last executing test programs: 3.36670186s ago: executing program 4 (id=451): getgroups(0xfffffffffffffdb2, 0xfffffffffffffffe) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x7, 0x0, 0x0, 0x100, 0x41, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe4000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000000c0)="3b76210fb6150f209e440f20c0663503000000440f22c00fa2660fc7b2d42af30fa7d0440f20c066350d000000440f22c06767f2caab12bad004ec", 0x3b}], 0x1, 0xd, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x10583a, 0x5, 0xa, 0x1, 0x6, 0x2, 0x1041, 0x4, 0x7, 0x7ffffffffffffffc, 0x3, 0xffffffff, 0x1, 0x9, 0xbe6, 0x6a], 0xeeee8000, 0x1000d6}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.121721916s ago: executing program 1 (id=456): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x37, 0x28, 0x67, 0x0, 0xb, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x6071, 0x0, 0xe7}}}}}}, 0x0) 3.050270911s ago: executing program 1 (id=457): r0 = gettid() rt_sigtimedwait(&(0x7f0000000000)={[0xe]}, 0x0, 0x0, 0x8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]}) tkill(r0, 0x4) 3.006362844s ago: executing program 4 (id=459): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x29, 0xfb, 0x53, 0xfffffffd, 0x57, @local, @local, 0x20, 0x7, 0xe3db, 0xcfe}}) 2.869925764s ago: executing program 1 (id=461): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.754747482s ago: executing program 4 (id=464): syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xd}, @hci_ev_le_ltk_req={{}, {0xc9, 0x400, 0x401}}}}, 0x10) 2.052170159s ago: executing program 3 (id=466): setresgid(0xee00, 0x0, 0xee00) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_pidfd_open(r0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0xff01, 0x0) 2.04865204s ago: executing program 4 (id=467): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_init_net_socket$ax25(0x3, 0x2, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0, 0x0) 1.926511588s ago: executing program 4 (id=469): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @local}, @in6={0xa, 0x0, 0xfffffffc, @loopback, 0xc7f}], 0x2c) sendto$inet6(r0, &(0x7f0000000040)="e4", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x41, 0x80, 0x3, 0x0, 0x9, 0x40, 0x8, 0x5a, 0x0, 0xff, 0x9, 0x0, 0x0, 0x9}, 0xe) recvmmsg(r0, &(0x7f0000002340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=""/194, 0xc2}, 0x81}], 0x1, 0x40000023, 0x0) 1.914265099s ago: executing program 1 (id=470): syz_open_dev$amidi(0x0, 0x40002, 0x101981) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a3000000000090002"], 0xbc}}, 0x24048800) 1.89788743s ago: executing program 0 (id=471): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1e, 0xf, &(0x7f0000000b80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r0, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x2a}, 0x28) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008"], 0x48) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0xc0100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4010000}, 0x804) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0}, 0x1) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x8, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.806598586s ago: executing program 4 (id=472): socket$nl_route(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8, @ANYRES64=r0], 0x0) 1.806228996s ago: executing program 3 (id=474): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x56202329, @empty, 0x4000005}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f0000004ac0)=[{&(0x7f0000004680)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ecba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e080000000000000086448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190da6ca5b992c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c49d962d47061f788999120bc2144d3bdd4cd8dc5c6f00b10958416318ef9ea9b4f2e", 0x241}], 0x1}}], 0x1, 0x4000001) r1 = dup(r0) read$FUSE(r1, &(0x7f0000002300)={0x2020}, 0x2020) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r2, 0xffffffffffffffff, 0x0) 1.737517301s ago: executing program 1 (id=475): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x140) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x42) fsync(r0) 1.676848005s ago: executing program 0 (id=476): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000180)=0x5) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) 1.530307265s ago: executing program 2 (id=477): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x13, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x130}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket(0x400000000010, 0x3, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{0x0}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d05805063967de38327e", 0x9e}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29de8d9d", 0xd1}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9", 0x5d}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a", 0xb7}, {&(0x7f0000000900)}, {&(0x7f00000000c0)}], 0x7}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{&(0x7f0000004c00)="e24fc801dffdf37981a92f7f4005844301258a0ec141f1ec014bd9d03d1db52a75dfb8e04daddc3fac31adda350235262d9e1b8e20d406b97372033032d7623ff84bbf544a91c12eb644b323e9653fd76852c025e718cc91d9e9e274a7ed2dc15d8efec8d11a7983cdc8f3c39dbf764fc28873b760c435743929653c359ee706dcf2658403b25fbf3382f179562dc64883887ead6a916ef430ee4f67e21a3f01a3a35627bfb2f6ba204da0280c9f2fb5443879616a431884af82606286c4760a9ef4aa264e0000137f28dbe594332062120a76b565165987eef46c1d523f0fba98cd51f14537e313952f76574e3137aa1b41ae8e16f4087ddbaa7de98ca609a1b01b64ab10613204e4d18f376138fe7735ffb2fa09843922ce5a365e1e84286f09c432e0f521be13182256dcf534e03efb1735e55a8dce53e32ac669207d21e3b79414a8e61204f7c4173f2381e4c5e6cce12f6bae60d5bff199d5da50e40f87efbcec332173caba740a1b12c915bccf04940399b9a72a7dca4b8c7d46a2c444f6c7e30cf1f811a4a31cabb9b512a949105e2aa4081a3d613ad9ae4cf209d684e4b27c204bc5a395da552b8638df42d4c3522b64eaf11c988fce5634757ed41b39c338aea3ed2171e86fd34cde22dc3519edd2108641f3c3d4ca2016524b8f7d67e80ef5474d0a4a157eca9e5c0c5fcd7f459f64e91effe3bbcdcf9aba5704952cf0b82b1b0d4533a9c7ddc914bc7dfd8eea591be5806408191e3cca1cd6101f575b7c7206cd219b9f379fc3d03c3c867e5c36a8fcc75e86988a1897876b5a3bb2b3e102a742ebaeb50e08096c1990fa8d8755c187f86213f3cfc322f7997da73594e30f68a1da5768201916dfd52711ad79caae751260cc054dda58307f4031aebc75514795e6d7ae7725c27f7bc8f1e2115603e1f8b18517a74ddd901752a194cfb37535c949f4a5eefc98b231e03fd7a5d7643817567c7fbdcad37365a1a063c11bfd7e6474e9608391f3f3ebcd97a3ad7a9873d8615a9a4dac09ebc528b9277f71d5c2e6012645c643764319941206e6957987b5423b3864e6acb89c0e0371d66c5e16dfd920305cf5dc39ea0d48cea652236f3492f5b60a2a648e8ac61bf13811a81be593e430f504d0fe3d38222acd10e188605410900c55f203e0f6d553cf4e7cdfdfdbf4b60ee166c8be15757c6042f7f7b0c0c75932f795b075ba4116f1336622bafc47e58206255af610b3a7e88fed94a1c4a8b29e7e379b084431d5e059c0d0342678ef5b2ad08d10be3b48e4a1d0de16e8ca0175e1453fa15f8086f7b93d15e5f0769d56cbcec255fd1e82c43a61d50b893a8e7bc84c7cc1b9cffbc4d8f8d703d1ca879acf93e82f35a534665bd5a5a9e13e35ed00d796b830c45f87ba6c90857d05774506611c940e391752237af000473cfff41236801a9e78c48206e03e2a4b1c9164eb1f8cfb71d1559d3b5650327868ef87906b5a0e05470b0655f51090a57a65895608866ac0e008c44898ea0fa968ae510b561b8ebb9f0a38c2572f93aa6a8f5aaab1ff62ad761af234379adfc397c186a99bbecd534266358c5e053de4698e37fb0c512d72492c6f0d18e686c21665224d23fb6b15670e235a96bab63d63df51624f73d78fc38e0c8956882ebbbe0207f3b13be74b70ef29e64912cac49dd90a7f4d5fd09bec08dcb8413578f9e4456079c3673ffd33b366d4a203af63f25ba792a722a4d36749c6724e0b37cfd71761f3ff122861e362aab7a26a8c8090b65ab080535fa912d5b58a9b65410b94acc42396796e35a308cac7594439f4ed2afc8cc4676159751d9ce63ff894a7cad95b375f852d9bd493719ab9bac41cd9ec817b835628a6a9f4869fc9ce72ea3fc7119341ceaf23e85f7a990b7eeb35ef2ef2c84f6fafa0c186a0b2490c72cfe2ce7607634e0d651e4c87514a177300f4f3b762e386cc1522e9b859fb9297329a73b89b8a97184864823d1829fe7a6bf30c69f24b61338e3f341e05e3f70ec6cd6f3544652f69ade293dc896836632271cde36ebb6f515dc8d13121def9d2911ed0d19f2fc31a12b1de3b43dbfb32c0df664c85d4b978f3a41b43546844c8581590dade2db066d5a948a386438232b0be334232800fd164aac8047a96b85356820597a0ef21b2df300a8ef2a08155b7a8eb7793e5ec768db868432c9d65cd748369f24909862131553af695be43c95f2e65a9ef1f8fbad3d03bee4640639c0351c6ed58113b86ec0530aff32f4e4b786285ce72afd6dce83b3a82f58a0bc62735e3402848690d2865438c81f174588e6046ba95935ec0dfbbbb87dda17d8fdcf07b8322bdf18b1421293ead6a8b38119724c9c122f457f85129cbd50338a7e3194418c00ed91cd39878f7753477a17856281ae743c8dcdfc7d5c7142348f9fae4f7767f2c89c394c3fd5d8f261bde3b2055ccddf05c36643e21ec542a62be492501b470813fcedf01c876da0e1e822c3867f32951053f2963b5d1f90e713df0b2c526f36e685b4153d4ae4e8c607df1308c84e500c0bd9fe80dc3cf28187a39fd09643afb25eaa9411f3ce6304dc8bfd02afc9a6bad59887a1cad44a1f613a0779059a90248f09e357af291b1cce42cb9ac766dac70e599c1bbba4a58715adf2426a865eb1e0b80f10602db39c400b45131700490a9c38345022acc79851c2368bc7d191bc1f995722c564198669a68c971f60779e6983508a7c8077cdc7677d9a8b70b8fd1183f57cbc2d653ef6e96110c0c6730be7add59392b4082a6478447cc307d35512dfb2c4e27122b9749eeed9b5a5906f99ee57d7b565822bd4d78aed8f1567409a59ae77b3a1552a5cdb1558ff3ffd2b4cd0e141fce5ad11de5509c6dac5858bbb222bc403e3a307294afbe9633e162bfc5231284f58d475ef19cc1012cb4a81bd26e7e24509ecb5bd859a04a8e39f373188fc58573a52bf8a5de50aa082a4ad28202d01da2f0c7d3a6d1d3b9c3dab9d3ad9a663af4894904236632514d668e5f5016a350ae5accae2902cb9cba8d5262abc4e934329f410739831d447b798bb1da19bd3c98e90f43e54b8911ab9da8d594c9d0617396a53469ec2eb6ca0843ffd39e65b79bf856c755d8fda71b66e16cba537adac14de21a16a379513555d13ee6e021e6bb1cb5db35a7cb0162c3dbf631e8b6b42cc98fba74396971be184b910dbf0fbc29c0e45acfe59c789a134bcc01f7c3b2513d4ef988e7f66e5002d9ee8766870b9502d173953b78b654f020349b7af7845462822a6c78a63416606a265389216f141ca8269a11f18edf1d11de7f11906b787a0189a4fe5a55bb0f78c25319583b5f81c4ad25dd4544d35a2f8afce5b8a117b16104c45997f9ad31421414006f158881e9c7f553f3b7364e274bff39236720d67346e8270b2fd6b5b33c0cece3251b62ec09c709ad1adee626e43a54356b803adf23e45ddbe2bbade69974ca43c3f2246389612398a5247678299995592002f369b0a779ffa60d0785edecab597cb6fa11e2ce68d5e956c5fe95c12ce24cb334a2d1fe9e63491b7d85d58ba4150df6c42f29223eaa607837fee3c71667d7c4a69d5bd2a88e548429e4630c59c38689a52cbc9099f303d680c053cce1a0b24c17a918f7dd08a9348a414e30c8c91e9680facb185914018e1c5a090cd00578c837d9f69e49eae3e45326b679678cca81ca20cf3bfa8e4e548dc446d168382695319ea9fdc14bf29c2b15e2acb925f7db4723f6b382efcbdb10f00837278564a2d0e0da63b755206bdf69faba7e5d7406ec324ca089729a68ca29cbccd17256cb465b91e718b3b64429b8a8e70a72d85b470d85f4b8169ebc74809334db04384c3c2887f09374e60cb3d5c93f3ce5077bcea293b37215ba345f6a30b1d6e08c1cf7024b65ecac5063e177d9af7f687a35c377871d87b00fe7c453199e5c0588a49bf9981651f57468bb37d1812cce02cf1a6df234cf50aabb65959fb7863384d46cbf43600aeb2858a8bea733eec75bcf02f2dfc0c2df6b6c0f807236e67cf6e7253a6f0582cad219daad67c91b8c2f38ad91a9db3bc284f6301f28ad3d1ade08cfc4a8b63268de502d7b4cad5973ce2867a534e576789fe2bd60b15da33d7a5a5e728f6e5ab7052c4636439258979a804bf67aec5546343d7cbee90b4be9d5ef0775d64bfade2daae18d7de4240dd1d88ff3816f2d5c871174b3b48e9fab898abd4cd2df8cb1c3cfff889594a3f08cb935031edbe34aab3433ffd50263a406deef158bbabfa2ec70e79c761d95fcfbef0800c95413068b3789c6b12de5ebe9b414e65ce4f86a6bbccd5ec8e4e220f8ad07255abbaef719ebe1e5d066db4dd1f639cb156c34755eb14053824a1003e97ee54e8dab35f441ee563d80d3163a7b8f71d4f17e240cfae9f2e50c164cf373bb174f5dadafe2430a17be757e30f251d5d60863526a8f46addb932c8170c4a383348c5441aa353e5f1181482d4d0cc0e5d2809c11ee1fac29230c907926c2d3fa55298ae9835c46218650421497d060d15a4194c4d7382a886333375098156a9f0fd6b1d0d94933bb6f285fe51d4aa3037739f143ba20f9b326565f6db49787d1aeb30055ce588dd3c008c0bc1a08935c991067d63003b68b9e2db95360d8aaf2103bb5142c590bb799b268488febc7414b9ae8e108ca4ab4f031adbb9fbe4631c29adb14fb9726df3c6192a3e81b6c34d68e15ee309503ccc1ab240d4ce3c9a099cd7f8782eea9bd1c7005582b9c1fe08030b47958865723652fed003c90703e07f9f1782e33f3bf3d0b83691cd5970fb4af65afa2244bff41e93fa24c33c26c43c93c33a2144aac437a4ab2b4f498104278ec5f2cd38de61eb8b436f5a9dbc3d8b2405ff0598cbcaa964377f61daaf935c42e0db4567520cfee195da1c6090d62031dd0865b2f5aa88be1746a761e3a64b78de338b8996136bbd6b859eb730aa8ab1f68bb5a02b713d8b303ab2ef1e5433d225b0dd485d40a049a1953b488df5314fdbc1c654132498838043c35c7b168e786b0f35a04", 0xdf9}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f962347813", 0xd8}, {&(0x7f0000000bc0)="61275006ed747229311198ab94c7e6699587b0d033c2f17d1ccbd45cba520b6888fbad95d4d6ae3cc7172b392f90693e992e52408ba7f1874d1767303d6acb170f216f71908f53a3be1833a25eb1fb2ba3913dcc1de30c5c7e914b13514dea44fb2b964aaa280d5a85512fede48830ca6ea5cd18ff95c871d91454240f370e0c8e2629e58605c4b29017a160709ec76547c92a21d0ec5589e228922b105d0b8b29256620c44d2118334025dedd46db5194f22b349264de22068d3d4db627db4fa827907e5bc02b69c36e94f8149f12116f75bd48aa86d41dfdf52e74b442782f530da1263fd0f699", 0xe8}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f17", 0x19}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x90}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff6ebac83c264c6deeec6d4546", 0x30}, {&(0x7f0000000ec0)="6e20cbe6a4a132117801a95e6fd3ec5771da8352900bb19979", 0x19}], 0x2, &(0x7f0000000f40)=[@timestamping={{0x14, 0x1, 0x25, 0x5}}], 0x18}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa464613c77", 0x10}], 0x1}}], 0x4, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1.530093245s ago: executing program 3 (id=478): bpf$BPF_LINK_CREATE(0x8, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff, 0x25, 0x0, @val=@tracing={0x0, 0x10}}, 0x20) 1.502502767s ago: executing program 3 (id=479): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0x503, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0) 1.496056827s ago: executing program 0 (id=480): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x80805513, 0x0}) 1.382581485s ago: executing program 2 (id=481): ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x0, 0x0, 0x8, 0xd, 0x200, &(0x7f0000000080)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000a0000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"}) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f) 1.382352955s ago: executing program 3 (id=482): socket(0x10, 0x803, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f0000000200)='m', 0x1) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) pselect6(0x2a, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x1000000, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.375019236s ago: executing program 0 (id=483): r0 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r0, 0x0) ftruncate(r0, 0x3) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') read$FUSE(r1, &(0x7f00000007c0)={0x2020}, 0x2020) 1.279435662s ago: executing program 2 (id=484): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x240048d0}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 1.245291775s ago: executing program 0 (id=485): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(0xffffffffffffffff, 0x40146f2c, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42000) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4) fcntl$setstatus(r3, 0x4, 0x42000) 1.038653299s ago: executing program 2 (id=486): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0) 1.035037169s ago: executing program 2 (id=487): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010025bd7000fadbdf2500000000", @ANYRES32=r1, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES64=r0], 0x44}, 0x1, 0x0, 0x0, 0x40448e0}, 0x4000) 606.308948ms ago: executing program 2 (id=488): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000680), 0xc) fcntl$getownex(r0, 0x10, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r2) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00') syz_usb_disconnect(r3) mkdirat$cgroup(r2, &(0x7f0000000dc0)='syz0\x00', 0x1ff) socket$inet(0x2, 0x4000000000000001, 0x0) fchown(0xffffffffffffffff, 0xee01, 0x0) 206.481296ms ago: executing program 3 (id=489): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x1e8, 0x0, 0xffffffff, 0xffffffff, 0x100, 0xffffffff, 0x198, 0xffffff7a, 0xffffffff, 0x198, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x3, 0x6, '\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r5, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) read(r5, &(0x7f00000000c0)=""/20, 0x14) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000)) setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) socket$kcm(0x10, 0x2, 0x0) 152.33482ms ago: executing program 0 (id=490): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = openat(0xffffffffffffff9c, 0x0, 0x103a42, 0x32) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$OCFS2_IOC_REFLINK(r0, 0x40186f04, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x2, 0x300) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000240)={'\x00', 0x0, 0x92, 0x7fffffff, 0xe, 0x42, 0xffffffffffffffff}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x200002, 0x0) fcntl$setlease(r3, 0x403, 0x0) sched_getaffinity(r2, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r4, &(0x7f0000000580), 0x0, 0x3, 0x8) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000003, 0x204031, 0xffffffffffffffff, 0xffffd000) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r5, 0x6, 0x17, &(0x7f0000000040), &(0x7f0000002000)=0x4) openat$procfs(0xffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(r1, 0x4058587a, &(0x7f0000000580)={{0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000340)={@align=0x5, {0x7f, 0x2, 0x9, 0x5}}, 0x9, 0x0, 0x0}, {[0xffffffff, 0x8, 0x10000, 0x10000]}, 0x710c, 0x0, 0x0}) 0s ago: executing program 1 (id=491): read(0xffffffffffffffff, 0x0, 0x0) r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000640)='\xf0\x891\xb8R\xe6\x8d\x12\xe5\xe3+\xcd24\x01\x80\x1a\xc9A\x93\xb1@\xbf\x89K\xd0\x86\xd9\x86\x18\xc4:\xc3\xe0\xac\xed~\x97\a\xbe\xfb\v1d\xbe\xa1\xc1N\xd2p\xf0\xc6\xf3\x8eD\x1b\xc7q\x99?9\xf1\xe6\f\xa9\x90\xec:\x037\xe8\x0f\rX6\xf2\x88\x8d\r\xd2\xfc+\x19\x9a}\x9c\xd9\x1a\xef\xf1\x16d>ah\xa2\xa7\x02U\x06\xe1\xe1PY\x90\x17\xf0p\x01*!I\xd3$\xd00C\x88*NA\xc3\x95`\xb2\xf1\xb1\xed\x91\xe4\x87\xcf_9\x1eIpAfN\x99\xa9\v)\x98p\xea[\xc5&D\xe7\xf3\xba/\xcd\xdb\x9dz\xb2\xbf\xc6\xea?\x13(\x15\xc1\tm\xe7t,[\x14|bM\xfa\xeb\x91\xb0\xdfAR\xf3\xe2', &(0x7f0000000300)='\x01\x0e!5\xd8\xf2\x92\x97\x86\xf9\xa8\xe7;\xdff3\x83\xb1a\xc9\xe1\x90\x10@\x1chOK\x98\xae\xd6>\xbaN\x1d_N\xcbdIP2$\xbc\xc9\x89\xb5\n\x90-i%\xe2\x94\fH\xf1\xed\r\b\x17\x81>\t\xc30-\xe2\xb3\xb0 [ 118.451321][ T4194] dump_stack_lvl+0x188/0x250 [ 118.456357][ T4194] ? show_regs_print_info+0x20/0x20 [ 118.461741][ T4194] ? load_image+0x400/0x400 [ 118.466526][ T4194] sysfs_create_dir_ns+0x26a/0x290 [ 118.471735][ T4194] ? sysfs_warn_dup+0xa0/0xa0 [ 118.476586][ T4194] ? process_one_work+0x85f/0x1010 [ 118.481815][ T4194] ? do_raw_spin_unlock+0x11d/0x230 [ 118.487349][ T4194] kobject_add_internal+0x6e0/0xd90 [ 118.492645][ T4194] kobject_add+0x160/0x230 [ 118.497327][ T4194] ? kobject_init+0x1d0/0x1d0 [ 118.502009][ T4194] ? klist_children_get+0x50/0x50 [ 118.507138][ T4194] ? get_device_parent+0x121/0x3f0 [ 118.512345][ T4194] device_add+0x483/0xfb0 [ 118.516685][ T4194] hci_conn_add_sysfs+0xd1/0x1e0 [ 118.521717][ T4194] le_conn_complete_evt+0xc48/0x15c0 [ 118.527448][ T4194] ? cs_le_create_conn+0x5e0/0x5e0 [ 118.532565][ T4194] ? __mutex_trylock_common+0x155/0x260 [ 118.538120][ T4194] hci_le_meta_evt+0x285/0x3c90 [ 118.542974][ T4194] ? hci_event_packet+0x37b/0x1370 [ 118.548197][ T4194] ? __lock_acquire+0x7d10/0x7d10 [ 118.553232][ T4194] ? hci_remote_host_features_evt+0x280/0x280 [ 118.559301][ T4194] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 118.564935][ T4194] ? mark_lock+0x94/0x320 [ 118.569437][ T4194] ? mutex_unlock+0x10/0x10 [ 118.574042][ T4194] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 118.580291][ T4194] ? lock_chain_count+0x20/0x20 [ 118.585326][ T4194] ? __rwlock_init+0x140/0x140 [ 118.590103][ T4194] hci_event_packet+0xe48/0x1370 [ 118.595046][ T4194] ? lockdep_hardirqs_on+0x94/0x140 [ 118.600256][ T4194] ? rcu_lock_release+0x20/0x20 [ 118.605120][ T4194] ? hci_send_to_monitor+0x9c/0x4a0 [ 118.610413][ T4194] hci_rx_work+0x255/0xa10 [ 118.615056][ T4194] process_one_work+0x85f/0x1010 [ 118.620048][ T4194] ? worker_detach_from_pool+0x240/0x240 [ 118.625768][ T4194] ? lockdep_hardirqs_off+0x70/0x100 [ 118.631070][ T4194] ? _raw_spin_lock_irq+0xb7/0xf0 [ 118.636106][ T4194] ? _raw_spin_lock_irqsave+0x100/0x100 [ 118.641654][ T4194] ? wq_worker_running+0x97/0x170 [ 118.646779][ T4194] worker_thread+0xaa6/0x1290 [ 118.651567][ T4194] kthread+0x436/0x520 [ 118.655648][ T4194] ? rcu_lock_release+0x20/0x20 [ 118.660654][ T4194] ? kthread_blkcg+0xd0/0xd0 [ 118.665382][ T4194] ret_from_fork+0x1f/0x30 [ 118.670074][ T4194] [ 118.676043][ T4194] kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 118.690522][ T4194] Bluetooth: hci2: failed to register connection device [ 118.940188][ T5002] loop2: detected capacity change from 0 to 7 [ 119.005093][ T5002] Dev loop2: unable to read RDB block 7 [ 119.011741][ T5002] loop2: unable to read partition table [ 119.025625][ T5002] loop2: partition table beyond EOD, truncated [ 119.032546][ T5002] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 120.590794][ T5023] sched: RT throttling activated [ 121.963051][ T5006] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 122.412816][ T263] block nbd0: Attempted send on invalid socket [ 122.419891][ T263] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 122.433426][ T5050] XFS (nbd0): SB validate failed with error -5. [ 122.774562][ T5064] hub 8-0:1.0: USB hub found [ 122.782037][ T5064] hub 8-0:1.0: 1 port detected [ 124.903565][ T21] Bluetooth: hci2: command 0x0406 tx timeout [ 126.408829][ T5115] nfs4: Unknown parameter '*$L' [ 128.371448][ T5135] lo speed is unknown, defaulting to 1000 [ 128.422995][ T5135] lo speed is unknown, defaulting to 1000 [ 128.480069][ T5135] lo speed is unknown, defaulting to 1000 [ 128.539203][ T5135] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 128.640155][ T5135] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 128.782899][ T5135] lo speed is unknown, defaulting to 1000 [ 128.808144][ T5135] lo speed is unknown, defaulting to 1000 [ 128.842603][ T5135] lo speed is unknown, defaulting to 1000 [ 128.872818][ T5135] lo speed is unknown, defaulting to 1000 [ 129.001860][ T5135] lo speed is unknown, defaulting to 1000 [ 129.728658][ T5160] netlink: 256 bytes leftover after parsing attributes in process `syz.2.295'. [ 129.758265][ T5158] netlink: 36 bytes leftover after parsing attributes in process `syz.1.293'. [ 130.804557][ T5184] loop5: detected capacity change from 0 to 7 [ 130.813907][ T5184] Dev loop5: unable to read RDB block 7 [ 130.838982][ T5184] loop5: unable to read partition table [ 130.867344][ T5184] loop5: partition table beyond EOD, truncated [ 130.918906][ T5184] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 132.282303][ T5211] device vlan2 entered promiscuous mode [ 132.288081][ T5211] device team0 entered promiscuous mode [ 132.341492][ T5208] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 132.374138][ T5211] device team_slave_0 entered promiscuous mode [ 132.412790][ T5211] device team_slave_1 entered promiscuous mode [ 132.491820][ T5208] SQUASHFS error: Failed to read block 0x0: -5 [ 133.677375][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.684018][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.772395][ T5243] capability: warning: `syz.4.322' uses deprecated v2 capabilities in a way that may be insecure [ 133.839625][ T4174] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 133.888272][ T5246] netlink: 16 bytes leftover after parsing attributes in process `syz.2.323'. [ 134.030325][ T4227] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 134.109651][ T4174] usb 2-1: Using ep0 maxpacket: 8 [ 134.350411][ T4174] usb 2-1: unable to get BOS descriptor or descriptor too short [ 134.440169][ T4174] usb 2-1: config 8 has an invalid interface number: 23 but max is 0 [ 134.449854][ T4174] usb 2-1: config 8 has no interface number 0 [ 134.649698][ T4174] usb 2-1: New USB device found, idVendor=09d8, idProduct=0320, bcdDevice=c1.83 [ 134.659703][ T4174] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.691937][ T4174] usb 2-1: Product: syz [ 134.706445][ T4174] usb 2-1: Manufacturer: syz [ 134.718319][ T4174] usb 2-1: SerialNumber: syz [ 134.960508][ T4227] usb 1-1: unable to get BOS descriptor or descriptor too short [ 135.010951][ T4227] usb 1-1: not running at top speed; connect to a high speed hub [ 135.130859][ T4227] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 135.165972][ T4227] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 1023 [ 135.450446][ T4227] usb 1-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 135.478071][ T4227] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.527327][ T4227] usb 1-1: Product: 㽀ᕯ昒甡똘嫜㒷䥐Ꞝ鄂ﰜ楸䍐궍噐ᅫꉋ츢Ǒ等≤華ꢑ밻ﺣ돱汰齢㐥䨓䶀铖ꛅ州穦倆㖄⠗⎽骢녑冭ꬥ脪藢㤘绣⊏⥄㞗꣱큉 [ 135.775791][ T4227] usb 1-1: Manufacturer: ᣀ訿斖ᰇꟂՊᷬ⁇췹蟸鶎裱濼ڭ礽Ꝩ孹䙡贒삖戛 [ 135.819567][ T4227] usb 1-1: SerialNumber: syz [ 135.906786][ T1107] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 135.942736][ T4174] usb 2-1: USB disconnect, device number 7 [ 136.107755][ T5274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.331'. [ 136.239774][ T1107] usb 5-1: Using ep0 maxpacket: 8 [ 136.390851][ T1107] usb 5-1: config 4 has an invalid interface number: 4 but max is 0 [ 136.530480][ T1107] usb 5-1: config 4 has no interface number 0 [ 136.764501][ T1107] usb 5-1: config 4 interface 4 altsetting 204 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 136.780352][ T1107] usb 5-1: config 4 interface 4 has no altsetting 0 [ 136.939956][ T1107] usb 5-1: New USB device found, idVendor=1519, idProduct=0452, bcdDevice=b6.d5 [ 136.963510][ T1107] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.975688][ T5285] vivid-000: disconnect [ 136.989362][ T4227] usb 1-1: USB disconnect, device number 5 [ 137.171750][ T1107] usb 5-1: Product: syz [ 137.176603][ T1107] usb 5-1: Manufacturer: syz [ 137.181591][ T1107] usb 5-1: SerialNumber: syz [ 137.210326][ T5287] netlink: 284 bytes leftover after parsing attributes in process `syz.0.340'. [ 137.418074][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 137.559875][ T4227] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 137.768197][ T1107] cdc_acm 5-1:4.4: skipping garbage [ 137.872695][ T4227] usb 3-1: device descriptor read/64, error -71 [ 137.883800][ T1107] usb 5-1: USB disconnect, device number 5 [ 138.499748][ T4227] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 138.805478][ T4227] usb 3-1: device descriptor read/64, error -71 [ 138.951917][ T4227] usb usb3-port1: attempt power cycle [ 139.033648][ T5298] ceph: No mds server is up or the cluster is laggy [ 139.046000][ T21] libceph: connect (1)[c::]:6789 error -101 [ 139.065991][ T21] libceph: mon0 (1)[c::]:6789 connect error [ 139.144273][ T5319] netlink: 'syz.0.350': attribute type 3 has an invalid length. [ 139.152456][ T5319] netlink: 3 bytes leftover after parsing attributes in process `syz.0.350'. [ 139.167217][ T5319] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 139.264992][ T5317] device bridge0 entered promiscuous mode [ 139.308940][ T5317] device vlan2 entered promiscuous mode [ 139.371628][ T1107] libceph: connect (1)[c::]:6789 error -101 [ 139.381748][ T1107] libceph: mon0 (1)[c::]:6789 connect error [ 139.975687][ T4227] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 140.022527][ T5280] vivid-000: reconnect [ 140.059763][ T4227] usb 3-1: device descriptor read/8, error -71 [ 141.699676][ T5354] ptrace attach of "./syz-executor exec"[4185] was attempted by " [ 142.799640][ T4227] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 143.429850][ T4227] usb 3-1: unable to get BOS descriptor or descriptor too short [ 143.489802][ T4227] usb 3-1: not running at top speed; connect to a high speed hub [ 143.569869][ T4227] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 143.754310][ T4227] usb 3-1: New USB device found, idVendor=0c88, idProduct=0021, bcdDevice= c.60 [ 143.782210][ T4227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=2 [ 143.859845][ T5300] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 143.882561][ T4227] usb 3-1: Product: syz [ 143.926040][ T4227] usb 3-1: Manufacturer: syz [ 143.999285][ T4227] usb 3-1: SerialNumber: syz [ 144.303631][ T5300] usb 1-1: unable to get BOS descriptor or descriptor too short [ 144.389971][ T5300] usb 1-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 144.419663][ T4767] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 144.429717][ T4227] usb 3-1: palm_os_4_probe - error -71 getting connection info [ 144.448389][ T5300] usb 1-1: config 1 interface 0 has no altsetting 0 [ 144.468718][ T4227] visor 3-1:1.0: Handspring Visor / Palm OS converter detected [ 144.487568][ T4227] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 144.501381][ T4227] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 144.536563][ T4227] usb 3-1: USB disconnect, device number 10 [ 144.567466][ T4227] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 144.598116][ T4227] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 144.616094][ T4227] visor 3-1:1.0: device disconnected [ 144.655396][ T5300] usb 1-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.40 [ 144.687342][ T5300] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.708061][ T5300] usb 1-1: Product: syz [ 144.712984][ T4767] usb 4-1: Using ep0 maxpacket: 16 [ 144.718567][ T5300] usb 1-1: Manufacturer: syz [ 144.723622][ T5300] usb 1-1: SerialNumber: syz [ 144.830039][ T4767] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.856551][ T4767] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 145.024873][ T5300] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input9 [ 145.035657][ T4767] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 145.052085][ T4767] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.076087][ T4767] usb 4-1: Product: syz [ 145.086592][ T4767] usb 4-1: Manufacturer: syz [ 145.091787][ T3546] bcm5974 1-1:1.0: could not read from device [ 145.098655][ T4767] usb 4-1: SerialNumber: syz [ 145.123414][ T5300] usb 1-1: USB disconnect, device number 6 [ 145.249714][ T1107] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 145.439767][ T4767] usb 4-1: 0:2 : does not exist [ 145.476954][ T4767] usb 4-1: USB disconnect, device number 7 [ 145.521192][ T1107] usb 3-1: Using ep0 maxpacket: 8 [ 145.719866][ T1107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 145.739689][ T1107] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 145.749131][ T1107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.848964][ T1107] usb 3-1: config 0 descriptor?? [ 147.071810][ T5440] Zero length message leads to an empty skb [ 147.073199][ T1107] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 147.324242][ T1107] usb 3-1: USB disconnect, device number 11 [ 149.775459][ T5468] ptrace attach of "./syz-executor exec"[4190] was attempted by " [ 152.379764][ T7] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 152.515654][ T5495] netlink: 16 bytes leftover after parsing attributes in process `syz.2.413'. [ 152.529718][ T5495] netlink: 40 bytes leftover after parsing attributes in process `syz.2.413'. [ 152.594864][ T5495] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (16187392) [ 152.884377][ T7] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 152.902060][ T7] usb 1-1: config 0 has no interface number 0 [ 152.918710][ T7] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 152.955426][ T7] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 152.986538][ T7] usb 1-1: config 0 interface 255 has no altsetting 0 [ 153.004131][ T7] usb 1-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 153.035781][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.077978][ T7] usb 1-1: config 0 descriptor?? [ 153.124297][ T7] ums-realtek 1-1:0.255: USB Mass Storage device detected [ 153.333671][ T4767] usb 1-1: USB disconnect, device number 7 [ 154.319742][ T4228] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 154.951190][ T4228] usb 1-1: Using ep0 maxpacket: 8 [ 155.105960][ T4228] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 155.118977][ T4228] usb 1-1: config 0 has no interface number 0 [ 155.292087][ T4228] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 155.304759][ T4228] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 155.316229][ T4228] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 155.335092][ T4228] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 155.345930][ T4228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.362422][ T4228] usb 1-1: config 0 descriptor?? [ 155.490936][ T4228] ldusb 1-1:0.55: Interrupt in endpoint not found [ 155.793872][ T4228] usb 1-1: USB disconnect, device number 8 [ 156.718340][ T5578] ALSA: mixer_oss: invalid OSS volume '' [ 157.188963][ T5591] binder: 5589:5591 ioctl 4018620d 0 returned -22 [ 157.389237][ T5609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.454'. [ 157.400261][ T5609] netlink: 3 bytes leftover after parsing attributes in process `syz.1.454'. [ 158.779911][ T5651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.470'. [ 158.902440][ T5660] netlink: 4 bytes leftover after parsing attributes in process `syz.2.473'. [ 158.932635][ T5660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.473'. [ 159.119697][ T1107] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 159.619965][ T5688] netlink: 8 bytes leftover after parsing attributes in process `syz.2.487'. [ 159.629138][ T5688] bond0: Unable to set down delay as MII monitoring is disabled [ 159.637427][ T1107] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 159.706427][ T1107] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 159.910653][ T1107] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 160.000588][ T1107] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 160.121602][ T1107] usb 5-1: SerialNumber: syz [ 160.479373][ T7] Bluetooth: hci4: command 0x201b tx timeout [ 160.623822][ T5698] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 160.672436][ T1107] usb 5-1: 0:2 : does not exist [ 160.712280][ T1107] usb 5-1: USB disconnect, device number 6 [ 160.749815][ T5698] [ 160.752168][ T5698] ====================================================== [ 160.759445][ T5698] WARNING: possible circular locking dependency detected [ 160.766482][ T5698] syzkaller #0 Not tainted [ 160.770990][ T5698] ------------------------------------------------------ [ 160.778000][ T5698] syz.3.489/5698 is trying to acquire lock: [ 160.783977][ T5698] ffff888060c14120 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_device_event+0x217/0x4f0 [ 160.793475][ T5698] [ 160.793475][ T5698] but task is already holding lock: [ 160.800959][ T5698] ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30 [ 160.809213][ T5698] [ 160.809213][ T5698] which lock already depends on the new lock. [ 160.809213][ T5698] [ 160.819802][ T5698] [ 160.819802][ T5698] the existing dependency chain (in reverse order) is: [ 160.828822][ T5698] [ 160.828822][ T5698] -> #1 (rtnl_mutex){+.+.}-{3:3}: [ 160.836064][ T5698] __mutex_lock_common+0x1e3/0x2400 [ 160.841793][ T5698] mutex_lock_nested+0x17/0x20 [ 160.847073][ T5698] ax25_setsockopt+0x859/0xa60 [ 160.852449][ T5698] __sys_setsockopt+0x2bf/0x3d0 [ 160.858100][ T5698] __x64_sys_setsockopt+0xb1/0xc0 [ 160.863899][ T5698] do_syscall_64+0x4c/0xa0 [ 160.868838][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 160.875362][ T5698] [ 160.875362][ T5698] -> #0 (sk_lock-AF_AX25){+.+.}-{0:0}: [ 160.883604][ T5698] __lock_acquire+0x2c42/0x7d10 [ 160.889285][ T5698] lock_acquire+0x19e/0x400 [ 160.894319][ T5698] lock_sock_nested+0x44/0x100 [ 160.899610][ T5698] ax25_device_event+0x217/0x4f0 [ 160.905066][ T5698] raw_notifier_call_chain+0xcb/0x160 [ 160.911223][ T5698] __dev_notify_flags+0x158/0x300 [ 160.916771][ T5698] dev_change_flags+0xe3/0x1a0 [ 160.922089][ T5698] dev_ifsioc+0x130/0xd50 [ 160.926934][ T5698] dev_ioctl+0x545/0xe30 [ 160.931778][ T5698] sock_do_ioctl+0x245/0x320 [ 160.937060][ T5698] sock_ioctl+0x4d2/0x710 [ 160.942136][ T5698] __se_sys_ioctl+0xfa/0x170 [ 160.947350][ T5698] do_syscall_64+0x4c/0xa0 [ 160.952313][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 160.959168][ T5698] [ 160.959168][ T5698] other info that might help us debug this: [ 160.959168][ T5698] [ 160.969499][ T5698] Possible unsafe locking scenario: [ 160.969499][ T5698] [ 160.977261][ T5698] CPU0 CPU1 [ 160.982897][ T5698] ---- ---- [ 160.988902][ T5698] lock(rtnl_mutex); [ 160.993135][ T5698] lock(sk_lock-AF_AX25); [ 161.000070][ T5698] lock(rtnl_mutex); [ 161.006744][ T5698] lock(sk_lock-AF_AX25); [ 161.011164][ T5698] [ 161.011164][ T5698] *** DEADLOCK *** [ 161.011164][ T5698] [ 161.019414][ T5698] 1 lock held by syz.3.489/5698: [ 161.024550][ T5698] #0: ffffffff8d43cb48 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x534/0xe30 [ 161.033377][ T5698] [ 161.033377][ T5698] stack backtrace: [ 161.039256][ T5698] CPU: 1 PID: 5698 Comm: syz.3.489 Not tainted syzkaller #0 [ 161.046623][ T5698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 161.056919][ T5698] Call Trace: [ 161.060195][ T5698] [ 161.063120][ T5698] dump_stack_lvl+0x188/0x250 [ 161.067790][ T5698] ? load_image+0x400/0x400 [ 161.072285][ T5698] ? show_regs_print_info+0x20/0x20 [ 161.077495][ T5698] ? print_circular_bug+0x12b/0x1a0 [ 161.082810][ T5698] check_noncircular+0x296/0x330 [ 161.087746][ T5698] ? stack_trace_snprint+0xf0/0xf0 [ 161.093172][ T5698] ? add_chain_block+0x940/0x940 [ 161.098337][ T5698] ? lockdep_lock+0xf1/0x1f0 [ 161.102942][ T5698] ? mark_lock+0x94/0x320 [ 161.107506][ T5698] __lock_acquire+0x2c42/0x7d10 [ 161.112833][ T5698] ? mark_lock+0x94/0x320 [ 161.117170][ T5698] ? verify_lock_unused+0x140/0x140 [ 161.122547][ T5698] ? verify_lock_unused+0x140/0x140 [ 161.127766][ T5698] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 161.133865][ T5698] ? lockdep_hardirqs_on_prepare+0x770/0x770 [ 161.140032][ T5698] ? mark_lock+0x94/0x320 [ 161.144534][ T5698] lock_acquire+0x19e/0x400 [ 161.149060][ T5698] ? ax25_device_event+0x217/0x4f0 [ 161.154543][ T5698] ? lock_chain_count+0x20/0x20 [ 161.159420][ T5698] ? read_lock_is_recursive+0x10/0x10 [ 161.164802][ T5698] ? __local_bh_enable_ip+0x136/0x1c0 [ 161.170290][ T5698] ? lockdep_hardirqs_on+0x94/0x140 [ 161.175755][ T5698] ? __local_bh_enable_ip+0x136/0x1c0 [ 161.181477][ T5698] ? _local_bh_enable+0xa0/0xa0 [ 161.186437][ T5698] lock_sock_nested+0x44/0x100 [ 161.191199][ T5698] ? ax25_device_event+0x217/0x4f0 [ 161.196305][ T5698] ax25_device_event+0x217/0x4f0 [ 161.201732][ T5698] raw_notifier_call_chain+0xcb/0x160 [ 161.207115][ T5698] __dev_notify_flags+0x158/0x300 [ 161.212357][ T5698] ? __dev_change_flags+0x6a0/0x6a0 [ 161.217668][ T5698] ? __dev_change_flags+0x4d0/0x6a0 [ 161.222883][ T5698] ? dev_get_flags+0x1c0/0x1c0 [ 161.227653][ T5698] ? __mutex_lock_common+0x465/0x2400 [ 161.233018][ T5698] dev_change_flags+0xe3/0x1a0 [ 161.237950][ T5698] dev_ifsioc+0x130/0xd50 [ 161.242271][ T5698] ? dev_ioctl+0xe30/0xe30 [ 161.246864][ T5698] ? apparmor_capable+0x12c/0x190 [ 161.252071][ T5698] ? full_name_hash+0x8e/0xe0 [ 161.256743][ T5698] dev_ioctl+0x545/0xe30 [ 161.261098][ T5698] ? _copy_from_user+0x111/0x170 [ 161.266129][ T5698] sock_do_ioctl+0x245/0x320 [ 161.270994][ T5698] ? sock_show_fdinfo+0xb0/0xb0 [ 161.275948][ T5698] sock_ioctl+0x4d2/0x710 [ 161.280442][ T5698] ? sock_poll+0x410/0x410 [ 161.284938][ T5698] ? bpf_lsm_file_ioctl+0x5/0x10 [ 161.290036][ T5698] ? security_file_ioctl+0x7c/0xa0 [ 161.295228][ T5698] ? sock_poll+0x410/0x410 [ 161.299721][ T5698] __se_sys_ioctl+0xfa/0x170 [ 161.304314][ T5698] do_syscall_64+0x4c/0xa0 [ 161.308807][ T5698] ? clear_bhb_loop+0x30/0x80 [ 161.313470][ T5698] ? clear_bhb_loop+0x30/0x80 [ 161.318136][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 161.324103][ T5698] RIP: 0033:0x7f1440edb819 [ 161.328929][ T5698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.348919][ T5698] RSP: 002b:00007f143f114028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.357704][ T5698] RAX: ffffffffffffffda RBX: 00007f1441155090 RCX: 00007f1440edb819 [ 161.365870][ T5698] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000008 [ 161.373867][ T5698] RBP: 00007f1440f71c91 R08: 0000000000000000 R09: 0000000000000000 [ 161.382011][ T5698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.390074][ T5698] R13: 00007f1441155128 R14: 00007f1441155090 R15: 00007ffeb2859188 [ 161.398352][ T5698] [ 161.419848][ T5698] ================================================================== [ 161.427951][ T5698] BUG: KASAN: use-after-free in ax25_dev_device_down+0x35e/0x520 [ 161.436068][ T5698] Write of size 4 at addr ffff88802ac78cb8 by task syz.3.489/5698 [ 161.444186][ T5698] [ 161.446664][ T5698] CPU: 1 PID: 5698 Comm: syz.3.489 Not tainted syzkaller #0 [ 161.467769][ T5698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 161.478037][ T5698] Call Trace: [ 161.481540][ T5698] [ 161.484474][ T5698] dump_stack_lvl+0x188/0x250 [ 161.489338][ T5698] ? show_regs_print_info+0x20/0x20 [ 161.494548][ T5698] ? _printk+0xda/0x130 [ 161.498803][ T5698] ? ax25_dev_device_down+0x35e/0x520 [ 161.504269][ T5698] ? load_image+0x400/0x400 [ 161.508767][ T5698] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 161.514235][ T5698] print_address_description+0x60/0x2d0 [ 161.519888][ T5698] ? ax25_dev_device_down+0x35e/0x520 [ 161.525358][ T5698] kasan_report+0xdf/0x130 [ 161.529865][ T5698] ? ax25_dev_device_down+0x35e/0x520 [ 161.535259][ T5698] kasan_check_range+0x235/0x290 [ 161.540187][ T5698] ax25_dev_device_down+0x35e/0x520 [ 161.545628][ T5698] ax25_device_event+0x4b4/0x4f0 [ 161.550652][ T5698] raw_notifier_call_chain+0xcb/0x160 [ 161.556373][ T5698] __dev_notify_flags+0x158/0x300 [ 161.561612][ T5698] ? __dev_change_flags+0x6a0/0x6a0 [ 161.566805][ T5698] ? __dev_change_flags+0x4d0/0x6a0 [ 161.572000][ T5698] ? dev_get_flags+0x1c0/0x1c0 [ 161.576768][ T5698] ? __mutex_lock_common+0x465/0x2400 [ 161.582163][ T5698] dev_change_flags+0xe3/0x1a0 [ 161.586942][ T5698] dev_ifsioc+0x130/0xd50 [ 161.591265][ T5698] ? dev_ioctl+0xe30/0xe30 [ 161.595953][ T5698] ? apparmor_capable+0x12c/0x190 [ 161.601114][ T5698] ? full_name_hash+0x8e/0xe0 [ 161.606102][ T5698] dev_ioctl+0x545/0xe30 [ 161.610406][ T5698] ? _copy_from_user+0x111/0x170 [ 161.615656][ T5698] sock_do_ioctl+0x245/0x320 [ 161.620277][ T5698] ? sock_show_fdinfo+0xb0/0xb0 [ 161.625229][ T5698] sock_ioctl+0x4d2/0x710 [ 161.629655][ T5698] ? sock_poll+0x410/0x410 [ 161.634088][ T5698] ? bpf_lsm_file_ioctl+0x5/0x10 [ 161.639347][ T5698] ? security_file_ioctl+0x7c/0xa0 [ 161.644810][ T5698] ? sock_poll+0x410/0x410 [ 161.649289][ T5698] __se_sys_ioctl+0xfa/0x170 [ 161.654064][ T5698] do_syscall_64+0x4c/0xa0 [ 161.658578][ T5698] ? clear_bhb_loop+0x30/0x80 [ 161.663244][ T5698] ? clear_bhb_loop+0x30/0x80 [ 161.668261][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 161.674406][ T5698] RIP: 0033:0x7f1440edb819 [ 161.679020][ T5698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.698979][ T5698] RSP: 002b:00007f143f114028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.707967][ T5698] RAX: ffffffffffffffda RBX: 00007f1441155090 RCX: 00007f1440edb819 [ 161.716159][ T5698] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000008 [ 161.724644][ T5698] RBP: 00007f1440f71c91 R08: 0000000000000000 R09: 0000000000000000 [ 161.732978][ T5698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.741234][ T5698] R13: 00007f1441155128 R14: 00007f1441155090 R15: 00007ffeb2859188 [ 161.749397][ T5698] [ 161.752758][ T5698] [ 161.755076][ T5698] Allocated by task 5698: [ 161.759391][ T5698] __kasan_kmalloc+0xb5/0xf0 [ 161.764188][ T5698] ax25_dev_device_up+0x50/0x580 [ 161.769233][ T5698] ax25_device_event+0x483/0x4f0 [ 161.774162][ T5698] raw_notifier_call_chain+0xcb/0x160 [ 161.779619][ T5698] __dev_notify_flags+0x194/0x300 [ 161.784643][ T5698] dev_change_flags+0xe3/0x1a0 [ 161.789411][ T5698] dev_ifsioc+0x130/0xd50 [ 161.793765][ T5698] dev_ioctl+0x545/0xe30 [ 161.798083][ T5698] sock_do_ioctl+0x245/0x320 [ 161.802745][ T5698] sock_ioctl+0x4d2/0x710 [ 161.807057][ T5698] __se_sys_ioctl+0xfa/0x170 [ 161.811732][ T5698] do_syscall_64+0x4c/0xa0 [ 161.816398][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 161.822281][ T5698] [ 161.824593][ T5698] Freed by task 5698: [ 161.828666][ T5698] kasan_set_track+0x4b/0x70 [ 161.833510][ T5698] kasan_set_free_info+0x1f/0x40 [ 161.838468][ T5698] ____kasan_slab_free+0xd5/0x110 [ 161.843663][ T5698] slab_free_freelist_hook+0xea/0x170 [ 161.849233][ T5698] kfree+0xef/0x2a0 [ 161.853039][ T5698] ax25_dev_device_down+0x1c0/0x520 [ 161.858240][ T5698] ax25_device_event+0x4b4/0x4f0 [ 161.863174][ T5698] raw_notifier_call_chain+0xcb/0x160 [ 161.868646][ T5698] __dev_notify_flags+0x158/0x300 [ 161.874057][ T5698] dev_change_flags+0xe3/0x1a0 [ 161.878922][ T5698] dev_ifsioc+0x130/0xd50 [ 161.883525][ T5698] dev_ioctl+0x545/0xe30 [ 161.887848][ T5698] sock_do_ioctl+0x245/0x320 [ 161.892546][ T5698] sock_ioctl+0x4d2/0x710 [ 161.897049][ T5698] __se_sys_ioctl+0xfa/0x170 [ 161.901735][ T5698] do_syscall_64+0x4c/0xa0 [ 161.906144][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 161.912030][ T5698] [ 161.914493][ T5698] Last potentially related work creation: [ 161.920426][ T5698] kasan_save_stack+0x35/0x60 [ 161.925203][ T5698] kasan_record_aux_stack+0xb8/0x100 [ 161.930672][ T5698] insert_work+0x54/0x3d0 [ 161.934995][ T5698] __queue_work+0x9c5/0xd50 [ 161.939798][ T5698] queue_work_on+0x124/0x1f0 [ 161.944373][ T5698] loop_queue_rq+0x9d8/0xac0 [ 161.948959][ T5698] __blk_mq_try_issue_directly+0x497/0x820 [ 161.954870][ T5698] blk_mq_try_issue_directly+0xaf/0x270 [ 161.960543][ T5698] blk_mq_submit_bio+0xfa1/0x1820 [ 161.965662][ T5698] __submit_bio+0x7d1/0x820 [ 161.970498][ T5698] submit_bio_noacct+0x6b0/0x800 [ 161.975698][ T5698] submit_bio+0x2c1/0x560 [ 161.980149][ T5698] block_read_full_page+0x8ff/0xd40 [ 161.985552][ T5698] do_read_cache_page+0x8a1/0x1030 [ 161.990955][ T5698] read_part_sector+0xd4/0x4f0 [ 161.995858][ T5698] adfspart_check_ICS+0xc3/0xe40 [ 162.000932][ T5698] bdev_disk_changed+0x933/0x16c0 [ 162.005954][ T5698] loop_reread_partitions+0x5f/0xf0 [ 162.011161][ T5698] loop_configure+0x1146/0x1480 [ 162.016029][ T5698] lo_ioctl+0xb85/0x20f0 [ 162.020356][ T5698] blkdev_ioctl+0x33b/0x700 [ 162.024875][ T5698] block_ioctl+0xac/0xf0 [ 162.029106][ T5698] __se_sys_ioctl+0xfa/0x170 [ 162.033966][ T5698] do_syscall_64+0x4c/0xa0 [ 162.038695][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 162.044768][ T5698] [ 162.047172][ T5698] Second to last potentially related work creation: [ 162.053976][ T5698] kasan_save_stack+0x35/0x60 [ 162.058768][ T5698] kasan_record_aux_stack+0xb8/0x100 [ 162.064130][ T5698] insert_work+0x54/0x3d0 [ 162.068450][ T5698] __queue_work+0x9c5/0xd50 [ 162.073202][ T5698] queue_work_on+0x124/0x1f0 [ 162.078042][ T5698] netdevice_event+0x803/0x900 [ 162.082811][ T5698] raw_notifier_call_chain+0xcb/0x160 [ 162.088172][ T5698] __dev_notify_flags+0x194/0x300 [ 162.093368][ T5698] dev_change_flags+0xe3/0x1a0 [ 162.098321][ T5698] do_setlink+0xcdb/0x3d60 [ 162.102761][ T5698] rtnl_newlink+0x1658/0x1a50 [ 162.107437][ T5698] rtnetlink_rcv_msg+0x844/0xf30 [ 162.112365][ T5698] netlink_rcv_skb+0x1f5/0x440 [ 162.117403][ T5698] netlink_unicast+0x774/0x920 [ 162.122365][ T5698] netlink_sendmsg+0x8ba/0xbe0 [ 162.127116][ T5698] __sys_sendto+0x46d/0x620 [ 162.131609][ T5698] __x64_sys_sendto+0xda/0xf0 [ 162.136360][ T5698] do_syscall_64+0x4c/0xa0 [ 162.140766][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 162.146646][ T5698] [ 162.148954][ T5698] The buggy address belongs to the object at ffff88802ac78c00 [ 162.148954][ T5698] which belongs to the cache kmalloc-192 of size 192 [ 162.163084][ T5698] The buggy address is located 184 bytes inside of [ 162.163084][ T5698] 192-byte region [ffff88802ac78c00, ffff88802ac78cc0) [ 162.176700][ T5698] The buggy address belongs to the page: [ 162.182550][ T5698] page:ffffea0000ab1e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ac78 [ 162.192970][ T5698] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 162.200620][ T5698] raw: 00fff00000000200 ffffea000068fc80 0000000500000005 ffff888016c41a00 [ 162.209661][ T5698] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 162.218320][ T5698] page dumped because: kasan: bad access detected [ 162.224729][ T5698] page_owner tracks the page as allocated [ 162.230427][ T5698] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 1233, ts 70248687392, free_ts 70163538685 [ 162.246476][ T5698] get_page_from_freelist+0x1bbd/0x1ca0 [ 162.252026][ T5698] __alloc_pages+0x1ee/0x480 [ 162.256815][ T5698] new_slab+0xb6/0x4b0 [ 162.260883][ T5698] ___slab_alloc+0x80a/0xdd0 [ 162.265555][ T5698] __kmalloc_node+0x200/0x3b0 [ 162.270304][ T5698] memcg_alloc_page_obj_cgroups+0x81/0x120 [ 162.276099][ T5698] new_slab+0x100/0x4b0 [ 162.280242][ T5698] ___slab_alloc+0x80a/0xdd0 [ 162.284901][ T5698] kmem_cache_alloc+0x195/0x290 [ 162.289840][ T5698] __d_alloc+0x2a/0x6f0 [ 162.294173][ T5698] d_alloc_parallel+0x7b/0x1330 [ 162.299400][ T5698] __lookup_slow+0x134/0x410 [ 162.303982][ T5698] lookup_one_len+0x19d/0x2d0 [ 162.308734][ T5698] start_creating+0x184/0x310 [ 162.313511][ T5698] __debugfs_create_file+0x6f/0x510 [ 162.318976][ T5698] ieee80211_sta_debugfs_add+0x1ac/0x780 [ 162.324742][ T5698] page last free stack trace: [ 162.329551][ T5698] free_unref_page_prepare+0x637/0x6c0 [ 162.335193][ T5698] free_unref_page+0x8f/0x2a0 [ 162.339950][ T5698] qlist_free_all+0x35/0x90 [ 162.344530][ T5698] kasan_quarantine_reduce+0x150/0x160 [ 162.350173][ T5698] __kasan_slab_alloc+0x2f/0xd0 [ 162.355205][ T5698] slab_post_alloc_hook+0x4c/0x380 [ 162.360657][ T5698] kmem_cache_alloc_node+0x12d/0x2d0 [ 162.366019][ T5698] __alloc_skb+0xf4/0x750 [ 162.370616][ T5698] netlink_sendmsg+0x654/0xbe0 [ 162.375399][ T5698] ____sys_sendmsg+0x5b7/0x8f0 [ 162.380168][ T5698] ___sys_sendmsg+0x236/0x2e0 [ 162.384844][ T5698] __se_sys_sendmsg+0x1af/0x290 [ 162.389918][ T5698] do_syscall_64+0x4c/0xa0 [ 162.394393][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 162.400543][ T5698] [ 162.402853][ T5698] Memory state around the buggy address: [ 162.408514][ T5698] ffff88802ac78b80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 162.417370][ T5698] ffff88802ac78c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 162.425703][ T5698] >ffff88802ac78c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 162.433759][ T5698] ^ [ 162.439761][ T5698] ffff88802ac78d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 162.448349][ T5698] ffff88802ac78d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 162.456755][ T5698] ================================================================== [ 162.563808][ T4228] libceph: connect (1)[c::]:6789 error -101 [ 162.580521][ T4228] libceph: mon0 (1)[c::]:6789 connect error [ 162.586083][ T5698] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 162.594679][ T5698] CPU: 0 PID: 5698 Comm: syz.3.489 Tainted: G B syzkaller #0 [ 162.603815][ T5698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 162.614037][ T5698] Call Trace: [ 162.617304][ T5698] [ 162.620223][ T5698] dump_stack_lvl+0x188/0x250 [ 162.624892][ T5698] ? show_regs_print_info+0x20/0x20 [ 162.630099][ T5698] ? load_image+0x400/0x400 [ 162.634720][ T5698] panic+0x2e5/0x810 [ 162.638648][ T5698] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 162.644800][ T5698] ? bpf_jit_dump+0xd0/0xd0 [ 162.649320][ T5698] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 162.655414][ T5698] ? _raw_spin_unlock+0x40/0x40 [ 162.660342][ T5698] ? ax25_dev_device_down+0x35e/0x520 [ 162.665790][ T5698] check_panic_on_warn+0x80/0xa0 [ 162.671067][ T5698] ? ax25_dev_device_down+0x35e/0x520 [ 162.676610][ T5698] end_report+0x6d/0xf0 [ 162.680763][ T5698] kasan_report+0x102/0x130 [ 162.685251][ T5698] ? ax25_dev_device_down+0x35e/0x520 [ 162.690732][ T5698] kasan_check_range+0x235/0x290 [ 162.695682][ T5698] ax25_dev_device_down+0x35e/0x520 [ 162.700988][ T5698] ax25_device_event+0x4b4/0x4f0 [ 162.706023][ T5698] raw_notifier_call_chain+0xcb/0x160 [ 162.711485][ T5698] __dev_notify_flags+0x158/0x300 [ 162.716543][ T5698] ? __dev_change_flags+0x6a0/0x6a0 [ 162.721900][ T5698] ? __dev_change_flags+0x4d0/0x6a0 [ 162.727129][ T5698] ? dev_get_flags+0x1c0/0x1c0 [ 162.731913][ T5698] ? __mutex_lock_common+0x465/0x2400 [ 162.737387][ T5698] dev_change_flags+0xe3/0x1a0 [ 162.740149][ T4228] libceph: connect (1)[c::]:6789 error -101 [ 162.742187][ T5698] dev_ifsioc+0x130/0xd50 [ 162.742212][ T5698] ? dev_ioctl+0xe30/0xe30 [ 162.748431][ T4228] libceph: mon0 (1)[c::]:6789 connect error [ 162.752692][ T5698] ? apparmor_capable+0x12c/0x190 [ 162.752721][ T5698] ? full_name_hash+0x8e/0xe0 [ 162.752744][ T5698] dev_ioctl+0x545/0xe30 [ 162.777124][ T5698] ? _copy_from_user+0x111/0x170 [ 162.782178][ T5698] sock_do_ioctl+0x245/0x320 [ 162.786984][ T5698] ? sock_show_fdinfo+0xb0/0xb0 [ 162.791843][ T5698] sock_ioctl+0x4d2/0x710 [ 162.796257][ T5698] ? sock_poll+0x410/0x410 [ 162.800760][ T5698] ? bpf_lsm_file_ioctl+0x5/0x10 [ 162.805973][ T5698] ? security_file_ioctl+0x7c/0xa0 [ 162.811085][ T5698] ? sock_poll+0x410/0x410 [ 162.815619][ T5698] __se_sys_ioctl+0xfa/0x170 [ 162.820237][ T5698] do_syscall_64+0x4c/0xa0 [ 162.824190][ T5701] ceph: No mds server is up or the cluster is laggy [ 162.824658][ T5698] ? clear_bhb_loop+0x30/0x80 [ 162.824685][ T5698] ? clear_bhb_loop+0x30/0x80 [ 162.840840][ T5698] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 162.847042][ T5698] RIP: 0033:0x7f1440edb819 [ 162.851473][ T5698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 162.871272][ T5698] RSP: 002b:00007f143f114028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 162.879921][ T5698] RAX: ffffffffffffffda RBX: 00007f1441155090 RCX: 00007f1440edb819 [ 162.888189][ T5698] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000008 [ 162.896189][ T5698] RBP: 00007f1440f71c91 R08: 0000000000000000 R09: 0000000000000000 [ 162.904515][ T5698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.912593][ T5698] R13: 00007f1441155128 R14: 00007f1441155090 R15: 00007ffeb2859188 [ 162.920681][ T5698] [ 162.924114][ T5698] Kernel Offset: disabled [ 162.928436][ T5698] Rebooting in 86400 seconds..