last executing test programs:

10.989587662s ago: executing program 4 (id=2118):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed00", 0x10, 0x3a, 0xff, @remote={0xfe, 0xc0}, @mcast2, {[], @ndisc_ra}}}}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)

10.804674907s ago: executing program 4 (id=2121):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$sock_int(r3, 0x1, 0x2e, 0x0, &(0x7f0000004500))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r4, &(0x7f0000000000)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000010000000853a6e1d127e5d5292f3b9e67925d96d34b70244f25560e8a01161d39c2fd200ad0f9fe1a4903b6bdad0aca2777873287cad6c24404fe323db091f3913431ce0858a5ecc0bc481c4d31ac1cb548f19d5596e87dc3f3cec115a8c7d16540fbbfd3e5c2b33fe0a15100bb12af"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$sock_SIOCGIFBR(r8, 0x8940, &(0x7f0000000000)=@generic={0x1, 0xfffffffffffffffd})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x10020f58, 0x0, [{0x0, 0x0, 0x4}, {}, {0x0, 0x4}, {}, {}, {0x0, 0x8}, {0x0, 0xb, 0xff}, {0x0, 0xfe}, {0x0, 0x80, 0x5}, {}, {0x0, 0x0, 0x8f, '\x00', 0xfc}, {}, {0x0, 0x0, 0x0, '\x00', 0x1}, {}, {}, {}, {0x0, 0xfe, 0x0, '\x00', 0x8}, {}, {0x0, 0xa, 0x0, '\x00', 0x20}, {0x0, 0x0, 0x0, '\x00', 0x46}, {0x0, 0x7}, {0x0, 0x0, 0x0, '\x00', 0x5}, {0x0, 0x0, 0x0, '\x00', 0x20}, {0x0, 0x0, 0x2}]}})
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f00000000c0)={0x8, 0x80})
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r9, &(0x7f00000006c0)=[{&(0x7f0000000080)='7', 0x1}], 0x1, 0x6e45, 0x0, 0x0)

10.002496504s ago: executing program 1 (id=2124):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd28710000000000000109022400010000000009040100010300000009210200000122050009058103"], 0x0)
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x21e, &(0x7f00000005c0)="$eJzsmL9vEzEUx792LpcEEIKlAwsDlSiCJs1l6RJBkZCYEFLLrwkielQlaYPSQ6KREKpYWGBjQGJh4B9g6NCJgY1/AAkGQEJiIAMDC4vRs30Xt9dw0VGmvs9gfe337Of34ntDwDDMvuXrl1+fn56fXTgD4BAmUbLr3wuAEEZLx//Ti/unnzcvvHzz8fW71cMPt3aeR1uU2r5Q/kt8D8DbuQIeJZGS3b9JTNrJAmSir0DilNXXIFC1+hYkrlodQuCG1Xcd3SX/avXOcies3u52FknM0FCnIaChsfN+gw2BRTtXSinh2NfW++1WpxP2HOFZ2y6mXCIJ1p5I1a8IH4M5iaZzP6ri9SePN2ge12bGqV8dEnWbRAMC83Z9FqW4NqYkTv7HvOH5hVT+u2ZLrmTISrJsRPPnnhSLhA8jjk7nO2eK0jmXNh1Bnvtg+64ihiaq5N6kPPLpaOFlv8Wz9gfNEevSuFk8qwD4T5m6IlcWsZgYbL1Pm75lbVciO4QY//2Ux71z/CHmr1gF/bb8l4qNutiHTdM/1CuBk05/8pz+UYtW7tXW1vvTyyutpXApXA2CRumgselGVNNjqu8N+3NF96cDzvnFEb6+9PGgFUW9uhl94aOCKOoFeh44n838ZvfHTbstwkUAJ8yE2qafnFhIxRC+8ZHal9RU2olhGIZhGIZhGIZhGIZhGCYXxyH0v6AZBJe1958AAAD//wDHYZU=")
lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000400)=@known='system.posix_acl_default\x00', 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x0, 0xd, 0x5, {0x5, 0x22, "4a20ee"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000700)={0x24, 0x0, &(0x7f0000000580)={0x0, 0x3, 0xd, @string={0xd, 0x3, "48abd1c171855e761978a9"}}, 0x0, 0x0}, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x24, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r3}, @IFLA_HSR_SLAVE1={0x8, 0x1, r5}, @IFLA_HSR_VERSION={0x5}, @IFLA_HSR_PROTOCOL={0x5}]}}}]}, 0x50}}, 0x0)

9.147697346s ago: executing program 4 (id=2127):
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000003600)={&(0x7f0000000080)=@id, 0x10, 0x0}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000002700)=""/22, 0x16}}], 0x1, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {0x8}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x5, 'broadcast-link\x00'}]}]}, 0x2c}}, 0x0)
sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x50, r1, 0x42c, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xbaf3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4084005)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r4, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f00000004c0)=""/78, &(0x7f0000000400)=0x4e)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r4, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000740)={0x0, @can={0x1d, r4}, @l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, 0x3}, @ethernet={0x1}, 0x0, 0x0, 0x0, 0x0, 0x107, &(0x7f0000000700)='pim6reg1\x00', 0x3, 0x1, 0x9})
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r7, 0x40000}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r1, @ANYBLOB="00042dbd7000fddbdf250c0000002c000380080002003f000000080003000400000008000300000000800800030008000000080002000500000025bb0cb8000580140002800800020001000000080004000600000008000100657468003c000280080002000700000008000100140000000800010017000000080001001f0000000800020002000000080002000700000008000100100000000c000280080001000000000007000100696200002400028008000400ff00000008000400040000000800020006680000080001001100000008000100756470001c000280080004000100000008000200010000000800030009"], 0xf8}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000040)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000280)={r8, 0x0, r9})

8.758846608s ago: executing program 4 (id=2130):
gettid()
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
lstat(0x0, &(0x7f0000001c80))
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, 0x0, 0x0)
ioctl$PPPOEIOCSFWD(r2, 0x4008b100, 0x0)

8.198508585s ago: executing program 2 (id=2134):
syz_mount_image$msdos(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000380), 0x1, 0x2c4, &(0x7f00000003c0)="$eJzs3T1rW1ccBvBT1bWLi1+mQrv00C7tcnHdL1ARbDARJDhWSDIErvF1IqRIRlcQyWTwniVzxowmY7ZAyBfwB8iezUvw5CkKlhy/xSFDkC/Gvx+I88CD4BzEFf/lcnbvPHtUX8+T9bQTSv/HUAohlPZDmB2koR8O19Igj4eTtsI/7148f3rr7r3r5UplYTnGxfLKf/Mxxuk/3jx+8vLPt51fbr+afj0Rdmbv736Yf7/z685vux9XHtbyWMtjs9WJaVxttTrpaiOLa7W8nsR4s5GleRZrzTxrn+rXG62NjV5Mm2tTkxvtLM9j2uzFetaLnVbstHsxfZDWmjFJkjg1GfiW6vbycloueheMVrtdTg+e4Ykvmup2IRsCAApl/r/KzP9XwcH8P374/J5m/gcAAAAAAAAAAAAAgMtgv9+f6ff7M5/Xs5+i98do+f2vthMv7v0cwt5Wt9qtDtdhv7hUWZiLA7PH39rrdqs/HvX/Dvt4uv8pTB728+f24+Hvv4b9QXftRuVMPxHWRn98AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhI4pFz7/dPkq/1w7S4VFmYO/d+/7Hw+9iFHQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvkve26ynjUbWFgRBOApF/zMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxTu+9LvonQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCkvLdZTxuNrD3CUPQZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALpNPAQAA///JXtD+") (fail_nth: 5)

7.983427184s ago: executing program 2 (id=2135):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='sched_switch\x00', r0}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
readv(r2, &(0x7f00000009c0)=[{&(0x7f0000000300)=""/198, 0xc6}, {&(0x7f00000004c0)=""/253, 0xfd}, {&(0x7f0000000400)=""/49, 0x31}, {&(0x7f00000005c0)=""/13, 0xd}, {&(0x7f0000001940)=""/4096, 0x1000}], 0x5)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r2, 0xc2604111, &(0x7f0000000580)={0x6, [[0xc, 0x1ff0000, 0x9, 0x5bff, 0x9e9d, 0xa05, 0x80000008, 0x7], [0x76, 0x81, 0x3, 0x80000, 0x1000, 0x66b, 0x10001, 0x10000], [0x4, 0x7fffffff, 0x2, 0xfffffff8, 0x8, 0xd0, 0x3ff, 0x6]], '\x00', [{0x6, 0x2, 0x1, 0x1, 0x1, 0x1}, {0x7, 0x2, 0x0, 0x1}, {0x6, 0x3, 0x0, 0x0, 0x1, 0x1}, {0x5, 0x6, 0x0, 0x0, 0x1, 0x1}, {0x7, 0x10001, 0x1, 0x0, 0x1}, {0x3ff, 0xf577, 0x0, 0x0, 0x1}, {0xe, 0xed, 0x0, 0x1, 0x1, 0x1}, {0x7f, 0xcf9, 0x0, 0x0, 0x0, 0x1}, {0xfffffc9c, 0x4, 0x0, 0x1, 0x0, 0x1}, {0x3, 0x7, 0x0, 0x1, 0x1}, {0x2, 0x7, 0x0, 0x1, 0x1}, {0x0, 0x9, 0x1, 0x1}], '\x00', 0x8003})
add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000080)="010000000000000000000000000000f3021a1a00000c77fc1f", 0x19, 0xfffffffffffffffd)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000740)={0x1, 0x0, [{0xc148a9985d388242, 0x80, &(0x7f0000000400)=""/128}]})
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000280)=0x4000000)
r4 = dup2(r3, r3)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000040)=0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x80fe, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483e0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)

7.930048148s ago: executing program 3 (id=2136):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0xa, 0x3ff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
mkdir(0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@ipv6_getroute={0x20, 0x1a, 0x1, 0x0, 0x25dfdbff, {}, [@RTA_METRICS={0x4}]}, 0x20}}, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)

6.935539191s ago: executing program 3 (id=2138):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xf, &(0x7f00000001c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r0 = getpid()
sched_setscheduler(0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x80, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}]}]}, 0x80}}, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000280))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = getpid()
sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
recvmmsg(r2, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000400)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000640)=""/251, 0xfb}], 0x2}}], 0x40002db, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000540)='./file0\x00', 0x20810004, &(0x7f0000000300)=ANY=[], 0x9, 0x14dd, &(0x7f0000003f80)="$eJzs3AlwVsW2KOBe3b1DiBF/IzIEevXa8IsBmoiIyCAiMoiIiIiIyCQCAkZERARECMgkYkBE5klEhoCAyBAhYpjnQebJyEFEREQmmQT6FZ5zH/cczy3ue+e8x63K+qq60iv7X2t3Z6Xy772r8v/cZWiNRjWrNiAi8S+Bv35JFULECiEGCiFuE0IEQoiyCWUTrh3PrSD1XzsJ+/d6Jv1mr4DdTNz/nI37n7Nx/3M27n/Oxv3P2bj/ORv3P2fj/jOWk22dWfB2Hjl38PP/nIzf/3M27n/Oxv3P2bj/ORv3P2fj/uds3P+cjfufs3H/GcvJbvbzZx43d9zs3z/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYznDBX+dFkL8x/xmr4sxxhhjjDHGGGP/Pj7XzV4BY4wxxhhjjDHG/t8DIYUSWgQiRuQSsSK3iBO3iHhxq8gjbhMRcbtIEHeIvOJOkU/kFwVEQZEoConCwggUVpAIRRFRVETFXaKYuFskieKihCgpnCglksU9orS4V5QR94my4n5RTjwgyosKoqKoJB4UlcVDoop4WFQVj4hqorqoIWqKR0Ut8ZioLR4XdcQToq54UtQTT4n64mnRQDwjGopnRSPxnGgsnhdNRFPRTDQXLf6v8t8SPcTboqfoJVJFb9FHvCP6in6ivxggBop3xSDxnhgs3hdpYogYKj4Qw8SHYrj4SIwQI8UoMVqMEWPFODFeTBATxSTxsZgsPhFTxKdiqpgmposZIl3MFLPEZ2K2mCPmis/FPPGFmC8WiIVikcgQX4rFYonIFF+JpeJrkSWWieVihVgpVonVYo1YK9aJ9WKD2Cg2ic1ii9gqvhHbxHaxQ+wUu8RusUfsFfvEfnFAfCuyxXf/h/nn/yG/KwgQIEGCBg0xEAOxEAtxEAfxEA95IA9EIAIJkAB5IS/kg3xQAApAIiRCYSgMCAgEBEWgCEQhCsWgGCRBEpSAEuDAQTIkQ2m4F8pAGSgLZaEclIPyUAEqQCWoBJWhMlSBKlAVqkI1qAY1oAY8Co/CY1AbakMdqAN1oS7Ug3pQH+pDA2gADaEhNIJG0BgaQxNoAs2gGbSAFtASWkIraAVtoA20hbbQHtpDCqRAB+gA7aAjdIJO0Bk6QxfoAl2hG3SDt+AteBvehl5QTfaGPtAH+kJf6A8DYAC8C4PgPXgP3oc0GAJD4QP4AD6E4XAORsBIGAWjoLIcC+NgPJCcCJNgEkyGyTAFpsBUmAbTYAakw0yYBbNgNsyBOfA5zIMv4AtYAAtgEWRABiyGJZAJmbAUzkMWLIPlsAJWwipYCWtgLayB9bAB1sMm2ARbYAt8A9/AaNgOO2En7IbdsBf2wn7YD2mQDdlwEA7CITgEh+EwHIEjcBSOwjE4BsfhOJyAE3ASTsFpOAVn4Sycg/NwAS7AJbgEl+GNxB8b7i6+Lk3Ia7TUMkbGyFgZK+NknIyX8TKPzCMjMiITZILMK/PKfDKfLCALyESZKAvLwhIlSpKhLCKLyKiMymKymEySSbKELCGddDJZJsvSsrQsI8vIsvJ+WU4+IMvLCrK1qyQrycqyjasiH5ZVZVVZTVaXNWRNWVPWkrVkbVlb1pF1ZF1ZV9aTT8n6sjf0h2fktc40kkOgsRwKTWRT2Uw2lx/CC7KlHA6tZGvZRr4kR8IIaC9buhT5iuwgx0FH+ZocD6/LznIidJFvyq6ym+wu35I9ZCvXU/aSU6G37CNnQF/ZT/aXA+RsqC6vdayGfF+mySFyqPxALoIP5XD5kRwhR8pRcrQcI8fKcXK8nCAn5hLyYzlZfiKnyE/lVDlNTpczZLqcKWfJz+RsOUfOlZ/LefILOV8ukAvlIpkhv5SL5RKZKb+SS+XXMksuk8vlCrlSrpKr5Rq5Vq6T6+UGuVFukpvlFrlVfiO3ye1yh9wpd8ndco/cK/fJ/fKA/FZmy+/kQfkXeUh+Lw/LH+QR+aM8Kn+Sx+TP8rj8RZ6Qv8qT8pQ8Lc/Is/I3eU6elxfkRXlJ/i4vyyvyqvRSKFBSKaVVoGJULhWrcqs4dYuKV7eqPOo2FVG3qwR1h8qr7lT5VH5VQBVUiaqQKqyMQmUVqVAVUUVVVN2liqm7VZIqrkqoksqpUipZ3aNKq3tVGXWfKqvuV+XUA6q8qqAqqkrqQVVZPaSqqIdVVfWIqqaqqxqqpnpU1VKPqdrqcVVHPaHqqidVPfWUqq+eVg3UM6qhelY1Us+pxup51UQ1Vc1Uc9VCvaBaqhdVK9VatVEvqbaqnWqvXlYp6hXVQb2qOqrXVCf1uuqs3lBd1Juqq+qmuqsr6qryqqfqpVJVb9VHvaP6qn6qvxqgBqp31SD1nhqs3ldpaogaqj5Qw9SHarj6SI1QI9UoNVqNUWPVODVeTVAT1ST1sZqsPlFT1KdqqpqmpqsZKl3NVP3/VmnufyP/k3+SP/iPs29RW9U3apvarnaonWqX2q32qD1qn9qnDqgDKltlq4PqoDqkDqnD6rA6oo6oo+qoOqaOqePquDqhTqiT6pS6qM6os+o3dU6dV+fVRXVJXVKX//YzEBq01EprHegYnUvH6tw6Tt+i4/WtOo++TUf07TpB36Hz6jt1Pp1fF9AFdaIupAtro1FbTTrURXRRHdV36WL6bp2ki+sSuqR2upRO1vf8y/k3Wl8L3UK31C11K91Kt9FtdFvdVrfX7XWKTtEddAfdUXfUnXQn3Vl31l10F91Vd9XddXfdQ/fQPXVPnapTdR/9ju6r++n+eoAeqN/Vg/QgPVgP1mk6TQ/VQ/UwPUwP18P1CD1Cj9Kj9Bg9Ro/T4/QEPUFP0pP0ZD1ZT9FT9FQ9VU/X03W6Ttez9Cw9W8/Wc/VcPU/P0/P1fL1QL9QZOkMv1ot1ps7US/VSnaWX6WV6hV6hV+lVeo1eo9fpdXqD3qA36U06S2/VW/U2vU3v0Dv0Lr1L79F79D69Tx/QB3S2ztYH9UF9SB/Sh/VhfUQf0Uf1UX1MH9PH9XF9Qp/QJ/VJfVqf1mf1WX1On9MX9AV9SV/Sl/VlfVVfvXbZF8hABjrQQUwQE8QGsUFcEBfEB/FBniBPEAkiQUKQEOQN7gzyBfmDAkHBIDEoFBQOTICBDSgIgyJB0SAa3BUUC+4OkoLiQYmgZOCCUkFycE9QOrg3KBPcF5QN7g/KBQ8E5YMKQcWgUvBgUDl4KKgSPBxUDR4JqgXVgxpBzeDRoFbwWFA7eDyoEzwR1A2eDOoFTwX1g6eDBsEzQcPg2aBR8FzQOHg+aBI0DZoFzYMW/9b63p/L/6LraXqZVNPb9DHvmL6mn+lvBpiB5l0zyLxnBpv3TZoZYoaaD8ww86EZbj4yI8xIM8qMNmPMWDPOjDcTzEQzyXxsJptPzBTzqZlqppnpZoZJNzPNLPOZmW3mmLnmczPPfGHmmwVmoVlkMsyXZrFZYjLNV2ap+dpkmWVmuVlhVppVZrVZY9aadWa92WA2mk1ms9litppvzDaz3ewwO80us9vsMXvNPrPfHDDfmmzznTlo/mIOme/NYfODOWJ+NEfNT+aY+dkcN7+YE+ZXc9KcMqfNGXPW/GbOmfPmgrloLpnfzWVzxVw1/trF/bW3d9SoMQZjMBZjMQ7jMB7jMQ/mwQhGMAETMC/mxXyYDwtgAUzERCyMhfEaQsIiWASjGMViWAyTMAlLYAl06DAZk7E0lsYyWAbLYlksh+WwPJbHilgRH8QH8SF8CB/Gh/ERfASrY3WsiTWxFtbC2lgb62AdrIt1sR7Ww/pYHxtgA2yIDbERNsLG2BibYBNshs2wBbbAltgSW2ErbINtsC22xfbYHlMwBTtgB+yIHbETdsLO2Bm7YBfsil2xO3bHHtgDe2JPTMVU7IN9sC/2xf7YHwfiQByEg3AwDsY0TMOhOBSH4TAcjsNxBI7EUTgax+BYHIfjcQJOxEk4CSfjZJyCU3AqTsXpOB3TMR1n4SycjbNxLs7FeTgP5+N8XIgLMQMzcDEuxkzMxKW4FLMwC5fjclyJK3E1rsa1uBbX43rciBtxM27GrbgVt+E23IE7cBfuwj24B/fhPjyABzAbs/EgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8CSexNN4Gs/iWTyH5/ACXsBL+Dtexit4FT3G2tw2zt5i4+2tNo+9zf5jXMAWtIm2kC1sjc1n8/9djNbaJFvclrAlrbOlbLK9509xeVvBVrSV7IO2sn3IVvlTXMs+Zmvbx20d+4StaR/9u7iufdLWs8/Z+vZ528A2tQ1tc9vIPmcb2+dtE9vUNrPNbVvbzra3L9sU+4rtYF/9U7zYLrFr7Tq73m6w++x+e8FetMfsz/aS/d32tL3sQPuuHWTfs4Pt+zbNDvlTPMqOtmPsWDvOjrcT7MQ/xdPtDJtuZ9pZ9jM72875U5xhv7TzbKadbxfYhXbRH/G1NWXar+xS+7XNssvscrvCrrSr7Gq75n+vdYXdZDfbLXaP3Wu32e12h91pd9ndf8TX9nHAfmuz7Xf2qP3JHrLf28P2uD1if/wjvra/4/YXe8L+ak/aU/a0PWPP2t/sOXv+j/1f2/sZe8Vetd4KApKkSFNAMZSLYik3xdEtFE+3Uh66jSJ0OyXQHZSX7qR8lJ8KUEFKpEJUmAwhWSIKqQgVpSjdRcXobkqi4lSCSpKjUpRM91BpupfK0H1Ulu6ncvQAlacKVJEq0YNUmR6iKvQwVaVHqBpVpxpUkx6lWvQY1abHqQ49QXXpSapHT1F9epoa0DPUkJ6lRvQcNabnqQk1pWbUnFrQC9SSXqRW1Jra0EvUltpRe3qZUugV6kCvUkd6jTrR69SZ3qAu9CZ1pW7Und6iHvQ29aRelEq9qQ+9Q32pH/WnATSQ3qVB9B4NpvcpjYbQUPqAhtGHNJw+ohE0kkbRaBpDY2kcjacJNJEm0cc0mT6hKfQpTaVpNJ1mUDrNpFn0Gc2mOTSXPqd59AXNpwW0kBZRBn1Ji2kJZdJXtJS+pixaRstpBa2kVbSa1tBaWkfraQNtpE20mbbQVvqGttF22kE7aRftpj20l/bRfjpA31I2fUcH6S90iL6nw/QDHaEf6Sj9RMfoZzpOv9AJ+pVO0ik6TWfoLP1G5+g8XaCLdIl+p8t0ha6SJxFCKEMV6jAIY8JcYWyYO4wLbwnjw1vDPOFtYSS8PUwI7wjzhneG+cL8YYGwYJgYFgoLhybE0IYUhmGRsGgYDe8Ki4V3h0lh8bBEWDJ0YakwObwnLB3eG5YJ7wvLhveH5cIHwvJhhfC5JyqFD4aVw4fCKuHDYdXwkbBaWD2sEdYMHw1rhY+FtcPHwzrhE2GZ8MmwXvhUWD98OmwQPhM2DJ8NG4XPhY3D58MmYdOwWdg8bBG+ELYMXwxbha3DNuFLYduwXdg+fDlMCV8JO4Sv3vB4atg77BO+E74Tev+4WhhdFM2IfhldHF0SzYx+FV0a/TqaFV0WXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEvW+Zi7hwEmnnHaBi3G5XKzL7eLcLS7e3eryuNtcxN3uEtwdLq+70+Vz+V0BV9AlukKusDMOnXXkQlfEFXVRd5cr5u52Sa64K+FKOudKuWTX3LVwLVxL96Jr5Vq7Nu4l95Jr59q5l93L7hXXwb3qOrrXXCf3uuvs3nBvuDddV9fNdXdvuR7ubdfT9XKpLtX1cX1cX9fX9Xf93UA30A1yg9xgN9iluTQ31A11w9wwN9wNdyPcCDfKjXJj3Bg3zo1zE9wEN8lNcpPdZDfFTXFT3VQ33U136S7dzXKz3Gw32811c928pHluvpvvFrqFLsNluMVusct0mW6pW+qyXJZb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3bZ7qA76A65Q+6w+8EdcT+6o+4nd8z97I67X9wJ96s76U650+6MO+t+c+fceXfBXXSX3O/usrvirjrvJkU+jkyOfBKZEvk0MjUyLTI9MiOSHpkZmRX5LDI7MicyN/J5ZF7ki8j8yILIwsiiSEbky8jiyJJIZuSryNLI15GsyLLI8siKyMrIqoj3hbaFvogv6qP+Ll/M3+2TfHFfwpf0zpfyyf4eX9rfGyP8fb6sv9+X8w/48r6Cr+if9018U9/MN/ct/Au+pX/Rt/KtfRv/km/r2/n2/mWf4l/xHfyrvqN/zXfyr/vO/g3fxb/pu/puvrt/y/fwb/uevpdP9b19H/+O7+v7+f5+gB/o3/WD/Ht+sH/fp/khfqj/wA/zH/rh/iM/wo/0o/xoP8aP9eP8eD/BT/ST/Md+sv/ET/Gf+ql+mp/uZ/h0P9PP8p/52X6On+s/9/P8F36+X+AX+kU+w3/pF/slPtN/5Zf6r32WX+aX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q//Gb/Pb/Q6/0+/yu/0ev9fv8/v9Af+tz/bf+YP+L/6Q/94f9j/4I/5Hf9T/5I/5n/1x/4s/4X/1J/0pf9qf8Wf9b/6cP+8v+Iv+kv/dX/ZX/FX+nzXGGGOMsf8WdYPjvf/J9+TfxjV9hBC3bi945B9rbsz313k/mdg2IoR4pVeXZ/5jVKuWmpr6t9dmKREUXSCEiFzPjxHX42WijWgnUkRrUfqfrq+f7HaJblA/er8Qcf8pJ1Zcj6/Xv/e/qD923g3rLxAiqej1nNzieny9fpn/on7+ljeon/v7SUK0+k858eJ6fL1+snhRvCpS/u6VjDHGGGOMMcbYX/WTFTvd6P722v15or6ek0tcj290f84YY4wxxhhjjLGb7/Vu3V9+ISWldSee8IQn/7MmUghx085+s/8yMcYYY4wxxv7drl/03+yVMMYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjOdf/j48Tu9l7ZIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxm62/xUAAP//9kMzGA==")
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r5, 0x800)
lseek(r5, 0x200, 0x0)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
sendfile(r5, r6, 0x0, 0xf800)

6.642588535s ago: executing program 2 (id=2139):
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8)
close(r2)

5.222260174s ago: executing program 1 (id=2140):
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000003600)={&(0x7f0000000080)=@id, 0x10, 0x0}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000002700)=""/22, 0x16}}], 0x1, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {0x8}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x5, 'broadcast-link\x00'}]}]}, 0x2c}}, 0x0)
sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x50, r1, 0x42c, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xbaf3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4084005)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r4, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f00000004c0)=""/78, &(0x7f0000000400)=0x4e)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r4, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000740)={0x0, @can={0x1d, r4}, @l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, 0x3}, @ethernet={0x1}, 0x0, 0x0, 0x0, 0x0, 0x107, &(0x7f0000000700)='pim6reg1\x00', 0x3, 0x1, 0x9})
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r7, 0x40000}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r1, @ANYBLOB="00042dbd7000fddbdf250c0000002c000380080002003f000000080003000400000008000300000000800800030008000000080002000500000025bb0cb8000580140002800800020001000000080004000600000008000100657468003c000280080002000700000008000100140000000800010017000000080001001f0000000800020002000000080002000700000008000100100000000c000280080001000000000007000100696200002400028008000400ff00000008000400040000000800020006680000080001001100000008000100756470001c000280080004000100000008000200010000000800030009"], 0xf8}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000040)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000280)={r8, 0x0, r9})

4.758108222s ago: executing program 2 (id=2141):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r3, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1000000000000007, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix={0xffffffff, 0x0, 0x34424752, 0x0, 0x0, 0x3, 0x6, 0x0, 0x0, 0x3, 0x0, 0x1}})
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @mcast1, @loopback={0x0, 0xffffac1414aa}, [], "1e520b4c951ee12e"}}}}}}}, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r5, 0x40047451, &(0x7f0000001880)=0x5)
ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r5, &(0x7f0000000080)=[{&(0x7f00000004c0)="00214717a70700000000030600710a5e31163ceb9d0471200000000500000000000000ffff03425d4d50e7182ce0ab6d000041a15be2d9d13cd1cb0c238e61cfd6a5d7cd0eaa50e027db032ddbfe85e53b87eb950a45", 0x56}], 0x1, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000180)="c280776925afa0d02cf073781a95de6dbe4a8e3d04cdcd5455cd59f713b03b0a3427eb1b0cd33d3883068a674a8b86b9fcb5c7a867c73c3daeb32a9927131fa6db77a8fc9eb81e9a08f4000ed5b35549d1c661c7aa95e30a99d4579f38913a3871739b6a43c74ecbbe2eb9715c6f6ae595cf36a1f3dd47110ca07fb561d98cfa952b047dd1b422ff0e9da1296b8ca0125ee5879d", 0x94}, {&(0x7f0000000440)="2e3e8c3a32f26d88f1c147f4d936b37b81ea26500384ba2632d0e679ed00d0576341dda2e8dd0e77ae389715d8ef6083c102a2413bcc509e1129faaf135bf28a6c0446cc7788c4d059518c9b", 0x4c}, {&(0x7f00000004c0)="34f6b7fdcb43fd5ba09489f55c67173f1bbed3e3018b6b7b5cc23e1aac55865012e0d953ec5d135e2c9b62f2e561906d17406891f7bf4942ae36010b45b7723a465a5022bb101fe2b66ce392e95906f319748a98493c37210adef82f3b7c7e3fb3ab2475035eaae85fb5792bf6da588183823e88039565c5a7a27264151a0ad2", 0x80}, {&(0x7f0000000640)="a028b21f27e26baa0165c2318bbf9724ea193534a44fb2964f8e7ceb9aab725386973b0d693323aa2a301699958b6126444ee85280a7aadc2819bab7c4d02040a1d2119a3511aaba710d59051e51cf7496d8348c2a5a262b2035a00e0c845a3a4469674630e9912e36e5ce4b184cdd24f711c2757fb64eb59782c2678e81b0a83bfe74640d1617e07bf32546bca3e690a34b631f17a02627a778893dfb8b5b1ce1bd686ecf6814f97ff2abf57999add9ea1d6eaf0740cdb3c8dfd05b9af0f20c25390c85d59c8d007eb594d5a3013b26618bc25a64f96d46bc22bb6f62a9ad76015da82dd0c8c10c4649", 0xea}, {&(0x7f0000000580)="d71f9eda96aa8571f7fb591ee102240f35e07631e36e60a013052e7363da77158b43bef2641aefb08ccd0cbd117893d9b2c19cfce18d604a7928a3ffb9524dca2e94dac688cd2b9f2b3fec4cead533eca51592e863b143b080b9f349fe0991b43d3d556183", 0x65}], 0x5}}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000c00)="f9d6ca28172747b477cd9a4d748f", 0xe}, {&(0x7f0000000c40)="7b72c64f5388a6ad8ba2a2a413a15490818134b74f8cb2dfac1f7c929d3886fda14011d3725c25fb41ecc64722a02d1b5975740e9d3c87f228ec559850256db1bdf2c3ff8af57f5bae921e99670a9dbf86c93a5d8c8fdcb103304e8f4ed450c18735dc42c41772f67984512d586602090286d043e4d149e34deb3ccddec2c791de5ed3a3b3c775d347fec9f90090da4effa0bc76eea77404b56fadc37b94df5a09b88317c7a64a3ec91ea6bec02f883d19bb0b2414d06fb97c65b006ca00869b25f3696edc27fc64ecaf81077039422e918b14bff4877b025863675dbe1a10", 0xdf}, {&(0x7f0000000d40)="6af0044871e2045b76e81f3b35e87389de2175086dc0fb212ff2fbf5228801c3f21c6c4c4853c548cdb2c9416eb81ff940be24bf79e4fd21dfc3c444e93172c12efd97737ff83ea86702c7b93e71ada62fd45a68715b826d602a2d18d689a62e6f8f741cf370d6216092d6f17dbb93ce12dca27825b2808fddebef66813d219c560d6b09fb0777c2ee5663d2b0d0ccda381f696e58f51ef9aa9ddc6fe0b7780df797184ee5fa6dc190f5c262ecb248b3a53f0201bd0779cfbcd50471", 0xbc}, {&(0x7f0000000e40)="b8dc01e02bd213cac7b59aafdb765cfceea9a784a37c303a0206506c26613eacfb3b69261e6f5dbf2c983b7b2fdad4d3a2e50c6bb08004f05a39e97a1ebaad73c666e9d121925499412ee04460ae8bff1fbba40b239cce0eda4ab6e9ac4906dc54d64a4be70f2d60e5eb317fbab0c87c0f8ca3d727715c3cf17032f890eabe4442ba62817887a98bbd7a48ad036847421f374d0fa4c3a076ccb7b8032f7fadfd3827efa0b1be56b743", 0xa9}], 0x4}}, {{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)="01be3e1d2e", 0x5}], 0x1}}, {{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000001340)="e0c2fd38e90264603f627b9f012526f307590900fedfd5b50ff2159ab7969c64948dc327d0ee1e54019b74690321b07d30d375471a5d642ee177dc4682b4a6ceffed7d", 0x43}], 0x1}}], 0x4, 0xc0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r1, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r7=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8}, @IFLA_HSR_SLAVE1={0x8, 0x1, r7}]}}}]}, 0x40}}, 0x0)

4.662573821s ago: executing program 1 (id=2142):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed00", 0x10, 0x3a, 0xff, @remote={0xfe, 0xc0}, @mcast2, {[], @ndisc_ra}}}}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x398}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)

4.599902266s ago: executing program 0 (id=2143):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0xec, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0xcd, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @random="f7ab87594b3f"}, 0x0, 0x0, @random, @val, @void, [{0xdd, 0x7, "8b7668a21729e4"}, {0xdd, 0x9e, "d8a062cc132f8c370fffcfbf6c255947985b88cb9f22e02d96f87d9c0a6796487053adb1a2d1f8ed33d6ef7faf4ba99f81c72edefbc742d2d897c0fb6eb2289c22b03871ec6ddb7398d4b5509078903c634145233d8a7a9a2fc09946ff1a847d43452a17ee7a24318e4ed910599f7ebc8291d4dd528566752ef4090016895d45162f023cde71dbd618a52517986b705c5e653ee0e7edda93407e44be1c20"}]}}]}, 0xec}}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private0, [@dstopts={0x80, 0x0, '\x00', [@ra={0x5, 0x3a}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000740)={0x1, 0xfffe, 0x0, 0x5, 0xdf, 0x5, 0xf, 0x2000004, r4}, 0x20)

4.487562945s ago: executing program 1 (id=2144):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) (async)
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'}) (async)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @random="6bd36bf753e9"})
write$tun(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="080081000700000000002000"], 0x1011)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r3, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc)

4.400437242s ago: executing program 0 (id=2145):
r0 = fsopen(&(0x7f0000000080)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x300, 0x0, 0x0)

4.321699049s ago: executing program 3 (id=2146):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10)
r3 = io_uring_setup(0x30d3, 0x0)
r4 = socket$inet6(0xa, 0x40000080806, 0x0)
listen(r4, 0x20000005)
r5 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

4.242523906s ago: executing program 0 (id=2147):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0}, 0x18)
r3 = io_uring_setup(0x30d3, &(0x7f00000000c0))
r4 = socket$inet6(0xa, 0x40000080806, 0x0)
listen(r4, 0x20000005)
r5 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0}}], 0x500, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

4.218701098s ago: executing program 2 (id=2148):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
renameat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file1\x00')
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/34, @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x800c80, &(0x7f0000000200)={[{@resuid={'resuid', 0x3d, 0xee01}}, {@noblock_validity}, {@usrquota}, {@resuid}, {@discard}, {@jqfmt_vfsold}, {@usrjquota, 0x5}, {@min_batch_time={'min_batch_time', 0x3d, 0xa9b}}, {@nodiscard}]}, 0x0, 0x466, &(0x7f0000000400)="$eJzs3c9vFFUcAPDvzG4BQdmKiIKgVTQ2/mhpQeXgRaOJB01M9ICJl9oWgizU0JoIIVqNwaMh8W48mvgHGE+ejHoy8ap3Q0KQmIBeXDO7M7C77BbabtnKfj7Jwns7b+a9b2fe7Nv3dtsABtZI9k8ScWdE/BYRlUa2tcBI478rl85M/33pzHQStdobF5N6ucuXzkwXRYv9tuSZ0TQi/TTJK2k1f+r0salqdfZknh9fOP7e+Pyp008fPT51ZPbI7InJgwcP7J947tnJZ3oSZxbf5V0fzu3e+cpb516bPnTunZ++ydq7Y09je3McvTKSBf5nra5922O9rqzP/q1dizMp97s13KxSRGSna6je/ytRimsnrxIvf9LXxgFrKrtnb+y+ebEG3MaS6HcLgP4oXuiz97/F4xYNPdaFCy803gBlcV/JH40t5UjzMkNrWP9IRBxa/OfL7BFt8xC1DvMGAACr9X02/nmq0/gvjR1N5bbma0PDEXF3RGyLiHsiYntE3BtRL3tfRNy/zPrbl4auH3+m51cU2E3Kxn/P52tbreO/YvQXw6U8d1c9/qHk8NHq7L78ZzIaQxuz/ESngxeHeOnXz7vV3zz+yx5Z/cVYMD/I+XLbBN3M1MJUrwalFz6O2FXuFH9ydSUgiYidEbFreYfeWiSOPvH17m6Fbhz/EnqwzlT7KuLxxvlfjLb4C8nS65Pjm6I6u2+8uCqu9/MvZ1/vVv+q4u+B7Pxvbr3+20pU/kqa12vnl1/H2d8/6/qesrzC639D8mZ9TXdD/twHUwsLJyciNiSv1vMtz09e27fIF+Wz+Ef3du7/2/J9svgfiIjsIt4TEQ9GxEP5uXs4Ih6JiL1LxP/ji4++223bejj/Mx3vf1ev/+HW87/8ROnYD991q//m7n8H6qnR/Jn6/e8GujdnU15ipVczAAAA/P+k9c/GJ+nY1XSajo01PsO/PTan1bn5hScPz71/YqbxGfrhGEqLma5K03zoRLKYH7GRn8zniovt+/N54y9Kd9TzY9Nz1Zk+xw6DbkuX/p/5o9Tv1gFrzve1YHC19/90ibIXv13jxgC3lNd/GFz6Pwwu/R8GV6f+/1Fb3loA3J68/sPg0v9hUNUq+j8MLv0fBtJqvtffSGRHWcHuxe8v6bCpvMS39yXWSeLt/C83rJf2SDQlyj3o3X26IQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTYfwEAAP//uBLtyQ==")
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x2, 0x6, 0x0, 0x0, 0x0, {0x0, 0x0, 0xfffe}}, 0x14}}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0xffffff1b, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x90)

3.972938548s ago: executing program 1 (id=2149):
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file2\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x21d, &(0x7f0000000b40)="$eJzsmL9rFEEUx78zu7e5FRFtUthYGDCi2cvuoaQ5NIJgJULir0oPs4Z4m5xcVjAHgsHGRjsLwcbCf8AiRSoLO/8BQQsVBAuvsLCxGZmd2b1JJnGPNVa+TzF8Z9978+a9233FgSCI/5Yvn39+enJuZv4kgP2YwJh+/s0BGFOaG/4fn9878ax1/sXrD6/erhx4sLn9PBkixNYH9T/kdwG8mXWQFpmK6F9STOjNPHihL4PjuNZXwRBofRMcV7SOwXBd6zuG7kr/ILi9lMTBrW6yIMW0XEK5RHJpbr/fYJ1hQe+FEIIZ9tW1fqedJHHPEK627WCqJIpknXGrfzV4GMxytIz7yS5ee/xoXe7z3kwb/QvBEeoimmCY089nMJb3RrXEqP+wOzzfserfsVrpKg1lRdaVaP3Yk2aZ4tBUtfBJWc5Z23QQVa6BrVE1DE2yk3tbsvXqZMItfxfP6B+0Qq6Lo1bx1Afwjyo1RaUqcjE+2Hxnm76WhQtWnoKN/v7UR71z/iFW75iPfof/Tcd2u9j7DTU/xEuGY8Z8co350UiX7zZW1/pTS8vtxXgxXomi5mkGPDwVNbJBpFZr7g3ns5/Np33G+bVdfD3u4X47TXuhWj3mwUea9qJsHxmfzdxG9/sNHZbiAoCjaiPHplec6Fg5mKd8eOYr1aTtRBAEQRAEQRAEQRAEQRAEUYkjYNm/oCVElzLv3wEAAP//0Ixjlw==") (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getrlimit(0x0, 0x0) (async)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async, rerun: 32)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) (rerun: 32)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000001c0)=0x2)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000040)="0f23afba610066ed660f388115baf80c66b88e64df8966efbafc0cb08ceedc60b2b807008ec00f01cf3e0fc72eaafdb853098ec00fbbb50f00"}], 0x1a, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x3)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102400, 0x19000) (async, rerun: 64)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 64)
finit_module(r0, 0x0, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000000)=@ipv4_newaddr={0x34, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r8}, [@IFA_LABEL={0x14}, @IFA_LOCAL={0x8, 0x2, @remote}]}, 0x34}}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0) (async)
userfaultfd(0x0)

2.50687509s ago: executing program 0 (id=2150):
r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) (fail_nth: 5)
ftruncate(r0, 0x800)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0x98, &(0x7f0000000000)=""/152, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r4, r3, 0x7, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r4, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r2}, 0x20)
sendfile(r2, r1, 0x0, 0x204)

2.366635752s ago: executing program 3 (id=2151):
open(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000180)={0x5, 0xfffffffe}, 0x8)
close(r2)

1.958315196s ago: executing program 1 (id=2152):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xf, &(0x7f00000001c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
sched_setscheduler(0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x80, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}]}]}, 0x80}}, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000280))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
recvmmsg(r1, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000400)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000640)=""/251, 0xfb}], 0x2}}], 0x40002db, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000540)='./file0\x00', 0x20810004, &(0x7f0000000300)=ANY=[], 0x9, 0x14dd, &(0x7f0000003f80)="$eJzs3AlwVsW2KOBe3b1DiBF/IzIEevXa8IsBmoiIyCAiMoiIiIiIyCQCAkZERARECMgkYkBE5klEhoCAyBAhYpjnQebJyEFEREQmmQT6FZ5zH/cczy3ue+e8x63K+qq60iv7X2t3Z6Xy772r8v/cZWiNRjWrNiAi8S+Bv35JFULECiEGCiFuE0IEQoiyCWUTrh3PrSD1XzsJ+/d6Jv1mr4DdTNz/nI37n7Nx/3M27n/Oxv3P2bj/ORv3P2fj/jOWk22dWfB2Hjl38PP/nIzf/3M27n/Oxv3P2bj/ORv3P2fj/uds3P+cjfufs3H/GcvJbvbzZx43d9zs3z/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYznDBX+dFkL8x/xmr4sxxhhjjDHGGGP/Pj7XzV4BY4wxxhhjjDHG/t8DIYUSWgQiRuQSsSK3iBO3iHhxq8gjbhMRcbtIEHeIvOJOkU/kFwVEQZEoConCwggUVpAIRRFRVETFXaKYuFskieKihCgpnCglksU9orS4V5QR94my4n5RTjwgyosKoqKoJB4UlcVDoop4WFQVj4hqorqoIWqKR0Ut8ZioLR4XdcQToq54UtQTT4n64mnRQDwjGopnRSPxnGgsnhdNRFPRTDQXLf6v8t8SPcTboqfoJVJFb9FHvCP6in6ivxggBop3xSDxnhgs3hdpYogYKj4Qw8SHYrj4SIwQI8UoMVqMEWPFODFeTBATxSTxsZgsPhFTxKdiqpgmposZIl3MFLPEZ2K2mCPmis/FPPGFmC8WiIVikcgQX4rFYonIFF+JpeJrkSWWieVihVgpVonVYo1YK9aJ9WKD2Cg2ic1ii9gqvhHbxHaxQ+wUu8RusUfsFfvEfnFAfCuyxXf/h/nn/yG/KwgQIEGCBg0xEAOxEAtxEAfxEA95IA9EIAIJkAB5IS/kg3xQAApAIiRCYSgMCAgEBEWgCEQhCsWgGCRBEpSAEuDAQTIkQ2m4F8pAGSgLZaEclIPyUAEqQCWoBJWhMlSBKlAVqkI1qAY1oAY8Co/CY1AbakMdqAN1oS7Ug3pQH+pDA2gADaEhNIJG0BgaQxNoAs2gGbSAFtASWkIraAVtoA20hbbQHtpDCqRAB+gA7aAjdIJO0Bk6QxfoAl2hG3SDt+AteBvehl5QTfaGPtAH+kJf6A8DYAC8C4PgPXgP3oc0GAJD4QP4AD6E4XAORsBIGAWjoLIcC+NgPJCcCJNgEkyGyTAFpsBUmAbTYAakw0yYBbNgNsyBOfA5zIMv4AtYAAtgEWRABiyGJZAJmbAUzkMWLIPlsAJWwipYCWtgLayB9bAB1sMm2ARbYAt8A9/AaNgOO2En7IbdsBf2wn7YD2mQDdlwEA7CITgEh+EwHIEjcBSOwjE4BsfhOJyAE3ASTsFpOAVn4Sycg/NwAS7AJbgEl+GNxB8b7i6+Lk3Ia7TUMkbGyFgZK+NknIyX8TKPzCMjMiITZILMK/PKfDKfLCALyESZKAvLwhIlSpKhLCKLyKiMymKymEySSbKELCGddDJZJsvSsrQsI8vIsvJ+WU4+IMvLCrK1qyQrycqyjasiH5ZVZVVZTVaXNWRNWVPWkrVkbVlb1pF1ZF1ZV9aTT8n6sjf0h2fktc40kkOgsRwKTWRT2Uw2lx/CC7KlHA6tZGvZRr4kR8IIaC9buhT5iuwgx0FH+ZocD6/LznIidJFvyq6ym+wu35I9ZCvXU/aSU6G37CNnQF/ZT/aXA+RsqC6vdayGfF+mySFyqPxALoIP5XD5kRwhR8pRcrQcI8fKcXK8nCAn5hLyYzlZfiKnyE/lVDlNTpczZLqcKWfJz+RsOUfOlZ/LefILOV8ukAvlIpkhv5SL5RKZKb+SS+XXMksuk8vlCrlSrpKr5Rq5Vq6T6+UGuVFukpvlFrlVfiO3ye1yh9wpd8ndco/cK/fJ/fKA/FZmy+/kQfkXeUh+Lw/LH+QR+aM8Kn+Sx+TP8rj8RZ6Qv8qT8pQ8Lc/Is/I3eU6elxfkRXlJ/i4vyyvyqvRSKFBSKaVVoGJULhWrcqs4dYuKV7eqPOo2FVG3qwR1h8qr7lT5VH5VQBVUiaqQKqyMQmUVqVAVUUVVVN2liqm7VZIqrkqoksqpUipZ3aNKq3tVGXWfKqvuV+XUA6q8qqAqqkrqQVVZPaSqqIdVVfWIqqaqqxqqpnpU1VKPqdrqcVVHPaHqqidVPfWUqq+eVg3UM6qhelY1Us+pxup51UQ1Vc1Uc9VCvaBaqhdVK9VatVEvqbaqnWqvXlYp6hXVQb2qOqrXVCf1uuqs3lBd1Juqq+qmuqsr6qryqqfqpVJVb9VHvaP6qn6qvxqgBqp31SD1nhqs3ldpaogaqj5Qw9SHarj6SI1QI9UoNVqNUWPVODVeTVAT1ST1sZqsPlFT1KdqqpqmpqsZKl3NVP3/VmnufyP/k3+SP/iPs29RW9U3apvarnaonWqX2q32qD1qn9qnDqgDKltlq4PqoDqkDqnD6rA6oo6oo+qoOqaOqePquDqhTqiT6pS6qM6os+o3dU6dV+fVRXVJXVKX//YzEBq01EprHegYnUvH6tw6Tt+i4/WtOo++TUf07TpB36Hz6jt1Pp1fF9AFdaIupAtro1FbTTrURXRRHdV36WL6bp2ki+sSuqR2upRO1vf8y/k3Wl8L3UK31C11K91Kt9FtdFvdVrfX7XWKTtEddAfdUXfUnXQn3Vl31l10F91Vd9XddXfdQ/fQPXVPnapTdR/9ju6r++n+eoAeqN/Vg/QgPVgP1mk6TQ/VQ/UwPUwP18P1CD1Cj9Kj9Bg9Ro/T4/QEPUFP0pP0ZD1ZT9FT9FQ9VU/X03W6Ttez9Cw9W8/Wc/VcPU/P0/P1fL1QL9QZOkMv1ot1ps7US/VSnaWX6WV6hV6hV+lVeo1eo9fpdXqD3qA36U06S2/VW/U2vU3v0Dv0Lr1L79F79D69Tx/QB3S2ztYH9UF9SB/Sh/VhfUQf0Uf1UX1MH9PH9XF9Qp/QJ/VJfVqf1mf1WX1On9MX9AV9SV/Sl/VlfVVfvXbZF8hABjrQQUwQE8QGsUFcEBfEB/FBniBPEAkiQUKQEOQN7gzyBfmDAkHBIDEoFBQOTICBDSgIgyJB0SAa3BUUC+4OkoLiQYmgZOCCUkFycE9QOrg3KBPcF5QN7g/KBQ8E5YMKQcWgUvBgUDl4KKgSPBxUDR4JqgXVgxpBzeDRoFbwWFA7eDyoEzwR1A2eDOoFTwX1g6eDBsEzQcPg2aBR8FzQOHg+aBI0DZoFzYMW/9b63p/L/6LraXqZVNPb9DHvmL6mn+lvBpiB5l0zyLxnBpv3TZoZYoaaD8ww86EZbj4yI8xIM8qMNmPMWDPOjDcTzEQzyXxsJptPzBTzqZlqppnpZoZJNzPNLPOZmW3mmLnmczPPfGHmmwVmoVlkMsyXZrFZYjLNV2ap+dpkmWVmuVlhVppVZrVZY9aadWa92WA2mk1ms9litppvzDaz3ewwO80us9vsMXvNPrPfHDDfmmzznTlo/mIOme/NYfODOWJ+NEfNT+aY+dkcN7+YE+ZXc9KcMqfNGXPW/GbOmfPmgrloLpnfzWVzxVw1/trF/bW3d9SoMQZjMBZjMQ7jMB7jMQ/mwQhGMAETMC/mxXyYDwtgAUzERCyMhfEaQsIiWASjGMViWAyTMAlLYAl06DAZk7E0lsYyWAbLYlksh+WwPJbHilgRH8QH8SF8CB/Gh/ERfASrY3WsiTWxFtbC2lgb62AdrIt1sR7Ww/pYHxtgA2yIDbERNsLG2BibYBNshs2wBbbAltgSW2ErbINtsC22xfbYHlMwBTtgB+yIHbETdsLO2Bm7YBfsil2xO3bHHtgDe2JPTMVU7IN9sC/2xf7YHwfiQByEg3AwDsY0TMOhOBSH4TAcjsNxBI7EUTgax+BYHIfjcQJOxEk4CSfjZJyCU3AqTsXpOB3TMR1n4SycjbNxLs7FeTgP5+N8XIgLMQMzcDEuxkzMxKW4FLMwC5fjclyJK3E1rsa1uBbX43rciBtxM27GrbgVt+E23IE7cBfuwj24B/fhPjyABzAbs/EgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8CSexNN4Gs/iWTyH5/ACXsBL+Dtexit4FT3G2tw2zt5i4+2tNo+9zf5jXMAWtIm2kC1sjc1n8/9djNbaJFvclrAlrbOlbLK9509xeVvBVrSV7IO2sn3IVvlTXMs+Zmvbx20d+4StaR/9u7iufdLWs8/Z+vZ528A2tQ1tc9vIPmcb2+dtE9vUNrPNbVvbzra3L9sU+4rtYF/9U7zYLrFr7Tq73m6w++x+e8FetMfsz/aS/d32tL3sQPuuHWTfs4Pt+zbNDvlTPMqOtmPsWDvOjrcT7MQ/xdPtDJtuZ9pZ9jM72875U5xhv7TzbKadbxfYhXbRH/G1NWXar+xS+7XNssvscrvCrrSr7Gq75n+vdYXdZDfbLXaP3Wu32e12h91pd9ndf8TX9nHAfmuz7Xf2qP3JHrLf28P2uD1if/wjvra/4/YXe8L+ak/aU/a0PWPP2t/sOXv+j/1f2/sZe8Vetd4KApKkSFNAMZSLYik3xdEtFE+3Uh66jSJ0OyXQHZSX7qR8lJ8KUEFKpEJUmAwhWSIKqQgVpSjdRcXobkqi4lSCSpKjUpRM91BpupfK0H1Ulu6ncvQAlacKVJEq0YNUmR6iKvQwVaVHqBpVpxpUkx6lWvQY1abHqQ49QXXpSapHT1F9epoa0DPUkJ6lRvQcNabnqQk1pWbUnFrQC9SSXqRW1Jra0EvUltpRe3qZUugV6kCvUkd6jTrR69SZ3qAu9CZ1pW7Und6iHvQ29aRelEq9qQ+9Q32pH/WnATSQ3qVB9B4NpvcpjYbQUPqAhtGHNJw+ohE0kkbRaBpDY2kcjacJNJEm0cc0mT6hKfQpTaVpNJ1mUDrNpFn0Gc2mOTSXPqd59AXNpwW0kBZRBn1Ji2kJZdJXtJS+pixaRstpBa2kVbSa1tBaWkfraQNtpE20mbbQVvqGttF22kE7aRftpj20l/bRfjpA31I2fUcH6S90iL6nw/QDHaEf6Sj9RMfoZzpOv9AJ+pVO0ik6TWfoLP1G5+g8XaCLdIl+p8t0ha6SJxFCKEMV6jAIY8JcYWyYO4wLbwnjw1vDPOFtYSS8PUwI7wjzhneG+cL8YYGwYJgYFgoLhybE0IYUhmGRsGgYDe8Ki4V3h0lh8bBEWDJ0YakwObwnLB3eG5YJ7wvLhveH5cIHwvJhhfC5JyqFD4aVw4fCKuHDYdXwkbBaWD2sEdYMHw1rhY+FtcPHwzrhE2GZ8MmwXvhUWD98OmwQPhM2DJ8NG4XPhY3D58MmYdOwWdg8bBG+ELYMXwxbha3DNuFLYduwXdg+fDlMCV8JO4Sv3vB4atg77BO+E74Tev+4WhhdFM2IfhldHF0SzYx+FV0a/TqaFV0WXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEvW+Zi7hwEmnnHaBi3G5XKzL7eLcLS7e3eryuNtcxN3uEtwdLq+70+Vz+V0BV9AlukKusDMOnXXkQlfEFXVRd5cr5u52Sa64K+FKOudKuWTX3LVwLVxL96Jr5Vq7Nu4l95Jr59q5l93L7hXXwb3qOrrXXCf3uuvs3nBvuDddV9fNdXdvuR7ubdfT9XKpLtX1cX1cX9fX9Xf93UA30A1yg9xgN9iluTQ31A11w9wwN9wNdyPcCDfKjXJj3Bg3zo1zE9wEN8lNcpPdZDfFTXFT3VQ33U136S7dzXKz3Gw32811c928pHluvpvvFrqFLsNluMVusct0mW6pW+qyXJZb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3bZ7qA76A65Q+6w+8EdcT+6o+4nd8z97I67X9wJ96s76U650+6MO+t+c+fceXfBXXSX3O/usrvirjrvJkU+jkyOfBKZEvk0MjUyLTI9MiOSHpkZmRX5LDI7MicyN/J5ZF7ki8j8yILIwsiiSEbky8jiyJJIZuSryNLI15GsyLLI8siKyMrIqoj3hbaFvogv6qP+Ll/M3+2TfHFfwpf0zpfyyf4eX9rfGyP8fb6sv9+X8w/48r6Cr+if9018U9/MN/ct/Au+pX/Rt/KtfRv/km/r2/n2/mWf4l/xHfyrvqN/zXfyr/vO/g3fxb/pu/puvrt/y/fwb/uevpdP9b19H/+O7+v7+f5+gB/o3/WD/Ht+sH/fp/khfqj/wA/zH/rh/iM/wo/0o/xoP8aP9eP8eD/BT/ST/Md+sv/ET/Gf+ql+mp/uZ/h0P9PP8p/52X6On+s/9/P8F36+X+AX+kU+w3/pF/slPtN/5Zf6r32WX+aX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q//Gb/Pb/Q6/0+/yu/0ev9fv8/v9Af+tz/bf+YP+L/6Q/94f9j/4I/5Hf9T/5I/5n/1x/4s/4X/1J/0pf9qf8Wf9b/6cP+8v+Iv+kv/dX/ZX/FX+nzXGGGOMsf8WdYPjvf/J9+TfxjV9hBC3bi945B9rbsz313k/mdg2IoR4pVeXZ/5jVKuWmpr6t9dmKREUXSCEiFzPjxHX42WijWgnUkRrUfqfrq+f7HaJblA/er8Qcf8pJ1Zcj6/Xv/e/qD923g3rLxAiqej1nNzieny9fpn/on7+ljeon/v7SUK0+k858eJ6fL1+snhRvCpS/u6VjDHGGGOMMcbYX/WTFTvd6P722v15or6ek0tcj290f84YY4wxxhhjjLGb7/Vu3V9+ISWldSee8IQn/7MmUghx085+s/8yMcYYY4wxxv7drl/03+yVMMYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjOdf/j48Tu9l7ZIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxm62/xUAAP//9kMzGA==")
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r4, 0x800)
lseek(r4, 0x200, 0x0)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
sendfile(r4, r5, 0x0, 0xf800)

1.783834801s ago: executing program 3 (id=2153):
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000003600)={&(0x7f0000000080)=@id, 0x10, 0x0}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000001300)=""/4096, 0x1000}], 0x1, &(0x7f0000002700)=""/22, 0x16}}], 0x1, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {0x8}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x5, 'broadcast-link\x00'}]}]}, 0x2c}}, 0x0)
sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x50, r1, 0x42c, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xbaf3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040000}, 0x4084005)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r4, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f00000004c0)=""/78, &(0x7f0000000400)=0x4e)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r4, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000740)={0x0, @can={0x1d, r4}, @l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}, 0x3}, @ethernet={0x1}, 0x0, 0x0, 0x0, 0x0, 0x107, &(0x7f0000000700)='pim6reg1\x00', 0x3, 0x1, 0x9})
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0xffffffff, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0xa, 0x0, 0x0, r7, 0x40000}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r5, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000", @ANYRES16=r1, @ANYBLOB="00042dbd7000fddbdf250c0000002c000380080002003f000000080003000400000008000300000000800800030008000000080002000500000025bb0cb8000580140002800800020001000000080004000600000008000100657468003c000280080002000700000008000100140000000800010017000000080001001f0000000800020002000000080002000700000008000100100000000c000280080001000000000007000100696200002400028008000400ff00000008000400040000000800020006680000080001001100000008000100756470001c000280080004000100000008000200010000000800030009"], 0xf8}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000040)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000280)={r8, 0x0, r9})

1.698533608s ago: executing program 0 (id=2154):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed00", 0x10, 0x3a, 0xff, @remote={0xfe, 0xc0}, @mcast2, {[], @ndisc_ra}}}}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x398}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)

1.213317448s ago: executing program 2 (id=2155):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xf, &(0x7f00000001c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r0 = getpid()
sched_setscheduler(0x0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x80, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @broadcast}}}]}]}, 0x80}}, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000280))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = getpid()
sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1)
recvmmsg(r2, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000400)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000640)=""/251, 0xfb}], 0x2}}], 0x40002db, 0x2, 0x0)
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000540)='./file0\x00', 0x20810004, &(0x7f0000000300)=ANY=[], 0x9, 0x14dd, &(0x7f0000003f80)="$eJzs3AlwVsW2KOBe3b1DiBF/IzIEevXa8IsBmoiIyCAiMoiIiIiIyCQCAkZERARECMgkYkBE5klEhoCAyBAhYpjnQebJyEFEREQmmQT6FZ5zH/cczy3ue+e8x63K+qq60iv7X2t3Z6Xy772r8v/cZWiNRjWrNiAi8S+Bv35JFULECiEGCiFuE0IEQoiyCWUTrh3PrSD1XzsJ+/d6Jv1mr4DdTNz/nI37n7Nx/3M27n/Oxv3P2bj/ORv3P2fj/jOWk22dWfB2Hjl38PP/nIzf/3M27n/Oxv3P2bj/ORv3P2fj/uds3P+cjfufs3H/GcvJbvbzZx43d9zs3z/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYznDBX+dFkL8x/xmr4sxxhhjjDHGGGP/Pj7XzV4BY4wxxhhjjDHG/t8DIYUSWgQiRuQSsSK3iBO3iHhxq8gjbhMRcbtIEHeIvOJOkU/kFwVEQZEoConCwggUVpAIRRFRVETFXaKYuFskieKihCgpnCglksU9orS4V5QR94my4n5RTjwgyosKoqKoJB4UlcVDoop4WFQVj4hqorqoIWqKR0Ut8ZioLR4XdcQToq54UtQTT4n64mnRQDwjGopnRSPxnGgsnhdNRFPRTDQXLf6v8t8SPcTboqfoJVJFb9FHvCP6in6ivxggBop3xSDxnhgs3hdpYogYKj4Qw8SHYrj4SIwQI8UoMVqMEWPFODFeTBATxSTxsZgsPhFTxKdiqpgmposZIl3MFLPEZ2K2mCPmis/FPPGFmC8WiIVikcgQX4rFYonIFF+JpeJrkSWWieVihVgpVonVYo1YK9aJ9WKD2Cg2ic1ii9gqvhHbxHaxQ+wUu8RusUfsFfvEfnFAfCuyxXf/h/nn/yG/KwgQIEGCBg0xEAOxEAtxEAfxEA95IA9EIAIJkAB5IS/kg3xQAApAIiRCYSgMCAgEBEWgCEQhCsWgGCRBEpSAEuDAQTIkQ2m4F8pAGSgLZaEclIPyUAEqQCWoBJWhMlSBKlAVqkI1qAY1oAY8Co/CY1AbakMdqAN1oS7Ug3pQH+pDA2gADaEhNIJG0BgaQxNoAs2gGbSAFtASWkIraAVtoA20hbbQHtpDCqRAB+gA7aAjdIJO0Bk6QxfoAl2hG3SDt+AteBvehl5QTfaGPtAH+kJf6A8DYAC8C4PgPXgP3oc0GAJD4QP4AD6E4XAORsBIGAWjoLIcC+NgPJCcCJNgEkyGyTAFpsBUmAbTYAakw0yYBbNgNsyBOfA5zIMv4AtYAAtgEWRABiyGJZAJmbAUzkMWLIPlsAJWwipYCWtgLayB9bAB1sMm2ARbYAt8A9/AaNgOO2En7IbdsBf2wn7YD2mQDdlwEA7CITgEh+EwHIEjcBSOwjE4BsfhOJyAE3ASTsFpOAVn4Sycg/NwAS7AJbgEl+GNxB8b7i6+Lk3Ia7TUMkbGyFgZK+NknIyX8TKPzCMjMiITZILMK/PKfDKfLCALyESZKAvLwhIlSpKhLCKLyKiMymKymEySSbKELCGddDJZJsvSsrQsI8vIsvJ+WU4+IMvLCrK1qyQrycqyjasiH5ZVZVVZTVaXNWRNWVPWkrVkbVlb1pF1ZF1ZV9aTT8n6sjf0h2fktc40kkOgsRwKTWRT2Uw2lx/CC7KlHA6tZGvZRr4kR8IIaC9buhT5iuwgx0FH+ZocD6/LznIidJFvyq6ym+wu35I9ZCvXU/aSU6G37CNnQF/ZT/aXA+RsqC6vdayGfF+mySFyqPxALoIP5XD5kRwhR8pRcrQcI8fKcXK8nCAn5hLyYzlZfiKnyE/lVDlNTpczZLqcKWfJz+RsOUfOlZ/LefILOV8ukAvlIpkhv5SL5RKZKb+SS+XXMksuk8vlCrlSrpKr5Rq5Vq6T6+UGuVFukpvlFrlVfiO3ye1yh9wpd8ndco/cK/fJ/fKA/FZmy+/kQfkXeUh+Lw/LH+QR+aM8Kn+Sx+TP8rj8RZ6Qv8qT8pQ8Lc/Is/I3eU6elxfkRXlJ/i4vyyvyqvRSKFBSKaVVoGJULhWrcqs4dYuKV7eqPOo2FVG3qwR1h8qr7lT5VH5VQBVUiaqQKqyMQmUVqVAVUUVVVN2liqm7VZIqrkqoksqpUipZ3aNKq3tVGXWfKqvuV+XUA6q8qqAqqkrqQVVZPaSqqIdVVfWIqqaqqxqqpnpU1VKPqdrqcVVHPaHqqidVPfWUqq+eVg3UM6qhelY1Us+pxup51UQ1Vc1Uc9VCvaBaqhdVK9VatVEvqbaqnWqvXlYp6hXVQb2qOqrXVCf1uuqs3lBd1Juqq+qmuqsr6qryqqfqpVJVb9VHvaP6qn6qvxqgBqp31SD1nhqs3ldpaogaqj5Qw9SHarj6SI1QI9UoNVqNUWPVODVeTVAT1ST1sZqsPlFT1KdqqpqmpqsZKl3NVP3/VmnufyP/k3+SP/iPs29RW9U3apvarnaonWqX2q32qD1qn9qnDqgDKltlq4PqoDqkDqnD6rA6oo6oo+qoOqaOqePquDqhTqiT6pS6qM6os+o3dU6dV+fVRXVJXVKX//YzEBq01EprHegYnUvH6tw6Tt+i4/WtOo++TUf07TpB36Hz6jt1Pp1fF9AFdaIupAtro1FbTTrURXRRHdV36WL6bp2ki+sSuqR2upRO1vf8y/k3Wl8L3UK31C11K91Kt9FtdFvdVrfX7XWKTtEddAfdUXfUnXQn3Vl31l10F91Vd9XddXfdQ/fQPXVPnapTdR/9ju6r++n+eoAeqN/Vg/QgPVgP1mk6TQ/VQ/UwPUwP18P1CD1Cj9Kj9Bg9Ro/T4/QEPUFP0pP0ZD1ZT9FT9FQ9VU/X03W6Ttez9Cw9W8/Wc/VcPU/P0/P1fL1QL9QZOkMv1ot1ps7US/VSnaWX6WV6hV6hV+lVeo1eo9fpdXqD3qA36U06S2/VW/U2vU3v0Dv0Lr1L79F79D69Tx/QB3S2ztYH9UF9SB/Sh/VhfUQf0Uf1UX1MH9PH9XF9Qp/QJ/VJfVqf1mf1WX1On9MX9AV9SV/Sl/VlfVVfvXbZF8hABjrQQUwQE8QGsUFcEBfEB/FBniBPEAkiQUKQEOQN7gzyBfmDAkHBIDEoFBQOTICBDSgIgyJB0SAa3BUUC+4OkoLiQYmgZOCCUkFycE9QOrg3KBPcF5QN7g/KBQ8E5YMKQcWgUvBgUDl4KKgSPBxUDR4JqgXVgxpBzeDRoFbwWFA7eDyoEzwR1A2eDOoFTwX1g6eDBsEzQcPg2aBR8FzQOHg+aBI0DZoFzYMW/9b63p/L/6LraXqZVNPb9DHvmL6mn+lvBpiB5l0zyLxnBpv3TZoZYoaaD8ww86EZbj4yI8xIM8qMNmPMWDPOjDcTzEQzyXxsJptPzBTzqZlqppnpZoZJNzPNLPOZmW3mmLnmczPPfGHmmwVmoVlkMsyXZrFZYjLNV2ap+dpkmWVmuVlhVppVZrVZY9aadWa92WA2mk1ms9litppvzDaz3ewwO80us9vsMXvNPrPfHDDfmmzznTlo/mIOme/NYfODOWJ+NEfNT+aY+dkcN7+YE+ZXc9KcMqfNGXPW/GbOmfPmgrloLpnfzWVzxVw1/trF/bW3d9SoMQZjMBZjMQ7jMB7jMQ/mwQhGMAETMC/mxXyYDwtgAUzERCyMhfEaQsIiWASjGMViWAyTMAlLYAl06DAZk7E0lsYyWAbLYlksh+WwPJbHilgRH8QH8SF8CB/Gh/ERfASrY3WsiTWxFtbC2lgb62AdrIt1sR7Ww/pYHxtgA2yIDbERNsLG2BibYBNshs2wBbbAltgSW2ErbINtsC22xfbYHlMwBTtgB+yIHbETdsLO2Bm7YBfsil2xO3bHHtgDe2JPTMVU7IN9sC/2xf7YHwfiQByEg3AwDsY0TMOhOBSH4TAcjsNxBI7EUTgax+BYHIfjcQJOxEk4CSfjZJyCU3AqTsXpOB3TMR1n4SycjbNxLs7FeTgP5+N8XIgLMQMzcDEuxkzMxKW4FLMwC5fjclyJK3E1rsa1uBbX43rciBtxM27GrbgVt+E23IE7cBfuwj24B/fhPjyABzAbs/EgHsRDeAgP42E8gkfwKB7FY3gMj+NxPIEn8CSexNN4Gs/iWTyH5/ACXsBL+Dtexit4FT3G2tw2zt5i4+2tNo+9zf5jXMAWtIm2kC1sjc1n8/9djNbaJFvclrAlrbOlbLK9509xeVvBVrSV7IO2sn3IVvlTXMs+Zmvbx20d+4StaR/9u7iufdLWs8/Z+vZ528A2tQ1tc9vIPmcb2+dtE9vUNrPNbVvbzra3L9sU+4rtYF/9U7zYLrFr7Tq73m6w++x+e8FetMfsz/aS/d32tL3sQPuuHWTfs4Pt+zbNDvlTPMqOtmPsWDvOjrcT7MQ/xdPtDJtuZ9pZ9jM72875U5xhv7TzbKadbxfYhXbRH/G1NWXar+xS+7XNssvscrvCrrSr7Gq75n+vdYXdZDfbLXaP3Wu32e12h91pd9ndf8TX9nHAfmuz7Xf2qP3JHrLf28P2uD1if/wjvra/4/YXe8L+ak/aU/a0PWPP2t/sOXv+j/1f2/sZe8Vetd4KApKkSFNAMZSLYik3xdEtFE+3Uh66jSJ0OyXQHZSX7qR8lJ8KUEFKpEJUmAwhWSIKqQgVpSjdRcXobkqi4lSCSpKjUpRM91BpupfK0H1Ulu6ncvQAlacKVJEq0YNUmR6iKvQwVaVHqBpVpxpUkx6lWvQY1abHqQ49QXXpSapHT1F9epoa0DPUkJ6lRvQcNabnqQk1pWbUnFrQC9SSXqRW1Jra0EvUltpRe3qZUugV6kCvUkd6jTrR69SZ3qAu9CZ1pW7Und6iHvQ29aRelEq9qQ+9Q32pH/WnATSQ3qVB9B4NpvcpjYbQUPqAhtGHNJw+ohE0kkbRaBpDY2kcjacJNJEm0cc0mT6hKfQpTaVpNJ1mUDrNpFn0Gc2mOTSXPqd59AXNpwW0kBZRBn1Ji2kJZdJXtJS+pixaRstpBa2kVbSa1tBaWkfraQNtpE20mbbQVvqGttF22kE7aRftpj20l/bRfjpA31I2fUcH6S90iL6nw/QDHaEf6Sj9RMfoZzpOv9AJ+pVO0ik6TWfoLP1G5+g8XaCLdIl+p8t0ha6SJxFCKEMV6jAIY8JcYWyYO4wLbwnjw1vDPOFtYSS8PUwI7wjzhneG+cL8YYGwYJgYFgoLhybE0IYUhmGRsGgYDe8Ki4V3h0lh8bBEWDJ0YakwObwnLB3eG5YJ7wvLhveH5cIHwvJhhfC5JyqFD4aVw4fCKuHDYdXwkbBaWD2sEdYMHw1rhY+FtcPHwzrhE2GZ8MmwXvhUWD98OmwQPhM2DJ8NG4XPhY3D58MmYdOwWdg8bBG+ELYMXwxbha3DNuFLYduwXdg+fDlMCV8JO4Sv3vB4atg77BO+E74Tev+4WhhdFM2IfhldHF0SzYx+FV0a/TqaFV0WXR5dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEvW+Zi7hwEmnnHaBi3G5XKzL7eLcLS7e3eryuNtcxN3uEtwdLq+70+Vz+V0BV9AlukKusDMOnXXkQlfEFXVRd5cr5u52Sa64K+FKOudKuWTX3LVwLVxL96Jr5Vq7Nu4l95Jr59q5l93L7hXXwb3qOrrXXCf3uuvs3nBvuDddV9fNdXdvuR7ubdfT9XKpLtX1cX1cX9fX9Xf93UA30A1yg9xgN9iluTQ31A11w9wwN9wNdyPcCDfKjXJj3Bg3zo1zE9wEN8lNcpPdZDfFTXFT3VQ33U136S7dzXKz3Gw32811c928pHluvpvvFrqFLsNluMVusct0mW6pW+qyXJZb7pa7lW6lW+1Wu7VurVvv1ruNbqPb7Da7rW6r2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3bZ7qA76A65Q+6w+8EdcT+6o+4nd8z97I67X9wJ96s76U650+6MO+t+c+fceXfBXXSX3O/usrvirjrvJkU+jkyOfBKZEvk0MjUyLTI9MiOSHpkZmRX5LDI7MicyN/J5ZF7ki8j8yILIwsiiSEbky8jiyJJIZuSryNLI15GsyLLI8siKyMrIqoj3hbaFvogv6qP+Ll/M3+2TfHFfwpf0zpfyyf4eX9rfGyP8fb6sv9+X8w/48r6Cr+if9018U9/MN/ct/Au+pX/Rt/KtfRv/km/r2/n2/mWf4l/xHfyrvqN/zXfyr/vO/g3fxb/pu/puvrt/y/fwb/uevpdP9b19H/+O7+v7+f5+gB/o3/WD/Ht+sH/fp/khfqj/wA/zH/rh/iM/wo/0o/xoP8aP9eP8eD/BT/ST/Md+sv/ET/Gf+ql+mp/uZ/h0P9PP8p/52X6On+s/9/P8F36+X+AX+kU+w3/pF/slPtN/5Zf6r32WX+aX+xV+pV/lV/s1fq1f59f7DX6j3+Q3+y1+q//Gb/Pb/Q6/0+/yu/0ev9fv8/v9Af+tz/bf+YP+L/6Q/94f9j/4I/5Hf9T/5I/5n/1x/4s/4X/1J/0pf9qf8Wf9b/6cP+8v+Iv+kv/dX/ZX/FX+nzXGGGOMsf8WdYPjvf/J9+TfxjV9hBC3bi945B9rbsz313k/mdg2IoR4pVeXZ/5jVKuWmpr6t9dmKREUXSCEiFzPjxHX42WijWgnUkRrUfqfrq+f7HaJblA/er8Qcf8pJ1Zcj6/Xv/e/qD923g3rLxAiqej1nNzieny9fpn/on7+ljeon/v7SUK0+k858eJ6fL1+snhRvCpS/u6VjDHGGGOMMcbYX/WTFTvd6P722v15or6ek0tcj290f84YY4wxxhhjjLGb7/Vu3V9+ISWldSee8IQn/7MmUghx085+s/8yMcYYY4wxxv7drl/03+yVMMYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjOdf/j48Tu9l7ZIwxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxm62/xUAAP//9kMzGA==")
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r5, 0x800)
lseek(r5, 0x200, 0x0)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
sendfile(r5, r6, 0x0, 0xf800)

1.067169661s ago: executing program 4 (id=2156):
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0xec, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0xcd, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @random="f7ab87594b3f"}, 0x0, 0x0, @random, @val, @void, [{0xdd, 0x7, "8b7668a21729e4"}, {0xdd, 0x9e, "d8a062cc132f8c370fffcfbf6c255947985b88cb9f22e02d96f87d9c0a6796487053adb1a2d1f8ed33d6ef7faf4ba99f81c72edefbc742d2d897c0fb6eb2289c22b03871ec6ddb7398d4b5509078903c634145233d8a7a9a2fc09946ff1a847d43452a17ee7a24318e4ed910599f7ebc8291d4dd528566752ef4090016895d45162f023cde71dbd618a52517986b705c5e653ee0e7edda93407e44be1c20"}]}}]}, 0xec}}, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private0, [@dstopts={0x80, 0x0, '\x00', [@ra={0x5, 0x3a}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000740)={0x1, 0xfffe, 0x0, 0x5, 0xdf, 0x5, 0xf, 0x2000004, r4}, 0x20)

166.156606ms ago: executing program 3 (id=2157):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3200400, &(0x7f0000000140)=ANY=[], 0x3, 0xa73, &(0x7f0000003cc0)="$eJzs3U2MG1cBAOA33vUmm6TEKQldktAm/LTlp7vNZgk/ETRVcyFqKm6VKi5RmpaINCBSCVpVIsmJG62qcIUiTuVQAUJqLyjqiUslGolLT4UDB6IgVeIAhcRove95xy92x/uTtb3+Punt85s39nszOzMez8x7LwBjq9b6u7AwU4Rw5a1Xj//j/r9PL055pD1Ho/V3spSqhxCKmJ7MPu/9iaX45gcvne4WF2G+9TelwxM32u/dHkK4GA6Eq6ER9l659so784+fvHTi8sF3Xz96/c4sPQAAjJdvXz26sOevf96368M37j0WtrSnp/PzRkzviOf9x+KJfzr/r4XOdFEKZVPZfJMx1LL5JrrMVy6nns032aP8qexz6+38fR3zbakof6I0rdtywyhL23EjFLXZjnStNju79Js8tH7XTxWz58+ee+bCgCoKrLt/3RdCOCCsNDSbzZ+0VuAQ1EUQVhuaOwd9BAJYkt8vvM3F/MrC2rQ/bbK/8m88Wuv+flgHG739K3+0yv/1JUcc1s9m3ZrScqX9aEdM5/cR8ueXVrr/p8/L70fU+6xnr/sIo3J/oVc9Jza4HqvVq/75drFZfSPGaT18M8sv7z/5/3RU/sdAd//eqOv/r00P/FrnYjgwBHXY1KE+BHUQ+g7NQR+AgKG1/NzckmaU8vPn+vL8LRX5Wyvypyvyt1Xkb6/Ih3H2++d/Fl4uln/n57/pV3o9LF1nuyvGH1thffLrkSstP3/ud6XWWn7+PDEMszdPPXnmq08/dW3p+f+ivf3fitv7gZhuxH3rapwhXS/Mr6u3n/1vdJZT6zHf3Vl97rpt/uZSibs75yt2L39OKB1nbqvHTOf7dvaab3/nfI1svukYtmb1zc9PtmXvS+cf6bia1tdktrz1bDmmsnqk48quGOf1gNVI22Ov5//T9jkT6sUzZ8+deTim03b6p4n6lsXph8of+puNqTuwNv22/5kJne1/drSn12vl48LO5elF+bjQyKbPLyXbt8nT9MMxnb7nvjsx3Zo+e/r7555e74WHMXfhhRe/d+rcuTM/9CK9mLZavPCi6sixWZ8chPEx9/xzP5i78MKLD5197tSzZ549c/7wkSOH5+ePfO3wwlzrvH6ufHYPbCbLX/qDrgkAAAAAAAAAAADQrx+dOH7tL29/5b2l9v/L7f9S+//05G9q///TrP1/3k4+tQpI7QB3dclvjbv3Zmc9prL56jF8PKvv7qycPdn7PhHj9jh+sf1/am+f9+ua6nNPNj3vvzfNl3UncFt/KVNZHyTt8QJjg/1Px/TlGP8qwAAV090nx7iqf+u0raf+KfRLMZrS/y1tDakfk9T+u1e/Tun4v2sD6sj624jmhINeRqC7fw79+J+lM/GB1+UjQ7M5+DqsPQz/ehbWMTSbRvEAhsOgx/9M1z1TfP6P39q6GNJsNx7tPF7m/ZfCWgz7+JPK31zjf7bHv+vr+Neld/WOfp77H13hP7+4/l6p2LC33+NvvvypH+jd1WWWfRjLT8v/QOiv/OZrWfn5DaE+/Tcrf1uf5d+2/PtXV/7/YvlptT34mX7LX6pxUeusR37dON3/y68bJzez5U99e654+Vc5UOOtWD6Ms97jzPY7gu1wGpXxf3vJn8P4ckynA2F6ziH/Rl5p/dPzFel7YE/2+UXF99uojFPcy7iP//v1GFftD2n837Q9Nrqka6V0vcu6HfVtBTab94f+/t+IhYtDUAdhSMNwjIFdDs1mc6AdeetFfLAGvf4Hffd50OUPev1Xycf/zc/h8/F/a9kPiHz83/z9+fi/eX4+vl6en4//m6/PfPzfPP+e7HPzK9gzFfmfrMjfW5G/bzl/ulv+/or3f6oi/2BF/r0V+fdV5N9dkT9Rkf/ZivzPVeTfX5H/YEX+5yvyN7tWe5TSTjVuyw/jLG+fZ/+H8ZHu//Ta/3dX5AOj6+dvHHrsqd99p7HU/n+q/Xst3cc7FtP1+Nv5xzGd3/cOpfRi3tsx/bcsf9ivd8A4yfvPyL/fH6jIB0ZXes7L/g1jqOjeY09+v61Xv1W9zvMZLV+I8Rdj/KUYPxTj2RjPxfhQjOc3qH7cGY/99g9HXy6Wf+/vzPL7fZ48bw+U9xN1uM/65NcHVvo8e96P30qttfxVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmFrr78LCTBHClbdePf7kybNzi1Meac/RaP2dLKXq7feF8HCMJ2L8y/ji5gcvnS7Ht2JchPlQhKI9PTxxo13S9hDCxXAgXA2NsPfKtVfemX/85KUTlw+++/rR63duDQAAAMDm9/8AAAD//6ZSGwg=")
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[], 0x1, 0xaa6, &(0x7f0000001100)="$eJzs3U2MW0cBAOCxd73JJilxSkKXNLQJhbb8dNNslvATQVIlQiJqKsSlUsUlStMSEYJEkYCqEklO3GhVBYkTP+LUS1UQEr2gqCculWikCqmnwoEDURCVOEAgcRXvjNee2H22s+tnx98njcfz5j3PvOfn5/c7E4CpVW2+Li8vVEK4+PrLR//x4N/nbw451Bqj3nydbUvVQgiVmJ7NPu/dmZX4+nsvnOwWV8JS8zWlwxNXW9NuDiGcC7vDpVAPOy9efunNpcePnz92Yc9brxy8sj5zDwAA0+Xrlw4u7/jrn+/ddu3V+w6HDa3haf+8HtNb4n7/4bjjn/b/q6EzXWkL7eay8WZjqM53jjfTZbz2cmrZeLM9yp/Lyq/1GG9D+ODyZ9qGdZtvmGRpPa6HSnWxI12tLi6uHJOH5nH9XGXx7OkzzzxXUkWBNffv+0MIu9vCkQud6XELh8agDkOGxhjUYSLD4dGVda2xovR5HlFobC17CwSwIr9eeItz+ZmF29P6tNn+yr/6WLX79LAGRr3+D1T+XMnlB+X/5rwtDmvnTl2b0nyl39GWmM6vI+T3L/X+/eVXOjqH5tcjan3Ws9d1hEm5vtCrnjMjrsewetU/Xy/uVF+OcVoOX8ny238/+Xc6Kd8x0N1/8vP/giCMdwgd6drtfFaj5O0PML7y++Ya6fpolN/Xl+dvKMjfWJA/X5C/qSB/c0E+TLPfff+n4cXK6nF+fkw/6PnwdJ7trhh/aMD65OcjBy0/v+93ULdbfn4/MYyzP5x48tQXnn7q8sr9/5XW+n8jru/pcKMef1uX4gjpfGF+Xr1173+9s5xqj/HuzupzV5fxm++3d45X2b76OaFtO3NLPRY6p9vaa7xdnePVs/HmY9iY1TffP9mUTZf2P9J2NS2v2Wx+a9l8zGX1SNuVbTHO6wHDSOtjr/v/0/q5EGqVZ06fOfVoTKf19E8ztQ03h+8bcb2B29fv8z8LofP5ny2t4bVq+3Zh6+rwysp24bX4eZ3Dl1rldA7fH9Ppf+5bM/PN4Ysnv3vm6bWffZhqz/3o+W+fOHPm1Pe8GfrNV8ejGoO8SYct41Ifb8buTckbJmDd7f3xyk7AI6e/c+LZU8+eOrv/wIH9S0sHvrh/eW9zv35v+959u3Ml1BZYS6t/+mXXBAAAAAAAAAAAAOjXD44dvfz2G59/Z+X5/9Xn/9Lz/+nO3/T8/0+y5//z5+TTc/DpOcBtXfKb42QNrM5l49Vi+HBW3+1ZOTuy6T4S41Y/fvH5/1Rc3q5rqs892fBaj2TWnMAt7aXMZW2Q5P0FfjzGF2L86wAlqsx3Hxzjovat07qe2qdoa5eioX3gyZG+t7Q2pHZM0vPfXdt1avuyt42gjqy9UTxOWPY8At39c6ra//7X6oyXXhehd5gdbXk/n951otFzL73fHmwA1kbZ/X+m854pPvvHr228GdJoVx/r3F7m7ZfCIP7ydmd63PufXO/y8377Rl1+2fM/6v4/W/3f9b39y3rMqw9X7n9/ceWdtmLDzn7Lz+c/tQO9fbDyr8Xy09w8FPorv/GrrPz8glCf/peVv6nP8m+Z/13Dlf//WH5abA8/0G/5KzWuVDvrkZ83Ttf/8vPGyfVs/lPbnh9Q/jee7zb/Q3bUeCOWD9NsUvqZHVS2H9HaaR++/9/o3Nr2/9uqbLZZy+/D+FxMpw1xus8h7+9k0Pqn+yvS/8CO7PMrBf9v+v+dbF+KcdHvIfX/m9bHevzLb0s3l2VK17os2zt1WwOT6t2puv43EWHjGNRB6D80ZoaYrtVPXMn1bzQa63tCq0CphVP68i/7OKHs8ste/kXy/n/zffi8/988P+//N8/P+//N8+fjN9QrP+//N1+eef+/ef492efm/QMvFOR/tCB/Z/f81mH7vQXT7yrI/1hB/p5W/qGOMVL+fQXT31+Qf3dB/gMF+Z8oyP9kQf6DBfkPt+W39wGd8j9VMP2dLj2PMq3zD9Msfz7P7x+mR7r+0+v3v70gH5hcP3t135GnfvvN+srz/3Ot8yHpOt7hmK7F46cfxnR+3Tu0pW/mvRHTf8vyx/18B0yTvP2M/P/9oYJ8YHKl+7z8vmEKVTZ2Hxzjonareu3nM1k+HePPxPizMX4kxosx3hvjfTFeGlH9WB9HXvv9wRcrq8f7W7P8fu8nz58H6mgnKoSwv8/65OcHBr2fPW/Hb1C3W/6Qj4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUptp8XV5eqIRw8fWXjz55/PTem0MOtcaoN19n21K11nQhPBrjmRj/Mr65/t4LJ9vjGzGuhKVQCZXW8PDE1VZJm0MI58LucCnUw86Ll196c+nx4+ePXdjz1isHr6zfEgAAAIA73/sBAAD//weuDxQ=")
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f00000001c0)={'wg1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x21916}}, 0x20}}, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000080)=0x8, 0x4)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0xe22}, 0x1c)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000000040)='./file0\x00', 0x584)
setxattr$system_posix_acl(&(0x7f00000015c0)='./file0\x00', &(0x7f0000001600)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b45602117fffffff81000e220e227f000008925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x2fc, &(0x7f0000001bc0)=ANY=[@ANYBLOB="ffffffffffff0000000000000800442802ee00660000012f9078ffffffffac14140a8927f9ac141414ac1414357f000001640101007f00000100000000e0000002e0000001ffffffff440c8d00000000000000000189075c0000000000000421880b0082000016e65f248dee1c0946ae42cf18efc07b39df2a2d1a9946276575594c0b4c4d9089e19368829b1780123769cd75eee945fdc5af594515bcea5d3fb156b7a6e6a577466afde2acd0540a7c3edec1cbc0bf9bc69ee0431f27f6b76f4680a6dd9506eb0f80e4cce05a427913cfe7abe16b4ff52bf64c3c279565cc4d8cf416638b6119c20c0008008001000aa9e9cb278a95391ac95753abd41be49a7a7817790b0d537f72aa64dbbe3e90fd41775b782cd160072c0a2aba0586a9bbfc1954c6ecb3c488085787a59fe5b3b406c4ef29d739222a712fa0c0da317b92a4d8f89a2c6f82c54c3dbf0e3d644423a7657d7049ac93403855a6de2cea7245dd1855d48b3559293fda763bf7ed842a85ed88aad529769698c87af7355c7470a25dae17faef2cbfa46f89d6c542a25616eb58f26f0230257e766cbf87861151db7ffbfd976d34f5537b8c172c9cf1abe5b7abc387a712726ae51c9a36838d11fb8f5e336fb6a3e9c6de26af0ab719aa7ebace0b31ba3f22211028ff090086dd00810000fccfe1d22777a01191c19b409c1b6cb7d7c513e6e127a88b7dba9676c188f979603c32ad2b78147cff8aa5edec3b031957397c2abb391ba50362e9e6a055d3853b14742eee468512a2a8535fc9763c569c3220c0ce9a9d3d4597c42e1f377688530a4c7e9fc66390080088be08000003170435050100000000000005080022eb000000002d01f50702000000000000b50400c911080065580000000371e609c6886f6a857335fe7b1426633c6844a814e4f8b0f76d9fafd84f11c93c939f29b5480c4fc59e08d1555ff4f68f375e25e56ced7e46b588d297e8e87dbf85ac7a7904099363150706af2a2dcdc749467f5bcf254e85fd3d114df5f876a433ecb7ee0b8bee97494bef1e535b42451bece7592fd6570fef18daf3525b23ce8363f8aad3b70f430ab931f806b4421942df869a0440f4dfba3d91f1f118c3b951df9ab728ff0c0aac59c5843d787ab8f24a936a4b273af2a35aa20fa886d692bf5c8810edadef5d76860ff57bd64fb5fa78ab949811bbbf352c1195a2a253565b9cd6b8dcaffd8546507e8fdcd699983089cfaa9a79fe3d4b9576a498f03443a1a3ab33442cb4733d068e40b35bf4d0f36cdd03480da3cf809a28777680573cd46f73dbce1f9ef3461ad0f17bd2562bfd138fe5ac91ed85b0a0d36db397567baedb0c26d341b530f6f534125eeee88f1c37ff800cc73d9b159244f9f44ec866ed730000000000000000"], 0x0)
syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x1038, 0x1410, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xb, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x3, 0x7, {0x9, 0x21, 0x3, 0x7, 0x1, {0x22, 0xba1}}, {{{0x9, 0x5, 0x81, 0x3, 0x7fbfb797099a8ce, 0x2, 0x9, 0x80}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x5, 0x1, 0x3}}]}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x300, 0x4, 0x8, 0x9, 0x40, 0x40}, 0xda, &(0x7f0000000280)={0x5, 0xf, 0xda, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x2, 0x7, 0x2}, @generic={0xb7, 0x10, 0xa, "8c7519fdf7b82232711b99b1b4f949f9ca3085529b89f993d1b7f8a5ebb6cbb6e6766e0755e05a1d1862c9145311f969aa723e0904466b4bbc62e30503afa69af83ed6d9ebe17fdb8d904b29fc58b1c1c925a6de6c711c94c79d14d2a9fb9486e07cd7ec5f5bdc970d0363348b3fcc6c0aa2714f23594cd887517729fd5b68fc4a20508d43a8d5d6183c63784cf7ea95dec2a2f13f4367ed09ab0c7fa53c2a8f74d155951edc6a812b02ac25ccf4977f03265f81"}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "b49d6158d989530e956beed83a987838"}]}, 0x8, [{0x2e, &(0x7f0000000380)=@string={0x2e, 0x3, "0813c4313dbad5462fbf7ae312f303f8eb0f3454a918f7d41196aea9290888c76b91c84276c793ca2170af4f"}}, {0x39, &(0x7f0000000440)=@string={0x39, 0x3, "4e615b905680b77bd36b4fa8b71d3aa79666cd3ae72af5374c322df8a0451612fc582e32e0533c57c8495a06a7cd4248a2d99c848e8053"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x404}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x42d}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x441}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0xc0a}}, {0xeb, &(0x7f0000000580)=@string={0xeb, 0x3, "913276ee826e2cbbc2e506006904be7f039d3e160bff97578bb2c76933be19e357e4ce3693a695f15ad6e3415dd30b3161bd8700f51b63ff5cd54ed6fb08f4c12318144475b192b1550de8b044a9fb2270104c0ad5ba7255d4c4d4450c8a26a4d0d9ee110d5eaf7e5799761ac22fd4bece85be0b707cda7fe501e3886438ca2e32ba9db0b6379c3bea51257b52fd41260a7587410a46ce653750c6e4652da7c65552055023d54dbd1770dc5d65748f7b14450bd4c37f0ca3618608c3b2ffd47091d237939727ec73f07e8ca6755eba1bde7e643e540440e8b62c36678bb849573472da79120f12ae48"}}, {0xe0, &(0x7f0000000680)=@string={0xe0, 0x3, "5c85022626fe7c80300c4e126cbc4a5c34bde4841c6b3c61a3e0ea58e00fd2d0d32dedaccc28a27bb72686f36b599bf3fd5251bb96e402c1cb4e3e0221cfbf131837fcbaaee289a59fff9ccc15ec45a33e57edc4a18c04a4c1fef89bac28c1dd87d04eb3643e40ce62547b7bb3c61db6c590e90e241fb4d14ff835519bc1a56867beb1d43c239d4c2b1b88f90ac63d1c7bad4520fde709cbe5d7c9065271cb0c0da1476e1e16fdad21311aadf317bb96642f30b58207e746705ed909a55b03429729f157ff2b1c186dccc03ecf5d85e3ab088df123108861e1647ceada17"}}]})
syz_emit_ethernet(0x3e, &(0x7f0000000840)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaabb08004500003000000000000190780a010102ad1414aa0800907807000000000000000000000000000000ac1414bbac1e0001273cf75b8001e7817bac69344da545579732b2609b71f237267b41d7285b19a97e3983f7f3"], 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x16}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)={0x70, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r4}, @WGDEVICE_A_PEERS={0x54, 0x8, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x4}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ALLOWEDIPS={0x20, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}]}]}]}]}]}, 0x70}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000))
syz_io_uring_setup(0x442b, &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000000180))
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'wlan0\x00'})

165.765726ms ago: executing program 0 (id=2158):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='sched_switch\x00', r0}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x80fe, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483e0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) (fail_nth: 5)

0s ago: executing program 4 (id=2159):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@errors_remount}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@stripe={'stripe', 0x3d, 0x4}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xfffffffffffffffe}}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchmod(r0, 0x408)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
lremovexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000000)=@known='system.posix_acl_access\x00')
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$inet6(0xa, 0x80002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x200000100000011, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r2, 0x4)

kernel console output (not intermixed with test programs):

01f7c0
[  935.691428][T11936]  </TASK>
[  935.696429][ T6027] usb 5-1: new low-speed USB device number 7 using dummy_hcd
[  935.786178][T10215] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  935.803485][ T6027] usb 5-1: device descriptor read/8, error -71
[  935.925218][ T6027] usb usb5-port1: unable to enumerate USB device
[  935.993347][T10215] usb 4-1: device descriptor read/64, error -71
[  936.113415][    C1] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  936.274013][T10215] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  936.463373][T10215] usb 4-1: device descriptor read/64, error -71
[  936.593632][T10215] usb usb4-port1: attempt power cycle
[  937.013468][T10215] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  937.113616][T10215] usb 4-1: device descriptor read/8, error -71
[  937.385910][T10215] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  937.503623][T10215] usb 4-1: device descriptor read/8, error -71
[  937.554891][T11951] FAULT_INJECTION: forcing a failure.
[  937.554891][T11951] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  937.633722][T10215] usb usb4-port1: unable to enumerate USB device
[  937.680678][T11951] CPU: 1 PID: 11951 Comm: syz.4.1893 Not tainted 5.15.168-syzkaller #0
[  937.688953][T11951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  937.699015][T11951] Call Trace:
[  937.702303][T11951]  <TASK>
[  937.705234][T11951]  dump_stack_lvl+0x1e3/0x2d0
[  937.709919][T11951]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  937.715565][T11951]  ? panic+0x860/0x860
[  937.719646][T11951]  ? snprintf+0xd6/0x120
[  937.723891][T11951]  should_fail+0x38a/0x4c0
[  937.728320][T11951]  _copy_to_user+0x2d/0x130
[  937.732837][T11951]  simple_read_from_buffer+0xc6/0x150
[  937.738221][T11951]  proc_fail_nth_read+0x1a3/0x210
[  937.743256][T11951]  ? proc_fault_inject_write+0x390/0x390
[  937.748898][T11951]  ? fsnotify_perm+0x442/0x590
[  937.753665][T11951]  ? proc_fault_inject_write+0x390/0x390
[  937.759300][T11951]  vfs_read+0x2fc/0xe10
[  937.763466][T11951]  ? kernel_read+0x1f0/0x1f0
[  937.768061][T11951]  ? __fget_files+0x413/0x480
[  937.772754][T11951]  ? mutex_lock_nested+0x17/0x20
[  937.777694][T11951]  ? __fdget_pos+0x2cb/0x380
[  937.782282][T11951]  ? ksys_read+0x77/0x2c0
[  937.786615][T11951]  ksys_read+0x1a2/0x2c0
[  937.790858][T11951]  ? print_irqtrace_events+0x210/0x210
[  937.796320][T11951]  ? vfs_write+0xe50/0xe50
[  937.800738][T11951]  ? syscall_enter_from_user_mode+0x2e/0x240
[  937.806737][T11951]  ? lockdep_hardirqs_on+0x94/0x130
[  937.811944][T11951]  ? syscall_enter_from_user_mode+0x2e/0x240
[  937.817930][T11951]  do_syscall_64+0x3b/0xb0
[  937.822349][T11951]  ? clear_bhb_loop+0x15/0x70
[  937.827030][T11951]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  937.832930][T11951] RIP: 0033:0x7f80fc7e8a3c
[  937.837441][T11951] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  937.857050][T11951] RSP: 002b:00007f80fac62030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  937.865487][T11951] RAX: ffffffffffffffda RBX: 00007f80fc9a1f80 RCX: 00007f80fc7e8a3c
[  937.873462][T11951] RDX: 000000000000000f RSI: 00007f80fac620a0 RDI: 0000000000000003
[  937.881442][T11951] RBP: 00007f80fac62090 R08: 0000000000000000 R09: 0000000000000000
[  937.889412][T11951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  937.897386][T11951] R13: 0000000000000000 R14: 00007f80fc9a1f80 R15: 00007fff1a54f458
[  937.905407][T11951]  </TASK>
[  937.908491][    C1] vkms_vblank_simulate: vblank timer overrun
[  938.013435][T11955] loop3: detected capacity change from 0 to 256
[  938.266371][T11955] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  938.402218][   T26] kauditd_printk_skb: 22 callbacks suppressed
[  938.402253][   T26] audit: type=1804 audit(1729313339.063:292): pid=11955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1894" name="/newroot/20/file0/bus" dev="loop3" ino=1048729 res=1 errno=0
[  938.752640][T10212] Bluetooth: hci2: command 0x0406 tx timeout
[  938.910863][   T26] audit: type=1800 audit(1729313339.063:293): pid=11955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1894" name="bus" dev="loop3" ino=1048729 res=0 errno=0
[  939.058482][T11959] FAULT_INJECTION: forcing a failure.
[  939.058482][T11959] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  939.193441][T11959] CPU: 1 PID: 11959 Comm: syz.4.1896 Not tainted 5.15.168-syzkaller #0
[  939.202067][T11959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  939.212125][T11959] Call Trace:
[  939.215406][T11959]  <TASK>
[  939.218335][T11959]  dump_stack_lvl+0x1e3/0x2d0
[  939.223288][T11959]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  939.229011][T11959]  ? panic+0x860/0x860
[  939.233086][T11959]  ? __lock_acquire+0x1295/0x1ff0
[  939.238109][T11959]  should_fail+0x38a/0x4c0
[  939.242537][T11959]  prepare_alloc_pages+0x1db/0x5b0
[  939.247743][T11959]  __alloc_pages+0x14f/0x700
[  939.252337][T11959]  ? __rmqueue_pcplist+0x2030/0x2030
[  939.257624][T11959]  ? __lock_acquire+0x1ff0/0x1ff0
[  939.262658][T11959]  ? alloc_pages+0x458/0x570
[  939.267254][T11959]  skb_page_frag_refill+0x220/0x4b0
[  939.272541][T11959]  tun_get_user+0x1bd7/0x40f0
[  939.277237][T11959]  ? tun_ring_recv+0xcc0/0xcc0
[  939.282019][T11959]  ? rcu_lock_release+0x5/0x20
[  939.286815][T11959]  tun_chr_write_iter+0x10c/0x1e0
[  939.291847][T11959]  vfs_write+0xacd/0xe50
[  939.296106][T11959]  ? file_end_write+0x250/0x250
[  939.300968][T11959]  ? __fget_files+0x413/0x480
[  939.305662][T11959]  ? __fdget_pos+0x1e9/0x380
[  939.310335][T11959]  ? ksys_write+0x77/0x2c0
[  939.314753][T11959]  ksys_write+0x1a2/0x2c0
[  939.319079][T11959]  ? print_irqtrace_events+0x210/0x210
[  939.324800][T11959]  ? __ia32_sys_read+0x80/0x80
[  939.329576][T11959]  ? syscall_enter_from_user_mode+0x2e/0x240
[  939.335568][T11959]  ? lockdep_hardirqs_on+0x94/0x130
[  939.340766][T11959]  ? syscall_enter_from_user_mode+0x2e/0x240
[  939.346737][T11959]  do_syscall_64+0x3b/0xb0
[  939.351161][T11959]  ? clear_bhb_loop+0x15/0x70
[  939.355836][T11959]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  939.361736][T11959] RIP: 0033:0x7f80fc7e8adf
[  939.366152][T11959] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  939.385764][T11959] RSP: 002b:00007f80fac62000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  939.394193][T11959] RAX: ffffffffffffffda RBX: 00007f80fc9a1f80 RCX: 00007f80fc7e8adf
[  939.402196][T11959] RDX: 000000000000008e RSI: 0000000020000100 RDI: 00000000000000c8
[  939.410167][T11959] RBP: 00007f80fac62090 R08: 0000000000000000 R09: 0000000000000000
[  939.418142][T11959] R10: 000000000000008e R11: 0000000000000293 R12: 0000000000000001
[  939.426121][T11959] R13: 0000000000000001 R14: 00007f80fc9a1f80 R15: 00007fff1a54f458
[  939.434120][T11959]  </TASK>
[  939.437192][    C1] vkms_vblank_simulate: vblank timer overrun
[  939.979230][T11961] loop1: detected capacity change from 0 to 256
[  940.073803][T11961] exfat: Unknown parameter 'ioch!YŽã…Óarset'
[  940.090330][T11963] loop3: detected capacity change from 0 to 256
[  940.179669][T11963] exfat: Unknown parameter 'ioch!YŽã…Óarset'
[  942.698754][T11961] loop1: detected capacity change from 0 to 40427
[  942.799501][T11963] loop3: detected capacity change from 0 to 40427
[  942.832836][T11961] F2FS-fs (loop1): Invalid SB checksum offset: 0
[  942.883451][T11961] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  942.973318][T11963] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  943.013977][T11961] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12)
[  943.043811][T11963] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  943.114324][T11963] F2FS-fs (loop3): Failed to start F2FS issue_checkpoint_thread (-12)
[  943.885537][T11999] loop3: detected capacity change from 0 to 256
[  944.194414][T11999] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  944.373135][   T26] audit: type=1804 audit(1729313345.033:294): pid=11999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1905" name="/newroot/22/file0/bus" dev="loop3" ino=1048730 res=1 errno=0
[  944.811257][T12004] loop1: detected capacity change from 0 to 256
[  944.850059][   T26] audit: type=1800 audit(1729313345.033:295): pid=11999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1905" name="bus" dev="loop3" ino=1048730 res=0 errno=0
[  944.939447][T12004] exfat: Unknown parameter 'ioch!YŽã…Óarset'
[  945.220121][ T8933] ntfs: (device loop2): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  945.359412][ T3670] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.604265][ T3670] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.796925][ T3670] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.826358][T10215] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  945.872329][T12014] loop3: detected capacity change from 0 to 256
[  945.906102][ T3670] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.944540][T12014] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xb69a62dc, utbl_chksum : 0xe619d30d)
[  945.960959][T11994] chnl_net:caif_netlink_parms(): no params data found
[  946.079708][T12017] loop3: detected capacity change from 0 to 256
[  946.095535][T12019] FAULT_INJECTION: forcing a failure.
[  946.095535][T12019] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  946.114103][   T23] Bluetooth: hci6: command 0x0409 tx timeout
[  946.124732][T12019] CPU: 0 PID: 12019 Comm: syz.4.1915 Not tainted 5.15.168-syzkaller #0
[  946.133002][T12019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  946.143063][T12019] Call Trace:
[  946.146357][T12019]  <TASK>
[  946.149293][T12019]  dump_stack_lvl+0x1e3/0x2d0
[  946.154021][T12019]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  946.159657][T12019]  ? panic+0x860/0x860
[  946.163737][T12019]  should_fail+0x38a/0x4c0
[  946.168152][T12019]  _copy_from_user+0x2d/0x170
[  946.172831][T12019]  strndup_user+0xb0/0x150
[  946.177238][T12019]  __se_sys_mount+0xde/0x3c0
[  946.181816][T12019]  ? print_irqtrace_events+0x210/0x210
[  946.187370][T12019]  ? __x64_sys_mount+0xc0/0xc0
[  946.192121][T12019]  ? syscall_enter_from_user_mode+0x2e/0x240
[  946.198088][T12019]  ? lockdep_hardirqs_on+0x94/0x130
[  946.203275][T12019]  ? __x64_sys_mount+0x1c/0xc0
[  946.208037][T12019]  do_syscall_64+0x3b/0xb0
[  946.212442][T12019]  ? clear_bhb_loop+0x15/0x70
[  946.217108][T12019]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  946.222989][T12019] RIP: 0033:0x7f80fc7e9ff9
[  946.227391][T12019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  946.246980][T12019] RSP: 002b:00007f80fac62038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  946.255379][T12019] RAX: ffffffffffffffda RBX: 00007f80fc9a1f80 RCX: 00007f80fc7e9ff9
[  946.263334][T12019] RDX: 0000000020000100 RSI: 0000000020000140 RDI: 0000000020000000
[  946.271288][T12019] RBP: 00007f80fac62090 R08: 0000000000000000 R09: 0000000000000000
[  946.279243][T12019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  946.287196][T12019] R13: 0000000000000000 R14: 00007f80fc9a1f80 R15: 00007fff1a54f458
[  946.295164][T12019]  </TASK>
[  946.347097][T10215] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  946.363917][T12017] exfat: Unknown parameter 'ioch!YŽã…Óarset'
[  946.413321][T10215] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  946.473345][T12004] loop1: detected capacity change from 0 to 40427
[  946.479935][T10215] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  946.540261][T10215] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  946.569401][T10215] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.583073][T10215] usb 1-1: config 0 descriptor??
[  946.654804][T10215] usb-storage 1-1:0.0: USB Mass Storage device detected
[  946.673900][T12004] F2FS-fs (loop1): Invalid SB checksum offset: 0
[  946.680264][T12004] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  946.712977][T10215] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  946.793760][T11994] bridge0: port 1(bridge_slave_0) entered blocking state
[  946.824023][T11994] bridge0: port 1(bridge_slave_0) entered disabled state
[  946.832064][T12004] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  946.865523][T11994] device bridge_slave_0 entered promiscuous mode
[  946.887210][T11994] bridge0: port 2(bridge_slave_1) entered blocking state
[  946.897290][T12011] udc-core: couldn't find an available UDC or it's busy
[  946.903564][T11994] bridge0: port 2(bridge_slave_1) entered disabled state
[  946.918908][T12011] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  946.942994][T11994] device bridge_slave_1 entered promiscuous mode
[  947.041818][T12004] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  947.063268][T12004] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  947.098987][T11994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  947.159926][T11994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  947.324090][T11994] team0: Port device team_slave_0 added
[  947.356990][   T23] usb 1-1: USB disconnect, device number 10
[  947.358303][T11994] team0: Port device team_slave_1 added
[  947.453874][T12041] attempt to access beyond end of device
[  947.453874][T12041] loop1: rw=2049, want=53256, limit=40427
[  947.496486][T12041] attempt to access beyond end of device
[  947.496486][T12041] loop1: rw=2049, want=53320, limit=40427
[  947.538972][   T26] audit: type=1804 audit(1729313348.143:296): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1904" name="/newroot/10/file1/file1" dev="loop1" ino=10 res=1 errno=0
[  948.025973][T12017] loop3: detected capacity change from 0 to 40427
[  948.074224][T11468] attempt to access beyond end of device
[  948.074224][T11468] loop1: rw=2049, want=45104, limit=40427
[  948.102454][T12017] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  948.132574][T12017] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  948.166694][T12044] loop0: detected capacity change from 0 to 4096
[  948.193375][T10215] Bluetooth: hci6: command 0x041b tx timeout
[  948.205497][T12017] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  948.205556][T11994] batman_adv: batadv0: Adding interface: batadv_slave_0
[  948.224020][T12044] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[  948.264841][T11994] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  948.345102][T11994] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  948.424595][T11994] batman_adv: batadv0: Adding interface: batadv_slave_1
[  948.431563][T11994] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  948.523385][T12017] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  948.530456][T12017] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  948.543262][T11994] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  948.771105][T11994] device hsr_slave_0 entered promiscuous mode
[  948.794808][T12062] loop0: detected capacity change from 0 to 256
[  948.834188][T11994] device hsr_slave_1 entered promiscuous mode
[  948.846677][T11994] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  948.871230][T11994] Cannot create hsr debugfs directory
[  948.895272][T12066] attempt to access beyond end of device
[  948.895272][T12066] loop3: rw=2049, want=53256, limit=40427
[  948.921204][T12066] attempt to access beyond end of device
[  948.921204][T12066] loop3: rw=2049, want=53320, limit=40427
[  948.942799][   T26] audit: type=1804 audit(1729313349.573:297): pid=12066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1914" name="/newroot/24/file1/file1" dev="loop3" ino=10 res=1 errno=0
[  948.966290][    C1] vkms_vblank_simulate: vblank timer overrun
[  949.101505][T12062] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  949.253064][T12065] loop1: detected capacity change from 0 to 2048
[  949.304042][   T26] audit: type=1804 audit(1729313349.783:298): pid=12062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1920" name="/newroot/70/file0/bus" dev="loop0" ino=1048731 res=1 errno=0
[  949.335748][T11356] attempt to access beyond end of device
[  949.335748][T11356] loop3: rw=2049, want=45104, limit=40427
[  949.423260][   T26] audit: type=1800 audit(1729313349.783:299): pid=12062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1920" name="bus" dev="loop0" ino=1048731 res=0 errno=0
[  949.526218][T12065] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  950.091250][ T3670] device hsr_slave_0 left promiscuous mode
[  950.112839][ T3670] device hsr_slave_1 left promiscuous mode
[  950.141012][ T3670] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  950.166517][ T3670] batman_adv: batadv0: Removing interface: batadv_slave_0
[  950.187260][ T3670] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  950.206919][ T3670] batman_adv: batadv0: Removing interface: batadv_slave_1
[  950.224379][ T3670] device bridge_slave_1 left promiscuous mode
[  950.235879][ T3670] bridge0: port 2(bridge_slave_1) entered disabled state
[  950.273435][ T6027] Bluetooth: hci6: command 0x040f tx timeout
[  950.286597][ T3670] device bridge_slave_0 left promiscuous mode
[  950.310585][ T3670] bridge0: port 1(bridge_slave_0) entered disabled state
[  950.351391][ T3670] device veth1_macvtap left promiscuous mode
[  950.386898][ T3670] device veth0_macvtap left promiscuous mode
[  950.404762][ T3670] device veth1_vlan left promiscuous mode
[  950.415656][ T3670] device veth0_vlan left promiscuous mode
[  950.497179][T12090] loop0: detected capacity change from 0 to 4096
[  950.630647][T12090] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512)
[  950.970417][T12092] loop0: detected capacity change from 0 to 1764
[  950.981441][ T3670] team0 (unregistering): Port device team_slave_1 removed
[  951.028281][ T3670] team0 (unregistering): Port device team_slave_0 removed
[  951.103621][ T3670] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  951.153062][ T3670] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  951.348509][ T3670] bond0 (unregistering): Released all slaves
[  951.403370][   T23] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  951.451908][T12087] device syz_tun entered promiscuous mode
[  951.481864][T12087] device batadv_slave_1 entered promiscuous mode
[  951.635313][T12105] loop3: detected capacity change from 0 to 256
[  951.929796][   T23] usb 2-1: Using ep0 maxpacket: 16
[  952.003613][T12105] exFAT-fs (loop3): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x2d19abd0)
[  952.094682][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  952.370716][   T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  952.391094][   T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  952.413496][T12105] exFAT-fs (loop3): invalid boot region
[  952.423680][T12105] exFAT-fs (loop3): failed to recognize exfat type
[  952.443369][   T23] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  952.478552][T11994] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  952.505859][   T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  952.525362][   T23] usb 2-1: config 0 descriptor??
[  952.534963][ T6027] Bluetooth: hci6: command 0x0419 tx timeout
[  952.708087][T12114] loop0: detected capacity change from 0 to 256
[  952.870238][T11994] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  953.027492][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  953.186677][T12114] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  953.206990][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  953.371741][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  953.550453][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  953.773768][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  953.988879][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  954.211886][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  954.398192][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  954.403745][   T26] audit: type=1804 audit(1729313355.053:300): pid=12114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1930" name="/newroot/75/file0/bus" dev="loop0" ino=1048732 res=1 errno=0
[  954.440537][   T26] audit: type=1800 audit(1729313355.053:301): pid=12114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1930" name="bus" dev="loop0" ino=1048732 res=0 errno=0
[  954.472425][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  954.626162][   T23] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  955.010649][   T23] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0006/input/input7
[  955.387476][T11994] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  955.473623][   T23] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  955.571724][   T23] usb 2-1: USB disconnect, device number 9
[  955.582044][T12129] FAULT_INJECTION: forcing a failure.
[  955.582044][T12129] name failslab, interval 1, probability 0, space 0, times 0
[  955.643449][T12129] CPU: 0 PID: 12129 Comm: syz.3.1932 Not tainted 5.15.168-syzkaller #0
[  955.651736][T12129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  955.661820][T12129] Call Trace:
[  955.665115][T12129]  <TASK>
[  955.668064][T12129]  dump_stack_lvl+0x1e3/0x2d0
[  955.672774][T12129]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  955.678431][T12129]  ? panic+0x860/0x860
[  955.682515][T12129]  ? __might_sleep+0xc0/0xc0
[  955.687115][T12129]  should_fail+0x38a/0x4c0
[  955.691546][T12129]  should_failslab+0x5/0x20
[  955.696056][T12129]  slab_pre_alloc_hook+0x53/0xc0
[  955.699796][T11994] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  955.701003][T12129]  __kmalloc_node_track_caller+0x6b/0x390
[  955.713384][T12129]  ? netlink_sendmsg+0x6f8/0xd60
[  955.718328][T12129]  ? kmem_cache_alloc_node+0x154/0x2c0
[  955.723792][T12129]  ? __alloc_skb+0xdd/0x590
[  955.728310][T12129]  ? netlink_sendmsg+0x6f8/0xd60
[  955.733252][T12129]  __alloc_skb+0x12c/0x590
[  955.737672][T12129]  netlink_sendmsg+0x6f8/0xd60
[  955.742457][T12129]  ? netlink_getsockopt+0x5b0/0x5b0
[  955.747670][T12129]  ? aa_sock_msg_perm+0x91/0x150
[  955.752615][T12129]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  955.757902][T12129]  ? security_socket_sendmsg+0x7d/0xa0
[  955.763362][T12129]  ? netlink_getsockopt+0x5b0/0x5b0
[  955.768570][T12129]  ____sys_sendmsg+0x59e/0x8f0
[  955.773338][T12129]  ? iovec_from_user+0x300/0x390
[  955.778289][T12129]  ? __sys_sendmsg_sock+0x30/0x30
[  955.783336][T12129]  ___sys_sendmsg+0x252/0x2e0
[  955.788024][T12129]  ? __sys_sendmsg+0x260/0x260
[  955.792820][T12129]  ? __fdget+0x191/0x220
[  955.797070][T12129]  __se_sys_sendmsg+0x19a/0x260
[  955.801931][T12129]  ? __x64_sys_sendmsg+0x80/0x80
[  955.807147][T12129]  ? syscall_enter_from_user_mode+0x2e/0x240
[  955.813133][T12129]  ? lockdep_hardirqs_on+0x94/0x130
[  955.818352][T12129]  ? syscall_enter_from_user_mode+0x2e/0x240
[  955.824347][T12129]  do_syscall_64+0x3b/0xb0
[  955.828776][T12129]  ? clear_bhb_loop+0x15/0x70
[  955.833455][T12129]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  955.839354][T12129] RIP: 0033:0x7ffa88812ff9
[  955.843777][T12129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  955.863389][T12129] RSP: 002b:00007ffa86c8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  955.871814][T12129] RAX: ffffffffffffffda RBX: 00007ffa889caf80 RCX: 00007ffa88812ff9
[  955.879798][T12129] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
[  955.887775][T12129] RBP: 00007ffa86c8b090 R08: 0000000000000000 R09: 0000000000000000
[  955.895876][T12129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  955.903856][T12129] R13: 0000000000000000 R14: 00007ffa889caf80 R15: 00007ffd701283d8
[  955.911865][T12129]  </TASK>
[  956.077160][T12134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1933'.
[  956.393478][T11994] 8021q: adding VLAN 0 to HW filter on device bond0
[  956.446970][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  956.837013][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  956.913028][T11994] 8021q: adding VLAN 0 to HW filter on device team0
[  956.944977][T12149] loop1: detected capacity change from 0 to 2048
[  957.004825][  T556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  957.040689][  T556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  957.105317][  T556] bridge0: port 1(bridge_slave_0) entered blocking state
[  957.112410][  T556] bridge0: port 1(bridge_slave_0) entered forwarding state
[  957.141293][T12161] loop0: detected capacity change from 0 to 256
[  957.148733][  T556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  957.240500][T12149] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  957.304234][T12161] exfat: Unknown parameter 'ioch!YŽã…Óarset'
[  957.324790][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  957.360747][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  957.423915][T12143] UDF-fs: error (device loop1): udf_read_inode: (ino 1347) failed !bh
[  957.454721][ T3722] bridge0: port 2(bridge_slave_1) entered blocking state
[  957.461847][ T3722] bridge0: port 2(bridge_slave_1) entered forwarding state
[  957.564211][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  957.645699][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  957.714069][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  957.744022][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  957.843756][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  957.872475][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  957.886842][T12175] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1943'.
[  957.914349][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  957.944899][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  957.983957][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  958.013620][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  958.029226][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  958.084118][T11994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  958.259647][T12185] loop3: detected capacity change from 0 to 256
[  958.496478][T12164] chnl_net:caif_netlink_parms(): no params data found
[  958.919253][T12185] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  959.287161][T12161] loop0: detected capacity change from 0 to 40427
[  959.324289][T12161] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  959.330665][T12161] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  959.397038][T12161] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  959.604304][T10609] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  959.615157][T10609] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  959.633669][T10215] Bluetooth: hci1: command 0x0409 tx timeout
[  959.645936][T12161] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  959.653167][T12161] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  959.801042][T12164] bridge0: port 1(bridge_slave_0) entered blocking state
[  959.810487][T12164] bridge0: port 1(bridge_slave_0) entered disabled state
[  959.819597][T12164] device bridge_slave_0 entered promiscuous mode
[  959.840773][T12222] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1948'.
[  959.976435][T11994] 8021q: adding VLAN 0 to HW filter on device batadv0
[  960.007050][T12164] bridge0: port 2(bridge_slave_1) entered blocking state
[  960.081371][T12227] attempt to access beyond end of device
[  960.081371][T12227] loop0: rw=2049, want=53256, limit=40427
[  960.123456][T12227] attempt to access beyond end of device
[  960.123456][T12227] loop0: rw=2049, want=53320, limit=40427
[  960.162502][   T26] audit: type=1804 audit(1729313360.773:302): pid=12227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1941" name="/newroot/79/file1/file1" dev="loop0" ino=10 res=1 errno=0
[  960.561731][T12164] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.589449][T12164] device bridge_slave_1 entered promiscuous mode
[  960.717479][T10669] attempt to access beyond end of device
[  960.717479][T10669] loop0: rw=2049, want=45104, limit=40427
[  960.740840][T12224] team0: Port device veth3 added
[  960.836506][T12164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  960.953561][T10609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  960.979264][T10609] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  961.054318][T12164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  961.092833][T11994] device veth0_vlan entered promiscuous mode
[  961.207950][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  961.228874][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  961.282249][T12164] team0: Port device team_slave_0 added
[  961.306908][T11994] device veth1_vlan entered promiscuous mode
[  961.322186][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  961.355772][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  961.374185][ T3669] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  961.427220][T12164] team0: Port device team_slave_1 added
[  961.544965][T12164] batman_adv: batadv0: Adding interface: batadv_slave_0
[  961.560891][T12164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  961.574989][T12211] loop1: detected capacity change from 0 to 32768
[  961.665535][T12164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  961.696259][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  961.712820][T12211] XFS (loop1): Mounting V5 Filesystem
[  961.725358][ T9813] Bluetooth: hci1: command 0x041b tx timeout
[  961.742483][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  961.813982][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  961.854837][T11994] device veth0_macvtap entered promiscuous mode
[  961.895758][T12164] batman_adv: batadv0: Adding interface: batadv_slave_1
[  961.933346][T12164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  961.962739][T12164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  962.041796][T12211] XFS (loop1): Ending clean mount
[  962.053114][T12211] XFS (loop1): Quotacheck needed: Please wait.
[  962.128133][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  962.153422][T11994] device veth1_macvtap entered promiscuous mode
[  962.180746][T12211] XFS (loop1): Quotacheck: Done.
[  962.835185][T12164] device hsr_slave_0 entered promiscuous mode
[  962.866580][T11468] XFS (loop1): Unmounting Filesystem
[  962.942727][T12164] device hsr_slave_1 entered promiscuous mode
[  962.977157][T12164] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  963.023263][T12164] Cannot create hsr debugfs directory
[  963.049861][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  963.060375][T12271] loop3: detected capacity change from 0 to 512
[  963.103346][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.141541][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  963.181770][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.195693][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  963.217513][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.238580][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  963.260281][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.283702][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  963.306591][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.330708][T11994] batman_adv: batadv0: Interface activated: batadv_slave_0
[  963.352625][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  963.377583][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.399822][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  963.434360][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.455569][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  963.478340][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.498726][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  963.524756][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.544797][T11994] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  963.560968][T11994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  963.601097][T11994] batman_adv: batadv0: Interface activated: batadv_slave_1
[  963.641873][T12271] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  963.666277][T12271] EXT4-fs (loop3): 1 truncate cleaned up
[  963.672018][T12271] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[  963.758293][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  963.785331][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  963.803745][ T9813] Bluetooth: hci1: command 0x040f tx timeout
[  963.830561][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  963.875231][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  963.997192][T11994] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  964.095830][T11994] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  964.259316][T11994] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  964.375306][T11994] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  964.871254][T12164] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  964.940489][T12290] loop0: detected capacity change from 0 to 64
[  964.961191][T12286] 9pnet: Insufficient options for proto=fd
[  965.009895][T12286] fuse: Bad value for 'fd'
[  965.057456][T12286] loop3: detected capacity change from 0 to 16
[  965.112252][T12164] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.172480][T10663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  965.190058][T10663] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  965.217075][T12286] erofs: (device loop3): mounted with root inode @ nid 36.
[  965.237786][T12164] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.270161][T12286] erofs: (device loop3): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36
[  965.314762][T12286] attempt to access beyond end of device
[  965.314762][T12286] loop3: rw=0, want=304, limit=16
[  965.331959][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  965.353560][T10215] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  965.361901][T12286] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  965.375889][T10663] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  965.404329][T10663] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  965.415168][T12164] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  965.445802][ T3756] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  965.603474][T10215] usb 1-1: Using ep0 maxpacket: 32
[  965.790151][T12299] loop2: detected capacity change from 0 to 4096
[  965.816682][T12164] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  965.843673][T10215] usb 1-1: config 0 has an invalid interface number: 16 but max is 0
[  965.875006][T10215] usb 1-1: config 0 has no interface number 0
[  966.235901][T10215] usb 1-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  966.257936][T12299] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512)
[  966.323755][T10215] usb 1-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  966.449270][ T9819] Bluetooth: hci1: command 0x0419 tx timeout
[  966.650556][T10215] usb 1-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[  966.660216][T12164] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  966.673348][T10215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  966.682233][T10215] usb 1-1: Product: syz
[  966.693300][T10215] usb 1-1: Manufacturer: syz
[  966.697923][T10215] usb 1-1: SerialNumber: syz
[  966.704373][T10215] usb 1-1: config 0 descriptor??
[  966.722711][T12164] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  967.055412][T12290] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  967.148675][T12290] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  967.434538][ T3681] tipc: Disabling bearer <udp:s>
[  967.457879][ T3681] tipc: Left network mode
[  967.503020][T12164] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  967.689551][T12318] loop3: detected capacity change from 0 to 256
[  967.762047][ T9809] usb 1-1: USB disconnect, device number 11
[  967.765555][T12318] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  967.794108][   T26] audit: type=1804 audit(1729313368.453:303): pid=12318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1967" name="/newroot/44/file0/bus" dev="loop3" ino=1048736 res=1 errno=0
[  967.859640][   T26] audit: type=1800 audit(1729313368.453:304): pid=12318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1967" name="bus" dev="loop3" ino=1048736 res=0 errno=0
[  967.972707][T12320] loop1: detected capacity change from 0 to 512
[  968.090564][T12164] 8021q: adding VLAN 0 to HW filter on device bond0
[  968.186597][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  968.239496][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  968.254259][T12320] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  968.280464][T12320] EXT4-fs (loop1): 1 truncate cleaned up
[  968.362299][T12164] 8021q: adding VLAN 0 to HW filter on device team0
[  968.373381][T12320] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[  968.432215][   T26] audit: type=1326 audit(1729313369.093:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12332 comm="syz.3.1971" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffa88812ff9 code=0x0
[  968.518163][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  968.555157][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  968.592257][ T3833] bridge0: port 1(bridge_slave_0) entered blocking state
[  968.599447][ T3833] bridge0: port 1(bridge_slave_0) entered forwarding state
[  968.670447][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  968.750811][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  968.814970][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  968.868979][ T3833] bridge0: port 2(bridge_slave_1) entered blocking state
[  968.876194][ T3833] bridge0: port 2(bridge_slave_1) entered forwarding state
[  968.931783][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  968.965614][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  969.000302][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  969.025328][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  969.044824][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  969.055276][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  969.064198][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  969.073050][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  969.082539][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  969.091486][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  969.101227][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  969.127913][T12164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  969.293459][ T9818] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  969.327020][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  969.337493][ T3833] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  969.346877][T12357] FAULT_INJECTION: forcing a failure.
[  969.346877][T12357] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  969.366946][T12164] 8021q: adding VLAN 0 to HW filter on device batadv0
[  969.397572][T12357] CPU: 1 PID: 12357 Comm: syz.3.1975 Not tainted 5.15.168-syzkaller #0
[  969.405845][T12357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  969.415906][T12357] Call Trace:
[  969.419190][T12357]  <TASK>
[  969.422216][T12357]  dump_stack_lvl+0x1e3/0x2d0
[  969.426918][T12357]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  969.432558][T12357]  ? panic+0x860/0x860
[  969.436652][T12357]  ? __lock_acquire+0x1295/0x1ff0
[  969.441766][T12357]  should_fail+0x38a/0x4c0
[  969.446196][T12357]  prepare_alloc_pages+0x1db/0x5b0
[  969.451415][T12357]  __alloc_pages+0x14f/0x700
[  969.456017][T12357]  ? __rmqueue_pcplist+0x2030/0x2030
[  969.461314][T12357]  ? alloc_pages+0x458/0x570
[  969.465910][T12357]  new_slab+0xbb/0x4b0
[  969.469991][T12357]  ___slab_alloc+0x6f6/0xe10
[  969.474591][T12357]  ? __alloc_skb+0xdd/0x590
[  969.479102][T12357]  kmem_cache_alloc_node+0x1ba/0x2c0
[  969.484390][T12357]  ? __alloc_skb+0xdd/0x590
[  969.488896][T12357]  __alloc_skb+0xdd/0x590
[  969.493230][T12357]  netlink_sendmsg+0x6f8/0xd60
[  969.498001][T12357]  ? netlink_getsockopt+0x5b0/0x5b0
[  969.503199][T12357]  ? aa_sock_msg_perm+0x91/0x150
[  969.508301][T12357]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  969.513591][T12357]  ? security_socket_sendmsg+0x7d/0xa0
[  969.519064][T12357]  ? netlink_getsockopt+0x5b0/0x5b0
[  969.524265][T12357]  ____sys_sendmsg+0x59e/0x8f0
[  969.529029][T12357]  ? iovec_from_user+0x300/0x390
[  969.533988][T12357]  ? __sys_sendmsg_sock+0x30/0x30
[  969.539023][T12357]  ___sys_sendmsg+0x252/0x2e0
[  969.543703][T12357]  ? __sys_sendmsg+0x260/0x260
[  969.548512][T12357]  ? __fdget+0x191/0x220
[  969.552780][T12357]  __se_sys_sendmsg+0x19a/0x260
[  969.557644][T12357]  ? __x64_sys_sendmsg+0x80/0x80
[  969.562604][T12357]  ? syscall_enter_from_user_mode+0x2e/0x240
[  969.568586][T12357]  ? lockdep_hardirqs_on+0x94/0x130
[  969.573788][T12357]  ? syscall_enter_from_user_mode+0x2e/0x240
[  969.579777][T12357]  do_syscall_64+0x3b/0xb0
[  969.584203][T12357]  ? clear_bhb_loop+0x15/0x70
[  969.589060][T12357]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  969.594981][T12357] RIP: 0033:0x7ffa88812ff9
[  969.599408][T12357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  969.619015][T12357] RSP: 002b:00007ffa86c8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  969.627438][T12357] RAX: ffffffffffffffda RBX: 00007ffa889caf80 RCX: 00007ffa88812ff9
[  969.635409][T12357] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  969.643379][T12357] RBP: 00007ffa86c8b090 R08: 0000000000000000 R09: 0000000000000000
[  969.651346][T12357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  969.659328][T12357] R13: 0000000000000000 R14: 00007ffa889caf80 R15: 00007ffd701283d8
[  969.663250][ T9818] usb 3-1: Using ep0 maxpacket: 16
[  969.667448][T12357]  </TASK>
[  969.983685][ T9818] usb 3-1: config 0 has an invalid interface number: 104 but max is 1
[  969.995818][ T9818] usb 3-1: config 0 has an invalid interface number: 104 but max is 1
[  970.008696][ T9818] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  970.152064][ T9818] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  970.378473][ T9818] usb 3-1: config 0 has no interface number 0
[  970.459015][ T9818] usb 3-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid maxpacket 14602, setting to 1024
[  970.492331][ T9818] usb 3-1: config 0 interface 104 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024
[  970.524009][ T9818] usb 3-1: config 0 interface 104 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  970.529654][T12374] loop0: detected capacity change from 0 to 256
[  970.551995][ T9818] usb 3-1: config 0 interface 104 has no altsetting 1
[  970.612390][ T3681] device hsr_slave_0 left promiscuous mode
[  970.619134][T12374] exfat: Unknown parameter 'ioch!YŽã…Óarset'
[  970.695478][ T3681] device hsr_slave_1 left promiscuous mode
[  970.703032][ T3681] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  970.744533][ T3681] batman_adv: batadv0: Removing interface: batadv_slave_0
[  970.763993][ T9818] usb 3-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=aa.36
[  970.783339][ T9818] usb 3-1: New USB device strings: Mfr=153, Product=2, SerialNumber=3
[  970.813444][ T9818] usb 3-1: Product: syz
[  970.817685][ T9818] usb 3-1: Manufacturer: syz
[  970.822337][ T9818] usb 3-1: SerialNumber: syz
[  970.874915][ T9818] usb 3-1: config 0 descriptor??
[  970.883856][ T3681] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  970.891303][ T3681] batman_adv: batadv0: Removing interface: batadv_slave_1
[  970.934063][ T3681] device bridge_slave_1 left promiscuous mode
[  970.940302][ T3681] bridge0: port 2(bridge_slave_1) entered disabled state
[  970.988854][ T3681] device bridge_slave_0 left promiscuous mode
[  970.999031][T12383] FAULT_INJECTION: forcing a failure.
[  970.999031][T12383] name failslab, interval 1, probability 0, space 0, times 0
[  971.023416][ T3681] bridge0: port 1(bridge_slave_0) entered disabled state
[  971.039846][T12378] loop1: detected capacity change from 0 to 512
[  971.047170][ T3681] device veth1_macvtap left promiscuous mode
[  971.063628][ T3681] device veth0_macvtap left promiscuous mode
[  971.069731][ T3681] device veth1_vlan left promiscuous mode
[  971.083412][T12383] CPU: 1 PID: 12383 Comm: syz.3.1982 Not tainted 5.15.168-syzkaller #0
[  971.091772][T12383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  971.101834][T12383] Call Trace:
[  971.105123][T12383]  <TASK>
[  971.108051][T12383]  dump_stack_lvl+0x1e3/0x2d0
[  971.112738][T12383]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  971.118419][T12383]  ? panic+0x860/0x860
[  971.122515][T12383]  should_fail+0x38a/0x4c0
[  971.126950][T12383]  should_failslab+0x5/0x20
[  971.131466][T12383]  slab_pre_alloc_hook+0x53/0xc0
[  971.136416][T12383]  __kmalloc_node_track_caller+0x6b/0x390
[  971.142227][T12383]  ? _sctp_make_chunk+0x58/0x450
[  971.147173][T12383]  ? kmem_cache_alloc_node+0x154/0x2c0
[  971.152726][T12383]  ? __alloc_skb+0xdd/0x590
[  971.153299][ T9818] asix 3-1:0.104 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  971.157232][T12383]  ? _sctp_make_chunk+0x58/0x450
[  971.172280][T12383]  __alloc_skb+0x12c/0x590
[  971.176708][T12383]  _sctp_make_chunk+0x58/0x450
[  971.177869][ T9818] asix: probe of 3-1:0.104 failed with error -71
[  971.181490][T12383]  sctp_make_heartbeat+0x96/0x8b0
[  971.192812][T12383]  ? validate_chain+0x112/0x5930
[  971.197851][T12383]  ? sctp_make_new_encap_port+0xa70/0xa70
[  971.203575][T12383]  ? validate_chain+0x112/0x5930
[  971.208519][T12383]  ? deref_stack_reg+0xbe/0x110
[  971.213375][T12383]  sctp_sf_do_prm_requestheartbeat+0x29/0x280
[  971.219456][T12383]  ? sctp_cname+0x110/0x110
[  971.223975][T12383]  sctp_do_sm+0x1ed/0x5c80
[  971.228425][T12383]  ? sctp_generate_t3_rtx_event+0x320/0x320
[  971.229614][ T9818] usb 3-1: USB disconnect, device number 7
[  971.234327][T12383]  ? stack_trace_save+0x113/0x1c0
[  971.234382][T12383]  ? print_irqtrace_events+0x210/0x210
[  971.234402][T12383]  ? lockdep_hardirqs_on_prepare+0x7a0/0x7a0
[  971.256613][T12383]  sctp_primitive_REQUESTHEARTBEAT+0x94/0xc0
[  971.262618][T12383]  sctp_apply_peer_addr_params+0xd5/0x1660
[  971.268450][T12383]  ? lockdep_hardirqs_on+0x94/0x130
[  971.273748][T12383]  ? sctp_setsockopt_peer_addr_params+0x41a/0x960
[  971.280299][T12383]  sctp_setsockopt_peer_addr_params+0x6ad/0x960
[  971.286572][T12383]  sctp_setsockopt+0x43e/0x10d0
[  971.291440][T12383]  ? sock_common_recvmsg+0x240/0x240
[  971.296732][T12383]  __sys_setsockopt+0x57e/0x990
[  971.301601][T12383]  ? __ia32_sys_recv+0xb0/0xb0
[  971.306384][T12383]  ? syscall_enter_from_user_mode+0x2e/0x240
[  971.312371][T12383]  __x64_sys_setsockopt+0xb1/0xc0
[  971.317406][T12383]  do_syscall_64+0x3b/0xb0
[  971.321820][T12383]  ? clear_bhb_loop+0x15/0x70
[  971.326497][T12383]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  971.332392][T12383] RIP: 0033:0x7ffa88812ff9
[  971.336805][T12383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  971.356518][T12383] RSP: 002b:00007ffa86c8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  971.362142][ T3681] device veth0_vlan left promiscuous mode
[  971.364936][T12383] RAX: ffffffffffffffda RBX: 00007ffa889caf80 RCX: 00007ffa88812ff9
[  971.364953][T12383] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000003
[  971.364964][T12383] RBP: 00007ffa86c8b090 R08: 000000000000009c R09: 0000000000000000
[  971.394566][T12383] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000001
[  971.402552][T12383] R13: 0000000000000000 R14: 00007ffa889caf80 R15: 00007ffd701283d8
[  971.410722][T12383]  </TASK>
[  971.464672][T12378] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  971.472968][T12378] EXT4-fs (loop1): 1 truncate cleaned up
[  971.535887][T12378] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[  971.591729][T12374] loop0: detected capacity change from 0 to 40427
[  971.708436][T12374] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  971.746525][T12374] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  971.805860][T12374] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  972.130985][T12374] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  972.150732][T12374] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  972.174912][T12395] loop2: detected capacity change from 0 to 512
[  972.359231][T12395] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  972.482871][T12401] attempt to access beyond end of device
[  972.482871][T12401] loop0: rw=2049, want=53256, limit=40427
[  972.507780][T12401] attempt to access beyond end of device
[  972.507780][T12401] loop0: rw=2049, want=53320, limit=40427
[  972.726732][   T26] audit: type=1804 audit(1729313373.163:306): pid=12401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1979" name="/newroot/89/file1/file1" dev="loop0" ino=10 res=1 errno=0
[  972.840367][T12395] EXT4-fs (loop2): 1 truncate cleaned up
[  972.857387][T12395] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,nombcache,inode_readahead_blks=0x0000000000000002,stripe=0x0000000002004000,max_batch_time=0x0000000000000002,max_batch_time=0x0000000000000004,,errors=continue. Quota mode: none.
[  972.947085][T10669] attempt to access beyond end of device
[  972.947085][T10669] loop0: rw=2049, want=45104, limit=40427
[  973.098815][ T3681] team0 (unregistering): Port device team_slave_1 removed
[  973.120134][T12395] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  973.152748][ T3681] team0 (unregistering): Port device team_slave_0 removed
[  973.992027][ T3681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  974.069529][ T3681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  974.879403][T12427] loop3: detected capacity change from 0 to 256
[  975.108960][T12427] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  975.158347][   T26] audit: type=1804 audit(1729313375.823:307): pid=12427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1994" name="/newroot/55/file0/bus" dev="loop3" ino=1048737 res=1 errno=0
[  975.441582][T12429] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1995'.
[  975.581884][   T26] audit: type=1800 audit(1729313375.823:308): pid=12427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1994" name="bus" dev="loop3" ino=1048737 res=0 errno=0
[  975.878238][ T3681] bond0 (unregistering): Released all slaves
[  976.094732][T12164] device veth0_vlan entered promiscuous mode
[  976.150746][T12164] device veth1_vlan entered promiscuous mode
[  976.223453][T10222] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  976.253100][T12164] device veth0_macvtap entered promiscuous mode
[  976.290779][T12164] device veth1_macvtap entered promiscuous mode
[  976.351172][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  976.386728][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  976.423999][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  976.455608][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  976.473320][T10222] usb 1-1: Using ep0 maxpacket: 32
[  976.482023][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  976.505740][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  976.542414][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  976.576674][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  976.593840][T10222] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  976.617553][T10222] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  976.633353][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  976.661721][T10222] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  976.677598][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  976.701968][T10222] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.723663][T12164] batman_adv: batadv0: Interface activated: batadv_slave_0
[  976.772241][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  976.781423][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  976.790478][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  976.821778][T10222] hub 1-1:4.0: USB hub found
[  976.837088][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  976.871273][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  976.885765][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  976.894785][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  976.905922][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  976.956561][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  976.969708][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  976.986729][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  976.996551][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  977.005227][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  977.014690][T10222] hub 1-1:4.0: 2 ports detected
[  977.018019][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  977.019595][T10222] usb 1-1: selecting invalid altsetting 1
[  977.053633][T12437] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1996'.
[  977.074478][T10222] hub 1-1:4.0: Using single TT (err -22)
[  977.096098][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  977.127032][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  977.164821][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  977.184882][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  977.203252][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  977.223319][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  977.370129][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  977.463656][ T9813] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  977.474739][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  977.662515][T12164] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  977.768089][T12164] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  977.924053][T12164] batman_adv: batadv0: Interface activated: batadv_slave_1
[  977.943766][ T9813] usb 2-1: config 0 has an invalid interface number: 15 but max is 0
[  977.955122][ T9813] usb 2-1: config 0 has no interface number 0
[  977.968785][ T9813] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=90.ff
[  977.982969][T12436] batman_adv: batadv1: Adding interface: netdevsim0
[  978.014141][T12436] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  978.040523][ T9813] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  978.053251][T12455] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2002'.
[  978.054855][T12436] batman_adv: batadv1: Interface activated: netdevsim0
[  978.082661][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  978.085305][T12457] loop2: detected capacity change from 0 to 512
[  978.104225][ T9813] usb 2-1: config 0 descriptor??
[  978.114149][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  978.133293][T12455] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2002'.
[  978.153457][T10222] hub 1-1:4.0: hub_hub_status failed (err = -71)
[  978.160457][T10222] hub 1-1:4.0: config failed, can't get hub status (err -71)
[  978.171683][T12164] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  978.198996][T12164] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  978.234611][T10222] usb 1-1: USB disconnect, device number 12
[  978.246847][T12164] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  978.286611][T12164] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  978.333372][T12457] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  978.359589][ T9813] snd-usb-audio: probe of 2-1:0.15 failed with error -2
[  978.401244][ T9813] usb 2-1: USB disconnect, device number 10
[  978.408059][T12457] EXT4-fs (loop2): 1 truncate cleaned up
[  978.417275][T12457] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  978.503474][ T9818] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  978.516072][ T3669] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  978.528056][ T3756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  978.589005][ T3756] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  978.598759][ T3669] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  978.624097][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  978.644572][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  978.823578][ T9818] usb 4-1: Using ep0 maxpacket: 16
[  978.953665][ T9818] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  978.979541][ T9818] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  979.019937][T12465] loop0: detected capacity change from 0 to 512
[  979.369716][T12465] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  979.615190][T12465] EXT4-fs (loop0): 1 truncate cleaned up
[  979.786226][T12465] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[  980.973462][ T9818] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  980.982686][ T9818] usb 4-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0
[  981.013958][ T9818] usb 4-1: Product: syz
[  981.018673][ T9818] usb 4-1: Manufacturer: syz
[  981.068735][T12476] loop1: detected capacity change from 0 to 4096
[  981.133708][ T9818] usb 4-1: config 0 descriptor??
[  981.153629][ T9818] usb 4-1: can't set config #0, error -71
[  981.171347][ T9818] usb 4-1: USB disconnect, device number 11
[  981.250189][T12483] loop0: detected capacity change from 0 to 256
[  981.301066][T12476] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[  981.388439][T12483] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  981.493757][   T26] audit: type=1804 audit(1729313382.153:309): pid=12483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2009" name="/newroot/93/file0/bus" dev="loop0" ino=1048741 res=1 errno=0
[  982.154071][   T26] audit: type=1800 audit(1729313382.153:310): pid=12483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2009" name="bus" dev="loop0" ino=1048741 res=0 errno=0
[  982.520307][T12486] loop3: detected capacity change from 0 to 4096
[  982.633165][T12486] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
[  983.140571][T12490] FAULT_INJECTION: forcing a failure.
[  983.140571][T12490] name failslab, interval 1, probability 0, space 0, times 0
[  983.153352][T12490] CPU: 1 PID: 12490 Comm: syz.1.2014 Not tainted 5.15.168-syzkaller #0
[  983.161687][T12490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  983.171755][T12490] Call Trace:
[  983.175039][T12490]  <TASK>
[  983.177964][T12490]  dump_stack_lvl+0x1e3/0x2d0
[  983.182648][T12490]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  983.188281][T12490]  ? panic+0x860/0x860
[  983.192351][T12490]  ? __might_sleep+0xc0/0xc0
[  983.196945][T12490]  should_fail+0x38a/0x4c0
[  983.201380][T12490]  should_failslab+0x5/0x20
[  983.205891][T12490]  slab_pre_alloc_hook+0x53/0xc0
[  983.210840][T12490]  __kmalloc+0x6e/0x300
[  983.215000][T12490]  ? alloc_pipe_info+0x1fa/0x4b0
[  983.220053][T12490]  ? alloc_pipe_info+0xe6/0x4b0
[  983.224918][T12490]  alloc_pipe_info+0x1fa/0x4b0
[  983.229693][T12490]  create_pipe_files+0x81/0x700
[  983.234549][T12490]  ? __lock_acquire+0x1ff0/0x1ff0
[  983.239586][T12490]  __do_pipe_flags+0x46/0x200
[  983.244281][T12490]  do_pipe2+0xd0/0x300
[  983.248387][T12490]  ? pipe_fcntl+0x510/0x510
[  983.252452][T12486] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  983.252917][T12490]  ? syscall_enter_from_user_mode+0x2e/0x240
[  983.252942][T12490]  ? lockdep_hardirqs_on+0x94/0x130
[  983.252967][T12490]  __x64_sys_pipe+0x36/0x40
[  983.252984][T12490]  do_syscall_64+0x3b/0xb0
[  983.252998][T12490]  ? clear_bhb_loop+0x15/0x70
[  983.285050][T12490]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  983.290961][T12490] RIP: 0033:0x7f893aaf4ff9
[  983.295385][T12490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  983.315001][T12490] RSP: 002b:00007f8938f6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000016
[  983.323437][T12490] RAX: ffffffffffffffda RBX: 00007f893acacf80 RCX: 00007f893aaf4ff9
[  983.331423][T12490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  983.339409][T12490] RBP: 00007f8938f6d090 R08: 0000000000000000 R09: 0000000000000000
[  983.347388][T12490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  983.355378][T12490] R13: 0000000000000000 R14: 00007f893acacf80 R15: 00007fff8b510388
[  983.363467][T12490]  </TASK>
[  983.530559][T12493] loop1: detected capacity change from 0 to 1024
[  983.768498][T12493] EXT4-fs (loop1): Ignoring removed orlov option
[  983.844177][T12499] overlayfs: './file1' not a directory
[  984.002452][T12487] chnl_net:caif_netlink_parms(): no params data found
[  984.338749][T12493] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,nombcache,journal_dev=0x0000000000000001,usrjquota=,orlov,errors=remount-ro,lazytime,jqfmt=vfsold,grpjquota=,. Quota mode: none.
[  984.494623][   T26] audit: type=1800 audit(1729313385.163:311): pid=12508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2016" name="bus" dev="loop1" ino=18 res=0 errno=0
[  984.614374][T12511] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2017'.
[  984.833324][T10213] Bluetooth: hci3: command 0x0409 tx timeout
[  984.839478][T12511] team0: Port device veth3 added
[  985.010657][T12487] bridge0: port 1(bridge_slave_0) entered blocking state
[  985.062819][T12487] bridge0: port 1(bridge_slave_0) entered disabled state
[  985.103650][T12487] device bridge_slave_0 entered promiscuous mode
[  985.179714][T12525] loop0: detected capacity change from 0 to 256
[  985.203937][T12487] bridge0: port 2(bridge_slave_1) entered blocking state
[  985.349339][T12525] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  985.402928][   T26] audit: type=1804 audit(1729313386.063:312): pid=12525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2020" name="/newroot/96/file0/bus" dev="loop0" ino=1048742 res=1 errno=0
[  985.501588][T12487] bridge0: port 2(bridge_slave_1) entered disabled state
[  985.731779][T12487] device bridge_slave_1 entered promiscuous mode
[  985.816918][   T26] audit: type=1800 audit(1729313386.063:313): pid=12525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2020" name="bus" dev="loop0" ino=1048742 res=0 errno=0
[  986.034141][T12487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  986.114043][T12487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  986.222448][T12531] loop1: detected capacity change from 0 to 512
[  986.334049][T12487] team0: Port device team_slave_0 added
[  986.429515][T12530] loop3: detected capacity change from 0 to 512
[  986.455835][T12487] team0: Port device team_slave_1 added
[  986.574277][T12530] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  986.613902][T12530] EXT4-fs (loop3): 1 truncate cleaned up
[  986.619629][T12530] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[  986.735543][T12487] batman_adv: batadv0: Adding interface: batadv_slave_0
[  986.749486][T12487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  986.775393][    C0] vkms_vblank_simulate: vblank timer overrun
[  986.902757][T12487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  986.978929][T12535] loop1: detected capacity change from 0 to 4096
[  986.987882][T10215] Bluetooth: hci3: command 0x041b tx timeout
[  987.080800][T12537] FAULT_INJECTION: forcing a failure.
[  987.080800][T12537] name failslab, interval 1, probability 0, space 0, times 0
[  987.123821][T12487] batman_adv: batadv0: Adding interface: batadv_slave_1
[  987.130785][T12487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  987.156840][    C0] vkms_vblank_simulate: vblank timer overrun
[  987.226521][T12537] CPU: 0 PID: 12537 Comm: syz.0.2024 Not tainted 5.15.168-syzkaller #0
[  987.234801][T12537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  987.244866][T12537] Call Trace:
[  987.248147][T12537]  <TASK>
[  987.251075][T12537]  dump_stack_lvl+0x1e3/0x2d0
[  987.255764][T12537]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  987.255944][T12487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  987.261401][T12537]  ? panic+0x860/0x860
[  987.261425][T12537]  ? __might_sleep+0xc0/0xc0
[  987.261443][T12537]  ? __rwlock_init+0x40/0x140
[  987.261463][T12537]  should_fail+0x38a/0x4c0
[  987.261487][T12537]  should_failslab+0x5/0x20
[  987.261504][T12537]  slab_pre_alloc_hook+0x53/0xc0
[  987.261524][T12537]  ? __d_alloc+0x2a/0x700
[  987.261543][T12537]  kmem_cache_alloc+0x3f/0x280
[  987.261565][T12537]  __d_alloc+0x2a/0x700
[  987.261583][T12537]  ? lockdep_softirqs_off+0x420/0x420
[  987.261605][T12537]  d_alloc_pseudo+0x19/0x70
[  987.261625][T12537]  alloc_file_pseudo+0x131/0x2f0
[  987.261645][T12537]  ? prandom_u32+0x218/0x260
[  987.261667][T12537]  ? alloc_empty_file_noaccount+0x80/0x80
[  987.261689][T12537]  ? shmem_get_inode+0x8e3/0xad0
[  987.261716][T12537]  __shmem_file_setup+0x1ca/0x290
[  987.261773][T12537]  ? shmem_file_setup+0x13/0x30
[  987.261793][T12537]  __se_sys_memfd_create+0x2bb/0x590
[  987.261811][T12537]  ? vtime_user_exit+0x2d1/0x400
[  987.261831][T12537]  ? __x64_sys_memfd_create+0x60/0x60
[  987.261850][T12537]  ? syscall_enter_from_user_mode+0x2e/0x240
[  987.261870][T12537]  ? lockdep_hardirqs_on+0x94/0x130
[  987.261890][T12537]  ? syscall_enter_from_user_mode+0x2e/0x240
[  987.261913][T12537]  do_syscall_64+0x3b/0xb0
[  987.261929][T12537]  ? clear_bhb_loop+0x15/0x70
[  987.261947][T12537]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  987.261967][T12537] RIP: 0033:0x7f9c6485bff9
[  987.261986][T12537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  987.262000][T12537] RSP: 002b:00007f9c62cd3e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  987.262018][T12537] RAX: ffffffffffffffda RBX: 00000000000010ef RCX: 00007f9c6485bff9
[  987.262030][T12537] RDX: 00007f9c62cd3ef0 RSI: 0000000000000000 RDI: 00007f9c648ceb02
[  987.262041][T12537] RBP: 00000000200011c0 R08: 00007f9c62cd3bb7 R09: 00007f9c62cd3e40
[  987.262053][T12537] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020001140
[  987.262064][T12537] R13: 00007f9c62cd3ef0 R14: 00007f9c62cd3eb0 R15: 0000000020001180
[  987.262090][T12537]  </TASK>
[  987.262142][    C0] vkms_vblank_simulate: vblank timer overrun
[  987.492505][T12541] loop0: detected capacity change from 0 to 256
[  987.541799][T12535] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512)
[  987.563898][T12541] exfat: Unknown parameter 'ioch!YŽã…Óarset'
[  987.594527][T12535] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  987.618821][T12539] loop3: detected capacity change from 0 to 4096
[  988.056744][T12548] loop1: detected capacity change from 0 to 256
[  988.110901][T12487] device hsr_slave_0 entered promiscuous mode
[  988.129425][T12548] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  988.142639][T12487] device hsr_slave_1 entered promiscuous mode
[  988.223304][ T9818] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  988.428871][T12487] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  988.609511][T12487] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  988.620659][ T9818] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  988.652582][T12541] loop0: detected capacity change from 0 to 40427
[  988.657382][ T9818] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  988.687215][ T9818] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  988.723301][ T9818] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  988.743337][ T9818] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.761279][T12541] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  988.783637][ T9818] usb 4-1: config 0 descriptor??
[  988.793830][T12541] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  988.823824][T12544] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  988.924384][T12541] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  988.938121][T12487] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  989.074479][T10222] Bluetooth: hci3: command 0x040f tx timeout
[  989.434633][T12541] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  989.452079][T12541] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  990.235232][ T9818] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd
[  990.245489][T12487] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  990.257056][ T9818] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  990.398716][ T9818] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  990.474831][T12585] attempt to access beyond end of device
[  990.474831][T12585] loop0: rw=2049, want=53256, limit=40427
[  990.516987][T12585] attempt to access beyond end of device
[  990.516987][T12585] loop0: rw=2049, want=53320, limit=40427
[  990.933367][   T26] audit: type=1804 audit(1729313391.163:314): pid=12585 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2026" name="/newroot/98/file1/file1" dev="loop0" ino=10 res=1 errno=0
[  991.083155][ T9818] usb 4-1: USB disconnect, device number 12
[  991.099371][T10669] attempt to access beyond end of device
[  991.099371][T10669] loop0: rw=2049, want=45104, limit=40427
[  991.154423][T10214] Bluetooth: hci3: command 0x0419 tx timeout
[  991.234935][T12487] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  991.318461][T12487] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  991.355659][T12487] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  991.377619][T12487] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  991.510005][T12598] loop1: detected capacity change from 0 to 256
[  992.435133][T12598] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  992.490269][   T26] audit: type=1804 audit(1729313393.153:315): pid=12598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2039" name="/newroot/45/file0/bus" dev="loop1" ino=1048743 res=1 errno=0
[  992.777336][   T26] audit: type=1800 audit(1729313393.153:316): pid=12598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2039" name="bus" dev="loop1" ino=1048743 res=0 errno=0
[  993.145612][T12487] 8021q: adding VLAN 0 to HW filter on device bond0
[  993.205312][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  993.243686][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  993.285541][T12487] 8021q: adding VLAN 0 to HW filter on device team0
[  993.336589][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  993.351774][T12610] loop0: detected capacity change from 0 to 4096
[  993.363986][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  993.400804][ T1394] ieee802154 phy0 wpan0: encryption failed: -22
[  993.407164][ T1394] ieee802154 phy1 wpan1: encryption failed: -22
[  993.560789][ T3671] bridge0: port 1(bridge_slave_0) entered blocking state
[  993.567944][ T3671] bridge0: port 1(bridge_slave_0) entered forwarding state
[  993.636130][T12610] ntfs: (device loop0): load_attribute_list(): Cannot read attribute list since runlist is missing.
[  993.649515][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  993.657933][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  993.675149][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  993.693379][T12610] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to load attribute list attribute.
[  993.707967][ T3671] bridge0: port 2(bridge_slave_1) entered blocking state
[  993.715094][ T3671] bridge0: port 2(bridge_slave_1) entered forwarding state
[  993.724985][T12610] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  993.743677][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  993.752909][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  993.761779][T12610] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  993.784390][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  993.797470][T12610] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  993.824323][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  993.850729][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  993.860647][T12610] ntfs: (device loop0): ntfs_attr_find(): Inode is corrupt.  Run chkdsk.
[  993.887835][T12610] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup $DATA attribute.
[  993.911339][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  993.950363][T12625] loop3: detected capacity change from 0 to 256
[  995.460503][T12625] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  995.996370][   T26] kauditd_printk_skb: 3 callbacks suppressed
[  995.996402][   T26] audit: type=1804 audit(1729313396.663:317): pid=12625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2046" name="/newroot/66/file0/bus" dev="loop3" ino=1048744 res=1 errno=0
[  996.264419][   T26] audit: type=1800 audit(1729313396.703:318): pid=12625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2046" name="bus" dev="loop3" ino=1048744 res=0 errno=0
[  996.560931][T12624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2044'.
[  997.097928][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  997.112647][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  997.135128][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  997.155171][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  997.190621][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  997.244698][T12487] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  997.353610][T12631] netlink: 'syz.0.2047': attribute type 1 has an invalid length.
[  997.601170][T12657] loop3: detected capacity change from 0 to 256
[  997.727271][T12657] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[  997.823580][   T26] audit: type=1804 audit(1729313398.483:319): pid=12657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2051" name="/newroot/67/file0/bus" dev="loop3" ino=1048745 res=1 errno=0
[  998.470733][  T556] batman_adv: batadv2: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  998.491613][   T26] audit: type=1800 audit(1729313398.483:320): pid=12657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2051" name="bus" dev="loop3" ino=1048745 res=0 errno=0
[  999.076070][  T556] batman_adv: batadv2: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[ 1000.450213][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1000.459463][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1000.568342][T12487] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1000.864773][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1000.901414][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1000.989591][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1001.007340][T12675] loop1: detected capacity change from 0 to 512
[ 1001.020943][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1001.070797][T12487] device veth0_vlan entered promiscuous mode
[ 1001.092765][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1001.118988][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1001.161819][T12487] device veth1_vlan entered promiscuous mode
[ 1001.266077][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1001.282310][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1001.339602][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1001.382630][T12683] loop3: detected capacity change from 0 to 256
[ 1001.390651][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1001.423055][T12487] device veth0_macvtap entered promiscuous mode
[ 1001.513077][T12683] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[ 1001.536347][   T26] audit: type=1804 audit(1729313402.203:321): pid=12683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2059" name="/newroot/69/file0/bus" dev="loop3" ino=1048746 res=1 errno=0
[ 1001.562287][T12487] device veth1_macvtap entered promiscuous mode
[ 1001.598073][T12675] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[ 1001.614558][ T9770] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1001.624127][ T9770] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1001.641501][T12675] EXT4-fs (loop1): 1 truncate cleaned up
[ 1001.652537][T12675] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[ 1001.727444][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1001.745398][   T26] audit: type=1800 audit(1729313402.203:322): pid=12683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2059" name="bus" dev="loop3" ino=1048746 res=0 errno=0
[ 1001.753118][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1001.831693][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1001.882041][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1001.920882][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1001.941695][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1001.952986][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1001.973376][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1001.992632][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1002.013305][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1002.024016][T12693] loop0: detected capacity change from 0 to 512
[ 1002.032191][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1002.065105][T12693] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[ 1002.081969][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1002.102855][T12693] EXT4-fs (loop0): 1 truncate cleaned up
[ 1002.139159][T12487] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1002.159409][T12693] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[ 1002.213321][T12687] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2060'.
[ 1002.459804][T12710] x_tables: duplicate underflow at hook 4
[ 1003.056731][T12716] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2067'.
[ 1003.317052][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1003.339154][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1003.405811][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1003.425770][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1003.444774][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1003.463472][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1003.496075][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1003.518901][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1003.534531][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1003.546852][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1003.557637][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1003.568834][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1003.579393][T12487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1003.756991][T12487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1004.026036][T12487] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1004.471458][T12708] loop3: detected capacity change from 0 to 32768
[ 1005.406275][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1005.436018][T10663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1005.496663][T12487] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1005.530388][T12487] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1005.563257][T12487] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1005.596679][T12487] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1005.653728][T12741] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2075'.
[ 1005.682730][T12737] loop0: detected capacity change from 0 to 512
[ 1005.691749][ T3681] device hsr_slave_0 left promiscuous mode
[ 1005.755335][ T3681] device hsr_slave_1 left promiscuous mode
[ 1005.774129][ T3681] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1005.791782][ T3681] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1005.804958][ T3681] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1005.841391][T12737] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[ 1005.860884][T12737] EXT4-fs (loop0): 1 truncate cleaned up
[ 1005.883278][T12737] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[ 1005.893370][ T3681] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1006.084817][ T3681] device bridge_slave_1 left promiscuous mode
[ 1006.091215][ T3681] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1006.134797][ T3681] device bridge_slave_0 left promiscuous mode
[ 1006.141084][ T3681] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1006.179916][ T3681] device veth1_macvtap left promiscuous mode
[ 1006.203473][ T3681] device veth0_macvtap left promiscuous mode
[ 1006.211313][T12757] FAULT_INJECTION: forcing a failure.
[ 1006.211313][T12757] name failslab, interval 1, probability 0, space 0, times 0
[ 1006.233589][T12757] CPU: 0 PID: 12757 Comm: syz.3.2077 Not tainted 5.15.168-syzkaller #0
[ 1006.241879][T12757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1006.242603][ T3681] device veth1_vlan left promiscuous mode
[ 1006.252040][T12757] Call Trace:
[ 1006.252050][T12757]  <TASK>
[ 1006.252058][T12757]  dump_stack_lvl+0x1e3/0x2d0
[ 1006.252083][T12757]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1006.274341][T12757]  ? panic+0x860/0x860
[ 1006.278426][T12757]  ? __might_sleep+0xc0/0xc0
[ 1006.283040][T12757]  should_fail+0x38a/0x4c0
[ 1006.287485][T12757]  should_failslab+0x5/0x20
[ 1006.292002][T12757]  slab_pre_alloc_hook+0x53/0xc0
[ 1006.293140][ T3681] device veth0_vlan left promiscuous mode
[ 1006.296952][T12757]  __kmalloc+0x6e/0x300
[ 1006.296973][T12757]  ? tomoyo_realpath_from_path+0xd8/0x5e0
[ 1006.296997][T12757]  tomoyo_realpath_from_path+0xd8/0x5e0
[ 1006.318694][T12757]  tomoyo_path_number_perm+0x225/0x810
[ 1006.324268][T12757]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1006.329868][T12757]  ? __fget_files+0x413/0x480
[ 1006.334552][T12757]  security_file_ioctl+0x6d/0xa0
[ 1006.339496][T12757]  __se_sys_ioctl+0x47/0x160
[ 1006.344089][T12757]  do_syscall_64+0x3b/0xb0
[ 1006.348512][T12757]  ? clear_bhb_loop+0x15/0x70
[ 1006.353272][T12757]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1006.359164][T12757] RIP: 0033:0x7ffa88812ff9
[ 1006.363580][T12757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1006.383190][T12757] RSP: 002b:00007ffa86c49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1006.391615][T12757] RAX: ffffffffffffffda RBX: 00007ffa889cb130 RCX: 00007ffa88812ff9
[ 1006.399678][T12757] RDX: 0000000000000000 RSI: 0000000080047c05 RDI: 0000000000000005
[ 1006.407702][T12757] RBP: 00007ffa86c49090 R08: 0000000000000000 R09: 0000000000000000
[ 1006.415782][T12757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1006.423867][T12757] R13: 0000000000000000 R14: 00007ffa889cb130 R15: 00007ffd701283d8
[ 1006.431857][T12757]  </TASK>
[ 1006.861255][T12757] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1006.971068][ T3681] team0 (unregistering): Port device team_slave_1 removed
[ 1007.002081][ T3681] team0 (unregistering): Port device team_slave_0 removed
[ 1007.031794][ T3681] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1007.061727][ T3681] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1007.093292][ T9813] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[ 1007.232290][ T3681] bond0 (unregistering): Released all slaves
[ 1007.428701][ T9770] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1007.491393][ T3670] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1007.500709][ T3670] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1007.504657][ T9770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1007.534824][T12742] team0: Device ipvlan1 failed to register rx_handler
[ 1007.613655][ T9813] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1007.629558][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1007.646128][ T9813] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1007.654159][ T3671] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1007.678051][ T9813] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1007.691104][T12760] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2078'.
[ 1007.854103][ T9813] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[ 1007.913992][ T9813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1007.929717][ T9813] usb 1-1: SerialNumber: syz
[ 1008.096607][ T9813] cdc_ether: probe of 1-1:1.0 failed with error -22
[ 1008.116419][ T9813] usb-storage 1-1:1.0: USB Mass Storage device detected
[ 1008.229754][ T9813] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[ 1008.322295][ T9813] usb 1-1: USB disconnect, device number 13
[ 1008.438649][T12772] loop3: detected capacity change from 0 to 4096
[ 1008.494618][T12772] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
[ 1008.739092][T12784] FAULT_INJECTION: forcing a failure.
[ 1008.739092][T12784] name failslab, interval 1, probability 0, space 0, times 0
[ 1008.793428][T12784] CPU: 1 PID: 12784 Comm: syz.1.2083 Not tainted 5.15.168-syzkaller #0
[ 1008.801811][T12784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1008.811875][T12784] Call Trace:
[ 1008.815175][T12784]  <TASK>
[ 1008.818130][T12784]  dump_stack_lvl+0x1e3/0x2d0
[ 1008.822824][T12784]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1008.828467][T12784]  ? panic+0x860/0x860
[ 1008.832830][T12784]  ? __might_sleep+0xc0/0xc0
[ 1008.837437][T12784]  should_fail+0x38a/0x4c0
[ 1008.841870][T12784]  should_failslab+0x5/0x20
[ 1008.846377][T12784]  slab_pre_alloc_hook+0x53/0xc0
[ 1008.851323][T12784]  ? getname_flags+0xb8/0x4e0
[ 1008.856005][T12784]  kmem_cache_alloc+0x3f/0x280
[ 1008.860790][T12784]  getname_flags+0xb8/0x4e0
[ 1008.865309][T12784]  user_path_at_empty+0x2a/0x180
[ 1008.870269][T12784]  __se_sys_mount+0x296/0x3c0
[ 1008.874961][T12784]  ? __x64_sys_mount+0xc0/0xc0
[ 1008.879742][T12784]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1008.885740][T12784]  ? lockdep_hardirqs_on+0x94/0x130
[ 1008.891036][T12784]  ? __x64_sys_mount+0x1c/0xc0
[ 1008.895809][T12784]  do_syscall_64+0x3b/0xb0
[ 1008.900232][T12784]  ? clear_bhb_loop+0x15/0x70
[ 1008.904913][T12784]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1008.910819][T12784] RIP: 0033:0x7f893aaf4ff9
[ 1008.915238][T12784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1008.934932][T12784] RSP: 002b:00007f8938f6d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1008.943441][T12784] RAX: ffffffffffffffda RBX: 00007f893acacf80 RCX: 00007f893aaf4ff9
[ 1008.951412][T12784] RDX: 0000000020000100 RSI: 0000000020000140 RDI: 0000000020000000
[ 1008.959379][T12784] RBP: 00007f8938f6d090 R08: 0000000000000000 R09: 0000000000000000
[ 1008.967353][T12784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1008.975328][T12784] R13: 0000000000000000 R14: 00007f893acacf80 R15: 00007fff8b510388
[ 1008.983319][T12784]  </TASK>
[ 1008.986371][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1009.193374][T12792] loop3: detected capacity change from 0 to 256
[ 1009.314701][T12792] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[ 1009.383335][   T26] audit: type=1804 audit(1729313410.033:323): pid=12792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2084" name="/newroot/76/file0/bus" dev="loop3" ino=1048749 res=1 errno=0
[ 1009.735873][T12793] FAULT_INJECTION: forcing a failure.
[ 1009.735873][T12793] name failslab, interval 1, probability 0, space 0, times 0
[ 1009.963323][   T26] audit: type=1800 audit(1729313410.033:324): pid=12792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2084" name="bus" dev="loop3" ino=1048749 res=0 errno=0
[ 1009.994238][T12793] CPU: 1 PID: 12793 Comm: syz.0.2086 Not tainted 5.15.168-syzkaller #0
[ 1010.002521][T12793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1010.012784][T12793] Call Trace:
[ 1010.016071][T12793]  <TASK>
[ 1010.019012][T12793]  dump_stack_lvl+0x1e3/0x2d0
[ 1010.023692][T12793]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1010.029329][T12793]  ? panic+0x860/0x860
[ 1010.033405][T12793]  ? __might_sleep+0xc0/0xc0
[ 1010.038000][T12793]  ? __rwlock_init+0x40/0x140
[ 1010.042677][T12793]  should_fail+0x38a/0x4c0
[ 1010.047110][T12793]  should_failslab+0x5/0x20
[ 1010.051739][T12793]  slab_pre_alloc_hook+0x53/0xc0
[ 1010.056772][T12793]  ? __d_alloc+0x2a/0x700
[ 1010.061114][T12793]  kmem_cache_alloc+0x3f/0x280
[ 1010.065890][T12793]  __d_alloc+0x2a/0x700
[ 1010.070048][T12793]  ? lockdep_softirqs_off+0x420/0x420
[ 1010.075423][T12793]  d_alloc_pseudo+0x19/0x70
[ 1010.079930][T12793]  alloc_file_pseudo+0x131/0x2f0
[ 1010.084867][T12793]  ? prandom_u32+0x218/0x260
[ 1010.089462][T12793]  ? alloc_empty_file_noaccount+0x80/0x80
[ 1010.095185][T12793]  ? shmem_get_inode+0x8e3/0xad0
[ 1010.100223][T12793]  __shmem_file_setup+0x1ca/0x290
[ 1010.105252][T12793]  ? shmem_file_setup+0x13/0x30
[ 1010.110123][T12793]  __se_sys_memfd_create+0x2bb/0x590
[ 1010.115408][T12793]  ? vtime_user_exit+0x2d1/0x400
[ 1010.120417][T12793]  ? __x64_sys_memfd_create+0x60/0x60
[ 1010.125807][T12793]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1010.131905][T12793]  ? lockdep_hardirqs_on+0x94/0x130
[ 1010.137125][T12793]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1010.143202][T12793]  do_syscall_64+0x3b/0xb0
[ 1010.147878][T12793]  ? clear_bhb_loop+0x15/0x70
[ 1010.152562][T12793]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1010.158895][T12793] RIP: 0033:0x7f9c6485bff9
[ 1010.163320][T12793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1010.182927][T12793] RSP: 002b:00007f9c62cd3e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[ 1010.191353][T12793] RAX: ffffffffffffffda RBX: 00000000000014f0 RCX: 00007f9c6485bff9
[ 1010.199324][T12793] RDX: 00007f9c62cd3ef0 RSI: 0000000000000000 RDI: 00007f9c648ceb02
[ 1010.207293][T12793] RBP: 0000000020002ac0 R08: 00007f9c62cd3bb7 R09: 00007f9c62cd3e40
[ 1010.215353][T12793] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000040
[ 1010.223324][T12793] R13: 00007f9c62cd3ef0 R14: 00007f9c62cd3eb0 R15: 00000000200001c0
[ 1010.231311][T12793]  </TASK>
[ 1010.234373][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1011.189772][T12803] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2090'.
[ 1011.291044][T12803] team0: Port device veth5 added
[ 1011.308878][T12800] loop3: detected capacity change from 0 to 512
[ 1011.563385][T10222] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 1011.613660][T12800] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[ 1011.621814][T12800] EXT4-fs (loop3): 1 truncate cleaned up
[ 1011.669205][T12800] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[ 1011.874787][T10222] usb 5-1: Using ep0 maxpacket: 8
[ 1012.854719][T10222] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1012.865183][T10222] usb 5-1: config 1 has no interface number 1
[ 1012.871308][T10222] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1012.885105][T10222] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1013.113582][T10222] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1013.122660][T10222] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1013.158912][T10222] usb 5-1: Product: syz
[ 1013.161605][T12841] loop0: detected capacity change from 0 to 256
[ 1013.171512][T10222] usb 5-1: Manufacturer: syz
[ 1013.186572][T10222] usb 5-1: SerialNumber: syz
[ 1013.242103][T12841] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb69a62dc, utbl_chksum : 0xe619d30d)
[ 1013.320887][T12833] loop1: detected capacity change from 0 to 16384
[ 1013.473388][ T6027] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[ 1013.482695][T12844] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2102'.
[ 1013.573520][T10222] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1013.582349][T10222] usb 5-1: 2:1 : unsupported format bits 0x80
[ 1013.628479][T12846] team0: Port device veth7 added
[ 1013.694213][T10222] usb 5-1: USB disconnect, device number 8
[ 1013.746760][T10739] udevd[10739]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1013.831433][T12850] debugfs: Directory 'netdev:rose0' with parent 'phy54' already present!
[ 1013.842831][T12850] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2103'.
[ 1013.863683][ T6027] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1013.893438][ T6027] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1013.943330][ T6027] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1013.989617][ T6027] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1014.022575][ T6027] usb 3-1: config 0 descriptor??
[ 1014.418410][T12866] loop1: detected capacity change from 0 to 256
[ 1014.501053][T12866] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[ 1014.523809][   T26] audit: type=1804 audit(1729313415.183:325): pid=12866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2109" name="/newroot/64/file0/bus" dev="loop1" ino=1048750 res=1 errno=0
[ 1014.535402][ T6027] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[ 1014.600060][ T6027] plantronics 0003:047F:FFFF.0008: unbalanced collection at end of report description
[ 1014.613691][ T6027] plantronics 0003:047F:FFFF.0008: parse failed
[ 1014.620154][ T6027] plantronics: probe of 0003:047F:FFFF.0008 failed with error -22
[ 1014.644734][   T26] audit: type=1800 audit(1729313415.183:326): pid=12866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2109" name="bus" dev="loop1" ino=1048750 res=0 errno=0
[ 1014.665512][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1014.772005][ T6027] usb 3-1: USB disconnect, device number 8
[ 1015.256331][T12880] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2115'.
[ 1015.350998][T12882] team0: Port device veth3 added
[ 1015.491895][T12887] overlayfs: missing 'lowerdir'
[ 1015.568681][T12871] loop3: detected capacity change from 0 to 40427
[ 1015.613398][ T9813] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[ 1015.646564][T12871] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[ 1015.654546][T12871] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1015.714977][T12871] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1015.800083][T12871] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1015.819427][T12871] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1015.838714][T12894] debugfs: Directory 'netdev:rose0' with parent 'phy54' already present!
[ 1015.869595][T11356] attempt to access beyond end of device
[ 1015.869595][T11356] loop3: rw=2049, want=40968, limit=40427
[ 1015.893499][ T9813] usb 3-1: Using ep0 maxpacket: 8
[ 1016.114425][T12904] loop1: detected capacity change from 0 to 1024
[ 1016.140576][T12901] loop0: detected capacity change from 0 to 512
[ 1016.233621][ T9813] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1016.309540][ T9813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1016.319165][T12901] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[ 1016.330120][T12904] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[ 1016.380109][T12901] EXT4-fs (loop0): 1 truncate cleaned up
[ 1016.386778][ T9813] usb 3-1: Product: syz
[ 1016.389997][T12904] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1016.391168][T12901] EXT4-fs (loop0): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[ 1016.426879][ T9813] usb 3-1: Manufacturer: syz
[ 1016.431580][ T9813] usb 3-1: SerialNumber: syz
[ 1016.450148][ T9813] usb 3-1: config 0 descriptor??
[ 1016.704081][T12885] udc-core: couldn't find an available UDC or it's busy
[ 1016.730683][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1016.753685][T12885] udc-core: couldn't find an available UDC or it's busy
[ 1016.802853][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1016.821590][T12885] udc-core: couldn't find an available UDC or it's busy
[ 1016.831427][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1016.839651][T12885] udc-core: couldn't find an available UDC or it's busy
[ 1016.858289][T12915] FAULT_INJECTION: forcing a failure.
[ 1016.858289][T12915] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1016.882007][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1016.890016][T12915] CPU: 0 PID: 12915 Comm: syz.3.2122 Not tainted 5.15.168-syzkaller #0
[ 1016.894118][T12885] udc-core: couldn't find an available UDC or it's busy
[ 1016.898272][T12915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1016.898284][T12915] Call Trace:
[ 1016.898291][T12915]  <TASK>
[ 1016.898298][T12915]  dump_stack_lvl+0x1e3/0x2d0
[ 1016.926132][T12915]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1016.931785][T12915]  ? panic+0x860/0x860
[ 1016.935870][T12915]  ? __lock_acquire+0x1ff0/0x1ff0
[ 1016.940907][T12915]  should_fail+0x38a/0x4c0
[ 1016.943391][T12885] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1016.945334][T12915]  _copy_from_iter+0x243/0xe90
[ 1016.957549][T12915]  ? copy_mc_pipe_to_iter+0x760/0x760
[ 1016.962946][T12915]  ? __virt_addr_valid+0x3bb/0x460
[ 1016.968072][T12915]  ? 0xffffffff81000000
[ 1016.972236][T12915]  ? __check_object_size+0x300/0x410
[ 1016.977540][T12915]  netlink_sendmsg+0x800/0xd60
[ 1016.982328][T12915]  ? netlink_getsockopt+0x5b0/0x5b0
[ 1016.987532][T12915]  ? aa_sock_msg_perm+0x91/0x150
[ 1016.992457][T12915]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1016.997725][T12915]  ? security_socket_sendmsg+0x7d/0xa0
[ 1017.003224][T12915]  ? netlink_getsockopt+0x5b0/0x5b0
[ 1017.008440][T12915]  ____sys_sendmsg+0x59e/0x8f0
[ 1017.013349][T12915]  ? iovec_from_user+0x300/0x390
[ 1017.018308][T12915]  ? __sys_sendmsg_sock+0x30/0x30
[ 1017.023457][T12915]  ___sys_sendmsg+0x252/0x2e0
[ 1017.028167][T12915]  ? __sys_sendmsg+0x260/0x260
[ 1017.032978][T12915]  ? __fdget+0x191/0x220
[ 1017.037236][T12915]  __sys_sendmmsg+0x2bf/0x560
[ 1017.041923][T12915]  ? __ia32_sys_sendmsg+0x80/0x80
[ 1017.046942][T12915]  ? __lock_acquire+0x1ff0/0x1ff0
[ 1017.052071][T12915]  ? print_irqtrace_events+0x210/0x210
[ 1017.057557][T12915]  ? vtime_user_exit+0x2d1/0x400
[ 1017.062785][T12915]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1017.068862][T12915]  __x64_sys_sendmmsg+0x9c/0xb0
[ 1017.073740][T12915]  do_syscall_64+0x3b/0xb0
[ 1017.078162][T12915]  ? clear_bhb_loop+0x15/0x70
[ 1017.082848][T12915]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1017.088753][T12915] RIP: 0033:0x7ffa88812ff9
[ 1017.093176][T12915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1017.112790][T12915] RSP: 002b:00007ffa86c8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1017.116572][ T6027] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 1017.121603][T12915] RAX: ffffffffffffffda RBX: 00007ffa889caf80 RCX: 00007ffa88812ff9
[ 1017.121623][T12915] RDX: 04000000000001f2 RSI: 0000000020000000 RDI: 0000000000000007
[ 1017.121634][T12915] RBP: 00007ffa86c8b090 R08: 0000000000000000 R09: 0000000000000000
[ 1017.121645][T12915] R10: 000000000000fff0 R11: 0000000000000246 R12: 0000000000000001
[ 1017.121657][T12915] R13: 0000000000000000 R14: 00007ffa889caf80 R15: 00007ffd701283d8
[ 1017.121683][T12915]  </TASK>
[ 1017.183337][ T9813] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1017.383245][ T6027] usb 2-1: Using ep0 maxpacket: 16
[ 1017.503618][ T6027] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1017.511928][ T6027] usb 2-1: config 0 has no interface number 0
[ 1017.537518][ T6027] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1017.577099][ T6027] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1017.600406][ T6027] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1017.624363][ T6027] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1017.654666][ T6027] usb 2-1: config 0 descriptor??
[ 1017.672062][T12924] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2127'.
[ 1017.818287][T12923] team0: Port device veth5 added
[ 1017.908934][T12913] loop1: detected capacity change from 0 to 16
[ 1017.970288][T12913] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1018.273499][T12941] loop0: detected capacity change from 0 to 8192
[ 1018.283669][ T9813] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -32
[ 1018.363321][T12941] REISERFS warning (device loop0): super-6506 reiserfs_getopt: bad value "flush=audit" for option "barrier"
[ 1018.363321][T12941] 
[ 1018.393276][T10215] usb 3-1: USB disconnect, device number 9
[ 1018.432809][T12944] FAULT_INJECTION: forcing a failure.
[ 1018.432809][T12944] name failslab, interval 1, probability 0, space 0, times 0
[ 1018.458115][T12944] CPU: 0 PID: 12944 Comm: syz.2.2134 Not tainted 5.15.168-syzkaller #0
[ 1018.466492][T12944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1018.476551][T12944] Call Trace:
[ 1018.479819][T12944]  <TASK>
[ 1018.482733][T12944]  dump_stack_lvl+0x1e3/0x2d0
[ 1018.487405][T12944]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1018.487902][ T6027] input: HID 28bd:0071 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0071.0009/input/input10
[ 1018.493181][T12944]  ? panic+0x860/0x860
[ 1018.493214][T12944]  ? __might_sleep+0xc0/0xc0
[ 1018.493235][T12944]  ? __rwlock_init+0x40/0x140
[ 1018.493253][T12944]  should_fail+0x38a/0x4c0
[ 1018.493277][T12944]  should_failslab+0x5/0x20
[ 1018.493295][T12944]  slab_pre_alloc_hook+0x53/0xc0
[ 1018.493314][T12944]  ? __d_alloc+0x2a/0x700
[ 1018.493331][T12944]  kmem_cache_alloc+0x3f/0x280
[ 1018.493351][T12944]  __d_alloc+0x2a/0x700
[ 1018.493367][T12944]  ? lockdep_softirqs_off+0x420/0x420
[ 1018.493387][T12944]  d_alloc_pseudo+0x19/0x70
[ 1018.493406][T12944]  alloc_file_pseudo+0x131/0x2f0
[ 1018.493426][T12944]  ? prandom_u32+0x218/0x260
[ 1018.493446][T12944]  ? alloc_empty_file_noaccount+0x80/0x80
[ 1018.493468][T12944]  ? shmem_get_inode+0x8e3/0xad0
[ 1018.493491][T12944]  __shmem_file_setup+0x1ca/0x290
[ 1018.493505][T12944]  ? shmem_file_setup+0x13/0x30
[ 1018.493521][T12944]  __se_sys_memfd_create+0x2bb/0x590
[ 1018.493538][T12944]  ? vtime_user_exit+0x2d1/0x400
[ 1018.493558][T12944]  ? __x64_sys_memfd_create+0x60/0x60
[ 1018.493576][T12944]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1018.493596][T12944]  ? lockdep_hardirqs_on+0x94/0x130
[ 1018.493616][T12944]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1018.493638][T12944]  do_syscall_64+0x3b/0xb0
[ 1018.493656][T12944]  ? clear_bhb_loop+0x15/0x70
[ 1018.493673][T12944]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1018.493694][T12944] RIP: 0033:0x7fce88916ff9
[ 1018.493714][T12944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1018.493738][T12944] RSP: 002b:00007fce86d8ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[ 1018.493761][T12944] RAX: ffffffffffffffda RBX: 00000000000002c4 RCX: 00007fce88916ff9
[ 1018.493775][T12944] RDX: 00007fce86d8eef0 RSI: 0000000000000000 RDI: 00007fce88989b02
[ 1018.493787][T12944] RBP: 00000000200003c0 R08: 00007fce86d8ebb7 R09: 00007fce86d8ee40
[ 1018.493800][T12944] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000340
[ 1018.493812][T12944] R13: 00007fce86d8eef0 R14: 00007fce86d8eeb0 R15: 0000000020000380
[ 1018.493838][T12944]  </TASK>
[ 1018.949844][T12913] device syz_tun entered promiscuous mode
[ 1018.957735][T12913] device batadv_slave_1 entered promiscuous mode
[ 1018.966127][T12913] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[ 1018.973891][T12913] Cannot create hsr debugfs directory
[ 1018.979727][T12947] netlink: 'syz.2.2135': attribute type 10 has an invalid length.
[ 1019.696592][ T6027] input: HID 28bd:0071 Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0071.0009/input/input11
[ 1019.710544][ T6027] uclogic 0003:28BD:0071.0009: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.1-1/input1
[ 1019.733902][T12947] team0: Device veth0_macvtap failed to register rx_handler
[ 1019.893614][ T6027] usb 2-1: USB disconnect, device number 12
[ 1020.148491][T12962] loop3: detected capacity change from 0 to 256
[ 1020.533698][T10214] Bluetooth: hci0: command 0x0406 tx timeout
[ 1021.422604][T12954] 
@ÿ: renamed from ipvlan1
[ 1021.429420][T12962] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[ 1021.645822][T12966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2140'.
[ 1021.818036][T12967] team0: Port device veth5 added
[ 1024.227663][T13000] FAULT_INJECTION: forcing a failure.
[ 1024.227663][T13000] name failslab, interval 1, probability 0, space 0, times 0
[ 1024.233147][T13001] loop1: detected capacity change from 0 to 16
[ 1024.320835][T13000] CPU: 0 PID: 13000 Comm: syz.0.2150 Not tainted 5.15.168-syzkaller #0
[ 1024.329130][T13000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1024.339425][T13000] Call Trace:
[ 1024.342883][T13000]  <TASK>
[ 1024.345811][T13000]  dump_stack_lvl+0x1e3/0x2d0
[ 1024.350502][T13000]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1024.356137][T13000]  ? panic+0x860/0x860
[ 1024.360213][T13000]  ? __might_sleep+0xc0/0xc0
[ 1024.364808][T13000]  ? __lock_acquire+0x1295/0x1ff0
[ 1024.369937][T13000]  should_fail+0x38a/0x4c0
[ 1024.374362][T13000]  should_failslab+0x5/0x20
[ 1024.378954][T13000]  slab_pre_alloc_hook+0x53/0xc0
[ 1024.383909][T13000]  ? __d_alloc+0x2a/0x700
[ 1024.388245][T13000]  kmem_cache_alloc+0x3f/0x280
[ 1024.393164][T13000]  __d_alloc+0x2a/0x700
[ 1024.397333][T13000]  ? rcu_lock_release+0x5/0x20
[ 1024.402110][T13000]  d_alloc_parallel+0xca/0x1390
[ 1024.406990][T13000]  ? __d_lookup+0x671/0x730
[ 1024.411498][T13000]  ? d_hash_and_lookup+0x1b0/0x1b0
[ 1024.416624][T13000]  path_openat+0x96f/0x2f20
[ 1024.421161][T13000]  ? do_filp_open+0x460/0x460
[ 1024.425864][T13000]  do_filp_open+0x21c/0x460
[ 1024.430384][T13000]  ? vfs_tmpfile+0x2e0/0x2e0
[ 1024.435001][T13000]  ? _raw_spin_unlock+0x24/0x40
[ 1024.439901][T13000]  ? alloc_fd+0x598/0x630
[ 1024.444240][T13000]  do_sys_openat2+0x13b/0x4f0
[ 1024.448925][T13000]  ? read_lock_is_recursive+0x10/0x10
[ 1024.454375][T13000]  ? do_sys_open+0x220/0x220
[ 1024.458964][T13000]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 1024.464934][T13000]  __x64_sys_creat+0x11f/0x160
[ 1024.469683][T13000]  ? __x64_compat_sys_openat+0x290/0x290
[ 1024.475308][T13000]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1024.481279][T13000]  ? lockdep_hardirqs_on+0x94/0x130
[ 1024.486469][T13000]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1024.492442][T13000]  do_syscall_64+0x3b/0xb0
[ 1024.496845][T13000]  ? clear_bhb_loop+0x15/0x70
[ 1024.501513][T13000]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1024.507428][T13000] RIP: 0033:0x7f9c6485bff9
[ 1024.511833][T13000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1024.531724][T13000] RSP: 002b:00007f9c62cd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 1024.540136][T13000] RAX: ffffffffffffffda RBX: 00007f9c64a13f80 RCX: 00007f9c6485bff9
[ 1024.548102][T13000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000100
[ 1024.556065][T13000] RBP: 00007f9c62cd4090 R08: 0000000000000000 R09: 0000000000000000
[ 1024.564037][T13000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1024.572000][T13000] R13: 0000000000000001 R14: 00007f9c64a13f80 R15: 00007ffc5eec9de8
[ 1024.580027][T13000]  </TASK>
[ 1024.617772][T13001] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1024.707252][T12989] loop2: detected capacity change from 0 to 512
[ 1024.754660][T12989] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[ 1024.767716][T12989] EXT4-fs (loop2): 1 truncate cleaned up
[ 1024.814193][T12989] EXT4-fs (loop2): mounted filesystem without journal. Opts: resuid=0x000000000000ee01,noblock_validity,usrquota,resuid=0x0000000000000000,discard,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9b,nodiscard,,errors=continue. Quota mode: writeback.
[ 1024.882693][T13015] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2153'.
[ 1024.950494][T13017] loop1: detected capacity change from 0 to 256
[ 1025.041122][T13017] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[ 1025.153298][   T26] audit: type=1804 audit(1729313425.723:327): pid=13017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2152" name="/newroot/74/file0/bus" dev="loop1" ino=1048752 res=1 errno=0
[ 1025.242563][   T26] audit: type=1800 audit(1729313425.723:328): pid=13017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2152" name="bus" dev="loop1" ino=1048752 res=0 errno=0
[ 1026.424163][T13019] team0: Port device veth5 added
[ 1026.605155][T13031] FAULT_INJECTION: forcing a failure.
[ 1026.605155][T13031] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1026.687708][T13030] loop3: detected capacity change from 0 to 2048
[ 1026.714852][T13031] CPU: 0 PID: 13031 Comm: syz.0.2158 Not tainted 5.15.168-syzkaller #0
[ 1026.723262][T13031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1026.733427][T13031] Call Trace:
[ 1026.736706][T13031]  <TASK>
[ 1026.739633][T13031]  dump_stack_lvl+0x1e3/0x2d0
[ 1026.744322][T13031]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1026.750043][T13031]  ? panic+0x860/0x860
[ 1026.754132][T13031]  ? __lock_acquire+0x1ff0/0x1ff0
[ 1026.759172][T13031]  should_fail+0x38a/0x4c0
[ 1026.763596][T13031]  _copy_from_iter+0x243/0xe90
[ 1026.768377][T13031]  ? copy_mc_pipe_to_iter+0x760/0x760
[ 1026.773753][T13031]  ? __virt_addr_valid+0x3bb/0x460
[ 1026.778861][T13031]  ? 0xffffffff81000000
[ 1026.783011][T13031]  ? __check_object_size+0x300/0x410
[ 1026.788303][T13031]  netlink_sendmsg+0x800/0xd60
[ 1026.793171][T13031]  ? netlink_getsockopt+0x5b0/0x5b0
[ 1026.798367][T13031]  ? aa_sock_msg_perm+0x91/0x150
[ 1026.803312][T13031]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1026.808597][T13031]  ? security_socket_sendmsg+0x7d/0xa0
[ 1026.814061][T13031]  ? netlink_getsockopt+0x5b0/0x5b0
[ 1026.819267][T13031]  ____sys_sendmsg+0x59e/0x8f0
[ 1026.824037][T13031]  ? iovec_from_user+0x300/0x390
[ 1026.828985][T13031]  ? __sys_sendmsg_sock+0x30/0x30
[ 1026.834027][T13031]  ___sys_sendmsg+0x252/0x2e0
[ 1026.838712][T13031]  ? __sys_sendmsg+0x260/0x260
[ 1026.843514][T13031]  ? __fdget+0x191/0x220
[ 1026.847777][T13031]  __se_sys_sendmsg+0x19a/0x260
[ 1026.852639][T13031]  ? __x64_sys_sendmsg+0x80/0x80
[ 1026.857590][T13031]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1026.863576][T13031]  ? lockdep_hardirqs_on+0x94/0x130
[ 1026.868778][T13031]  ? syscall_enter_from_user_mode+0x2e/0x240
[ 1026.874763][T13031]  do_syscall_64+0x3b/0xb0
[ 1026.879180][T13031]  ? clear_bhb_loop+0x15/0x70
[ 1026.883856][T13031]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1026.889764][T13031] RIP: 0033:0x7f9c6485bff9
[ 1026.894183][T13031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1026.913795][T13031] RSP: 002b:00007f9c62cd4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1026.922301][T13031] RAX: ffffffffffffffda RBX: 00007f9c64a13f80 RCX: 00007f9c6485bff9
[ 1026.930272][T13031] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005
[ 1026.938239][T13031] RBP: 00007f9c62cd4090 R08: 0000000000000000 R09: 0000000000000000
[ 1026.946207][T13031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1026.954176][T13031] R13: 0000000000000000 R14: 00007f9c64a13f80 R15: 00007ffc5eec9de8
[ 1026.962160][T13031]  </TASK>
[ 1026.969487][   T27] INFO: task syz.4.1739:11226 blocked for more than 143 seconds.
[ 1026.992767][   T27]       Not tainted 5.15.168-syzkaller #0
[ 1027.023928][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1027.051419][   T27] task:syz.4.1739      state:D stack:27808 pid:11226 ppid: 10186 flags:0x00004004
[ 1027.073378][   T27] Call Trace:
[ 1027.076720][   T27]  <TASK>
[ 1027.079672][   T27]  __schedule+0x12c4/0x45b0
[ 1027.093225][   T27]  ? release_firmware_map_entry+0x190/0x190
[ 1027.175431][T13037] loop2: detected capacity change from 0 to 256
[ 1027.269061][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 1027.333701][   T27]  ? print_irqtrace_events+0x210/0x210
[ 1027.390040][   T27]  ? _raw_spin_lock_irq+0xdb/0x110
[ 1027.450182][   T27]  ? do_raw_spin_unlock+0x137/0x8b0
[ 1027.508267][   T27]  schedule+0x11b/0x1f0
[ 1027.555270][   T27]  rwsem_down_write_slowpath+0xf0c/0x16a0
[ 1027.618398][   T27]  ? rwsem_write_trylock+0x210/0x210
[ 1027.671676][   T27]  ? read_lock_is_recursive+0x10/0x10
[ 1027.731382][   T27]  ? rwsem_write_trylock+0x166/0x210
[ 1027.782388][   T27]  ? clear_nonspinnable+0x60/0x60
[ 1027.837905][   T27]  ? preempt_count_add+0x8f/0x180
[ 1027.887128][   T27]  __f2fs_ioctl+0x4a8b/0xca00
[ 1027.939126][   T27]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[ 1027.997859][   T27]  ? do_vfs_ioctl+0x1b66/0x2b70
[ 1028.050126][   T27]  ? __x64_compat_sys_ioctl+0x80/0x80
[ 1028.107651][   T27]  ? __lock_acquire+0x1ff0/0x1ff0
[ 1028.161634][   T27]  ? slab_free_freelist_hook+0xdd/0x160
[ 1028.216659][   T27]  ? tomoyo_path_number_perm+0x648/0x810
[ 1028.278569][   T27]  ? kfree+0xf1/0x270
[ 1028.318407][   T27]  ? tomoyo_path_number_perm+0x6ab/0x810
[ 1028.381534][   T27]  ? f2fs_ioctl+0x1d0/0x1d0
[ 1028.411170][   T27]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 1028.433402][   T27]  ? __fget_files+0x413/0x480
[ 1028.438267][   T27]  ? f2fs_ioctl+0x132/0x1d0
[ 1028.442955][   T27]  ? f2fs_precache_extents+0x420/0x420
[ 1028.448609][   T27]  __se_sys_ioctl+0xf1/0x160
[ 1028.635596][   T27]  do_syscall_64+0x3b/0xb0
[ 1028.688851][   T27]  ? clear_bhb_loop+0x15/0x70
[ 1028.740291][   T27]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 1028.799914][   T27] RIP: 0033:0x7f2ef5d01ff9
[ 1028.848178][   T27] RSP: 002b:00007f2ef4138038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1028.929369][   T27] RAX: ffffffffffffffda RBX: 00007f2ef5eba130 RCX: 00007f2ef5d01ff9
[ 1029.015312][   T27] RDX: 0000000020000100 RSI: 000000004004f506 RDI: 0000000000000006
[ 1029.095866][   T27] RBP: 00007f2ef5d74296 R08: 0000000000000000 R09: 0000000000000000
[ 1029.182177][   T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1029.263853][   T27] R13: 0000000000000001 R14: 00007f2ef5eba130 R15: 00007ffc98e704c8
[ 1029.339453][   T27]  </TASK>
[ 1029.378672][   T27] 
[ 1029.378672][   T27] Showing all locks held in the system:
[ 1029.477908][T13037] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x3bed3e2a, utbl_chksum : 0xe619d30d)
[ 1029.603352][   T26] audit: type=1804 audit(1729313430.243:329): pid=13037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2155" name="/newroot/10/file0/bus" dev="loop2" ino=1048753 res=1 errno=0
[ 1029.702274][T13030] NILFS (loop3): error -4 creating segctord thread
[ 1030.023500][   T27] 1 lock held by khungtaskd/27:
[ 1030.036609][   T27]  #0: ffffffff8c91fc20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[ 1030.073280][   T26] audit: type=1800 audit(1729313430.243:330): pid=13037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2155" name="bus" dev="loop2" ino=1048753 res=0 errno=0
[ 1030.095055][   T27] 1 lock held by udevd/3028:
[ 1030.099814][   T27] 2 locks held by getty/3325:
[ 1030.104682][   T27]  #0: ffff8880293c2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[ 1030.114888][   T27]  #1: ffffc900024a62e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0
[ 1030.125304][   T27] 2 locks held by kworker/u4:8/3681:
[ 1030.130743][   T27]  #0: ffff8880b903a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140
[ 1030.141159][   T27]  #1: ffff8880b9027848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x53d/0x810
[ 1030.152880][   T27] 2 locks held by kworker/1:9/6027:
[ 1030.158417][   T27]  #0: ffff888017072138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[ 1030.177893][   T27]  #1: ffffc90002dc7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[ 1030.203651][   T27] 4 locks held by kworker/u4:10/9756:
[ 1030.209030][   T27]  #0: ffff8880199d9138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0
[ 1030.233214][   T27]  #1: ffffc90002ea7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0
[ 1030.245173][   T27]  #2: ffff8880639a60e0 (&type->s_umount_key#66){++++}-{3:3}, at: trylock_super+0x1b/0xf0
[ 1030.255330][   T27]  #3: ffff88807636d1b0 (&sbi->gc_lock){+.+.}-{3:3}, at: f2fs_balance_fs+0x4d4/0x6a0
[ 1030.264915][   T27] 4 locks held by syz.4.1739/11225:
[ 1030.271408][   T27] 2 locks held by syz.4.1739/11226:
[ 1030.278916][   T27]  #0: ffff8880639a6460 (sb_writers#17){.+.+}-{0:0}, at: mnt_want_write_file+0x5a/0x1f0
[ 1030.296574][   T27]  #1: ffff88807636d1b0 (&sbi->gc_lock){+.+.}-{3:3}, at: __f2fs_ioctl+0x4a8b/0xca00
[ 1030.311588][   T27] 1 lock held by syz-executor/12487:
[ 1030.321766][   T27]  #0: ffffffff8c9241e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740
[ 1030.340140][   T27] 2 locks held by syz.3.2157/13030:
[ 1030.346551][   T27]  #0: ffff8880208c0518 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xfb/0x790
[ 1030.363198][   T27]  #1: ffff888147ada468 (&lo->lo_mutex){+.+.}-{3:3}, at: lo_release+0x4d/0x1f0
[ 1030.380982][   T27] 
[ 1030.383445][   T27] =============================================
[ 1030.383445][   T27] 
[ 1030.395422][   T27] NMI backtrace for cpu 1
[ 1030.399771][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.168-syzkaller #0
[ 1030.407747][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1030.417964][   T27] Call Trace:
[ 1030.421229][   T27]  <TASK>
[ 1030.424145][   T27]  dump_stack_lvl+0x1e3/0x2d0
[ 1030.428813][   T27]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1030.434429][   T27]  ? panic+0x860/0x860
[ 1030.438492][   T27]  ? nmi_cpu_backtrace+0x23b/0x4a0
[ 1030.443597][   T27]  nmi_cpu_backtrace+0x46a/0x4a0
[ 1030.448518][   T27]  ? __wake_up_klogd+0xd5/0x100
[ 1030.453357][   T27]  ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0
[ 1030.459494][   T27]  ? _printk+0xd1/0x120
[ 1030.463633][   T27]  ? panic+0x860/0x860
[ 1030.467684][   T27]  ? __wake_up_klogd+0xcc/0x100
[ 1030.472519][   T27]  ? panic+0x860/0x860
[ 1030.476576][   T27]  ? __rcu_read_unlock+0x92/0x100
[ 1030.481585][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 1030.487635][   T27]  nmi_trigger_cpumask_backtrace+0x181/0x2a0
[ 1030.493601][   T27]  watchdog+0xe72/0xeb0
[ 1030.497751][   T27]  kthread+0x3f6/0x4f0
[ 1030.501808][   T27]  ? hungtask_pm_notify+0x50/0x50
[ 1030.506814][   T27]  ? kthread_blkcg+0xd0/0xd0
[ 1030.511452][   T27]  ret_from_fork+0x1f/0x30
[ 1030.515860][   T27]  </TASK>
[ 1030.520178][   T27] Sending NMI from CPU 1 to CPUs 0:
[ 1030.525671][    C0] NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x10f/0x340
[ 1030.547519][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 1030.554387][   T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.168-syzkaller #0
[ 1030.562378][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1030.572528][   T27] Call Trace:
[ 1030.575910][   T27]  <TASK>
[ 1030.578854][   T27]  dump_stack_lvl+0x1e3/0x2d0
[ 1030.583547][   T27]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[ 1030.589200][   T27]  ? panic+0x860/0x860
[ 1030.593307][   T27]  panic+0x318/0x860
[ 1030.597235][   T27]  ? schedule_preempt_disabled+0x20/0x20
[ 1030.602888][   T27]  ? nmi_trigger_cpumask_backtrace+0x221/0x2a0
[ 1030.609133][   T27]  ? fb_is_primary_device+0xd0/0xd0
[ 1030.614332][   T27]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 1030.620410][   T27]  ? nmi_trigger_cpumask_backtrace+0x221/0x2a0
[ 1030.626563][   T27]  ? nmi_trigger_cpumask_backtrace+0x281/0x2a0
[ 1030.632738][   T27]  ? nmi_trigger_cpumask_backtrace+0x286/0x2a0
[ 1030.638888][   T27]  watchdog+0xeb0/0xeb0
[ 1030.643046][   T27]  kthread+0x3f6/0x4f0
[ 1030.647115][   T27]  ? hungtask_pm_notify+0x50/0x50
[ 1030.652146][   T27]  ? kthread_blkcg+0xd0/0xd0
[ 1030.656739][   T27]  ret_from_fork+0x1f/0x30
[ 1030.661183][   T27]  </TASK>
[ 1030.664330][   T27] Kernel Offset: disabled
[ 1030.675198][   T27] Rebooting in 86400 seconds..