf81077039422e918b14bff4877b025863675dbe1a10", 0xdf}, {&(0x7f0000000d40)="6af0044871e2045b76e81f3b35e87389de2175086dc0fb212ff2fbf5228801c3f21c6c4c4853c548cdb2c9416eb81ff940be24bf79e4fd21dfc3c444e93172c12efd97737ff83ea86702c7b93e71ada62fd45a68715b826d602a2d18d689a62e6f8f741cf370d6216092d6f17dbb93ce12dca27825b2808fddebef66813d219c560d6b09fb0777c2ee5663d2b0d0ccda381f696e58f51ef9aa9ddc6fe0b7780df797184ee5fa6dc190f5c262ecb248b3a53f0201bd0779cfbcd50471", 0xbc}, {&(0x7f0000000e40)="b8dc01e02bd213cac7b59aafdb765cfceea9a784a37c303a0206506c26613eacfb3b69261e6f5dbf2c983b7b2fdad4d3a2e50c6bb08004f05a39e97a1ebaad73c666e9d121925499412ee04460ae8bff1fbba40b239cce0eda4ab6e9ac4906dc54d64a4be70f2d60e5eb317fbab0c87c0f8ca3d727715c3cf17032f890eabe4442ba62817887a98bbd7a48ad036847421f374d0fa4c3a076ccb7b8032f7fadfd3827efa0b1be56b743", 0xa9}], 0x4}}, {{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)="01be3e1d2e", 0x5}], 0x1}}, {{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000001340)="e0c2fd38e90264603f627b9f012526f307590900fedfd5b50ff2159ab7969c64948dc327d0ee1e54019b74690321b07d30d375471a5d642ee177dc4682b4a6ceffed7d", 0x43}], 0x1}}], 0x4, 0xc0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8}, @IFLA_HSR_SLAVE1={0x8, 0x1, r7}]}}}]}, 0x40}}, 0x0) 4.662573821s ago: executing program 1 (id=2142): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed00", 0x10, 0x3a, 0xff, @remote={0xfe, 0xc0}, @mcast2, {[], @ndisc_ra}}}}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x398}}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) 4.599902266s ago: executing program 0 (id=2143): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0xec, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0xcd, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @random="f7ab87594b3f"}, 0x0, 0x0, @random, @val, @void, [{0xdd, 0x7, "8b7668a21729e4"}, {0xdd, 0x9e, "d8a062cc132f8c370fffcfbf6c255947985b88cb9f22e02d96f87d9c0a6796487053adb1a2d1f8ed33d6ef7faf4ba99f81c72edefbc742d2d897c0fb6eb2289c22b03871ec6ddb7398d4b5509078903c634145233d8a7a9a2fc09946ff1a847d43452a17ee7a24318e4ed910599f7ebc8291d4dd528566752ef4090016895d45162f023cde71dbd618a52517986b705c5e653ee0e7edda93407e44be1c20"}]}}]}, 0xec}}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) syz_emit_ethernet(0x86, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private0, [@dstopts={0x80, 0x0, '\x00', [@ra={0x5, 0x3a}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000740)={0x1, 0xfffe, 0x0, 0x5, 0xdf, 0x5, 0xf, 0x2000004, r4}, 0x20) 4.487562945s ago: executing program 1 (id=2144): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) (async) write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'}) (async) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @random="6bd36bf753e9"}) write$tun(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="080081000700000000002000"], 0x1011) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r3, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) 4.400437242s ago: executing program 0 (id=2145): r0 = fsopen(&(0x7f0000000080)='nfsd\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x300, 0x0, 0x0) 4.321699049s ago: executing program 3 (id=2146): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) r3 = io_uring_setup(0x30d3, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) listen(r4, 0x20000005) r5 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 4.242523906s ago: executing program 0 (id=2147): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18) r3 = io_uring_setup(0x30d3, &(0x7f00000000c0)) r4 = socket$inet6(0xa, 0x40000080806, 0x0) listen(r4, 0x20000005) r5 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 4.218701098s ago: executing program 2 (id=2148): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) renameat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file1\x00') r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x800c80, &(0x7f0000000200)={[{@resuid={'resuid', 0x3d, 0xee01}}, {@noblock_validity}, {@usrquota}, {@resuid}, {@discard}, {@jqfmt_vfsold}, {@usrjquota, 0x5}, {@min_batch_time={'min_batch_time', 0x3d, 0xa9b}}, {@nodiscard}]}, 0x0, 0x466, &(0x7f0000000400)="$eJzs3c9vFFUcAPDvzG4BQdmKiIKgVTQ2/mhpQeXgRaOJB01M9ICJl9oWgizU0JoIIVqNwaMh8W48mvgHGE+ejHoy8ap3Q0KQmIBeXDO7M7C77BbabtnKfj7Jwns7b+a9b2fe7Nv3dtsABtZI9k8ScWdE/BYRlUa2tcBI478rl85M/33pzHQStdobF5N6ucuXzkwXRYv9tuSZ0TQi/TTJK2k1f+r0salqdfZknh9fOP7e+Pyp008fPT51ZPbI7InJgwcP7J947tnJZ3oSZxbf5V0fzu3e+cpb516bPnTunZ++ydq7Y09je3McvTKSBf5nra5922O9rqzP/q1dizMp97s13KxSRGSna6je/ytRimsnrxIvf9LXxgFrKrtnb+y+ebEG3MaS6HcLgP4oXuiz97/F4xYNPdaFCy803gBlcV/JH40t5UjzMkNrWP9IRBxa/OfL7BFt8xC1DvMGAACr9X02/nmq0/gvjR1N5bbma0PDEXF3RGyLiHsiYntE3BtRL3tfRNy/zPrbl4auH3+m51cU2E3Kxn/P52tbreO/YvQXw6U8d1c9/qHk8NHq7L78ZzIaQxuz/ESngxeHeOnXz7vV3zz+yx5Z/cVYMD/I+XLbBN3M1MJUrwalFz6O2FXuFH9ydSUgiYidEbFreYfeWiSOPvH17m6Fbhz/EnqwzlT7KuLxxvlfjLb4C8nS65Pjm6I6u2+8uCqu9/MvZ1/vVv+q4u+B7Pxvbr3+20pU/kqa12vnl1/H2d8/6/qesrzC639D8mZ9TXdD/twHUwsLJyciNiSv1vMtz09e27fIF+Wz+Ef3du7/2/J9svgfiIjsIt4TEQ9GxEP5uXs4Ih6JiL1LxP/ji4++223bejj/Mx3vf1ev/+HW87/8ROnYD991q//m7n8H6qnR/Jn6/e8GujdnU15ipVczAAAA/P+k9c/GJ+nY1XSajo01PsO/PTan1bn5hScPz71/YqbxGfrhGEqLma5K03zoRLKYH7GRn8zniovt+/N54y9Kd9TzY9Nz1Zk+xw6DbkuX/p/5o9Tv1gFrzve1YHC19/90ibIXv13jxgC3lNd/GFz6Pwwu/R8GV6f+/1Fb3loA3J68/sPg0v9hUNUq+j8MLv0fBtJqvtffSGRHWcHuxe8v6bCpvMS39yXWSeLt/C83rJf2SDQlyj3o3X26IQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTYfwEAAP//uBLtyQ==") sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x2, 0x6, 0x0, 0x0, 0x0, {0x0, 0x0, 0xfffe}}, 0x14}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0xffffff1b, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x90) 3.972938548s ago: executing program 1 (id=2149): syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x21d, &(0x7f0000000b40)="$eJzsmL9rFEEUx78zu7e5FRFtUthYGDCi2cvuoaQ5NIJgJULir0oPs4Z4m5xcVjAHgsHGRjsLwcbCf8AiRSoLO/8BQQsVBAuvsLCxGZmd2b1JJnGPNVa+TzF8Z9978+a9233FgSCI/5Yvn39+enJuZv4kgP2YwJh+/s0BGFOaG/4fn9878ax1/sXrD6/erhx4sLn9PBkixNYH9T/kdwG8mXWQFpmK6F9STOjNPHihL4PjuNZXwRBofRMcV7SOwXBd6zuG7kr/ILi9lMTBrW6yIMW0XEK5RHJpbr/fYJ1hQe+FEIIZ9tW1fqedJHHPEK627WCqJIpknXGrfzV4GMxytIz7yS5ee/xoXe7z3kwb/QvBEeoimmCY089nMJb3RrXEqP+wOzzfserfsVrpKg1lRdaVaP3Yk2aZ4tBUtfBJWc5Z23QQVa6BrVE1DE2yk3tbsvXqZMItfxfP6B+0Qq6Lo1bx1Afwjyo1RaUqcjE+2Hxnm76WhQtWnoKN/v7UR71z/iFW75iPfof/Tcd2u9j7DTU/xEuGY8Z8co350UiX7zZW1/pTS8vtxXgxXomi5mkGPDwVNbJBpFZr7g3ns5/Np33G+bVdfD3u4X47TXuhWj3mwUea9qJsHxmfzdxG9/sNHZbiAoCjaiPHplec6Fg5mKd8eOYr1aTtRBAEQRAEQRAEQRAEQRAEUYkjYNm/oCVElzLv3wEAAP//0Ixjlw==") (async) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getrlimit(0x0, 0x0) (async) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async, rerun: 32) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (rerun: 32) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000001c0)=0x2) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000040)="0f23afba610066ed660f388115baf80c66b88e64df8966efbafc0cb08ceedc60b2b807008ec00f01cf3e0fc72eaafdb853098ec00fbbb50f00"}], 0x1a, 0x0, 0x0, 0x0) (async) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x3) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102400, 0x19000) (async, rerun: 64) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 64) finit_module(r0, 0x0, 0x0) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) (async) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000000)=@ipv4_newaddr={0x34, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r8}, [@IFA_LABEL={0x14}, @IFA_LOCAL={0x8, 0x2, @remote}]}, 0x34}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0) (async) userfaultfd(0x0) 2.50687509s ago: executing program 0 (id=2150): r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) (fail_nth: 5) ftruncate(r0, 0x800) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x98, &(0x7f0000000000)=""/152, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r4, r3, 0x7, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r4, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r2}, 0x20) sendfile(r2, r1, 0x0, 0x204) 2.366635752s ago: executing program 3 (id=2151): open(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) listen(r1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8) close(r2) 1.958315196s ago: executing program 1 (id=2152): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xf, &(0x7f00000001c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6) sched_setscheduler(0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x80, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}]}]}, 0x80}}, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1) recvmmsg(r1, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000400)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000640)=""/251, 0xfb}], 0x2}}], 0x40002db, 0x2, 0x0) syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000540)='./file0\x00', 0x20810004, &(0x7f0000000300)=ANY=[], 0x9, 0x14dd, &(0x7f0000003f80)="$eJzs3AlwVsW2KOBe3b1DiBF/IzIEevXa8IsBmoiIyCAiMoiIiIiIyCQCAkZERARECMgkYkBE5klEhoCAyBAhYpjnQebJyEFEREQmmQT6FZ5zH/cczy3ue+e8x63K+qq60iv7X2t3Z6Xy772r8v/cZWiNRjWrNiAi8S+Bv35JFULECiEGCiFuE0IEQoiyCWUTrh3PrSD1XzsJ+/d6Jv1mr4DdTNz/nI37n7Nx/3M27n/Oxv3P2bj/ORv3P2fj/jOWk22dWfB2Hjl38PP/nIzf/3M27n/Oxv3P2bj/ORv3P2fj/uds3P+cjfufs3H/GcvJbvbzZx43d9zs3z/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYznDBX+dFkL8x/xmr4sxxhhjjDHGGGP/Pj7XzV4BY4wxxhhjjDHG/t8DIYUSWgQiRuQSsSK3iBO3iHhxq8gjbhMRcbtIEHeIvOJOkU/kFwVEQZEoConCwggUVpAIRRFRVETFXaKYuFskieKihCgpnCglksU9orS4V5QR94my4n5RTjwgyosKoqKoJB4UlcVDoop4WFQVj4hqorqoIWqKR0Ut8ZioLR4XdcQToq54UtQTT4n64mnRQDwjGopnRSPxnGgsnhdNRFPRTDQXLf6v8t8SPcTboqfoJVJFb9FHvCP6in6ivxggBop3xSDxnhgs3hdpYogYKj4Qw8SHYrj4SIwQI8UoMVqMEWPFODFeTBATxSTxsZgsPhFTxKdiqpgmposZIl3MFLPEZ2K2mCPmis/FPPGFmC8WiIVikcgQX4rFYonIFF+JpeJrkSWWieVihVgpVonVYo1YK9aJ9WKD2Cg2ic1ii9gqvhHbxHaxQ+wUu8RusUfsFfvEfnFAfCuyxXf/h/nn/yG/KwgQIEGCBg0xEAOxEAtxEAfxEA95IA9EIAIJkAB5IS/kg3xQAApAIiRCYSgMCAgEBEWgCEQhCsWgGCRBEpSAEuDAQTIkQ2m4F8pAGSgLZaEclIPyUAEqQCWoBJWhMlSBKlAVqkI1qAY1oAY8Co/CY1AbakMdqAN1oS7Ug3pQH+pDA2gADaEhNIJG0BgaQxNoAs2gGbSAFtASWkIraAVtoA20hbbQHtpDCqRAB+gA7aAjdIJO0Bk6QxfoAl2hG3SDt+AteBvehl5QTfaGPtAH+kJf6A8DYAC8C4PgPXgP3oc0GAJD4QP4AD6E4XAORsBIGAWjoLIcC+NgPJCcCJNgEkyGyTAFpsBUmAbTYAakw0yYBbNgNsyBOfA5zIMv4AtYAAtgEWRABiyGJZAJmbAUzkMWLIPlsAJWwipYCWtgLayB9bAB1sMm2ARbYAt8A9/AaNgOO2En7IbdsBf2wn7YD2mQDdlwEA7CITgEh+EwHIEjcBSOwjE4BsfhOJyAE3ASTsFpOAVn4Sycg/NwAS7AJbgEl+GNxB8b7i6+Lk3Ia7TUMkbGyFgZK+NknIyX8TKPzCMjMiITZILMK/PKfDKfLCALyESZKAvLwhIlSpKhLCKLyKiMymKymEySSbKELCGddDJZJsvSsrQsI8vIsvJ+WU4+IMvLCrK1qyQrycqyjasiH5ZVZVVZTVaXNWRNWVPWkrVkbVlb1pF1ZF1ZV9aTT8n6sjf0h2fktc40kkOgsRwKTWRT2Uw2lx/CC7KlHA6tZGvZRr4kR8IIaC9buhT5iuwgx0FH+ZocD6/LznIidJFvyq6ym+wu35I9ZCvXU/aSU6G37CNnQF/ZT/aXA+RsqC6vdayGfF+mySFyqPxALoIP5XD5kRwhR8pRcrQcI8fKcXK8nCAn5hLyYzlZfiKnyE/lVDlNTpczZLqcKWfJz+RsOUfOlZ/LefILOV8ukAvlIpkhv5SL5RKZKb+SS+XXMksuk8vlCrlSrpKr5Rq5Vq6T6+UGuVFukpvlFrlVfiO3ye1yh9wpd8ndco/cK/fJ/fKA/FZmy+/kQfkXeUh+Lw/LH+QR+aM8Kn+Sx+TP8rj8RZ6Qv8qT8pQ8Lc/Is/I3eU6elxfkRXlJ/i4vyyvyqvRSKFBSKaVVoGJULhWrcqs4dYuKV7eqPOo2FVG3qwR1h8qr7lT5VH5VQBVUiaqQKqyMQmUVqVAVUUVVVN2liqm7VZIqrkqoksqpUipZ3aNKq3tVGXWfKqvuV+XUA6q8qqAqqkrqQVVZPaSqqIdVVfWIqqaqqxqqpnpU1VKPqdrqcVVHPaHqqidVPfWUqq+eVg3UM6qhelY1Us+pxup51UQ1Vc1Uc9VCvaBaqhdVK9VatVEvqbaqnWqvXlYp6hXVQb2qOqrXVCf1uuqs3lBd1Juqq+qmuqsr6qryqqfqpVJVb9VHvaP6qn6qvxqgBqp31SD1nhqs3ldpaogaqj5Qw9SHarj6SI1QI9UoNVqNUWPVODVeTVAT1ST1sZqsPlFT1KdqqpqmpqsZKl3NVP3/VmnufyP/k3+SP/iPs29RW9U3apvarnaonWqX2q32qD1qn9qnDqgDKltlq4PqoDqkDqnD6rA6oo6oo+qoOqaOqePquDqhTqiT6pS6qM6os+o3dU6dV+fVRXVJXVKX//YzEBq01EprHegYnUvH6tw6Tt+i4/WtOo++TUf07TpB36Hz6jt1Pp1fF9AFdaIupAtro1FbTTrURXRRHdV36WL6bp2ki+sSuqR2upRO1vf8y/k3Wl8L3UK31C11K91Kt9FtdFvdVrfX7XWKTtEddAfdUXfUnXQn3Vl31l10F91Vd9XddXfdQ/fQPXVPnapTdR/9ju6r++n+eoAeqN/Vg/QgPVgP1mk6TQ/VQ/UwPUwP18P1CD1Cj9Kj9Bg9Ro/T4/QEPUFP0pP0ZD1ZT9FT9FQ9VU/X03W6Ttez9Cw9W8/Wc/VcPU/P0/P1fL1QL9QZOkMv1ot1ps7US/VSnaWX6WV6hV6hV+lVeo1eo9fpdXqD3qA36U06S2/VW/U2vU3v0Dv0Lr1L79F79D69Tx/QB3S2ztYH9UF9SB/Sh/VhfUQf0Uf1UX1MH9PH9XF9Qp/QJ/VJfVqf1mf1WX1On9MX9AV9SV/Sl/VlfVVfvXbZF8hABjrQQUwQE8QGsUFcEBfEB/FBniBPEAkiQUKQEOQN7gzyBfmDAkHBIDEoFBQOTICBDSgIgyJB0SAa3BUUC+4OkoLiQYmgZOCCUkFycE9QOrg3KBPcF5QN7g/KBQ8E5YMKQcWgUvBgUDl4KKgSPBxUDR4JqgXVgxpBzeDRoFbwWFA7eDyoEzwR1A2eDOoFTwX1g6eDBsEzQcPg2aBR8FzQOHg+aBI0DZoFzYMW/9b63p/L/6LraXqZVNPb9DHvmL6mn+lvBpiB5l0zyLxnBpv3TZoZYoaaD8ww86EZbj4yI8xIM8qMNmPMWDPOjDcTzEQzyXxsJptPzBTzqZlqppnpZoZJNzPNLPOZmW3mmLnmczPPfGHmmwVmoVlkMsyXZrFZYjLNV2ap+dpkmWVmuVlhVppVZrVZY9aadWa92WA2mk1ms9litppvzDaz3ewwO80us9vsMXvNPrPfHDDfmmzznTlo/mIOme/NYfODOWJ+NEfNT+aY+dkcN7+YE+ZXc9KcMqfNGXPW/GbOmfPmgrloLpnfzWVzxVw1/trF/bW3d9SoMQZjMBZjMQ7jMB7jMQ/mwQhGMAETMC/mxXyYDwtgAUzERCyMhfEaQsIiWASjGMViWAyTMAlLYAl06DAZk7E0lsYyWAbLYlksh+WwPJbHilgRH8QH8SF8CB/Gh/ERfASrY3WsiTWxFtbC2lgb62AdrIt1sR7Ww/pYHxtgA2yIDbERNsLG2BibYBNshs2wBbbAltgSW2ErbINtsC22xfbYHlMwBTtgB+yIHbETdsLO2Bm7YBfsil2xO3bHHtgDe2JPTMVU7IN9sC/2xf7YHwfiQByEg3AwDsY0TMOhOBSH4TAcjsNxBI7EUTgax+BYHIfjcQJOxEk4CSfjZJyCU3AqTsXpOB3TMR1n4SycjbNxLs7FeTgP5+N8XIgLMQMzcDEuxkzMxKW4FLMwC5fjclyJK3E1rsa1uBbX43rciBtxM27GrbgVt+E23IE7cBfuwj24B/fhPjyABzAbs/EgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8CSexNN4Gs/iWTyH5/ACXsBL+Dtexit4FT3G2tw2zt5i4+2tNo+9zf5jXMAWtIm2kC1sjc1n8/9djNbaJFvclrAlrbOlbLK9509xeVvBVrSV7IO2sn3IVvlTXMs+Zmvbx20d+4StaR/9u7iufdLWs8/Z+vZ528A2tQ1tc9vIPmcb2+dtE9vUNrPNbVvbzra3L9sU+4rtYF/9U7zYLrFr7Tq73m6w++x+e8FetMfsz/aS/d32tL3sQPuuHWTfs4Pt+zbNDvlTPMqOtmPsWDvOjrcT7MQ/xdPtDJtuZ9pZ9jM72875U5xhv7TzbKadbxfYhXbRH/G1NWXar+xS+7XNssvscrvCrrSr7Gq75n+vdYXdZDfbLXaP3Wu32e12h91pd9ndf8TX9nHAfmuz7Xf2qP3JHrLf28P2uD1if/wjvra/4/YXe8L+ak/aU/a0PWPP2t/sOXv+j/1f2/sZe8Vetd4KApKkSFNAMZSLYik3xdEtFE+3Uh66jSJ0OyXQHZSX7qR8lJ8KUEFKpEJUmAwhWSIKqQgVpSjdRcXobkqi4lSCSpKjUpRM91BpupfK0H1Ulu6ncvQAlacKVJEq0YNUmR6iKvQwVaVHqBpVpxpUkx6lWvQY1abHqQ49QXXpSapHT1F9epoa0DPUkJ6lRvQcNabnqQk1pWbUnFrQC9SSXqRW1Jra0EvUltpRe3qZUugV6kCvUkd6jTrR69SZ3qAu9CZ1pW7Und6iHvQ29aRelEq9qQ+9Q32pH/WnATSQ3qVB9B4NpvcpjYbQUPqAhtGHNJw+ohE0kkbRaBpDY2kcjacJNJEm0cc0mT6hKfQpTaVpNJ1mUDrNpFn0Gc2mOTSXPqd59AXNpwW0kBZRBn1Ji2kJZdJXtJS+pixaRstpBa2kVbSa1tBaWkfraQNtpE20mbbQVvqGttF22kE7aRftpj20l/bRfjpA31I2fUcH6S90iL6nw/QDHaEf6Sj9RMfoZzpOv9AJ+pVO0ik6TWfoLP1G5+g8XaCLdIl+p8t0ha6SJxFCKEMV6jAIY8JcYWyYO4wLbwnjw1vDPOFtYSS8PUwI7wjzhneG+cL8YYGwYJgYFgoLhybE0IYUhmGRsGgYDe8Ki4V3h0lh8bBEWDJ0YakwObwnLB3eG5YJ7wvLhveH5cIHwvJhhfC5JyqFD4aVw4fCKuHDYdXwkbBaWD2sEdYMHw1rhY+FtcPHwzrhE2GZ8MmwXvhUWD98OmwQPhM2DJ8NG4XPhY3D58MmYdOwWdg8bBG+ELYMXwxbha3DNuFLYduwXdg+fDlMCV8JO4Sv3vB4atg77BO+E74Tev+4WhhdFM2IfhldHF0SzYx+FV0a/TqaFV0WXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEvW+Zi7hwEmnnHaBi3G5XKzL7eLcLS7e3eryuNtcxN3uEtwdLq+70+Vz+V0BV9AlukKusDMOnXXkQlfEFXVRd5cr5u52Sa64K+FKOudKuWTX3LVwLVxL96Jr5Vq7Nu4l95Jr59q5l93L7hXXwb3qOrrXXCf3uuvs3nBvuDddV9fNdXdvuR7ubdfT9XKpLtX1cX1cX9fX9Xf93UA30A1yg9xgN9iluTQ31A11w9wwN9wNdyPcCDfKjXJj3Bg3zo1zE9wEN8lNcpPdZDfFTXFT3VQ33U136S7dzXKz3Gw32811c928pHluvpvvFrqFLsNluMVusct0mW6pW+qyXJZb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3bZ7qA76A65Q+6w+8EdcT+6o+4nd8z97I67X9wJ96s76U650+6MO+t+c+fceXfBXXSX3O/usrvirjrvJkU+jkyOfBKZEvk0MjUyLTI9MiOSHpkZmRX5LDI7MicyN/J5ZF7ki8j8yILIwsiiSEbky8jiyJJIZuSryNLI15GsyLLI8siKyMrIqoj3hbaFvogv6qP+Ll/M3+2TfHFfwpf0zpfyyf4eX9rfGyP8fb6sv9+X8w/48r6Cr+if9018U9/MN/ct/Au+pX/Rt/KtfRv/km/r2/n2/mWf4l/xHfyrvqN/zXfyr/vO/g3fxb/pu/puvrt/y/fwb/uevpdP9b19H/+O7+v7+f5+gB/o3/WD/Ht+sH/fp/khfqj/wA/zH/rh/iM/wo/0o/xoP8aP9eP8eD/BT/ST/Md+sv/ET/Gf+ql+mp/uZ/h0P9PP8p/52X6On+s/9/P8F36+X+AX+kU+w3/pF/slPtN/5Zf6r32WX+aX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q//Gb/Pb/Q6/0+/yu/0ev9fv8/v9Af+tz/bf+YP+L/6Q/94f9j/4I/5Hf9T/5I/5n/1x/4s/4X/1J/0pf9qf8Wf9b/6cP+8v+Iv+kv/dX/ZX/FX+nzXGGGOMsf8WdYPjvf/J9+TfxjV9hBC3bi945B9rbsz313k/mdg2IoR4pVeXZ/5jVKuWmpr6t9dmKREUXSCEiFzPjxHX42WijWgnUkRrUfqfrq+f7HaJblA/er8Qcf8pJ1Zcj6/Xv/e/qD923g3rLxAiqej1nNzieny9fpn/on7+ljeon/v7SUK0+k858eJ6fL1+snhRvCpS/u6VjDHGGGOMMcbYX/WTFTvd6P722v15or6ek0tcj290f84YY4wxxhhjjLGb7/Vu3V9+ISWldSee8IQn/7MmUghx085+s/8yMcYYY4wxxv7drl/03+yVMMYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjOdf/j48Tu9l7ZIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxm62/xUAAP//9kMzGA==") r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x800) lseek(r4, 0x200, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0) sendfile(r4, r5, 0x0, 0xf800) 1.783834801s ago: executing program 3 (id=2153): setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000003600)={&(0x7f0000000080)=@id, 0x10, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000002700)=""/22, 0x16}}], 0x1, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {0x8}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x5, 'broadcast-link\x00'}]}]}, 0x2c}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x50, r1, 0x42c, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xbaf3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4084005) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r4, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f00000004c0)=""/78, &(0x7f0000000400)=0x4e) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r4, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000740)={0x0, @can={0x1d, r4}, @l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, 0x3}, @ethernet={0x1}, 0x0, 0x0, 0x0, 0x0, 0x107, &(0x7f0000000700)='pim6reg1\x00', 0x3, 0x1, 0x9}) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r7, 0x40000}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r1, @ANYBLOB="00042dbd7000fddbdf250c0000002c000380080002003f000000080003000400000008000300000000800800030008000000080002000500000025bb0cb8000580140002800800020001000000080004000600000008000100657468003c000280080002000700000008000100140000000800010017000000080001001f0000000800020002000000080002000700000008000100100000000c000280080001000000000007000100696200002400028008000400ff00000008000400040000000800020006680000080001001100000008000100756470001c000280080004000100000008000200010000000800030009"], 0xf8}, 0x1, 0x0, 0x0, 0x8800}, 0x10) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000280)={r8, 0x0, r9}) 1.698533608s ago: executing program 0 (id=2154): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed00", 0x10, 0x3a, 0xff, @remote={0xfe, 0xc0}, @mcast2, {[], @ndisc_ra}}}}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x398}}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) 1.213317448s ago: executing program 2 (id=2155): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xf, &(0x7f00000001c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6) r0 = getpid() sched_setscheduler(0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x80, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}]}]}, 0x80}}, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000280)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = getpid() sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1) recvmmsg(r2, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000400)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000640)=""/251, 0xfb}], 0x2}}], 0x40002db, 0x2, 0x0) syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000540)='./file0\x00', 0x20810004, &(0x7f0000000300)=ANY=[], 0x9, 0x14dd, &(0x7f0000003f80)="$eJzs3AlwVsW2KOBe3b1DiBF/IzIEevXa8IsBmoiIyCAiMoiIiIiIyCQCAkZERARECMgkYkBE5klEhoCAyBAhYpjnQebJyEFEREQmmQT6FZ5zH/cczy3ue+e8x63K+qq60iv7X2t3Z6Xy772r8v/cZWiNRjWrNiAi8S+Bv35JFULECiEGCiFuE0IEQoiyCWUTrh3PrSD1XzsJ+/d6Jv1mr4DdTNz/nI37n7Nx/3M27n/Oxv3P2bj/ORv3P2fj/jOWk22dWfB2Hjl38PP/nIzf/3M27n/Oxv3P2bj/ORv3P2fj/uds3P+cjfufs3H/GcvJbvbzZx43d9zs3z/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYznDBX+dFkL8x/xmr4sxxhhjjDHGGGP/Pj7XzV4BY4wxxhhjjDHG/t8DIYUSWgQiRuQSsSK3iBO3iHhxq8gjbhMRcbtIEHeIvOJOkU/kFwVEQZEoConCwggUVpAIRRFRVETFXaKYuFskieKihCgpnCglksU9orS4V5QR94my4n5RTjwgyosKoqKoJB4UlcVDoop4WFQVj4hqorqoIWqKR0Ut8ZioLR4XdcQToq54UtQTT4n64mnRQDwjGopnRSPxnGgsnhdNRFPRTDQXLf6v8t8SPcTboqfoJVJFb9FHvCP6in6ivxggBop3xSDxnhgs3hdpYogYKj4Qw8SHYrj4SIwQI8UoMVqMEWPFODFeTBATxSTxsZgsPhFTxKdiqpgmposZIl3MFLPEZ2K2mCPmis/FPPGFmC8WiIVikcgQX4rFYonIFF+JpeJrkSWWieVihVgpVonVYo1YK9aJ9WKD2Cg2ic1ii9gqvhHbxHaxQ+wUu8RusUfsFfvEfnFAfCuyxXf/h/nn/yG/KwgQIEGCBg0xEAOxEAtxEAfxEA95IA9EIAIJkAB5IS/kg3xQAApAIiRCYSgMCAgEBEWgCEQhCsWgGCRBEpSAEuDAQTIkQ2m4F8pAGSgLZaEclIPyUAEqQCWoBJWhMlSBKlAVqkI1qAY1oAY8Co/CY1AbakMdqAN1oS7Ug3pQH+pDA2gADaEhNIJG0BgaQxNoAs2gGbSAFtASWkIraAVtoA20hbbQHtpDCqRAB+gA7aAjdIJO0Bk6QxfoAl2hG3SDt+AteBvehl5QTfaGPtAH+kJf6A8DYAC8C4PgPXgP3oc0GAJD4QP4AD6E4XAORsBIGAWjoLIcC+NgPJCcCJNgEkyGyTAFpsBUmAbTYAakw0yYBbNgNsyBOfA5zIMv4AtYAAtgEWRABiyGJZAJmbAUzkMWLIPlsAJWwipYCWtgLayB9bAB1sMm2ARbYAt8A9/AaNgOO2En7IbdsBf2wn7YD2mQDdlwEA7CITgEh+EwHIEjcBSOwjE4BsfhOJyAE3ASTsFpOAVn4Sycg/NwAS7AJbgEl+GNxB8b7i6+Lk3Ia7TUMkbGyFgZK+NknIyX8TKPzCMjMiITZILMK/PKfDKfLCALyESZKAvLwhIlSpKhLCKLyKiMymKymEySSbKELCGddDJZJsvSsrQsI8vIsvJ+WU4+IMvLCrK1qyQrycqyjasiH5ZVZVVZTVaXNWRNWVPWkrVkbVlb1pF1ZF1ZV9aTT8n6sjf0h2fktc40kkOgsRwKTWRT2Uw2lx/CC7KlHA6tZGvZRr4kR8IIaC9buhT5iuwgx0FH+ZocD6/LznIidJFvyq6ym+wu35I9ZCvXU/aSU6G37CNnQF/ZT/aXA+RsqC6vdayGfF+mySFyqPxALoIP5XD5kRwhR8pRcrQcI8fKcXK8nCAn5hLyYzlZfiKnyE/lVDlNTpczZLqcKWfJz+RsOUfOlZ/LefILOV8ukAvlIpkhv5SL5RKZKb+SS+XXMksuk8vlCrlSrpKr5Rq5Vq6T6+UGuVFukpvlFrlVfiO3ye1yh9wpd8ndco/cK/fJ/fKA/FZmy+/kQfkXeUh+Lw/LH+QR+aM8Kn+Sx+TP8rj8RZ6Qv8qT8pQ8Lc/Is/I3eU6elxfkRXlJ/i4vyyvyqvRSKFBSKaVVoGJULhWrcqs4dYuKV7eqPOo2FVG3qwR1h8qr7lT5VH5VQBVUiaqQKqyMQmUVqVAVUUVVVN2liqm7VZIqrkqoksqpUipZ3aNKq3tVGXWfKqvuV+XUA6q8qqAqqkrqQVVZPaSqqIdVVfWIqqaqqxqqpnpU1VKPqdrqcVVHPaHqqidVPfWUqq+eVg3UM6qhelY1Us+pxup51UQ1Vc1Uc9VCvaBaqhdVK9VatVEvqbaqnWqvXlYp6hXVQb2qOqrXVCf1uuqs3lBd1Juqq+qmuqsr6qryqqfqpVJVb9VHvaP6qn6qvxqgBqp31SD1nhqs3ldpaogaqj5Qw9SHarj6SI1QI9UoNVqNUWPVODVeTVAT1ST1sZqsPlFT1KdqqpqmpqsZKl3NVP3/VmnufyP/k3+SP/iPs29RW9U3apvarnaonWqX2q32qD1qn9qnDqgDKltlq4PqoDqkDqnD6rA6oo6oo+qoOqaOqePquDqhTqiT6pS6qM6os+o3dU6dV+fVRXVJXVKX//YzEBq01EprHegYnUvH6tw6Tt+i4/WtOo++TUf07TpB36Hz6jt1Pp1fF9AFdaIupAtro1FbTTrURXRRHdV36WL6bp2ki+sSuqR2upRO1vf8y/k3Wl8L3UK31C11K91Kt9FtdFvdVrfX7XWKTtEddAfdUXfUnXQn3Vl31l10F91Vd9XddXfdQ/fQPXVPnapTdR/9ju6r++n+eoAeqN/Vg/QgPVgP1mk6TQ/VQ/UwPUwP18P1CD1Cj9Kj9Bg9Ro/T4/QEPUFP0pP0ZD1ZT9FT9FQ9VU/X03W6Ttez9Cw9W8/Wc/VcPU/P0/P1fL1QL9QZOkMv1ot1ps7US/VSnaWX6WV6hV6hV+lVeo1eo9fpdXqD3qA36U06S2/VW/U2vU3v0Dv0Lr1L79F79D69Tx/QB3S2ztYH9UF9SB/Sh/VhfUQf0Uf1UX1MH9PH9XF9Qp/QJ/VJfVqf1mf1WX1On9MX9AV9SV/Sl/VlfVVfvXbZF8hABjrQQUwQE8QGsUFcEBfEB/FBniBPEAkiQUKQEOQN7gzyBfmDAkHBIDEoFBQOTICBDSgIgyJB0SAa3BUUC+4OkoLiQYmgZOCCUkFycE9QOrg3KBPcF5QN7g/KBQ8E5YMKQcWgUvBgUDl4KKgSPBxUDR4JqgXVgxpBzeDRoFbwWFA7eDyoEzwR1A2eDOoFTwX1g6eDBsEzQcPg2aBR8FzQOHg+aBI0DZoFzYMW/9b63p/L/6LraXqZVNPb9DHvmL6mn+lvBpiB5l0zyLxnBpv3TZoZYoaaD8ww86EZbj4yI8xIM8qMNmPMWDPOjDcTzEQzyXxsJptPzBTzqZlqppnpZoZJNzPNLPOZmW3mmLnmczPPfGHmmwVmoVlkMsyXZrFZYjLNV2ap+dpkmWVmuVlhVppVZrVZY9aadWa92WA2mk1ms9litppvzDaz3ewwO80us9vsMXvNPrPfHDDfmmzznTlo/mIOme/NYfODOWJ+NEfNT+aY+dkcN7+YE+ZXc9KcMqfNGXPW/GbOmfPmgrloLpnfzWVzxVw1/trF/bW3d9SoMQZjMBZjMQ7jMB7jMQ/mwQhGMAETMC/mxXyYDwtgAUzERCyMhfEaQsIiWASjGMViWAyTMAlLYAl06DAZk7E0lsYyWAbLYlksh+WwPJbHilgRH8QH8SF8CB/Gh/ERfASrY3WsiTWxFtbC2lgb62AdrIt1sR7Ww/pYHxtgA2yIDbERNsLG2BibYBNshs2wBbbAltgSW2ErbINtsC22xfbYHlMwBTtgB+yIHbETdsLO2Bm7YBfsil2xO3bHHtgDe2JPTMVU7IN9sC/2xf7YHwfiQByEg3AwDsY0TMOhOBSH4TAcjsNxBI7EUTgax+BYHIfjcQJOxEk4CSfjZJyCU3AqTsXpOB3TMR1n4SycjbNxLs7FeTgP5+N8XIgLMQMzcDEuxkzMxKW4FLMwC5fjclyJK3E1rsa1uBbX43rciBtxM27GrbgVt+E23IE7cBfuwj24B/fhPjyABzAbs/EgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8CSexNN4Gs/iWTyH5/ACXsBL+Dtexit4FT3G2tw2zt5i4+2tNo+9zf5jXMAWtIm2kC1sjc1n8/9djNbaJFvclrAlrbOlbLK9509xeVvBVrSV7IO2sn3IVvlTXMs+Zmvbx20d+4StaR/9u7iufdLWs8/Z+vZ528A2tQ1tc9vIPmcb2+dtE9vUNrPNbVvbzra3L9sU+4rtYF/9U7zYLrFr7Tq73m6w++x+e8FetMfsz/aS/d32tL3sQPuuHWTfs4Pt+zbNDvlTPMqOtmPsWDvOjrcT7MQ/xdPtDJtuZ9pZ9jM72875U5xhv7TzbKadbxfYhXbRH/G1NWXar+xS+7XNssvscrvCrrSr7Gq75n+vdYXdZDfbLXaP3Wu32e12h91pd9ndf8TX9nHAfmuz7Xf2qP3JHrLf28P2uD1if/wjvra/4/YXe8L+ak/aU/a0PWPP2t/sOXv+j/1f2/sZe8Vetd4KApKkSFNAMZSLYik3xdEtFE+3Uh66jSJ0OyXQHZSX7qR8lJ8KUEFKpEJUmAwhWSIKqQgVpSjdRcXobkqi4lSCSpKjUpRM91BpupfK0H1Ulu6ncvQAlacKVJEq0YNUmR6iKvQwVaVHqBpVpxpUkx6lWvQY1abHqQ49QXXpSapHT1F9epoa0DPUkJ6lRvQcNabnqQk1pWbUnFrQC9SSXqRW1Jra0EvUltpRe3qZUugV6kCvUkd6jTrR69SZ3qAu9CZ1pW7Und6iHvQ29aRelEq9qQ+9Q32pH/WnATSQ3qVB9B4NpvcpjYbQUPqAhtGHNJw+ohE0kkbRaBpDY2kcjacJNJEm0cc0mT6hKfQpTaVpNJ1mUDrNpFn0Gc2mOTSXPqd59AXNpwW0kBZRBn1Ji2kJZdJXtJS+pixaRstpBa2kVbSa1tBaWkfraQNtpE20mbbQVvqGttF22kE7aRftpj20l/bRfjpA31I2fUcH6S90iL6nw/QDHaEf6Sj9RMfoZzpOv9AJ+pVO0ik6TWfoLP1G5+g8XaCLdIl+p8t0ha6SJxFCKEMV6jAIY8JcYWyYO4wLbwnjw1vDPOFtYSS8PUwI7wjzhneG+cL8YYGwYJgYFgoLhybE0IYUhmGRsGgYDe8Ki4V3h0lh8bBEWDJ0YakwObwnLB3eG5YJ7wvLhveH5cIHwvJhhfC5JyqFD4aVw4fCKuHDYdXwkbBaWD2sEdYMHw1rhY+FtcPHwzrhE2GZ8MmwXvhUWD98OmwQPhM2DJ8NG4XPhY3D58MmYdOwWdg8bBG+ELYMXwxbha3DNuFLYduwXdg+fDlMCV8JO4Sv3vB4atg77BO+E74Tev+4WhhdFM2IfhldHF0SzYx+FV0a/TqaFV0WXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEvW+Zi7hwEmnnHaBi3G5XKzL7eLcLS7e3eryuNtcxN3uEtwdLq+70+Vz+V0BV9AlukKusDMOnXXkQlfEFXVRd5cr5u52Sa64K+FKOudKuWTX3LVwLVxL96Jr5Vq7Nu4l95Jr59q5l93L7hXXwb3qOrrXXCf3uuvs3nBvuDddV9fNdXdvuR7ubdfT9XKpLtX1cX1cX9fX9Xf93UA30A1yg9xgN9iluTQ31A11w9wwN9wNdyPcCDfKjXJj3Bg3zo1zE9wEN8lNcpPdZDfFTXFT3VQ33U136S7dzXKz3Gw32811c928pHluvpvvFrqFLsNluMVusct0mW6pW+qyXJZb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3bZ7qA76A65Q+6w+8EdcT+6o+4nd8z97I67X9wJ96s76U650+6MO+t+c+fceXfBXXSX3O/usrvirjrvJkU+jkyOfBKZEvk0MjUyLTI9MiOSHpkZmRX5LDI7MicyN/J5ZF7ki8j8yILIwsiiSEbky8jiyJJIZuSryNLI15GsyLLI8siKyMrIqoj3hbaFvogv6qP+Ll/M3+2TfHFfwpf0zpfyyf4eX9rfGyP8fb6sv9+X8w/48r6Cr+if9018U9/MN/ct/Au+pX/Rt/KtfRv/km/r2/n2/mWf4l/xHfyrvqN/zXfyr/vO/g3fxb/pu/puvrt/y/fwb/uevpdP9b19H/+O7+v7+f5+gB/o3/WD/Ht+sH/fp/khfqj/wA/zH/rh/iM/wo/0o/xoP8aP9eP8eD/BT/ST/Md+sv/ET/Gf+ql+mp/uZ/h0P9PP8p/52X6On+s/9/P8F36+X+AX+kU+w3/pF/slPtN/5Zf6r32WX+aX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q//Gb/Pb/Q6/0+/yu/0ev9fv8/v9Af+tz/bf+YP+L/6Q/94f9j/4I/5Hf9T/5I/5n/1x/4s/4X/1J/0pf9qf8Wf9b/6cP+8v+Iv+kv/dX/ZX/FX+nzXGGGOMsf8WdYPjvf/J9+TfxjV9hBC3bi945B9rbsz313k/mdg2IoR4pVeXZ/5jVKuWmpr6t9dmKREUXSCEiFzPjxHX42WijWgnUkRrUfqfrq+f7HaJblA/er8Qcf8pJ1Zcj6/Xv/e/qD923g3rLxAiqej1nNzieny9fpn/on7+ljeon/v7SUK0+k858eJ6fL1+snhRvCpS/u6VjDHGGGOMMcbYX/WTFTvd6P722v15or6ek0tcj290f84YY4wxxhhjjLGb7/Vu3V9+ISWldSee8IQn/7MmUghx085+s/8yMcYYY4wxxv7drl/03+yVMMYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjOdf/j48Tu9l7ZIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxm62/xUAAP//9kMzGA==") r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r5, 0x800) lseek(r5, 0x200, 0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0) sendfile(r5, r6, 0x0, 0xf800) 1.067169661s ago: executing program 4 (id=2156): sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0xec, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0xcd, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @random="f7ab87594b3f"}, 0x0, 0x0, @random, @val, @void, [{0xdd, 0x7, "8b7668a21729e4"}, {0xdd, 0x9e, "d8a062cc132f8c370fffcfbf6c255947985b88cb9f22e02d96f87d9c0a6796487053adb1a2d1f8ed33d6ef7faf4ba99f81c72edefbc742d2d897c0fb6eb2289c22b03871ec6ddb7398d4b5509078903c634145233d8a7a9a2fc09946ff1a847d43452a17ee7a24318e4ed910599f7ebc8291d4dd528566752ef4090016895d45162f023cde71dbd618a52517986b705c5e653ee0e7edda93407e44be1c20"}]}}]}, 0xec}}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) syz_emit_ethernet(0x86, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private0, [@dstopts={0x80, 0x0, '\x00', [@ra={0x5, 0x3a}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000740)={0x1, 0xfffe, 0x0, 0x5, 0xdf, 0x5, 0xf, 0x2000004, r4}, 0x20) 166.156606ms ago: executing program 3 (id=2157): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3200400, &(0x7f0000000140)=ANY=[], 0x3, 0xa73, &(0x7f0000003cc0)="$eJzs3U2MG1cBAOA33vUmm6TEKQldktAm/LTlp7vNZgk/ETRVcyFqKm6VKi5RmpaINCBSCVpVIsmJG62qcIUiTuVQAUJqLyjqiUslGolLT4UDB6IgVeIAhcRove95xy92x/uTtb3+Punt85s39nszOzMez8x7LwBjq9b6u7AwU4Rw5a1Xj//j/r9PL055pD1Ho/V3spSqhxCKmJ7MPu/9iaX45gcvne4WF2G+9TelwxM32u/dHkK4GA6Eq6ER9l659so784+fvHTi8sF3Xz96/c4sPQAAjJdvXz26sOevf96368M37j0WtrSnp/PzRkzviOf9x+KJfzr/r4XOdFEKZVPZfJMx1LL5JrrMVy6nns032aP8qexz6+38fR3zbakof6I0rdtywyhL23EjFLXZjnStNju79Js8tH7XTxWz58+ee+bCgCoKrLt/3RdCOCCsNDSbzZ+0VuAQ1EUQVhuaOwd9BAJYkt8vvM3F/MrC2rQ/bbK/8m88Wuv+flgHG739K3+0yv/1JUcc1s9m3ZrScqX9aEdM5/cR8ueXVrr/p8/L70fU+6xnr/sIo3J/oVc9Jza4HqvVq/75drFZfSPGaT18M8sv7z/5/3RU/sdAd//eqOv/r00P/FrnYjgwBHXY1KE+BHUQ+g7NQR+AgKG1/NzckmaU8vPn+vL8LRX5Wyvypyvyt1Xkb6/Ih3H2++d/Fl4uln/n57/pV3o9LF1nuyvGH1thffLrkSstP3/ud6XWWn7+PDEMszdPPXnmq08/dW3p+f+ivf3fitv7gZhuxH3rapwhXS/Mr6u3n/1vdJZT6zHf3Vl97rpt/uZSibs75yt2L39OKB1nbqvHTOf7dvaab3/nfI1svukYtmb1zc9PtmXvS+cf6bia1tdktrz1bDmmsnqk48quGOf1gNVI22Ov5//T9jkT6sUzZ8+deTim03b6p4n6lsXph8of+puNqTuwNv22/5kJne1/drSn12vl48LO5elF+bjQyKbPLyXbt8nT9MMxnb7nvjsx3Zo+e/r7555e74WHMXfhhRe/d+rcuTM/9CK9mLZavPCi6sixWZ8chPEx9/xzP5i78MKLD5197tSzZ549c/7wkSOH5+ePfO3wwlzrvH6ufHYPbCbLX/qDrgkAAAAAAAAAAADQrx+dOH7tL29/5b2l9v/L7f9S+//05G9q///TrP1/3k4+tQpI7QB3dclvjbv3Zmc9prL56jF8PKvv7qycPdn7PhHj9jh+sf1/am+f9+ua6nNPNj3vvzfNl3UncFt/KVNZHyTt8QJjg/1Px/TlGP8qwAAV090nx7iqf+u0raf+KfRLMZrS/y1tDakfk9T+u1e/Tun4v2sD6sj624jmhINeRqC7fw79+J+lM/GB1+UjQ7M5+DqsPQz/ehbWMTSbRvEAhsOgx/9M1z1TfP6P39q6GNJsNx7tPF7m/ZfCWgz7+JPK31zjf7bHv+vr+Neld/WOfp77H13hP7+4/l6p2LC33+NvvvypH+jd1WWWfRjLT8v/QOiv/OZrWfn5DaE+/Tcrf1uf5d+2/PtXV/7/YvlptT34mX7LX6pxUeusR37dON3/y68bJzez5U99e654+Vc5UOOtWD6Ms97jzPY7gu1wGpXxf3vJn8P4ckynA2F6ziH/Rl5p/dPzFel7YE/2+UXF99uojFPcy7iP//v1GFftD2n837Q9Nrqka6V0vcu6HfVtBTab94f+/t+IhYtDUAdhSMNwjIFdDs1mc6AdeetFfLAGvf4Hffd50OUPev1Xycf/zc/h8/F/a9kPiHz83/z9+fi/eX4+vl6en4//m6/PfPzfPP+e7HPzK9gzFfmfrMjfW5G/bzl/ulv+/or3f6oi/2BF/r0V+fdV5N9dkT9Rkf/ZivzPVeTfX5H/YEX+5yvyN7tWe5TSTjVuyw/jLG+fZ/+H8ZHu//Ta/3dX5AOj6+dvHHrsqd99p7HU/n+q/Xst3cc7FtP1+Nv5xzGd3/cOpfRi3tsx/bcsf9ivd8A4yfvPyL/fH6jIB0ZXes7L/g1jqOjeY09+v61Xv1W9zvMZLV+I8Rdj/KUYPxTj2RjPxfhQjOc3qH7cGY/99g9HXy6Wf+/vzPL7fZ48bw+U9xN1uM/65NcHVvo8e96P30qttfxVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmFrr78LCTBHClbdePf7kybNzi1Meac/RaP2dLKXq7feF8HCMJ2L8y/ji5gcvnS7Ht2JchPlQhKI9PTxxo13S9hDCxXAgXA2NsPfKtVfemX/85KUTlw+++/rR63duDQAAAMDm9/8AAAD//6ZSGwg=") syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xaa6, &(0x7f0000001100)="$eJzs3U2MW0cBAOCxd73JJilxSkKXNLQJhbb8dNNslvATQVIlQiJqKsSlUsUlStMSEYJEkYCqEklO3GhVBYkTP+LUS1UQEr2gqCculWikCqmnwoEDURCVOEAgcRXvjNee2H22s+tnx98njcfz5j3PvOfn5/c7E4CpVW2+Li8vVEK4+PrLR//x4N/nbw451Bqj3nydbUvVQgiVmJ7NPu/dmZX4+nsvnOwWV8JS8zWlwxNXW9NuDiGcC7vDpVAPOy9efunNpcePnz92Yc9brxy8sj5zDwAA0+Xrlw4u7/jrn+/ddu3V+w6HDa3haf+8HtNb4n7/4bjjn/b/q6EzXWkL7eay8WZjqM53jjfTZbz2cmrZeLM9yp/Lyq/1GG9D+ODyZ9qGdZtvmGRpPa6HSnWxI12tLi6uHJOH5nH9XGXx7OkzzzxXUkWBNffv+0MIu9vCkQud6XELh8agDkOGxhjUYSLD4dGVda2xovR5HlFobC17CwSwIr9eeItz+ZmF29P6tNn+yr/6WLX79LAGRr3+D1T+XMnlB+X/5rwtDmvnTl2b0nyl39GWmM6vI+T3L/X+/eVXOjqH5tcjan3Ws9d1hEm5vtCrnjMjrsewetU/Xy/uVF+OcVoOX8ny238/+Xc6Kd8x0N1/8vP/giCMdwgd6drtfFaj5O0PML7y++Ya6fpolN/Xl+dvKMjfWJA/X5C/qSB/c0E+TLPfff+n4cXK6nF+fkw/6PnwdJ7trhh/aMD65OcjBy0/v+93ULdbfn4/MYyzP5x48tQXnn7q8sr9/5XW+n8jru/pcKMef1uX4gjpfGF+Xr1173+9s5xqj/HuzupzV5fxm++3d45X2b76OaFtO3NLPRY6p9vaa7xdnePVs/HmY9iY1TffP9mUTZf2P9J2NS2v2Wx+a9l8zGX1SNuVbTHO6wHDSOtjr/v/0/q5EGqVZ06fOfVoTKf19E8ztQ03h+8bcb2B29fv8z8LofP5ny2t4bVq+3Zh6+rwysp24bX4eZ3Dl1rldA7fH9Ppf+5bM/PN4Ysnv3vm6bWffZhqz/3o+W+fOHPm1Pe8GfrNV8ejGoO8SYct41Ifb8buTckbJmDd7f3xyk7AI6e/c+LZU8+eOrv/wIH9S0sHvrh/eW9zv35v+959u3Ml1BZYS6t/+mXXBAAAAAAAAAAAAOjXD44dvfz2G59/Z+X5/9Xn/9Lz/+nO3/T8/0+y5//z5+TTc/DpOcBtXfKb42QNrM5l49Vi+HBW3+1ZOTuy6T4S41Y/fvH5/1Rc3q5rqs892fBaj2TWnMAt7aXMZW2Q5P0FfjzGF2L86wAlqsx3Hxzjovat07qe2qdoa5eioX3gyZG+t7Q2pHZM0vPfXdt1avuyt42gjqy9UTxOWPY8At39c6ra//7X6oyXXhehd5gdbXk/n951otFzL73fHmwA1kbZ/X+m854pPvvHr228GdJoVx/r3F7m7ZfCIP7ydmd63PufXO/y8377Rl1+2fM/6v4/W/3f9b39y3rMqw9X7n9/ceWdtmLDzn7Lz+c/tQO9fbDyr8Xy09w8FPorv/GrrPz8glCf/peVv6nP8m+Z/13Dlf//WH5abA8/0G/5KzWuVDvrkZ83Ttf/8vPGyfVs/lPbnh9Q/jee7zb/Q3bUeCOWD9NsUvqZHVS2H9HaaR++/9/o3Nr2/9uqbLZZy+/D+FxMpw1xus8h7+9k0Pqn+yvS/8CO7PMrBf9v+v+dbF+KcdHvIfX/m9bHevzLb0s3l2VK17os2zt1WwOT6t2puv43EWHjGNRB6D80ZoaYrtVPXMn1bzQa63tCq0CphVP68i/7OKHs8ste/kXy/n/zffi8/988P+//N8/P+//N8+fjN9QrP+//N1+eef+/ef492efm/QMvFOR/tCB/Z/f81mH7vQXT7yrI/1hB/p5W/qGOMVL+fQXT31+Qf3dB/gMF+Z8oyP9kQf6DBfkPt+W39wGd8j9VMP2dLj2PMq3zD9Msfz7P7x+mR7r+0+v3v70gH5hcP3t135GnfvvN+srz/3Ot8yHpOt7hmK7F46cfxnR+3Tu0pW/mvRHTf8vyx/18B0yTvP2M/P/9oYJ8YHKl+7z8vmEKVTZ2Hxzjonareu3nM1k+HePPxPizMX4kxosx3hvjfTFeGlH9WB9HXvv9wRcrq8f7W7P8fu8nz58H6mgnKoSwv8/65OcHBr2fPW/Hb1C3W/6Qj4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUptp8XV5eqIRw8fWXjz55/PTem0MOtcaoN19n21K11nQhPBrjmRj/Mr65/t4LJ9vjGzGuhKVQCZXW8PDE1VZJm0MI58LucCnUw86Ll196c+nx4+ePXdjz1isHr6zfEgAAAIA73/sBAAD//weuDxQ=") openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f00000001c0)={'wg1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x21916}}, 0x20}}, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000080)=0x8, 0x4) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0xe22}, 0x1c) creat(&(0x7f0000000100)='./file0\x00', 0x0) r6 = inotify_init() inotify_add_watch(r6, &(0x7f0000000040)='./file0\x00', 0x584) setxattr$system_posix_acl(&(0x7f00000015c0)='./file0\x00', &(0x7f0000001600)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x2fc, &(0x7f0000001bc0)=ANY=[@ANYBLOB="ffffffffffff0000000000000800442802ee00660000012f9078ffffffffac14140a8927f9ac141414ac1414357f000001640101007f00000100000000e0000002e0000001ffffffff440c8d00000000000000000189075c0000000000000421880b0082000016e65f248dee1c0946ae42cf18efc07b39df2a2d1a9946276575594c0b4c4d9089e19368829b1780123769cd75eee945fdc5af594515bcea5d3fb156b7a6e6a577466afde2acd0540a7c3edec1cbc0bf9bc69ee0431f27f6b76f4680a6dd9506eb0f80e4cce05a427913cfe7abe16b4ff52bf64c3c279565cc4d8cf416638b6119c20c0008008001000aa9e9cb278a95391ac95753abd41be49a7a7817790b0d537f72aa64dbbe3e90fd41775b782cd160072c0a2aba0586a9bbfc1954c6ecb3c488085787a59fe5b3b406c4ef29d739222a712fa0c0da317b92a4d8f89a2c6f82c54c3dbf0e3d644423a7657d7049ac93403855a6de2cea7245dd1855d48b3559293fda763bf7ed842a85ed88aad529769698c87af7355c7470a25dae17faef2cbfa46f89d6c542a25616eb58f26f0230257e766cbf87861151db7ffbfd976d34f5537b8c172c9cf1abe5b7abc387a712726ae51c9a36838d11fb8f5e336fb6a3e9c6de26af0ab719aa7ebace0b31ba3f22211028ff090086dd00810000fccfe1d22777a01191c19b409c1b6cb7d7c513e6e127a88b7dba9676c188f979603c32ad2b78147cff8aa5edec3b031957397c2abb391ba50362e9e6a055d3853b14742eee468512a2a8535fc9763c569c3220c0ce9a9d3d4597c42e1f377688530a4c7e9fc66390080088be08000003170435050100000000000005080022eb000000002d01f50702000000000000b50400c911080065580000000371e609c6886f6a857335fe7b1426633c6844a814e4f8b0f76d9fafd84f11c93c939f29b5480c4fc59e08d1555ff4f68f375e25e56ced7e46b588d297e8e87dbf85ac7a7904099363150706af2a2dcdc749467f5bcf254e85fd3d114df5f876a433ecb7ee0b8bee97494bef1e535b42451bece7592fd6570fef18daf3525b23ce8363f8aad3b70f430ab931f806b4421942df869a0440f4dfba3d91f1f118c3b951df9ab728ff0c0aac59c5843d787ab8f24a936a4b273af2a35aa20fa886d692bf5c8810edadef5d76860ff57bd64fb5fa78ab949811bbbf352c1195a2a253565b9cd6b8dcaffd8546507e8fdcd699983089cfaa9a79fe3d4b9576a498f03443a1a3ab33442cb4733d068e40b35bf4d0f36cdd03480da3cf809a28777680573cd46f73dbce1f9ef3461ad0f17bd2562bfd138fe5ac91ed85b0a0d36db397567baedb0c26d341b530f6f534125eeee88f1c37ff800cc73d9b159244f9f44ec866ed730000000000000000"], 0x0) syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x1038, 0x1410, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xb, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x3, 0x7, {0x9, 0x21, 0x3, 0x7, 0x1, {0x22, 0xba1}}, {{{0x9, 0x5, 0x81, 0x3, 0x7fbfb797099a8ce, 0x2, 0x9, 0x80}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x5, 0x1, 0x3}}]}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x300, 0x4, 0x8, 0x9, 0x40, 0x40}, 0xda, &(0x7f0000000280)={0x5, 0xf, 0xda, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x2, 0x7, 0x2}, @generic={0xb7, 0x10, 0xa, "8c7519fdf7b82232711b99b1b4f949f9ca3085529b89f993d1b7f8a5ebb6cbb6e6766e0755e05a1d1862c9145311f969aa723e0904466b4bbc62e30503afa69af83ed6d9ebe17fdb8d904b29fc58b1c1c925a6de6c711c94c79d14d2a9fb9486e07cd7ec5f5bdc970d0363348b3fcc6c0aa2714f23594cd887517729fd5b68fc4a20508d43a8d5d6183c63784cf7ea95dec2a2f13f4367ed09ab0c7fa53c2a8f74d155951edc6a812b02ac25ccf4977f03265f81"}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "b49d6158d989530e956beed83a987838"}]}, 0x8, [{0x2e, &(0x7f0000000380)=@string={0x2e, 0x3, "0813c4313dbad5462fbf7ae312f303f8eb0f3454a918f7d41196aea9290888c76b91c84276c793ca2170af4f"}}, {0x39, &(0x7f0000000440)=@string={0x39, 0x3, "4e615b905680b77bd36b4fa8b71d3aa79666cd3ae72af5374c322df8a0451612fc582e32e0533c57c8495a06a7cd4248a2d99c848e8053"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x404}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x42d}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x441}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0xc0a}}, {0xeb, &(0x7f0000000580)=@string={0xeb, 0x3, "913276ee826e2cbbc2e506006904be7f039d3e160bff97578bb2c76933be19e357e4ce3693a695f15ad6e3415dd30b3161bd8700f51b63ff5cd54ed6fb08f4c12318144475b192b1550de8b044a9fb2270104c0ad5ba7255d4c4d4450c8a26a4d0d9ee110d5eaf7e5799761ac22fd4bece85be0b707cda7fe501e3886438ca2e32ba9db0b6379c3bea51257b52fd41260a7587410a46ce653750c6e4652da7c65552055023d54dbd1770dc5d65748f7b14450bd4c37f0ca3618608c3b2ffd47091d237939727ec73f07e8ca6755eba1bde7e643e540440e8b62c36678bb849573472da79120f12ae48"}}, {0xe0, &(0x7f0000000680)=@string={0xe0, 0x3, "5c85022626fe7c80300c4e126cbc4a5c34bde4841c6b3c61a3e0ea58e00fd2d0d32dedaccc28a27bb72686f36b599bf3fd5251bb96e402c1cb4e3e0221cfbf131837fcbaaee289a59fff9ccc15ec45a33e57edc4a18c04a4c1fef89bac28c1dd87d04eb3643e40ce62547b7bb3c61db6c590e90e241fb4d14ff835519bc1a56867beb1d43c239d4c2b1b88f90ac63d1c7bad4520fde709cbe5d7c9065271cb0c0da1476e1e16fdad21311aadf317bb96642f30b58207e746705ed909a55b03429729f157ff2b1c186dccc03ecf5d85e3ab088df123108861e1647ceada17"}}]}) syz_emit_ethernet(0x3e, &(0x7f0000000840)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaabb08004500003000000000000190780a010102ad1414aa0800907807000000000000000000000000000000ac1414bbac1e0001273cf75b8001e7817bac69344da545579732b2609b71f237267b41d7285b19a97e3983f7f3"], 0x0) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x16}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)={0x70, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r4}, @WGDEVICE_A_PEERS={0x54, 0x8, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x4}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ALLOWEDIPS={0x20, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}]}]}]}]}, 0x70}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)) syz_io_uring_setup(0x442b, &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000000180)) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 165.765726ms ago: executing program 0 (id=2158): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='sched_switch\x00', r0}, 0x18) r1 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x80fe, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483e0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) (fail_nth: 5) 0s ago: executing program 4 (id=2159): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@errors_remount}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@stripe={'stripe', 0x3d, 0x4}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xfffffffffffffffe}}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchmod(r0, 0x408) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) lremovexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000000)=@known='system.posix_acl_access\x00') syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x80002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x200000100000011, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6(0xa, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r2, 0x4) kernel console output (not intermixed with test programs): 01f7c0 [ 935.691428][T11936] [ 935.696429][ T6027] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 935.786178][T10215] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 935.803485][ T6027] usb 5-1: device descriptor read/8, error -71 [ 935.925218][ T6027] usb usb5-port1: unable to enumerate USB device [ 935.993347][T10215] usb 4-1: device descriptor read/64, error -71 [ 936.113415][ C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 936.274013][T10215] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 936.463373][T10215] usb 4-1: device descriptor read/64, error -71 [ 936.593632][T10215] usb usb4-port1: attempt power cycle [ 937.013468][T10215] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 937.113616][T10215] usb 4-1: device descriptor read/8, error -71 [ 937.385910][T10215] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 937.503623][T10215] usb 4-1: device descriptor read/8, error -71 [ 937.554891][T11951] FAULT_INJECTION: forcing a failure. [ 937.554891][T11951] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 937.633722][T10215] usb usb4-port1: unable to enumerate USB device [ 937.680678][T11951] CPU: 1 PID: 11951 Comm: syz.4.1893 Not tainted 5.15.168-syzkaller #0 [ 937.688953][T11951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 937.699015][T11951] Call Trace: [ 937.702303][T11951] [ 937.705234][T11951] dump_stack_lvl+0x1e3/0x2d0 [ 937.709919][T11951] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 937.715565][T11951] ? panic+0x860/0x860 [ 937.719646][T11951] ? snprintf+0xd6/0x120 [ 937.723891][T11951] should_fail+0x38a/0x4c0 [ 937.728320][T11951] _copy_to_user+0x2d/0x130 [ 937.732837][T11951] simple_read_from_buffer+0xc6/0x150 [ 937.738221][T11951] proc_fail_nth_read+0x1a3/0x210 [ 937.743256][T11951] ? proc_fault_inject_write+0x390/0x390 [ 937.748898][T11951] ? fsnotify_perm+0x442/0x590 [ 937.753665][T11951] ? proc_fault_inject_write+0x390/0x390 [ 937.759300][T11951] vfs_read+0x2fc/0xe10 [ 937.763466][T11951] ? kernel_read+0x1f0/0x1f0 [ 937.768061][T11951] ? __fget_files+0x413/0x480 [ 937.772754][T11951] ? mutex_lock_nested+0x17/0x20 [ 937.777694][T11951] ? __fdget_pos+0x2cb/0x380 [ 937.782282][T11951] ? ksys_read+0x77/0x2c0 [ 937.786615][T11951] ksys_read+0x1a2/0x2c0 [ 937.790858][T11951] ? print_irqtrace_events+0x210/0x210 [ 937.796320][T11951] ? vfs_write+0xe50/0xe50 [ 937.800738][T11951] ? syscall_enter_from_user_mode+0x2e/0x240 [ 937.806737][T11951] ? lockdep_hardirqs_on+0x94/0x130 [ 937.811944][T11951] ? syscall_enter_from_user_mode+0x2e/0x240 [ 937.817930][T11951] do_syscall_64+0x3b/0xb0 [ 937.822349][T11951] ? clear_bhb_loop+0x15/0x70 [ 937.827030][T11951] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 937.832930][T11951] RIP: 0033:0x7f80fc7e8a3c [ 937.837441][T11951] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 937.857050][T11951] RSP: 002b:00007f80fac62030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 937.865487][T11951] RAX: ffffffffffffffda RBX: 00007f80fc9a1f80 RCX: 00007f80fc7e8a3c [ 937.873462][T11951] RDX: 000000000000000f RSI: 00007f80fac620a0 RDI: 0000000000000003 [ 937.881442][T11951] RBP: 00007f80fac62090 R08: 0000000000000000 R09: 0000000000000000 [ 937.889412][T11951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 937.897386][T11951] R13: 0000000000000000 R14: 00007f80fc9a1f80 R15: 00007fff1a54f458 [ 937.905407][T11951] [ 937.908491][ C1] vkms_vblank_simulate: vblank timer overrun [ 938.013435][T11955] loop3: detected capacity change from 0 to 256 [ 938.266371][T11955] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 938.402218][ T26] kauditd_printk_skb: 22 callbacks suppressed [ 938.402253][ T26] audit: type=1804 audit(1729313339.063:292): pid=11955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1894" name="/newroot/20/file0/bus" dev="loop3" ino=1048729 res=1 errno=0 [ 938.752640][T10212] Bluetooth: hci2: command 0x0406 tx timeout [ 938.910863][ T26] audit: type=1800 audit(1729313339.063:293): pid=11955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1894" name="bus" dev="loop3" ino=1048729 res=0 errno=0 [ 939.058482][T11959] FAULT_INJECTION: forcing a failure. [ 939.058482][T11959] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 939.193441][T11959] CPU: 1 PID: 11959 Comm: syz.4.1896 Not tainted 5.15.168-syzkaller #0 [ 939.202067][T11959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 939.212125][T11959] Call Trace: [ 939.215406][T11959] [ 939.218335][T11959] dump_stack_lvl+0x1e3/0x2d0 [ 939.223288][T11959] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 939.229011][T11959] ? panic+0x860/0x860 [ 939.233086][T11959] ? __lock_acquire+0x1295/0x1ff0 [ 939.238109][T11959] should_fail+0x38a/0x4c0 [ 939.242537][T11959] prepare_alloc_pages+0x1db/0x5b0 [ 939.247743][T11959] __alloc_pages+0x14f/0x700 [ 939.252337][T11959] ? __rmqueue_pcplist+0x2030/0x2030 [ 939.257624][T11959] ? __lock_acquire+0x1ff0/0x1ff0 [ 939.262658][T11959] ? alloc_pages+0x458/0x570 [ 939.267254][T11959] skb_page_frag_refill+0x220/0x4b0 [ 939.272541][T11959] tun_get_user+0x1bd7/0x40f0 [ 939.277237][T11959] ? tun_ring_recv+0xcc0/0xcc0 [ 939.282019][T11959] ? rcu_lock_release+0x5/0x20 [ 939.286815][T11959] tun_chr_write_iter+0x10c/0x1e0 [ 939.291847][T11959] vfs_write+0xacd/0xe50 [ 939.296106][T11959] ? file_end_write+0x250/0x250 [ 939.300968][T11959] ? __fget_files+0x413/0x480 [ 939.305662][T11959] ? __fdget_pos+0x1e9/0x380 [ 939.310335][T11959] ? ksys_write+0x77/0x2c0 [ 939.314753][T11959] ksys_write+0x1a2/0x2c0 [ 939.319079][T11959] ? print_irqtrace_events+0x210/0x210 [ 939.324800][T11959] ? __ia32_sys_read+0x80/0x80 [ 939.329576][T11959] ? syscall_enter_from_user_mode+0x2e/0x240 [ 939.335568][T11959] ? lockdep_hardirqs_on+0x94/0x130 [ 939.340766][T11959] ? syscall_enter_from_user_mode+0x2e/0x240 [ 939.346737][T11959] do_syscall_64+0x3b/0xb0 [ 939.351161][T11959] ? clear_bhb_loop+0x15/0x70 [ 939.355836][T11959] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 939.361736][T11959] RIP: 0033:0x7f80fc7e8adf [ 939.366152][T11959] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 939.385764][T11959] RSP: 002b:00007f80fac62000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 939.394193][T11959] RAX: ffffffffffffffda RBX: 00007f80fc9a1f80 RCX: 00007f80fc7e8adf [ 939.402196][T11959] RDX: 000000000000008e RSI: 0000000020000100 RDI: 00000000000000c8 [ 939.410167][T11959] RBP: 00007f80fac62090 R08: 0000000000000000 R09: 0000000000000000 [ 939.418142][T11959] R10: 000000000000008e R11: 0000000000000293 R12: 0000000000000001 [ 939.426121][T11959] R13: 0000000000000001 R14: 00007f80fc9a1f80 R15: 00007fff1a54f458 [ 939.434120][T11959] [ 939.437192][ C1] vkms_vblank_simulate: vblank timer overrun [ 939.979230][T11961] loop1: detected capacity change from 0 to 256 [ 940.073803][T11961] exfat: Unknown parameter 'ioch!YŽã…Óarset' [ 940.090330][T11963] loop3: detected capacity change from 0 to 256 [ 940.179669][T11963] exfat: Unknown parameter 'ioch!YŽã…Óarset' [ 942.698754][T11961] loop1: detected capacity change from 0 to 40427 [ 942.799501][T11963] loop3: detected capacity change from 0 to 40427 [ 942.832836][T11961] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 942.883451][T11961] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 942.973318][T11963] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 943.013977][T11961] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12) [ 943.043811][T11963] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 943.114324][T11963] F2FS-fs (loop3): Failed to start F2FS issue_checkpoint_thread (-12) [ 943.885537][T11999] loop3: detected capacity change from 0 to 256 [ 944.194414][T11999] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 944.373135][ T26] audit: type=1804 audit(1729313345.033:294): pid=11999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1905" name="/newroot/22/file0/bus" dev="loop3" ino=1048730 res=1 errno=0 [ 944.811257][T12004] loop1: detected capacity change from 0 to 256 [ 944.850059][ T26] audit: type=1800 audit(1729313345.033:295): pid=11999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1905" name="bus" dev="loop3" ino=1048730 res=0 errno=0 [ 944.939447][T12004] exfat: Unknown parameter 'ioch!YŽã…Óarset' [ 945.220121][ T8933] ntfs: (device loop2): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 945.359412][ T3670] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 945.604265][ T3670] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 945.796925][ T3670] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 945.826358][T10215] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 945.872329][T12014] loop3: detected capacity change from 0 to 256 [ 945.906102][ T3670] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 945.944540][T12014] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb69a62dc, utbl_chksum : 0xe619d30d) [ 945.960959][T11994] chnl_net:caif_netlink_parms(): no params data found [ 946.079708][T12017] loop3: detected capacity change from 0 to 256 [ 946.095535][T12019] FAULT_INJECTION: forcing a failure. [ 946.095535][T12019] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 946.114103][ T23] Bluetooth: hci6: command 0x0409 tx timeout [ 946.124732][T12019] CPU: 0 PID: 12019 Comm: syz.4.1915 Not tainted 5.15.168-syzkaller #0 [ 946.133002][T12019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 946.143063][T12019] Call Trace: [ 946.146357][T12019] [ 946.149293][T12019] dump_stack_lvl+0x1e3/0x2d0 [ 946.154021][T12019] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 946.159657][T12019] ? panic+0x860/0x860 [ 946.163737][T12019] should_fail+0x38a/0x4c0 [ 946.168152][T12019] _copy_from_user+0x2d/0x170 [ 946.172831][T12019] strndup_user+0xb0/0x150 [ 946.177238][T12019] __se_sys_mount+0xde/0x3c0 [ 946.181816][T12019] ? print_irqtrace_events+0x210/0x210 [ 946.187370][T12019] ? __x64_sys_mount+0xc0/0xc0 [ 946.192121][T12019] ? syscall_enter_from_user_mode+0x2e/0x240 [ 946.198088][T12019] ? lockdep_hardirqs_on+0x94/0x130 [ 946.203275][T12019] ? __x64_sys_mount+0x1c/0xc0 [ 946.208037][T12019] do_syscall_64+0x3b/0xb0 [ 946.212442][T12019] ? clear_bhb_loop+0x15/0x70 [ 946.217108][T12019] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 946.222989][T12019] RIP: 0033:0x7f80fc7e9ff9 [ 946.227391][T12019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 946.246980][T12019] RSP: 002b:00007f80fac62038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 946.255379][T12019] RAX: ffffffffffffffda RBX: 00007f80fc9a1f80 RCX: 00007f80fc7e9ff9 [ 946.263334][T12019] RDX: 0000000020000100 RSI: 0000000020000140 RDI: 0000000020000000 [ 946.271288][T12019] RBP: 00007f80fac62090 R08: 0000000000000000 R09: 0000000000000000 [ 946.279243][T12019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 946.287196][T12019] R13: 0000000000000000 R14: 00007f80fc9a1f80 R15: 00007fff1a54f458 [ 946.295164][T12019] [ 946.347097][T10215] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 946.363917][T12017] exfat: Unknown parameter 'ioch!YŽã…Óarset' [ 946.413321][T10215] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 946.473345][T12004] loop1: detected capacity change from 0 to 40427 [ 946.479935][T10215] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 946.540261][T10215] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 946.569401][T10215] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 946.583073][T10215] usb 1-1: config 0 descriptor?? [ 946.654804][T10215] usb-storage 1-1:0.0: USB Mass Storage device detected [ 946.673900][T12004] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 946.680264][T12004] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 946.712977][T10215] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 946.793760][T11994] bridge0: port 1(bridge_slave_0) entered blocking state [ 946.824023][T11994] bridge0: port 1(bridge_slave_0) entered disabled state [ 946.832064][T12004] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 946.865523][T11994] device bridge_slave_0 entered promiscuous mode [ 946.887210][T11994] bridge0: port 2(bridge_slave_1) entered blocking state [ 946.897290][T12011] udc-core: couldn't find an available UDC or it's busy [ 946.903564][T11994] bridge0: port 2(bridge_slave_1) entered disabled state [ 946.918908][T12011] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 946.942994][T11994] device bridge_slave_1 entered promiscuous mode [ 947.041818][T12004] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 947.063268][T12004] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 947.098987][T11994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 947.159926][T11994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 947.324090][T11994] team0: Port device team_slave_0 added [ 947.356990][ T23] usb 1-1: USB disconnect, device number 10 [ 947.358303][T11994] team0: Port device team_slave_1 added [ 947.453874][T12041] attempt to access beyond end of device [ 947.453874][T12041] loop1: rw=2049, want=53256, limit=40427 [ 947.496486][T12041] attempt to access beyond end of device [ 947.496486][T12041] loop1: rw=2049, want=53320, limit=40427 [ 947.538972][ T26] audit: type=1804 audit(1729313348.143:296): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1904" name="/newroot/10/file1/file1" dev="loop1" ino=10 res=1 errno=0 [ 948.025973][T12017] loop3: detected capacity change from 0 to 40427 [ 948.074224][T11468] attempt to access beyond end of device [ 948.074224][T11468] loop1: rw=2049, want=45104, limit=40427 [ 948.102454][T12017] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 948.132574][T12017] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 948.166694][T12044] loop0: detected capacity change from 0 to 4096 [ 948.193375][T10215] Bluetooth: hci6: command 0x041b tx timeout [ 948.205497][T12017] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 948.205556][T11994] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 948.224020][T12044] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 948.264841][T11994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 948.345102][T11994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 948.424595][T11994] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 948.431563][T11994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 948.523385][T12017] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 948.530456][T12017] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 948.543262][T11994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 948.771105][T11994] device hsr_slave_0 entered promiscuous mode [ 948.794808][T12062] loop0: detected capacity change from 0 to 256 [ 948.834188][T11994] device hsr_slave_1 entered promiscuous mode [ 948.846677][T11994] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 948.871230][T11994] Cannot create hsr debugfs directory [ 948.895272][T12066] attempt to access beyond end of device [ 948.895272][T12066] loop3: rw=2049, want=53256, limit=40427 [ 948.921204][T12066] attempt to access beyond end of device [ 948.921204][T12066] loop3: rw=2049, want=53320, limit=40427 [ 948.942799][ T26] audit: type=1804 audit(1729313349.573:297): pid=12066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1914" name="/newroot/24/file1/file1" dev="loop3" ino=10 res=1 errno=0 [ 948.966290][ C1] vkms_vblank_simulate: vblank timer overrun [ 949.101505][T12062] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 949.253064][T12065] loop1: detected capacity change from 0 to 2048 [ 949.304042][ T26] audit: type=1804 audit(1729313349.783:298): pid=12062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1920" name="/newroot/70/file0/bus" dev="loop0" ino=1048731 res=1 errno=0 [ 949.335748][T11356] attempt to access beyond end of device [ 949.335748][T11356] loop3: rw=2049, want=45104, limit=40427 [ 949.423260][ T26] audit: type=1800 audit(1729313349.783:299): pid=12062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1920" name="bus" dev="loop0" ino=1048731 res=0 errno=0 [ 949.526218][T12065] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 950.091250][ T3670] device hsr_slave_0 left promiscuous mode [ 950.112839][ T3670] device hsr_slave_1 left promiscuous mode [ 950.141012][ T3670] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 950.166517][ T3670] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 950.187260][ T3670] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 950.206919][ T3670] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 950.224379][ T3670] device bridge_slave_1 left promiscuous mode [ 950.235879][ T3670] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.273435][ T6027] Bluetooth: hci6: command 0x040f tx timeout [ 950.286597][ T3670] device bridge_slave_0 left promiscuous mode [ 950.310585][ T3670] bridge0: port 1(bridge_slave_0) entered disabled state [ 950.351391][ T3670] device veth1_macvtap left promiscuous mode [ 950.386898][ T3670] device veth0_macvtap left promiscuous mode [ 950.404762][ T3670] device veth1_vlan left promiscuous mode [ 950.415656][ T3670] device veth0_vlan left promiscuous mode [ 950.497179][T12090] loop0: detected capacity change from 0 to 4096 [ 950.630647][T12090] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 950.970417][T12092] loop0: detected capacity change from 0 to 1764 [ 950.981441][ T3670] team0 (unregistering): Port device team_slave_1 removed [ 951.028281][ T3670] team0 (unregistering): Port device team_slave_0 removed [ 951.103621][ T3670] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 951.153062][ T3670] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 951.348509][ T3670] bond0 (unregistering): Released all slaves [ 951.403370][ T23] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 951.451908][T12087] device syz_tun entered promiscuous mode [ 951.481864][T12087] device batadv_slave_1 entered promiscuous mode [ 951.635313][T12105] loop3: detected capacity change from 0 to 256 [ 951.929796][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 952.003613][T12105] exFAT-fs (loop3): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x2d19abd0) [ 952.094682][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 952.370716][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 952.391094][ T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 952.413496][T12105] exFAT-fs (loop3): invalid boot region [ 952.423680][T12105] exFAT-fs (loop3): failed to recognize exfat type [ 952.443369][ T23] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 952.478552][T11994] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 952.505859][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 952.525362][ T23] usb 2-1: config 0 descriptor?? [ 952.534963][ T6027] Bluetooth: hci6: command 0x0419 tx timeout [ 952.708087][T12114] loop0: detected capacity change from 0 to 256 [ 952.870238][T11994] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 953.027492][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 953.186677][T12114] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 953.206990][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 953.371741][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 953.550453][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 953.773768][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 953.988879][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 954.211886][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 954.398192][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 954.403745][ T26] audit: type=1804 audit(1729313355.053:300): pid=12114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1930" name="/newroot/75/file0/bus" dev="loop0" ino=1048732 res=1 errno=0 [ 954.440537][ T26] audit: type=1800 audit(1729313355.053:301): pid=12114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1930" name="bus" dev="loop0" ino=1048732 res=0 errno=0 [ 954.472425][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 954.626162][ T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 955.010649][ T23] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0006/input/input7 [ 955.387476][T11994] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 955.473623][ T23] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 955.571724][ T23] usb 2-1: USB disconnect, device number 9 [ 955.582044][T12129] FAULT_INJECTION: forcing a failure. [ 955.582044][T12129] name failslab, interval 1, probability 0, space 0, times 0 [ 955.643449][T12129] CPU: 0 PID: 12129 Comm: syz.3.1932 Not tainted 5.15.168-syzkaller #0 [ 955.651736][T12129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 955.661820][T12129] Call Trace: [ 955.665115][T12129] [ 955.668064][T12129] dump_stack_lvl+0x1e3/0x2d0 [ 955.672774][T12129] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 955.678431][T12129] ? panic+0x860/0x860 [ 955.682515][T12129] ? __might_sleep+0xc0/0xc0 [ 955.687115][T12129] should_fail+0x38a/0x4c0 [ 955.691546][T12129] should_failslab+0x5/0x20 [ 955.696056][T12129] slab_pre_alloc_hook+0x53/0xc0 [ 955.699796][T11994] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 955.701003][T12129] __kmalloc_node_track_caller+0x6b/0x390 [ 955.713384][T12129] ? netlink_sendmsg+0x6f8/0xd60 [ 955.718328][T12129] ? kmem_cache_alloc_node+0x154/0x2c0 [ 955.723792][T12129] ? __alloc_skb+0xdd/0x590 [ 955.728310][T12129] ? netlink_sendmsg+0x6f8/0xd60 [ 955.733252][T12129] __alloc_skb+0x12c/0x590 [ 955.737672][T12129] netlink_sendmsg+0x6f8/0xd60 [ 955.742457][T12129] ? netlink_getsockopt+0x5b0/0x5b0 [ 955.747670][T12129] ? aa_sock_msg_perm+0x91/0x150 [ 955.752615][T12129] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 955.757902][T12129] ? security_socket_sendmsg+0x7d/0xa0 [ 955.763362][T12129] ? netlink_getsockopt+0x5b0/0x5b0 [ 955.768570][T12129] ____sys_sendmsg+0x59e/0x8f0 [ 955.773338][T12129] ? iovec_from_user+0x300/0x390 [ 955.778289][T12129] ? __sys_sendmsg_sock+0x30/0x30 [ 955.783336][T12129] ___sys_sendmsg+0x252/0x2e0 [ 955.788024][T12129] ? __sys_sendmsg+0x260/0x260 [ 955.792820][T12129] ? __fdget+0x191/0x220 [ 955.797070][T12129] __se_sys_sendmsg+0x19a/0x260 [ 955.801931][T12129] ? __x64_sys_sendmsg+0x80/0x80 [ 955.807147][T12129] ? syscall_enter_from_user_mode+0x2e/0x240 [ 955.813133][T12129] ? lockdep_hardirqs_on+0x94/0x130 [ 955.818352][T12129] ? syscall_enter_from_user_mode+0x2e/0x240 [ 955.824347][T12129] do_syscall_64+0x3b/0xb0 [ 955.828776][T12129] ? clear_bhb_loop+0x15/0x70 [ 955.833455][T12129] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 955.839354][T12129] RIP: 0033:0x7ffa88812ff9 [ 955.843777][T12129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 955.863389][T12129] RSP: 002b:00007ffa86c8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 955.871814][T12129] RAX: ffffffffffffffda RBX: 00007ffa889caf80 RCX: 00007ffa88812ff9 [ 955.879798][T12129] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 955.887775][T12129] RBP: 00007ffa86c8b090 R08: 0000000000000000 R09: 0000000000000000 [ 955.895876][T12129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 955.903856][T12129] R13: 0000000000000000 R14: 00007ffa889caf80 R15: 00007ffd701283d8 [ 955.911865][T12129] [ 956.077160][T12134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1933'. [ 956.393478][T11994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 956.446970][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 956.837013][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 956.913028][T11994] 8021q: adding VLAN 0 to HW filter on device team0 [ 956.944977][T12149] loop1: detected capacity change from 0 to 2048 [ 957.004825][ T556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 957.040689][ T556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 957.105317][ T556] bridge0: port 1(bridge_slave_0) entered blocking state [ 957.112410][ T556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 957.141293][T12161] loop0: detected capacity change from 0 to 256 [ 957.148733][ T556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 957.240500][T12149] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 957.304234][T12161] exfat: Unknown parameter 'ioch!YŽã…Óarset' [ 957.324790][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 957.360747][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 957.423915][T12143] UDF-fs: error (device loop1): udf_read_inode: (ino 1347) failed !bh [ 957.454721][ T3722] bridge0: port 2(bridge_slave_1) entered blocking state [ 957.461847][ T3722] bridge0: port 2(bridge_slave_1) entered forwarding state [ 957.564211][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 957.645699][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 957.714069][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 957.744022][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 957.843756][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 957.872475][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 957.886842][T12175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1943'. [ 957.914349][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 957.944899][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 957.983957][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 958.013620][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 958.029226][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 958.084118][T11994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 958.259647][T12185] loop3: detected capacity change from 0 to 256 [ 958.496478][T12164] chnl_net:caif_netlink_parms(): no params data found [ 958.919253][T12185] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 959.287161][T12161] loop0: detected capacity change from 0 to 40427 [ 959.324289][T12161] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 959.330665][T12161] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 959.397038][T12161] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 959.604304][T10609] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 959.615157][T10609] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 959.633669][T10215] Bluetooth: hci1: command 0x0409 tx timeout [ 959.645936][T12161] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 959.653167][T12161] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 959.801042][T12164] bridge0: port 1(bridge_slave_0) entered blocking state [ 959.810487][T12164] bridge0: port 1(bridge_slave_0) entered disabled state [ 959.819597][T12164] device bridge_slave_0 entered promiscuous mode [ 959.840773][T12222] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1948'. [ 959.976435][T11994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 960.007050][T12164] bridge0: port 2(bridge_slave_1) entered blocking state [ 960.081371][T12227] attempt to access beyond end of device [ 960.081371][T12227] loop0: rw=2049, want=53256, limit=40427 [ 960.123456][T12227] attempt to access beyond end of device [ 960.123456][T12227] loop0: rw=2049, want=53320, limit=40427 [ 960.162502][ T26] audit: type=1804 audit(1729313360.773:302): pid=12227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1941" name="/newroot/79/file1/file1" dev="loop0" ino=10 res=1 errno=0 [ 960.561731][T12164] bridge0: port 2(bridge_slave_1) entered disabled state [ 960.589449][T12164] device bridge_slave_1 entered promiscuous mode [ 960.717479][T10669] attempt to access beyond end of device [ 960.717479][T10669] loop0: rw=2049, want=45104, limit=40427 [ 960.740840][T12224] team0: Port device veth3 added [ 960.836506][T12164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 960.953561][T10609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 960.979264][T10609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 961.054318][T12164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 961.092833][T11994] device veth0_vlan entered promiscuous mode [ 961.207950][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 961.228874][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 961.282249][T12164] team0: Port device team_slave_0 added [ 961.306908][T11994] device veth1_vlan entered promiscuous mode [ 961.322186][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 961.355772][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 961.374185][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 961.427220][T12164] team0: Port device team_slave_1 added [ 961.544965][T12164] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 961.560891][T12164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 961.574989][T12211] loop1: detected capacity change from 0 to 32768 [ 961.665535][T12164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 961.696259][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 961.712820][T12211] XFS (loop1): Mounting V5 Filesystem [ 961.725358][ T9813] Bluetooth: hci1: command 0x041b tx timeout [ 961.742483][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 961.813982][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 961.854837][T11994] device veth0_macvtap entered promiscuous mode [ 961.895758][T12164] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 961.933346][T12164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 961.962739][T12164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 962.041796][T12211] XFS (loop1): Ending clean mount [ 962.053114][T12211] XFS (loop1): Quotacheck needed: Please wait. [ 962.128133][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 962.153422][T11994] device veth1_macvtap entered promiscuous mode [ 962.180746][T12211] XFS (loop1): Quotacheck: Done. [ 962.835185][T12164] device hsr_slave_0 entered promiscuous mode [ 962.866580][T11468] XFS (loop1): Unmounting Filesystem [ 962.942727][T12164] device hsr_slave_1 entered promiscuous mode [ 962.977157][T12164] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 963.023263][T12164] Cannot create hsr debugfs directory [ 963.049861][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 963.060375][T12271] loop3: detected capacity change from 0 to 512 [ 963.103346][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.141541][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 963.181770][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.195693][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 963.217513][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.238580][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 963.260281][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.283702][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 963.306591][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.330708][T11994] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 963.352625][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 963.377583][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.399822][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 963.434360][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.455569][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 963.478340][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.498726][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 963.524756][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.544797][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 963.560968][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 963.601097][T11994] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 963.641873][T12271] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 963.666277][T12271] EXT4-fs (loop3): 1 truncate cleaned up [ 963.672018][T12271] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 963.758293][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 963.785331][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 963.803745][ T9813] Bluetooth: hci1: command 0x040f tx timeout [ 963.830561][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 963.875231][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 963.997192][T11994] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.095830][T11994] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.259316][T11994] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.375306][T11994] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.871254][T12164] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.940489][T12290] loop0: detected capacity change from 0 to 64 [ 964.961191][T12286] 9pnet: Insufficient options for proto=fd [ 965.009895][T12286] fuse: Bad value for 'fd' [ 965.057456][T12286] loop3: detected capacity change from 0 to 16 [ 965.112252][T12164] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.172480][T10663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 965.190058][T10663] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 965.217075][T12286] erofs: (device loop3): mounted with root inode @ nid 36. [ 965.237786][T12164] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.270161][T12286] erofs: (device loop3): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 965.314762][T12286] attempt to access beyond end of device [ 965.314762][T12286] loop3: rw=0, want=304, limit=16 [ 965.331959][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 965.353560][T10215] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 965.361901][T12286] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117] [ 965.375889][T10663] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 965.404329][T10663] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 965.415168][T12164] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 965.445802][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 965.603474][T10215] usb 1-1: Using ep0 maxpacket: 32 [ 965.790151][T12299] loop2: detected capacity change from 0 to 4096 [ 965.816682][T12164] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 965.843673][T10215] usb 1-1: config 0 has an invalid interface number: 16 but max is 0 [ 965.875006][T10215] usb 1-1: config 0 has no interface number 0 [ 966.235901][T10215] usb 1-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 966.257936][T12299] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 966.323755][T10215] usb 1-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 966.449270][ T9819] Bluetooth: hci1: command 0x0419 tx timeout [ 966.650556][T10215] usb 1-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 966.660216][T12164] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 966.673348][T10215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 966.682233][T10215] usb 1-1: Product: syz [ 966.693300][T10215] usb 1-1: Manufacturer: syz [ 966.697923][T10215] usb 1-1: SerialNumber: syz [ 966.704373][T10215] usb 1-1: config 0 descriptor?? [ 966.722711][T12164] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 967.055412][T12290] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 967.148675][T12290] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 967.434538][ T3681] tipc: Disabling bearer [ 967.457879][ T3681] tipc: Left network mode [ 967.503020][T12164] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 967.689551][T12318] loop3: detected capacity change from 0 to 256 [ 967.762047][ T9809] usb 1-1: USB disconnect, device number 11 [ 967.765555][T12318] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 967.794108][ T26] audit: type=1804 audit(1729313368.453:303): pid=12318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1967" name="/newroot/44/file0/bus" dev="loop3" ino=1048736 res=1 errno=0 [ 967.859640][ T26] audit: type=1800 audit(1729313368.453:304): pid=12318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1967" name="bus" dev="loop3" ino=1048736 res=0 errno=0 [ 967.972707][T12320] loop1: detected capacity change from 0 to 512 [ 968.090564][T12164] 8021q: adding VLAN 0 to HW filter on device bond0 [ 968.186597][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 968.239496][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 968.254259][T12320] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 968.280464][T12320] EXT4-fs (loop1): 1 truncate cleaned up [ 968.362299][T12164] 8021q: adding VLAN 0 to HW filter on device team0 [ 968.373381][T12320] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 968.432215][ T26] audit: type=1326 audit(1729313369.093:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.3.1971" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffa88812ff9 code=0x0 [ 968.518163][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 968.555157][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 968.592257][ T3833] bridge0: port 1(bridge_slave_0) entered blocking state [ 968.599447][ T3833] bridge0: port 1(bridge_slave_0) entered forwarding state [ 968.670447][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 968.750811][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 968.814970][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 968.868979][ T3833] bridge0: port 2(bridge_slave_1) entered blocking state [ 968.876194][ T3833] bridge0: port 2(bridge_slave_1) entered forwarding state [ 968.931783][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 968.965614][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 969.000302][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 969.025328][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 969.044824][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 969.055276][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 969.064198][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 969.073050][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 969.082539][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 969.091486][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 969.101227][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 969.127913][T12164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 969.293459][ T9818] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 969.327020][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 969.337493][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 969.346877][T12357] FAULT_INJECTION: forcing a failure. [ 969.346877][T12357] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 969.366946][T12164] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 969.397572][T12357] CPU: 1 PID: 12357 Comm: syz.3.1975 Not tainted 5.15.168-syzkaller #0 [ 969.405845][T12357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 969.415906][T12357] Call Trace: [ 969.419190][T12357] [ 969.422216][T12357] dump_stack_lvl+0x1e3/0x2d0 [ 969.426918][T12357] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 969.432558][T12357] ? panic+0x860/0x860 [ 969.436652][T12357] ? __lock_acquire+0x1295/0x1ff0 [ 969.441766][T12357] should_fail+0x38a/0x4c0 [ 969.446196][T12357] prepare_alloc_pages+0x1db/0x5b0 [ 969.451415][T12357] __alloc_pages+0x14f/0x700 [ 969.456017][T12357] ? __rmqueue_pcplist+0x2030/0x2030 [ 969.461314][T12357] ? alloc_pages+0x458/0x570 [ 969.465910][T12357] new_slab+0xbb/0x4b0 [ 969.469991][T12357] ___slab_alloc+0x6f6/0xe10 [ 969.474591][T12357] ? __alloc_skb+0xdd/0x590 [ 969.479102][T12357] kmem_cache_alloc_node+0x1ba/0x2c0 [ 969.484390][T12357] ? __alloc_skb+0xdd/0x590 [ 969.488896][T12357] __alloc_skb+0xdd/0x590 [ 969.493230][T12357] netlink_sendmsg+0x6f8/0xd60 [ 969.498001][T12357] ? netlink_getsockopt+0x5b0/0x5b0 [ 969.503199][T12357] ? aa_sock_msg_perm+0x91/0x150 [ 969.508301][T12357] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 969.513591][T12357] ? security_socket_sendmsg+0x7d/0xa0 [ 969.519064][T12357] ? netlink_getsockopt+0x5b0/0x5b0 [ 969.524265][T12357] ____sys_sendmsg+0x59e/0x8f0 [ 969.529029][T12357] ? iovec_from_user+0x300/0x390 [ 969.533988][T12357] ? __sys_sendmsg_sock+0x30/0x30 [ 969.539023][T12357] ___sys_sendmsg+0x252/0x2e0 [ 969.543703][T12357] ? __sys_sendmsg+0x260/0x260 [ 969.548512][T12357] ? __fdget+0x191/0x220 [ 969.552780][T12357] __se_sys_sendmsg+0x19a/0x260 [ 969.557644][T12357] ? __x64_sys_sendmsg+0x80/0x80 [ 969.562604][T12357] ? syscall_enter_from_user_mode+0x2e/0x240 [ 969.568586][T12357] ? lockdep_hardirqs_on+0x94/0x130 [ 969.573788][T12357] ? syscall_enter_from_user_mode+0x2e/0x240 [ 969.579777][T12357] do_syscall_64+0x3b/0xb0 [ 969.584203][T12357] ? clear_bhb_loop+0x15/0x70 [ 969.589060][T12357] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 969.594981][T12357] RIP: 0033:0x7ffa88812ff9 [ 969.599408][T12357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 969.619015][T12357] RSP: 002b:00007ffa86c8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 969.627438][T12357] RAX: ffffffffffffffda RBX: 00007ffa889caf80 RCX: 00007ffa88812ff9 [ 969.635409][T12357] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 969.643379][T12357] RBP: 00007ffa86c8b090 R08: 0000000000000000 R09: 0000000000000000 [ 969.651346][T12357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 969.659328][T12357] R13: 0000000000000000 R14: 00007ffa889caf80 R15: 00007ffd701283d8 [ 969.663250][ T9818] usb 3-1: Using ep0 maxpacket: 16 [ 969.667448][T12357] [ 969.983685][ T9818] usb 3-1: config 0 has an invalid interface number: 104 but max is 1 [ 969.995818][ T9818] usb 3-1: config 0 has an invalid interface number: 104 but max is 1 [ 970.008696][ T9818] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 970.152064][ T9818] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 970.378473][ T9818] usb 3-1: config 0 has no interface number 0 [ 970.459015][ T9818] usb 3-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid maxpacket 14602, setting to 1024 [ 970.492331][ T9818] usb 3-1: config 0 interface 104 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024 [ 970.524009][ T9818] usb 3-1: config 0 interface 104 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 970.529654][T12374] loop0: detected capacity change from 0 to 256 [ 970.551995][ T9818] usb 3-1: config 0 interface 104 has no altsetting 1 [ 970.612390][ T3681] device hsr_slave_0 left promiscuous mode [ 970.619134][T12374] exfat: Unknown parameter 'ioch!YŽã…Óarset' [ 970.695478][ T3681] device hsr_slave_1 left promiscuous mode [ 970.703032][ T3681] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 970.744533][ T3681] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 970.763993][ T9818] usb 3-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=aa.36 [ 970.783339][ T9818] usb 3-1: New USB device strings: Mfr=153, Product=2, SerialNumber=3 [ 970.813444][ T9818] usb 3-1: Product: syz [ 970.817685][ T9818] usb 3-1: Manufacturer: syz [ 970.822337][ T9818] usb 3-1: SerialNumber: syz [ 970.874915][ T9818] usb 3-1: config 0 descriptor?? [ 970.883856][ T3681] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 970.891303][ T3681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 970.934063][ T3681] device bridge_slave_1 left promiscuous mode [ 970.940302][ T3681] bridge0: port 2(bridge_slave_1) entered disabled state [ 970.988854][ T3681] device bridge_slave_0 left promiscuous mode [ 970.999031][T12383] FAULT_INJECTION: forcing a failure. [ 970.999031][T12383] name failslab, interval 1, probability 0, space 0, times 0 [ 971.023416][ T3681] bridge0: port 1(bridge_slave_0) entered disabled state [ 971.039846][T12378] loop1: detected capacity change from 0 to 512 [ 971.047170][ T3681] device veth1_macvtap left promiscuous mode [ 971.063628][ T3681] device veth0_macvtap left promiscuous mode [ 971.069731][ T3681] device veth1_vlan left promiscuous mode [ 971.083412][T12383] CPU: 1 PID: 12383 Comm: syz.3.1982 Not tainted 5.15.168-syzkaller #0 [ 971.091772][T12383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 971.101834][T12383] Call Trace: [ 971.105123][T12383] [ 971.108051][T12383] dump_stack_lvl+0x1e3/0x2d0 [ 971.112738][T12383] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 971.118419][T12383] ? panic+0x860/0x860 [ 971.122515][T12383] should_fail+0x38a/0x4c0 [ 971.126950][T12383] should_failslab+0x5/0x20 [ 971.131466][T12383] slab_pre_alloc_hook+0x53/0xc0 [ 971.136416][T12383] __kmalloc_node_track_caller+0x6b/0x390 [ 971.142227][T12383] ? _sctp_make_chunk+0x58/0x450 [ 971.147173][T12383] ? kmem_cache_alloc_node+0x154/0x2c0 [ 971.152726][T12383] ? __alloc_skb+0xdd/0x590 [ 971.153299][ T9818] asix 3-1:0.104 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 971.157232][T12383] ? _sctp_make_chunk+0x58/0x450 [ 971.172280][T12383] __alloc_skb+0x12c/0x590 [ 971.176708][T12383] _sctp_make_chunk+0x58/0x450 [ 971.177869][ T9818] asix: probe of 3-1:0.104 failed with error -71 [ 971.181490][T12383] sctp_make_heartbeat+0x96/0x8b0 [ 971.192812][T12383] ? validate_chain+0x112/0x5930 [ 971.197851][T12383] ? sctp_make_new_encap_port+0xa70/0xa70 [ 971.203575][T12383] ? validate_chain+0x112/0x5930 [ 971.208519][T12383] ? deref_stack_reg+0xbe/0x110 [ 971.213375][T12383] sctp_sf_do_prm_requestheartbeat+0x29/0x280 [ 971.219456][T12383] ? sctp_cname+0x110/0x110 [ 971.223975][T12383] sctp_do_sm+0x1ed/0x5c80 [ 971.228425][T12383] ? sctp_generate_t3_rtx_event+0x320/0x320 [ 971.229614][ T9818] usb 3-1: USB disconnect, device number 7 [ 971.234327][T12383] ? stack_trace_save+0x113/0x1c0 [ 971.234382][T12383] ? print_irqtrace_events+0x210/0x210 [ 971.234402][T12383] ? lockdep_hardirqs_on_prepare+0x7a0/0x7a0 [ 971.256613][T12383] sctp_primitive_REQUESTHEARTBEAT+0x94/0xc0 [ 971.262618][T12383] sctp_apply_peer_addr_params+0xd5/0x1660 [ 971.268450][T12383] ? lockdep_hardirqs_on+0x94/0x130 [ 971.273748][T12383] ? sctp_setsockopt_peer_addr_params+0x41a/0x960 [ 971.280299][T12383] sctp_setsockopt_peer_addr_params+0x6ad/0x960 [ 971.286572][T12383] sctp_setsockopt+0x43e/0x10d0 [ 971.291440][T12383] ? sock_common_recvmsg+0x240/0x240 [ 971.296732][T12383] __sys_setsockopt+0x57e/0x990 [ 971.301601][T12383] ? __ia32_sys_recv+0xb0/0xb0 [ 971.306384][T12383] ? syscall_enter_from_user_mode+0x2e/0x240 [ 971.312371][T12383] __x64_sys_setsockopt+0xb1/0xc0 [ 971.317406][T12383] do_syscall_64+0x3b/0xb0 [ 971.321820][T12383] ? clear_bhb_loop+0x15/0x70 [ 971.326497][T12383] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 971.332392][T12383] RIP: 0033:0x7ffa88812ff9 [ 971.336805][T12383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 971.356518][T12383] RSP: 002b:00007ffa86c8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 971.362142][ T3681] device veth0_vlan left promiscuous mode [ 971.364936][T12383] RAX: ffffffffffffffda RBX: 00007ffa889caf80 RCX: 00007ffa88812ff9 [ 971.364953][T12383] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000003 [ 971.364964][T12383] RBP: 00007ffa86c8b090 R08: 000000000000009c R09: 0000000000000000 [ 971.394566][T12383] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000001 [ 971.402552][T12383] R13: 0000000000000000 R14: 00007ffa889caf80 R15: 00007ffd701283d8 [ 971.410722][T12383] [ 971.464672][T12378] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 971.472968][T12378] EXT4-fs (loop1): 1 truncate cleaned up [ 971.535887][T12378] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 971.591729][T12374] loop0: detected capacity change from 0 to 40427 [ 971.708436][T12374] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 971.746525][T12374] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 971.805860][T12374] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 972.130985][T12374] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 972.150732][T12374] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 972.174912][T12395] loop2: detected capacity change from 0 to 512 [ 972.359231][T12395] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 972.482871][T12401] attempt to access beyond end of device [ 972.482871][T12401] loop0: rw=2049, want=53256, limit=40427 [ 972.507780][T12401] attempt to access beyond end of device [ 972.507780][T12401] loop0: rw=2049, want=53320, limit=40427 [ 972.726732][ T26] audit: type=1804 audit(1729313373.163:306): pid=12401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1979" name="/newroot/89/file1/file1" dev="loop0" ino=10 res=1 errno=0 [ 972.840367][T12395] EXT4-fs (loop2): 1 truncate cleaned up [ 972.857387][T12395] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,nombcache,inode_readahead_blks=0x0000000000000002,stripe=0x0000000002004000,max_batch_time=0x0000000000000002,max_batch_time=0x0000000000000004,,errors=continue. Quota mode: none. [ 972.947085][T10669] attempt to access beyond end of device [ 972.947085][T10669] loop0: rw=2049, want=45104, limit=40427 [ 973.098815][ T3681] team0 (unregistering): Port device team_slave_1 removed [ 973.120134][T12395] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 973.152748][ T3681] team0 (unregistering): Port device team_slave_0 removed [ 973.992027][ T3681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 974.069529][ T3681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 974.879403][T12427] loop3: detected capacity change from 0 to 256 [ 975.108960][T12427] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 975.158347][ T26] audit: type=1804 audit(1729313375.823:307): pid=12427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1994" name="/newroot/55/file0/bus" dev="loop3" ino=1048737 res=1 errno=0 [ 975.441582][T12429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1995'. [ 975.581884][ T26] audit: type=1800 audit(1729313375.823:308): pid=12427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1994" name="bus" dev="loop3" ino=1048737 res=0 errno=0 [ 975.878238][ T3681] bond0 (unregistering): Released all slaves [ 976.094732][T12164] device veth0_vlan entered promiscuous mode [ 976.150746][T12164] device veth1_vlan entered promiscuous mode [ 976.223453][T10222] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 976.253100][T12164] device veth0_macvtap entered promiscuous mode [ 976.290779][T12164] device veth1_macvtap entered promiscuous mode [ 976.351172][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.386728][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.423999][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.455608][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.473320][T10222] usb 1-1: Using ep0 maxpacket: 32 [ 976.482023][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.505740][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.542414][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.576674][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.593840][T10222] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 976.617553][T10222] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 976.633353][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 976.661721][T10222] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 976.677598][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 976.701968][T10222] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 976.723663][T12164] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 976.772241][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 976.781423][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 976.790478][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 976.821778][T10222] hub 1-1:4.0: USB hub found [ 976.837088][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 976.871273][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 976.885765][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 976.894785][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 976.905922][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 976.956561][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 976.969708][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 976.986729][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 976.996551][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 977.005227][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 977.014690][T10222] hub 1-1:4.0: 2 ports detected [ 977.018019][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 977.019595][T10222] usb 1-1: selecting invalid altsetting 1 [ 977.053633][T12437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1996'. [ 977.074478][T10222] hub 1-1:4.0: Using single TT (err -22) [ 977.096098][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.127032][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.164821][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.184882][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.203252][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.223319][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.370129][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.463656][ T9813] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 977.474739][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.662515][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 977.768089][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 977.924053][T12164] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 977.943766][ T9813] usb 2-1: config 0 has an invalid interface number: 15 but max is 0 [ 977.955122][ T9813] usb 2-1: config 0 has no interface number 0 [ 977.968785][ T9813] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=90.ff [ 977.982969][T12436] batman_adv: batadv1: Adding interface: netdevsim0 [ 978.014141][T12436] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 978.040523][ T9813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 978.053251][T12455] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2002'. [ 978.054855][T12436] batman_adv: batadv1: Interface activated: netdevsim0 [ 978.082661][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 978.085305][T12457] loop2: detected capacity change from 0 to 512 [ 978.104225][ T9813] usb 2-1: config 0 descriptor?? [ 978.114149][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 978.133293][T12455] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2002'. [ 978.153457][T10222] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 978.160457][T10222] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 978.171683][T12164] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.198996][T12164] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.234611][T10222] usb 1-1: USB disconnect, device number 12 [ 978.246847][T12164] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.286611][T12164] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.333372][T12457] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 978.359589][ T9813] snd-usb-audio: probe of 2-1:0.15 failed with error -2 [ 978.401244][ T9813] usb 2-1: USB disconnect, device number 10 [ 978.408059][T12457] EXT4-fs (loop2): 1 truncate cleaned up [ 978.417275][T12457] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 978.503474][ T9818] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 978.516072][ T3669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 978.528056][ T3756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 978.589005][ T3756] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 978.598759][ T3669] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 978.624097][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 978.644572][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 978.823578][ T9818] usb 4-1: Using ep0 maxpacket: 16 [ 978.953665][ T9818] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 978.979541][ T9818] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 979.019937][T12465] loop0: detected capacity change from 0 to 512 [ 979.369716][T12465] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 979.615190][T12465] EXT4-fs (loop0): 1 truncate cleaned up [ 979.786226][T12465] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 980.973462][ T9818] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 980.982686][ T9818] usb 4-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 981.013958][ T9818] usb 4-1: Product: syz [ 981.018673][ T9818] usb 4-1: Manufacturer: syz [ 981.068735][T12476] loop1: detected capacity change from 0 to 4096 [ 981.133708][ T9818] usb 4-1: config 0 descriptor?? [ 981.153629][ T9818] usb 4-1: can't set config #0, error -71 [ 981.171347][ T9818] usb 4-1: USB disconnect, device number 11 [ 981.250189][T12483] loop0: detected capacity change from 0 to 256 [ 981.301066][T12476] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 981.388439][T12483] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 981.493757][ T26] audit: type=1804 audit(1729313382.153:309): pid=12483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2009" name="/newroot/93/file0/bus" dev="loop0" ino=1048741 res=1 errno=0 [ 982.154071][ T26] audit: type=1800 audit(1729313382.153:310): pid=12483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2009" name="bus" dev="loop0" ino=1048741 res=0 errno=0 [ 982.520307][T12486] loop3: detected capacity change from 0 to 4096 [ 982.633165][T12486] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 983.140571][T12490] FAULT_INJECTION: forcing a failure. [ 983.140571][T12490] name failslab, interval 1, probability 0, space 0, times 0 [ 983.153352][T12490] CPU: 1 PID: 12490 Comm: syz.1.2014 Not tainted 5.15.168-syzkaller #0 [ 983.161687][T12490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 983.171755][T12490] Call Trace: [ 983.175039][T12490] [ 983.177964][T12490] dump_stack_lvl+0x1e3/0x2d0 [ 983.182648][T12490] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 983.188281][T12490] ? panic+0x860/0x860 [ 983.192351][T12490] ? __might_sleep+0xc0/0xc0 [ 983.196945][T12490] should_fail+0x38a/0x4c0 [ 983.201380][T12490] should_failslab+0x5/0x20 [ 983.205891][T12490] slab_pre_alloc_hook+0x53/0xc0 [ 983.210840][T12490] __kmalloc+0x6e/0x300 [ 983.215000][T12490] ? alloc_pipe_info+0x1fa/0x4b0 [ 983.220053][T12490] ? alloc_pipe_info+0xe6/0x4b0 [ 983.224918][T12490] alloc_pipe_info+0x1fa/0x4b0 [ 983.229693][T12490] create_pipe_files+0x81/0x700 [ 983.234549][T12490] ? __lock_acquire+0x1ff0/0x1ff0 [ 983.239586][T12490] __do_pipe_flags+0x46/0x200 [ 983.244281][T12490] do_pipe2+0xd0/0x300 [ 983.248387][T12490] ? pipe_fcntl+0x510/0x510 [ 983.252452][T12486] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 983.252917][T12490] ? syscall_enter_from_user_mode+0x2e/0x240 [ 983.252942][T12490] ? lockdep_hardirqs_on+0x94/0x130 [ 983.252967][T12490] __x64_sys_pipe+0x36/0x40 [ 983.252984][T12490] do_syscall_64+0x3b/0xb0 [ 983.252998][T12490] ? clear_bhb_loop+0x15/0x70 [ 983.285050][T12490] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 983.290961][T12490] RIP: 0033:0x7f893aaf4ff9 [ 983.295385][T12490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 983.315001][T12490] RSP: 002b:00007f8938f6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 983.323437][T12490] RAX: ffffffffffffffda RBX: 00007f893acacf80 RCX: 00007f893aaf4ff9 [ 983.331423][T12490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 983.339409][T12490] RBP: 00007f8938f6d090 R08: 0000000000000000 R09: 0000000000000000 [ 983.347388][T12490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 983.355378][T12490] R13: 0000000000000000 R14: 00007f893acacf80 R15: 00007fff8b510388 [ 983.363467][T12490] [ 983.530559][T12493] loop1: detected capacity change from 0 to 1024 [ 983.768498][T12493] EXT4-fs (loop1): Ignoring removed orlov option [ 983.844177][T12499] overlayfs: './file1' not a directory [ 984.002452][T12487] chnl_net:caif_netlink_parms(): no params data found [ 984.338749][T12493] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,nombcache,journal_dev=0x0000000000000001,usrjquota=,orlov,errors=remount-ro,lazytime,jqfmt=vfsold,grpjquota=,. Quota mode: none. [ 984.494623][ T26] audit: type=1800 audit(1729313385.163:311): pid=12508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2016" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 984.614374][T12511] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2017'. [ 984.833324][T10213] Bluetooth: hci3: command 0x0409 tx timeout [ 984.839478][T12511] team0: Port device veth3 added [ 985.010657][T12487] bridge0: port 1(bridge_slave_0) entered blocking state [ 985.062819][T12487] bridge0: port 1(bridge_slave_0) entered disabled state [ 985.103650][T12487] device bridge_slave_0 entered promiscuous mode [ 985.179714][T12525] loop0: detected capacity change from 0 to 256 [ 985.203937][T12487] bridge0: port 2(bridge_slave_1) entered blocking state [ 985.349339][T12525] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 985.402928][ T26] audit: type=1804 audit(1729313386.063:312): pid=12525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2020" name="/newroot/96/file0/bus" dev="loop0" ino=1048742 res=1 errno=0 [ 985.501588][T12487] bridge0: port 2(bridge_slave_1) entered disabled state [ 985.731779][T12487] device bridge_slave_1 entered promiscuous mode [ 985.816918][ T26] audit: type=1800 audit(1729313386.063:313): pid=12525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2020" name="bus" dev="loop0" ino=1048742 res=0 errno=0 [ 986.034141][T12487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 986.114043][T12487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 986.222448][T12531] loop1: detected capacity change from 0 to 512 [ 986.334049][T12487] team0: Port device team_slave_0 added [ 986.429515][T12530] loop3: detected capacity change from 0 to 512 [ 986.455835][T12487] team0: Port device team_slave_1 added [ 986.574277][T12530] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 986.613902][T12530] EXT4-fs (loop3): 1 truncate cleaned up [ 986.619629][T12530] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 986.735543][T12487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 986.749486][T12487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 986.775393][ C0] vkms_vblank_simulate: vblank timer overrun [ 986.902757][T12487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 986.978929][T12535] loop1: detected capacity change from 0 to 4096 [ 986.987882][T10215] Bluetooth: hci3: command 0x041b tx timeout [ 987.080800][T12537] FAULT_INJECTION: forcing a failure. [ 987.080800][T12537] name failslab, interval 1, probability 0, space 0, times 0 [ 987.123821][T12487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 987.130785][T12487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.156840][ C0] vkms_vblank_simulate: vblank timer overrun [ 987.226521][T12537] CPU: 0 PID: 12537 Comm: syz.0.2024 Not tainted 5.15.168-syzkaller #0 [ 987.234801][T12537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 987.244866][T12537] Call Trace: [ 987.248147][T12537] [ 987.251075][T12537] dump_stack_lvl+0x1e3/0x2d0 [ 987.255764][T12537] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 987.255944][T12487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 987.261401][T12537] ? panic+0x860/0x860 [ 987.261425][T12537] ? __might_sleep+0xc0/0xc0 [ 987.261443][T12537] ? __rwlock_init+0x40/0x140 [ 987.261463][T12537] should_fail+0x38a/0x4c0 [ 987.261487][T12537] should_failslab+0x5/0x20 [ 987.261504][T12537] slab_pre_alloc_hook+0x53/0xc0 [ 987.261524][T12537] ? __d_alloc+0x2a/0x700 [ 987.261543][T12537] kmem_cache_alloc+0x3f/0x280 [ 987.261565][T12537] __d_alloc+0x2a/0x700 [ 987.261583][T12537] ? lockdep_softirqs_off+0x420/0x420 [ 987.261605][T12537] d_alloc_pseudo+0x19/0x70 [ 987.261625][T12537] alloc_file_pseudo+0x131/0x2f0 [ 987.261645][T12537] ? prandom_u32+0x218/0x260 [ 987.261667][T12537] ? alloc_empty_file_noaccount+0x80/0x80 [ 987.261689][T12537] ? shmem_get_inode+0x8e3/0xad0 [ 987.261716][T12537] __shmem_file_setup+0x1ca/0x290 [ 987.261773][T12537] ? shmem_file_setup+0x13/0x30 [ 987.261793][T12537] __se_sys_memfd_create+0x2bb/0x590 [ 987.261811][T12537] ? vtime_user_exit+0x2d1/0x400 [ 987.261831][T12537] ? __x64_sys_memfd_create+0x60/0x60 [ 987.261850][T12537] ? syscall_enter_from_user_mode+0x2e/0x240 [ 987.261870][T12537] ? lockdep_hardirqs_on+0x94/0x130 [ 987.261890][T12537] ? syscall_enter_from_user_mode+0x2e/0x240 [ 987.261913][T12537] do_syscall_64+0x3b/0xb0 [ 987.261929][T12537] ? clear_bhb_loop+0x15/0x70 [ 987.261947][T12537] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 987.261967][T12537] RIP: 0033:0x7f9c6485bff9 [ 987.261986][T12537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 987.262000][T12537] RSP: 002b:00007f9c62cd3e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 987.262018][T12537] RAX: ffffffffffffffda RBX: 00000000000010ef RCX: 00007f9c6485bff9 [ 987.262030][T12537] RDX: 00007f9c62cd3ef0 RSI: 0000000000000000 RDI: 00007f9c648ceb02 [ 987.262041][T12537] RBP: 00000000200011c0 R08: 00007f9c62cd3bb7 R09: 00007f9c62cd3e40 [ 987.262053][T12537] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020001140 [ 987.262064][T12537] R13: 00007f9c62cd3ef0 R14: 00007f9c62cd3eb0 R15: 0000000020001180 [ 987.262090][T12537] [ 987.262142][ C0] vkms_vblank_simulate: vblank timer overrun [ 987.492505][T12541] loop0: detected capacity change from 0 to 256 [ 987.541799][T12535] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 987.563898][T12541] exfat: Unknown parameter 'ioch!YŽã…Óarset' [ 987.594527][T12535] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 987.618821][T12539] loop3: detected capacity change from 0 to 4096 [ 988.056744][T12548] loop1: detected capacity change from 0 to 256 [ 988.110901][T12487] device hsr_slave_0 entered promiscuous mode [ 988.129425][T12548] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 988.142639][T12487] device hsr_slave_1 entered promiscuous mode [ 988.223304][ T9818] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 988.428871][T12487] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.609511][T12487] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.620659][ T9818] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 988.652582][T12541] loop0: detected capacity change from 0 to 40427 [ 988.657382][ T9818] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 988.687215][ T9818] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 988.723301][ T9818] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 988.743337][ T9818] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 988.761279][T12541] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 988.783637][ T9818] usb 4-1: config 0 descriptor?? [ 988.793830][T12541] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 988.823824][T12544] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 988.924384][T12541] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 988.938121][T12487] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 989.074479][T10222] Bluetooth: hci3: command 0x040f tx timeout [ 989.434633][T12541] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 989.452079][T12541] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 990.235232][ T9818] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd [ 990.245489][T12487] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 990.257056][ T9818] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 990.398716][ T9818] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 990.474831][T12585] attempt to access beyond end of device [ 990.474831][T12585] loop0: rw=2049, want=53256, limit=40427 [ 990.516987][T12585] attempt to access beyond end of device [ 990.516987][T12585] loop0: rw=2049, want=53320, limit=40427 [ 990.933367][ T26] audit: type=1804 audit(1729313391.163:314): pid=12585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2026" name="/newroot/98/file1/file1" dev="loop0" ino=10 res=1 errno=0 [ 991.083155][ T9818] usb 4-1: USB disconnect, device number 12 [ 991.099371][T10669] attempt to access beyond end of device [ 991.099371][T10669] loop0: rw=2049, want=45104, limit=40427 [ 991.154423][T10214] Bluetooth: hci3: command 0x0419 tx timeout [ 991.234935][T12487] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 991.318461][T12487] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 991.355659][T12487] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 991.377619][T12487] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 991.510005][T12598] loop1: detected capacity change from 0 to 256 [ 992.435133][T12598] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 992.490269][ T26] audit: type=1804 audit(1729313393.153:315): pid=12598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2039" name="/newroot/45/file0/bus" dev="loop1" ino=1048743 res=1 errno=0 [ 992.777336][ T26] audit: type=1800 audit(1729313393.153:316): pid=12598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2039" name="bus" dev="loop1" ino=1048743 res=0 errno=0 [ 993.145612][T12487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 993.205312][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 993.243686][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 993.285541][T12487] 8021q: adding VLAN 0 to HW filter on device team0 [ 993.336589][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 993.351774][T12610] loop0: detected capacity change from 0 to 4096 [ 993.363986][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 993.400804][ T1394] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.407164][ T1394] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.560789][ T3671] bridge0: port 1(bridge_slave_0) entered blocking state [ 993.567944][ T3671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 993.636130][T12610] ntfs: (device loop0): load_attribute_list(): Cannot read attribute list since runlist is missing. [ 993.649515][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 993.657933][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 993.675149][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 993.693379][T12610] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 993.707967][ T3671] bridge0: port 2(bridge_slave_1) entered blocking state [ 993.715094][ T3671] bridge0: port 2(bridge_slave_1) entered forwarding state [ 993.724985][T12610] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 993.743677][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 993.752909][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 993.761779][T12610] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 993.784390][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 993.797470][T12610] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 993.824323][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 993.850729][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 993.860647][T12610] ntfs: (device loop0): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 993.887835][T12610] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup $DATA attribute. [ 993.911339][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 993.950363][T12625] loop3: detected capacity change from 0 to 256 [ 995.460503][T12625] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 995.996370][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 995.996402][ T26] audit: type=1804 audit(1729313396.663:317): pid=12625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2046" name="/newroot/66/file0/bus" dev="loop3" ino=1048744 res=1 errno=0 [ 996.264419][ T26] audit: type=1800 audit(1729313396.703:318): pid=12625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2046" name="bus" dev="loop3" ino=1048744 res=0 errno=0 [ 996.560931][T12624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2044'. [ 997.097928][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 997.112647][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 997.135128][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 997.155171][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 997.190621][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 997.244698][T12487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 997.353610][T12631] netlink: 'syz.0.2047': attribute type 1 has an invalid length. [ 997.601170][T12657] loop3: detected capacity change from 0 to 256 [ 997.727271][T12657] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 997.823580][ T26] audit: type=1804 audit(1729313398.483:319): pid=12657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2051" name="/newroot/67/file0/bus" dev="loop3" ino=1048745 res=1 errno=0 [ 998.470733][ T556] batman_adv: batadv2: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 998.491613][ T26] audit: type=1800 audit(1729313398.483:320): pid=12657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2051" name="bus" dev="loop3" ino=1048745 res=0 errno=0 [ 999.076070][ T556] batman_adv: batadv2: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 1000.450213][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1000.459463][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1000.568342][T12487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1000.864773][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1000.901414][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1000.989591][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1001.007340][T12675] loop1: detected capacity change from 0 to 512 [ 1001.020943][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1001.070797][T12487] device veth0_vlan entered promiscuous mode [ 1001.092765][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1001.118988][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1001.161819][T12487] device veth1_vlan entered promiscuous mode [ 1001.266077][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1001.282310][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1001.339602][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1001.382630][T12683] loop3: detected capacity change from 0 to 256 [ 1001.390651][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1001.423055][T12487] device veth0_macvtap entered promiscuous mode [ 1001.513077][T12683] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 1001.536347][ T26] audit: type=1804 audit(1729313402.203:321): pid=12683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2059" name="/newroot/69/file0/bus" dev="loop3" ino=1048746 res=1 errno=0 [ 1001.562287][T12487] device veth1_macvtap entered promiscuous mode [ 1001.598073][T12675] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 1001.614558][ T9770] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1001.624127][ T9770] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1001.641501][T12675] EXT4-fs (loop1): 1 truncate cleaned up [ 1001.652537][T12675] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 1001.727444][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1001.745398][ T26] audit: type=1800 audit(1729313402.203:322): pid=12683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2059" name="bus" dev="loop3" ino=1048746 res=0 errno=0 [ 1001.753118][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1001.831693][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1001.882041][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1001.920882][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1001.941695][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1001.952986][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1001.973376][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1001.992632][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1002.013305][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1002.024016][T12693] loop0: detected capacity change from 0 to 512 [ 1002.032191][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1002.065105][T12693] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 1002.081969][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1002.102855][T12693] EXT4-fs (loop0): 1 truncate cleaned up [ 1002.139159][T12487] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1002.159409][T12693] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 1002.213321][T12687] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2060'. [ 1002.459804][T12710] x_tables: duplicate underflow at hook 4 [ 1003.056731][T12716] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2067'. [ 1003.317052][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1003.339154][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1003.405811][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1003.425770][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.444774][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1003.463472][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.496075][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1003.518901][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.534531][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1003.546852][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.557637][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1003.568834][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1003.579393][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1003.756991][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1004.026036][T12487] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1004.471458][T12708] loop3: detected capacity change from 0 to 32768 [ 1005.406275][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1005.436018][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1005.496663][T12487] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1005.530388][T12487] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1005.563257][T12487] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1005.596679][T12487] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1005.653728][T12741] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2075'. [ 1005.682730][T12737] loop0: detected capacity change from 0 to 512 [ 1005.691749][ T3681] device hsr_slave_0 left promiscuous mode [ 1005.755335][ T3681] device hsr_slave_1 left promiscuous mode [ 1005.774129][ T3681] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1005.791782][ T3681] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1005.804958][ T3681] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1005.841391][T12737] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 1005.860884][T12737] EXT4-fs (loop0): 1 truncate cleaned up [ 1005.883278][T12737] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 1005.893370][ T3681] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1006.084817][ T3681] device bridge_slave_1 left promiscuous mode [ 1006.091215][ T3681] bridge0: port 2(bridge_slave_1) entered disabled state [ 1006.134797][ T3681] device bridge_slave_0 left promiscuous mode [ 1006.141084][ T3681] bridge0: port 1(bridge_slave_0) entered disabled state [ 1006.179916][ T3681] device veth1_macvtap left promiscuous mode [ 1006.203473][ T3681] device veth0_macvtap left promiscuous mode [ 1006.211313][T12757] FAULT_INJECTION: forcing a failure. [ 1006.211313][T12757] name failslab, interval 1, probability 0, space 0, times 0 [ 1006.233589][T12757] CPU: 0 PID: 12757 Comm: syz.3.2077 Not tainted 5.15.168-syzkaller #0 [ 1006.241879][T12757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1006.242603][ T3681] device veth1_vlan left promiscuous mode [ 1006.252040][T12757] Call Trace: [ 1006.252050][T12757] [ 1006.252058][T12757] dump_stack_lvl+0x1e3/0x2d0 [ 1006.252083][T12757] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1006.274341][T12757] ? panic+0x860/0x860 [ 1006.278426][T12757] ? __might_sleep+0xc0/0xc0 [ 1006.283040][T12757] should_fail+0x38a/0x4c0 [ 1006.287485][T12757] should_failslab+0x5/0x20 [ 1006.292002][T12757] slab_pre_alloc_hook+0x53/0xc0 [ 1006.293140][ T3681] device veth0_vlan left promiscuous mode [ 1006.296952][T12757] __kmalloc+0x6e/0x300 [ 1006.296973][T12757] ? tomoyo_realpath_from_path+0xd8/0x5e0 [ 1006.296997][T12757] tomoyo_realpath_from_path+0xd8/0x5e0 [ 1006.318694][T12757] tomoyo_path_number_perm+0x225/0x810 [ 1006.324268][T12757] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1006.329868][T12757] ? __fget_files+0x413/0x480 [ 1006.334552][T12757] security_file_ioctl+0x6d/0xa0 [ 1006.339496][T12757] __se_sys_ioctl+0x47/0x160 [ 1006.344089][T12757] do_syscall_64+0x3b/0xb0 [ 1006.348512][T12757] ? clear_bhb_loop+0x15/0x70 [ 1006.353272][T12757] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1006.359164][T12757] RIP: 0033:0x7ffa88812ff9 [ 1006.363580][T12757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1006.383190][T12757] RSP: 002b:00007ffa86c49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1006.391615][T12757] RAX: ffffffffffffffda RBX: 00007ffa889cb130 RCX: 00007ffa88812ff9 [ 1006.399678][T12757] RDX: 0000000000000000 RSI: 0000000080047c05 RDI: 0000000000000005 [ 1006.407702][T12757] RBP: 00007ffa86c49090 R08: 0000000000000000 R09: 0000000000000000 [ 1006.415782][T12757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1006.423867][T12757] R13: 0000000000000000 R14: 00007ffa889cb130 R15: 00007ffd701283d8 [ 1006.431857][T12757] [ 1006.861255][T12757] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1006.971068][ T3681] team0 (unregistering): Port device team_slave_1 removed [ 1007.002081][ T3681] team0 (unregistering): Port device team_slave_0 removed [ 1007.031794][ T3681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1007.061727][ T3681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1007.093292][ T9813] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 1007.232290][ T3681] bond0 (unregistering): Released all slaves [ 1007.428701][ T9770] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1007.491393][ T3670] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1007.500709][ T3670] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1007.504657][ T9770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1007.534824][T12742] team0: Device ipvlan1 failed to register rx_handler [ 1007.613655][ T9813] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1007.629558][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1007.646128][ T9813] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1007.654159][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1007.678051][ T9813] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1007.691104][T12760] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2078'. [ 1007.854103][ T9813] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 1007.913992][ T9813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1007.929717][ T9813] usb 1-1: SerialNumber: syz [ 1008.096607][ T9813] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 1008.116419][ T9813] usb-storage 1-1:1.0: USB Mass Storage device detected [ 1008.229754][ T9813] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 1008.322295][ T9813] usb 1-1: USB disconnect, device number 13 [ 1008.438649][T12772] loop3: detected capacity change from 0 to 4096 [ 1008.494618][T12772] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 1008.739092][T12784] FAULT_INJECTION: forcing a failure. [ 1008.739092][T12784] name failslab, interval 1, probability 0, space 0, times 0 [ 1008.793428][T12784] CPU: 1 PID: 12784 Comm: syz.1.2083 Not tainted 5.15.168-syzkaller #0 [ 1008.801811][T12784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1008.811875][T12784] Call Trace: [ 1008.815175][T12784] [ 1008.818130][T12784] dump_stack_lvl+0x1e3/0x2d0 [ 1008.822824][T12784] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1008.828467][T12784] ? panic+0x860/0x860 [ 1008.832830][T12784] ? __might_sleep+0xc0/0xc0 [ 1008.837437][T12784] should_fail+0x38a/0x4c0 [ 1008.841870][T12784] should_failslab+0x5/0x20 [ 1008.846377][T12784] slab_pre_alloc_hook+0x53/0xc0 [ 1008.851323][T12784] ? getname_flags+0xb8/0x4e0 [ 1008.856005][T12784] kmem_cache_alloc+0x3f/0x280 [ 1008.860790][T12784] getname_flags+0xb8/0x4e0 [ 1008.865309][T12784] user_path_at_empty+0x2a/0x180 [ 1008.870269][T12784] __se_sys_mount+0x296/0x3c0 [ 1008.874961][T12784] ? __x64_sys_mount+0xc0/0xc0 [ 1008.879742][T12784] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1008.885740][T12784] ? lockdep_hardirqs_on+0x94/0x130 [ 1008.891036][T12784] ? __x64_sys_mount+0x1c/0xc0 [ 1008.895809][T12784] do_syscall_64+0x3b/0xb0 [ 1008.900232][T12784] ? clear_bhb_loop+0x15/0x70 [ 1008.904913][T12784] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1008.910819][T12784] RIP: 0033:0x7f893aaf4ff9 [ 1008.915238][T12784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1008.934932][T12784] RSP: 002b:00007f8938f6d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1008.943441][T12784] RAX: ffffffffffffffda RBX: 00007f893acacf80 RCX: 00007f893aaf4ff9 [ 1008.951412][T12784] RDX: 0000000020000100 RSI: 0000000020000140 RDI: 0000000020000000 [ 1008.959379][T12784] RBP: 00007f8938f6d090 R08: 0000000000000000 R09: 0000000000000000 [ 1008.967353][T12784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1008.975328][T12784] R13: 0000000000000000 R14: 00007f893acacf80 R15: 00007fff8b510388 [ 1008.983319][T12784] [ 1008.986371][ C1] vkms_vblank_simulate: vblank timer overrun [ 1009.193374][T12792] loop3: detected capacity change from 0 to 256 [ 1009.314701][T12792] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 1009.383335][ T26] audit: type=1804 audit(1729313410.033:323): pid=12792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2084" name="/newroot/76/file0/bus" dev="loop3" ino=1048749 res=1 errno=0 [ 1009.735873][T12793] FAULT_INJECTION: forcing a failure. [ 1009.735873][T12793] name failslab, interval 1, probability 0, space 0, times 0 [ 1009.963323][ T26] audit: type=1800 audit(1729313410.033:324): pid=12792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2084" name="bus" dev="loop3" ino=1048749 res=0 errno=0 [ 1009.994238][T12793] CPU: 1 PID: 12793 Comm: syz.0.2086 Not tainted 5.15.168-syzkaller #0 [ 1010.002521][T12793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1010.012784][T12793] Call Trace: [ 1010.016071][T12793] [ 1010.019012][T12793] dump_stack_lvl+0x1e3/0x2d0 [ 1010.023692][T12793] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1010.029329][T12793] ? panic+0x860/0x860 [ 1010.033405][T12793] ? __might_sleep+0xc0/0xc0 [ 1010.038000][T12793] ? __rwlock_init+0x40/0x140 [ 1010.042677][T12793] should_fail+0x38a/0x4c0 [ 1010.047110][T12793] should_failslab+0x5/0x20 [ 1010.051739][T12793] slab_pre_alloc_hook+0x53/0xc0 [ 1010.056772][T12793] ? __d_alloc+0x2a/0x700 [ 1010.061114][T12793] kmem_cache_alloc+0x3f/0x280 [ 1010.065890][T12793] __d_alloc+0x2a/0x700 [ 1010.070048][T12793] ? lockdep_softirqs_off+0x420/0x420 [ 1010.075423][T12793] d_alloc_pseudo+0x19/0x70 [ 1010.079930][T12793] alloc_file_pseudo+0x131/0x2f0 [ 1010.084867][T12793] ? prandom_u32+0x218/0x260 [ 1010.089462][T12793] ? alloc_empty_file_noaccount+0x80/0x80 [ 1010.095185][T12793] ? shmem_get_inode+0x8e3/0xad0 [ 1010.100223][T12793] __shmem_file_setup+0x1ca/0x290 [ 1010.105252][T12793] ? shmem_file_setup+0x13/0x30 [ 1010.110123][T12793] __se_sys_memfd_create+0x2bb/0x590 [ 1010.115408][T12793] ? vtime_user_exit+0x2d1/0x400 [ 1010.120417][T12793] ? __x64_sys_memfd_create+0x60/0x60 [ 1010.125807][T12793] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1010.131905][T12793] ? lockdep_hardirqs_on+0x94/0x130 [ 1010.137125][T12793] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1010.143202][T12793] do_syscall_64+0x3b/0xb0 [ 1010.147878][T12793] ? clear_bhb_loop+0x15/0x70 [ 1010.152562][T12793] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1010.158895][T12793] RIP: 0033:0x7f9c6485bff9 [ 1010.163320][T12793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1010.182927][T12793] RSP: 002b:00007f9c62cd3e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 1010.191353][T12793] RAX: ffffffffffffffda RBX: 00000000000014f0 RCX: 00007f9c6485bff9 [ 1010.199324][T12793] RDX: 00007f9c62cd3ef0 RSI: 0000000000000000 RDI: 00007f9c648ceb02 [ 1010.207293][T12793] RBP: 0000000020002ac0 R08: 00007f9c62cd3bb7 R09: 00007f9c62cd3e40 [ 1010.215353][T12793] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000040 [ 1010.223324][T12793] R13: 00007f9c62cd3ef0 R14: 00007f9c62cd3eb0 R15: 00000000200001c0 [ 1010.231311][T12793] [ 1010.234373][ C1] vkms_vblank_simulate: vblank timer overrun [ 1011.189772][T12803] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2090'. [ 1011.291044][T12803] team0: Port device veth5 added [ 1011.308878][T12800] loop3: detected capacity change from 0 to 512 [ 1011.563385][T10222] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1011.613660][T12800] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 1011.621814][T12800] EXT4-fs (loop3): 1 truncate cleaned up [ 1011.669205][T12800] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 1011.874787][T10222] usb 5-1: Using ep0 maxpacket: 8 [ 1012.854719][T10222] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1012.865183][T10222] usb 5-1: config 1 has no interface number 1 [ 1012.871308][T10222] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1012.885105][T10222] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1013.113582][T10222] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1013.122660][T10222] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1013.158912][T10222] usb 5-1: Product: syz [ 1013.161605][T12841] loop0: detected capacity change from 0 to 256 [ 1013.171512][T10222] usb 5-1: Manufacturer: syz [ 1013.186572][T10222] usb 5-1: SerialNumber: syz [ 1013.242103][T12841] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb69a62dc, utbl_chksum : 0xe619d30d) [ 1013.320887][T12833] loop1: detected capacity change from 0 to 16384 [ 1013.473388][ T6027] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1013.482695][T12844] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2102'. [ 1013.573520][T10222] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 1013.582349][T10222] usb 5-1: 2:1 : unsupported format bits 0x80 [ 1013.628479][T12846] team0: Port device veth7 added [ 1013.694213][T10222] usb 5-1: USB disconnect, device number 8 [ 1013.746760][T10739] udevd[10739]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1013.831433][T12850] debugfs: Directory 'netdev:rose0' with parent 'phy54' already present! [ 1013.842831][T12850] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2103'. [ 1013.863683][ T6027] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1013.893438][ T6027] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1013.943330][ T6027] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1013.989617][ T6027] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.022575][ T6027] usb 3-1: config 0 descriptor?? [ 1014.418410][T12866] loop1: detected capacity change from 0 to 256 [ 1014.501053][T12866] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 1014.523809][ T26] audit: type=1804 audit(1729313415.183:325): pid=12866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2109" name="/newroot/64/file0/bus" dev="loop1" ino=1048750 res=1 errno=0 [ 1014.535402][ T6027] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 1014.600060][ T6027] plantronics 0003:047F:FFFF.0008: unbalanced collection at end of report description [ 1014.613691][ T6027] plantronics 0003:047F:FFFF.0008: parse failed [ 1014.620154][ T6027] plantronics: probe of 0003:047F:FFFF.0008 failed with error -22 [ 1014.644734][ T26] audit: type=1800 audit(1729313415.183:326): pid=12866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2109" name="bus" dev="loop1" ino=1048750 res=0 errno=0 [ 1014.665512][ C1] vkms_vblank_simulate: vblank timer overrun [ 1014.772005][ T6027] usb 3-1: USB disconnect, device number 8 [ 1015.256331][T12880] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2115'. [ 1015.350998][T12882] team0: Port device veth3 added [ 1015.491895][T12887] overlayfs: missing 'lowerdir' [ 1015.568681][T12871] loop3: detected capacity change from 0 to 40427 [ 1015.613398][ T9813] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 1015.646564][T12871] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 1015.654546][T12871] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1015.714977][T12871] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1015.800083][T12871] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1015.819427][T12871] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1015.838714][T12894] debugfs: Directory 'netdev:rose0' with parent 'phy54' already present! [ 1015.869595][T11356] attempt to access beyond end of device [ 1015.869595][T11356] loop3: rw=2049, want=40968, limit=40427 [ 1015.893499][ T9813] usb 3-1: Using ep0 maxpacket: 8 [ 1016.114425][T12904] loop1: detected capacity change from 0 to 1024 [ 1016.140576][T12901] loop0: detected capacity change from 0 to 512 [ 1016.233621][ T9813] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1016.309540][ T9813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1016.319165][T12901] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 1016.330120][T12904] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1016.380109][T12901] EXT4-fs (loop0): 1 truncate cleaned up [ 1016.386778][ T9813] usb 3-1: Product: syz [ 1016.389997][T12904] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1016.391168][T12901] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 1016.426879][ T9813] usb 3-1: Manufacturer: syz [ 1016.431580][ T9813] usb 3-1: SerialNumber: syz [ 1016.450148][ T9813] usb 3-1: config 0 descriptor?? [ 1016.704081][T12885] udc-core: couldn't find an available UDC or it's busy [ 1016.730683][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1016.753685][T12885] udc-core: couldn't find an available UDC or it's busy [ 1016.802853][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1016.821590][T12885] udc-core: couldn't find an available UDC or it's busy [ 1016.831427][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1016.839651][T12885] udc-core: couldn't find an available UDC or it's busy [ 1016.858289][T12915] FAULT_INJECTION: forcing a failure. [ 1016.858289][T12915] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1016.882007][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1016.890016][T12915] CPU: 0 PID: 12915 Comm: syz.3.2122 Not tainted 5.15.168-syzkaller #0 [ 1016.894118][T12885] udc-core: couldn't find an available UDC or it's busy [ 1016.898272][T12915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1016.898284][T12915] Call Trace: [ 1016.898291][T12915] [ 1016.898298][T12915] dump_stack_lvl+0x1e3/0x2d0 [ 1016.926132][T12915] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1016.931785][T12915] ? panic+0x860/0x860 [ 1016.935870][T12915] ? __lock_acquire+0x1ff0/0x1ff0 [ 1016.940907][T12915] should_fail+0x38a/0x4c0 [ 1016.943391][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1016.945334][T12915] _copy_from_iter+0x243/0xe90 [ 1016.957549][T12915] ? copy_mc_pipe_to_iter+0x760/0x760 [ 1016.962946][T12915] ? __virt_addr_valid+0x3bb/0x460 [ 1016.968072][T12915] ? 0xffffffff81000000 [ 1016.972236][T12915] ? __check_object_size+0x300/0x410 [ 1016.977540][T12915] netlink_sendmsg+0x800/0xd60 [ 1016.982328][T12915] ? netlink_getsockopt+0x5b0/0x5b0 [ 1016.987532][T12915] ? aa_sock_msg_perm+0x91/0x150 [ 1016.992457][T12915] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1016.997725][T12915] ? security_socket_sendmsg+0x7d/0xa0 [ 1017.003224][T12915] ? netlink_getsockopt+0x5b0/0x5b0 [ 1017.008440][T12915] ____sys_sendmsg+0x59e/0x8f0 [ 1017.013349][T12915] ? iovec_from_user+0x300/0x390 [ 1017.018308][T12915] ? __sys_sendmsg_sock+0x30/0x30 [ 1017.023457][T12915] ___sys_sendmsg+0x252/0x2e0 [ 1017.028167][T12915] ? __sys_sendmsg+0x260/0x260 [ 1017.032978][T12915] ? __fdget+0x191/0x220 [ 1017.037236][T12915] __sys_sendmmsg+0x2bf/0x560 [ 1017.041923][T12915] ? __ia32_sys_sendmsg+0x80/0x80 [ 1017.046942][T12915] ? __lock_acquire+0x1ff0/0x1ff0 [ 1017.052071][T12915] ? print_irqtrace_events+0x210/0x210 [ 1017.057557][T12915] ? vtime_user_exit+0x2d1/0x400 [ 1017.062785][T12915] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1017.068862][T12915] __x64_sys_sendmmsg+0x9c/0xb0 [ 1017.073740][T12915] do_syscall_64+0x3b/0xb0 [ 1017.078162][T12915] ? clear_bhb_loop+0x15/0x70 [ 1017.082848][T12915] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1017.088753][T12915] RIP: 0033:0x7ffa88812ff9 [ 1017.093176][T12915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1017.112790][T12915] RSP: 002b:00007ffa86c8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1017.116572][ T6027] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1017.121603][T12915] RAX: ffffffffffffffda RBX: 00007ffa889caf80 RCX: 00007ffa88812ff9 [ 1017.121623][T12915] RDX: 04000000000001f2 RSI: 0000000020000000 RDI: 0000000000000007 [ 1017.121634][T12915] RBP: 00007ffa86c8b090 R08: 0000000000000000 R09: 0000000000000000 [ 1017.121645][T12915] R10: 000000000000fff0 R11: 0000000000000246 R12: 0000000000000001 [ 1017.121657][T12915] R13: 0000000000000000 R14: 00007ffa889caf80 R15: 00007ffd701283d8 [ 1017.121683][T12915] [ 1017.183337][ T9813] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1017.383245][ T6027] usb 2-1: Using ep0 maxpacket: 16 [ 1017.503618][ T6027] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1017.511928][ T6027] usb 2-1: config 0 has no interface number 0 [ 1017.537518][ T6027] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1017.577099][ T6027] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1017.600406][ T6027] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 1017.624363][ T6027] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.654666][ T6027] usb 2-1: config 0 descriptor?? [ 1017.672062][T12924] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2127'. [ 1017.818287][T12923] team0: Port device veth5 added [ 1017.908934][T12913] loop1: detected capacity change from 0 to 16 [ 1017.970288][T12913] erofs: (device loop1): mounted with root inode @ nid 36. [ 1018.273499][T12941] loop0: detected capacity change from 0 to 8192 [ 1018.283669][ T9813] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -32 [ 1018.363321][T12941] REISERFS warning (device loop0): super-6506 reiserfs_getopt: bad value "flush=audit" for option "barrier" [ 1018.363321][T12941] [ 1018.393276][T10215] usb 3-1: USB disconnect, device number 9 [ 1018.432809][T12944] FAULT_INJECTION: forcing a failure. [ 1018.432809][T12944] name failslab, interval 1, probability 0, space 0, times 0 [ 1018.458115][T12944] CPU: 0 PID: 12944 Comm: syz.2.2134 Not tainted 5.15.168-syzkaller #0 [ 1018.466492][T12944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1018.476551][T12944] Call Trace: [ 1018.479819][T12944] [ 1018.482733][T12944] dump_stack_lvl+0x1e3/0x2d0 [ 1018.487405][T12944] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1018.487902][ T6027] input: HID 28bd:0071 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0071.0009/input/input10 [ 1018.493181][T12944] ? panic+0x860/0x860 [ 1018.493214][T12944] ? __might_sleep+0xc0/0xc0 [ 1018.493235][T12944] ? __rwlock_init+0x40/0x140 [ 1018.493253][T12944] should_fail+0x38a/0x4c0 [ 1018.493277][T12944] should_failslab+0x5/0x20 [ 1018.493295][T12944] slab_pre_alloc_hook+0x53/0xc0 [ 1018.493314][T12944] ? __d_alloc+0x2a/0x700 [ 1018.493331][T12944] kmem_cache_alloc+0x3f/0x280 [ 1018.493351][T12944] __d_alloc+0x2a/0x700 [ 1018.493367][T12944] ? lockdep_softirqs_off+0x420/0x420 [ 1018.493387][T12944] d_alloc_pseudo+0x19/0x70 [ 1018.493406][T12944] alloc_file_pseudo+0x131/0x2f0 [ 1018.493426][T12944] ? prandom_u32+0x218/0x260 [ 1018.493446][T12944] ? alloc_empty_file_noaccount+0x80/0x80 [ 1018.493468][T12944] ? shmem_get_inode+0x8e3/0xad0 [ 1018.493491][T12944] __shmem_file_setup+0x1ca/0x290 [ 1018.493505][T12944] ? shmem_file_setup+0x13/0x30 [ 1018.493521][T12944] __se_sys_memfd_create+0x2bb/0x590 [ 1018.493538][T12944] ? vtime_user_exit+0x2d1/0x400 [ 1018.493558][T12944] ? __x64_sys_memfd_create+0x60/0x60 [ 1018.493576][T12944] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1018.493596][T12944] ? lockdep_hardirqs_on+0x94/0x130 [ 1018.493616][T12944] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1018.493638][T12944] do_syscall_64+0x3b/0xb0 [ 1018.493656][T12944] ? clear_bhb_loop+0x15/0x70 [ 1018.493673][T12944] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1018.493694][T12944] RIP: 0033:0x7fce88916ff9 [ 1018.493714][T12944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1018.493738][T12944] RSP: 002b:00007fce86d8ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 1018.493761][T12944] RAX: ffffffffffffffda RBX: 00000000000002c4 RCX: 00007fce88916ff9 [ 1018.493775][T12944] RDX: 00007fce86d8eef0 RSI: 0000000000000000 RDI: 00007fce88989b02 [ 1018.493787][T12944] RBP: 00000000200003c0 R08: 00007fce86d8ebb7 R09: 00007fce86d8ee40 [ 1018.493800][T12944] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000340 [ 1018.493812][T12944] R13: 00007fce86d8eef0 R14: 00007fce86d8eeb0 R15: 0000000020000380 [ 1018.493838][T12944] [ 1018.949844][T12913] device syz_tun entered promiscuous mode [ 1018.957735][T12913] device batadv_slave_1 entered promiscuous mode [ 1018.966127][T12913] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 1018.973891][T12913] Cannot create hsr debugfs directory [ 1018.979727][T12947] netlink: 'syz.2.2135': attribute type 10 has an invalid length. [ 1019.696592][ T6027] input: HID 28bd:0071 Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0071.0009/input/input11 [ 1019.710544][ T6027] uclogic 0003:28BD:0071.0009: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.1-1/input1 [ 1019.733902][T12947] team0: Device veth0_macvtap failed to register rx_handler [ 1019.893614][ T6027] usb 2-1: USB disconnect, device number 12 [ 1020.148491][T12962] loop3: detected capacity change from 0 to 256 [ 1020.533698][T10214] Bluetooth: hci0: command 0x0406 tx timeout [ 1021.422604][T12954] @ÿ: renamed from ipvlan1 [ 1021.429420][T12962] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 1021.645822][T12966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2140'. [ 1021.818036][T12967] team0: Port device veth5 added [ 1024.227663][T13000] FAULT_INJECTION: forcing a failure. [ 1024.227663][T13000] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.233147][T13001] loop1: detected capacity change from 0 to 16 [ 1024.320835][T13000] CPU: 0 PID: 13000 Comm: syz.0.2150 Not tainted 5.15.168-syzkaller #0 [ 1024.329130][T13000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1024.339425][T13000] Call Trace: [ 1024.342883][T13000] [ 1024.345811][T13000] dump_stack_lvl+0x1e3/0x2d0 [ 1024.350502][T13000] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1024.356137][T13000] ? panic+0x860/0x860 [ 1024.360213][T13000] ? __might_sleep+0xc0/0xc0 [ 1024.364808][T13000] ? __lock_acquire+0x1295/0x1ff0 [ 1024.369937][T13000] should_fail+0x38a/0x4c0 [ 1024.374362][T13000] should_failslab+0x5/0x20 [ 1024.378954][T13000] slab_pre_alloc_hook+0x53/0xc0 [ 1024.383909][T13000] ? __d_alloc+0x2a/0x700 [ 1024.388245][T13000] kmem_cache_alloc+0x3f/0x280 [ 1024.393164][T13000] __d_alloc+0x2a/0x700 [ 1024.397333][T13000] ? rcu_lock_release+0x5/0x20 [ 1024.402110][T13000] d_alloc_parallel+0xca/0x1390 [ 1024.406990][T13000] ? __d_lookup+0x671/0x730 [ 1024.411498][T13000] ? d_hash_and_lookup+0x1b0/0x1b0 [ 1024.416624][T13000] path_openat+0x96f/0x2f20 [ 1024.421161][T13000] ? do_filp_open+0x460/0x460 [ 1024.425864][T13000] do_filp_open+0x21c/0x460 [ 1024.430384][T13000] ? vfs_tmpfile+0x2e0/0x2e0 [ 1024.435001][T13000] ? _raw_spin_unlock+0x24/0x40 [ 1024.439901][T13000] ? alloc_fd+0x598/0x630 [ 1024.444240][T13000] do_sys_openat2+0x13b/0x4f0 [ 1024.448925][T13000] ? read_lock_is_recursive+0x10/0x10 [ 1024.454375][T13000] ? do_sys_open+0x220/0x220 [ 1024.458964][T13000] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1024.464934][T13000] __x64_sys_creat+0x11f/0x160 [ 1024.469683][T13000] ? __x64_compat_sys_openat+0x290/0x290 [ 1024.475308][T13000] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1024.481279][T13000] ? lockdep_hardirqs_on+0x94/0x130 [ 1024.486469][T13000] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1024.492442][T13000] do_syscall_64+0x3b/0xb0 [ 1024.496845][T13000] ? clear_bhb_loop+0x15/0x70 [ 1024.501513][T13000] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1024.507428][T13000] RIP: 0033:0x7f9c6485bff9 [ 1024.511833][T13000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1024.531724][T13000] RSP: 002b:00007f9c62cd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 1024.540136][T13000] RAX: ffffffffffffffda RBX: 00007f9c64a13f80 RCX: 00007f9c6485bff9 [ 1024.548102][T13000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100 [ 1024.556065][T13000] RBP: 00007f9c62cd4090 R08: 0000000000000000 R09: 0000000000000000 [ 1024.564037][T13000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1024.572000][T13000] R13: 0000000000000001 R14: 00007f9c64a13f80 R15: 00007ffc5eec9de8 [ 1024.580027][T13000] [ 1024.617772][T13001] erofs: (device loop1): mounted with root inode @ nid 36. [ 1024.707252][T12989] loop2: detected capacity change from 0 to 512 [ 1024.754660][T12989] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 1024.767716][T12989] EXT4-fs (loop2): 1 truncate cleaned up [ 1024.814193][T12989] EXT4-fs (loop2): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback. [ 1024.882693][T13015] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2153'. [ 1024.950494][T13017] loop1: detected capacity change from 0 to 256 [ 1025.041122][T13017] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 1025.153298][ T26] audit: type=1804 audit(1729313425.723:327): pid=13017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2152" name="/newroot/74/file0/bus" dev="loop1" ino=1048752 res=1 errno=0 [ 1025.242563][ T26] audit: type=1800 audit(1729313425.723:328): pid=13017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2152" name="bus" dev="loop1" ino=1048752 res=0 errno=0 [ 1026.424163][T13019] team0: Port device veth5 added [ 1026.605155][T13031] FAULT_INJECTION: forcing a failure. [ 1026.605155][T13031] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1026.687708][T13030] loop3: detected capacity change from 0 to 2048 [ 1026.714852][T13031] CPU: 0 PID: 13031 Comm: syz.0.2158 Not tainted 5.15.168-syzkaller #0 [ 1026.723262][T13031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1026.733427][T13031] Call Trace: [ 1026.736706][T13031] [ 1026.739633][T13031] dump_stack_lvl+0x1e3/0x2d0 [ 1026.744322][T13031] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1026.750043][T13031] ? panic+0x860/0x860 [ 1026.754132][T13031] ? __lock_acquire+0x1ff0/0x1ff0 [ 1026.759172][T13031] should_fail+0x38a/0x4c0 [ 1026.763596][T13031] _copy_from_iter+0x243/0xe90 [ 1026.768377][T13031] ? copy_mc_pipe_to_iter+0x760/0x760 [ 1026.773753][T13031] ? __virt_addr_valid+0x3bb/0x460 [ 1026.778861][T13031] ? 0xffffffff81000000 [ 1026.783011][T13031] ? __check_object_size+0x300/0x410 [ 1026.788303][T13031] netlink_sendmsg+0x800/0xd60 [ 1026.793171][T13031] ? netlink_getsockopt+0x5b0/0x5b0 [ 1026.798367][T13031] ? aa_sock_msg_perm+0x91/0x150 [ 1026.803312][T13031] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 1026.808597][T13031] ? security_socket_sendmsg+0x7d/0xa0 [ 1026.814061][T13031] ? netlink_getsockopt+0x5b0/0x5b0 [ 1026.819267][T13031] ____sys_sendmsg+0x59e/0x8f0 [ 1026.824037][T13031] ? iovec_from_user+0x300/0x390 [ 1026.828985][T13031] ? __sys_sendmsg_sock+0x30/0x30 [ 1026.834027][T13031] ___sys_sendmsg+0x252/0x2e0 [ 1026.838712][T13031] ? __sys_sendmsg+0x260/0x260 [ 1026.843514][T13031] ? __fdget+0x191/0x220 [ 1026.847777][T13031] __se_sys_sendmsg+0x19a/0x260 [ 1026.852639][T13031] ? __x64_sys_sendmsg+0x80/0x80 [ 1026.857590][T13031] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1026.863576][T13031] ? lockdep_hardirqs_on+0x94/0x130 [ 1026.868778][T13031] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1026.874763][T13031] do_syscall_64+0x3b/0xb0 [ 1026.879180][T13031] ? clear_bhb_loop+0x15/0x70 [ 1026.883856][T13031] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1026.889764][T13031] RIP: 0033:0x7f9c6485bff9 [ 1026.894183][T13031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1026.913795][T13031] RSP: 002b:00007f9c62cd4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1026.922301][T13031] RAX: ffffffffffffffda RBX: 00007f9c64a13f80 RCX: 00007f9c6485bff9 [ 1026.930272][T13031] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005 [ 1026.938239][T13031] RBP: 00007f9c62cd4090 R08: 0000000000000000 R09: 0000000000000000 [ 1026.946207][T13031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1026.954176][T13031] R13: 0000000000000000 R14: 00007f9c64a13f80 R15: 00007ffc5eec9de8 [ 1026.962160][T13031] [ 1026.969487][ T27] INFO: task syz.4.1739:11226 blocked for more than 143 seconds. [ 1026.992767][ T27] Not tainted 5.15.168-syzkaller #0 [ 1027.023928][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1027.051419][ T27] task:syz.4.1739 state:D stack:27808 pid:11226 ppid: 10186 flags:0x00004004 [ 1027.073378][ T27] Call Trace: [ 1027.076720][ T27] [ 1027.079672][ T27] __schedule+0x12c4/0x45b0 [ 1027.093225][ T27] ? release_firmware_map_entry+0x190/0x190 [ 1027.175431][T13037] loop2: detected capacity change from 0 to 256 [ 1027.269061][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1027.333701][ T27] ? print_irqtrace_events+0x210/0x210 [ 1027.390040][ T27] ? _raw_spin_lock_irq+0xdb/0x110 [ 1027.450182][ T27] ? do_raw_spin_unlock+0x137/0x8b0 [ 1027.508267][ T27] schedule+0x11b/0x1f0 [ 1027.555270][ T27] rwsem_down_write_slowpath+0xf0c/0x16a0 [ 1027.618398][ T27] ? rwsem_write_trylock+0x210/0x210 [ 1027.671676][ T27] ? read_lock_is_recursive+0x10/0x10 [ 1027.731382][ T27] ? rwsem_write_trylock+0x166/0x210 [ 1027.782388][ T27] ? clear_nonspinnable+0x60/0x60 [ 1027.837905][ T27] ? preempt_count_add+0x8f/0x180 [ 1027.887128][ T27] __f2fs_ioctl+0x4a8b/0xca00 [ 1027.939126][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 1027.997859][ T27] ? do_vfs_ioctl+0x1b66/0x2b70 [ 1028.050126][ T27] ? __x64_compat_sys_ioctl+0x80/0x80 [ 1028.107651][ T27] ? __lock_acquire+0x1ff0/0x1ff0 [ 1028.161634][ T27] ? slab_free_freelist_hook+0xdd/0x160 [ 1028.216659][ T27] ? tomoyo_path_number_perm+0x648/0x810 [ 1028.278569][ T27] ? kfree+0xf1/0x270 [ 1028.318407][ T27] ? tomoyo_path_number_perm+0x6ab/0x810 [ 1028.381534][ T27] ? f2fs_ioctl+0x1d0/0x1d0 [ 1028.411170][ T27] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 1028.433402][ T27] ? __fget_files+0x413/0x480 [ 1028.438267][ T27] ? f2fs_ioctl+0x132/0x1d0 [ 1028.442955][ T27] ? f2fs_precache_extents+0x420/0x420 [ 1028.448609][ T27] __se_sys_ioctl+0xf1/0x160 [ 1028.635596][ T27] do_syscall_64+0x3b/0xb0 [ 1028.688851][ T27] ? clear_bhb_loop+0x15/0x70 [ 1028.740291][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1028.799914][ T27] RIP: 0033:0x7f2ef5d01ff9 [ 1028.848178][ T27] RSP: 002b:00007f2ef4138038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1028.929369][ T27] RAX: ffffffffffffffda RBX: 00007f2ef5eba130 RCX: 00007f2ef5d01ff9 [ 1029.015312][ T27] RDX: 0000000020000100 RSI: 000000004004f506 RDI: 0000000000000006 [ 1029.095866][ T27] RBP: 00007f2ef5d74296 R08: 0000000000000000 R09: 0000000000000000 [ 1029.182177][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1029.263853][ T27] R13: 0000000000000001 R14: 00007f2ef5eba130 R15: 00007ffc98e704c8 [ 1029.339453][ T27] [ 1029.378672][ T27] [ 1029.378672][ T27] Showing all locks held in the system: [ 1029.477908][T13037] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d) [ 1029.603352][ T26] audit: type=1804 audit(1729313430.243:329): pid=13037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2155" name="/newroot/10/file0/bus" dev="loop2" ino=1048753 res=1 errno=0 [ 1029.702274][T13030] NILFS (loop3): error -4 creating segctord thread [ 1030.023500][ T27] 1 lock held by khungtaskd/27: [ 1030.036609][ T27] #0: ffffffff8c91fc20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 1030.073280][ T26] audit: type=1800 audit(1729313430.243:330): pid=13037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2155" name="bus" dev="loop2" ino=1048753 res=0 errno=0 [ 1030.095055][ T27] 1 lock held by udevd/3028: [ 1030.099814][ T27] 2 locks held by getty/3325: [ 1030.104682][ T27] #0: ffff8880293c2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 1030.114888][ T27] #1: ffffc900024a62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 1030.125304][ T27] 2 locks held by kworker/u4:8/3681: [ 1030.130743][ T27] #0: ffff8880b903a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 1030.141159][ T27] #1: ffff8880b9027848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x53d/0x810 [ 1030.152880][ T27] 2 locks held by kworker/1:9/6027: [ 1030.158417][ T27] #0: ffff888017072138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 1030.177893][ T27] #1: ffffc90002dc7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 1030.203651][ T27] 4 locks held by kworker/u4:10/9756: [ 1030.209030][ T27] #0: ffff8880199d9138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 1030.233214][ T27] #1: ffffc90002ea7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 1030.245173][ T27] #2: ffff8880639a60e0 (&type->s_umount_key#66){++++}-{3:3}, at: trylock_super+0x1b/0xf0 [ 1030.255330][ T27] #3: ffff88807636d1b0 (&sbi->gc_lock){+.+.}-{3:3}, at: f2fs_balance_fs+0x4d4/0x6a0 [ 1030.264915][ T27] 4 locks held by syz.4.1739/11225: [ 1030.271408][ T27] 2 locks held by syz.4.1739/11226: [ 1030.278916][ T27] #0: ffff8880639a6460 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0 [ 1030.296574][ T27] #1: ffff88807636d1b0 (&sbi->gc_lock){+.+.}-{3:3}, at: __f2fs_ioctl+0x4a8b/0xca00 [ 1030.311588][ T27] 1 lock held by syz-executor/12487: [ 1030.321766][ T27] #0: ffffffff8c9241e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740 [ 1030.340140][ T27] 2 locks held by syz.3.2157/13030: [ 1030.346551][ T27] #0: ffff8880208c0518 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xfb/0x790 [ 1030.363198][ T27] #1: ffff888147ada468 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_release+0x4d/0x1f0 [ 1030.380982][ T27] [ 1030.383445][ T27] ============================================= [ 1030.383445][ T27] [ 1030.395422][ T27] NMI backtrace for cpu 1 [ 1030.399771][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.168-syzkaller #0 [ 1030.407747][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1030.417964][ T27] Call Trace: [ 1030.421229][ T27] [ 1030.424145][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 1030.428813][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1030.434429][ T27] ? panic+0x860/0x860 [ 1030.438492][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 1030.443597][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 1030.448518][ T27] ? __wake_up_klogd+0xd5/0x100 [ 1030.453357][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 1030.459494][ T27] ? _printk+0xd1/0x120 [ 1030.463633][ T27] ? panic+0x860/0x860 [ 1030.467684][ T27] ? __wake_up_klogd+0xcc/0x100 [ 1030.472519][ T27] ? panic+0x860/0x860 [ 1030.476576][ T27] ? __rcu_read_unlock+0x92/0x100 [ 1030.481585][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1030.487635][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 1030.493601][ T27] watchdog+0xe72/0xeb0 [ 1030.497751][ T27] kthread+0x3f6/0x4f0 [ 1030.501808][ T27] ? hungtask_pm_notify+0x50/0x50 [ 1030.506814][ T27] ? kthread_blkcg+0xd0/0xd0 [ 1030.511452][ T27] ret_from_fork+0x1f/0x30 [ 1030.515860][ T27] [ 1030.520178][ T27] Sending NMI from CPU 1 to CPUs 0: [ 1030.525671][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x10f/0x340 [ 1030.547519][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 1030.554387][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.168-syzkaller #0 [ 1030.562378][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1030.572528][ T27] Call Trace: [ 1030.575910][ T27] [ 1030.578854][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 1030.583547][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1030.589200][ T27] ? panic+0x860/0x860 [ 1030.593307][ T27] panic+0x318/0x860 [ 1030.597235][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 1030.602888][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 1030.609133][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 1030.614332][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1030.620410][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 1030.626563][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 1030.632738][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 1030.638888][ T27] watchdog+0xeb0/0xeb0 [ 1030.643046][ T27] kthread+0x3f6/0x4f0 [ 1030.647115][ T27] ? hungtask_pm_notify+0x50/0x50 [ 1030.652146][ T27] ? kthread_blkcg+0xd0/0xd0 [ 1030.656739][ T27] ret_from_fork+0x1f/0x30 [ 1030.661183][ T27] [ 1030.664330][ T27] Kernel Offset: disabled [ 1030.675198][ T27] Rebooting in 86400 seconds..