last executing test programs: 7.243027983s ago: executing program 2 (id=3): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f00000001c0)={0x48}) (fail_nth: 3) 6.61791304s ago: executing program 2 (id=6): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c00048028000180090001006c617374000000001800028008000140000000080c00024000000000000000060900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0) (fail_nth: 3) 6.488826736s ago: executing program 2 (id=7): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000200)={r1, 0x2}, &(0x7f0000000240)=0x8) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b0ad25a80648c2594f90124fc60100c030002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) socket$inet6_sctp(0xa, 0x1, 0x84) (async) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000100)=0x10) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000200)={r1, 0x2}, &(0x7f0000000240)=0x8) (async) socket$kcm(0x10, 0x3, 0x10) (async) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b0ad25a80648c2594f90124fc60100c030002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) (async) 6.454022592s ago: executing program 4 (id=5): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)={0x54, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x2c, 0x8, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x54}}, 0x0) 6.241005888s ago: executing program 4 (id=8): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c00048028000180090001006c617374000000001800028008000140000000080c00024000000000000000060900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0) 6.17865369s ago: executing program 0 (id=1): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0) pread64(r1, 0x0, 0x0, 0x4000000000a2) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x78, 0x0, 0x8002, 0xa2, 0x2bc, 0x6, 0x7, 0x0, 0x0}, &(0x7f0000000240)=0x20) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280)={r2}, &(0x7f00000002c0)=0x8) chdir(0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000200)={@host}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, &(0x7f0000000180)={@local}) close(r3) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000080)=0x200000000) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000380)={0x2, 0x1, 0x0, &(0x7f0000000300)=""/121, 0x0, 0x80a0000}) write$vhost_msg_v2(r5, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000140)=""/128, 0x20000, 0x0, 0x0, 0x2}}, 0x48) mount$tmpfs(0x0, &(0x7f0000000200)='./file2\x00', &(0x7f0000000040), 0x8000, 0x0) ioctl$RTC_WKALM_SET(r0, 0x40187013, 0x0) 6.119464866s ago: executing program 2 (id=9): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fddbdf251200000008000300", @ANYRES32=r1, @ANYBLOB="0a0006000802110000010000b92745722cffe5009a8e654f219ab49538130433431f333bf88fc0468728fa8657de99a9fef42f2e981366e5b34bb07d40c346cdd6e116987ad4c75fc5d23439522e2bf02f64b1053bde33db5e9285798f71ed560d569d18ae11faf17ceac23eacd7080850e0083f873dddc9b56282aa258f70cd8fc2ea31ba412022bec809b9a8aed889a21f859e46595b3f71eb1eb125f3efe26a4b29a60e8370e86f8146e4e28c206437d951e89a170d661f3fada8085d4730a790604df29568a81010baf2df0db3d800"/221], 0x30}}, 0x4800) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902"], 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000031c0)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000003300)=0xffffffffffffffff, 0x12) r8 = dup(r6) getsockname$packet(r8, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000440)=0x6) sendmsg$nl_route(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000006d00011c8500"/20, @ANYRES32=r9, @ANYBLOB="000000000000000018003480140035006970365f76746930"], 0x38}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r10, &(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e) listen(r10, 0x16) r11 = request_key(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)=':..[%\x00', 0xfffffffffffffffb) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x46900, 0x0) r12 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_buf(r12, 0x29, 0x48, &(0x7f0000000080)="2af84112", 0x4) r13 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$FUSE(r13, 0x0, 0x0) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f00000001c0)={r11, 0x1e, 0xe8}, &(0x7f0000000200)=ANY=[@ANYBLOB="656e633d6f61657020686173683d736861350000000000000000dd859474041cb13d00"/65], &(0x7f0000000300)="8aad92b90a031d47076c408cbf58e552e96ee2b19d3fb605db5f51b98c6d", &(0x7f0000000340)=""/232) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="736838fd", @ANYRES16=r4, @ANYBLOB="01000000000000000000010000002c0008802800008024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1400020077673000"/78], 0x54}}, 0x0) 6.119155256s ago: executing program 1 (id=2): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0) pread64(r1, 0x0, 0x0, 0x4000000000a2) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x78, 0x0, 0x8002, 0xa2, 0x2bc, 0x6, 0x7, 0x0, 0x0}, &(0x7f0000000240)=0x20) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280)={r2}, &(0x7f00000002c0)=0x8) chdir(0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000200)={@host}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, &(0x7f0000000180)={@local}) close(r3) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000080)=0x200000000) r6 = dup2(r5, r5) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000380)={0x2, 0x1, 0x0, &(0x7f0000000300)=""/121, 0x0, 0x80a0000}) write$vhost_msg_v2(r6, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000140)=""/128, 0x20000, 0x0, 0x0, 0x2}}, 0x48) mount$tmpfs(0x0, &(0x7f0000000200)='./file2\x00', &(0x7f0000000040), 0x8000, 0x0) ioctl$RTC_WKALM_SET(r0, 0x40187013, 0x0) 5.948783197s ago: executing program 4 (id=10): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1300000010000000020000000000000000eb0000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0x1c, &(0x7f0000000500)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="5aee41dea43e9eee28e622e563a3", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040341a020f00000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB="0022050000000bd32052f2ca2d73393bcccde073aa1ffc0c24c898d6a9b935750328b37c8a"], 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000002c0), &(0x7f0000000700)='%pK \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0xe, 0x4, 0x8, 0x4f63, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000440), 0x10) listen(r5, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) r7 = accept4$unix(r5, 0x0, 0x0, 0x0) recvmmsg(r6, &(0x7f0000002780)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/104, 0x68}, {&(0x7f0000000480)=""/187, 0xbb}, {&(0x7f0000000540)=""/195, 0xc3}], 0x3}}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRES16=r7], 0x48) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r8 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) kcmp(r8, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r9 = getpid() sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x4) 4.96025977s ago: executing program 0 (id=11): syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004107f540f30c7593de1a000000010902240001000000000904000002bee4f9000905030000000000"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000100)=0x4) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000090000000a20000000000a05140000000000000000010000000900010073797a300000000058000000160a09000900000000000000010000000900010073797a30000000000900020073797a32000000002c00038018000380140001006d6163736563300000000000000000000800024000000000080001400000000014000000110001"], 0xa0}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201}], {0x14}}, 0x3c}, 0x1, 0x1200}, 0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x0) r5 = socket(0x21, 0x4, 0x4000) r6 = shmget$private(0x0, 0x1000, 0x80, &(0x7f00002e7000/0x1000)=nil) shmctl$SHM_LOCK(r6, 0xb) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x44}, 0x24000000) r8 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$RTC_WKALM_SET(r8, 0x4028700f, &(0x7f0000000040)={0x1, 0x0, {0x3, 0x0, 0x0, 0x18, 0xb, 0x81, 0x0, 0x152}}) 4.824632468s ago: executing program 1 (id=12): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffff35) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) io_setup(0x3, &(0x7f0000000180)=0x0) io_submit(r5, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}]) ioctl$SNDCTL_SEQ_PANIC(r4, 0x5100) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001500010000000000000000000500000008000100", @ANYRES16=r6], 0x1c}}, 0xe6a4d86a3a7a1790) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000cf00000095"], &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x90) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r7, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6, 0x7fffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 4.540535653s ago: executing program 3 (id=4): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = socket(0x2, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4) sendto$inet(r1, 0x0, 0xffe5, 0xe000, &(0x7f0000000000)={0x2, 0x4e20}, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="200000000000e6ff17010000020000000600000064b4f4ebd960000000000000"], 0x20}], 0x1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs2/binder1\x00', 0x802, 0x0) ioctl$BINDER_FREEZE(r9, 0x400c620e, &(0x7f00000003c0)={r6, 0x1, 0x4}) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff01"], 0x15) preadv(r9, &(0x7f0000000400)=[{&(0x7f0000000680)=""/135, 0x87}], 0x1, 0x1, 0x400) write$char_usb(r4, &(0x7f00000004c0)="245883856f8910e210f96eccac9b92ab4a96538052b6f06cc8764a24cda3e8b57dc487", 0x23) dup(r5) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) 3.108185964s ago: executing program 1 (id=13): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x88, &(0x7f0000000040)=ANY=[]) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, 0x0, 0x5f) 2.935427093s ago: executing program 3 (id=14): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000001500), &(0x7f0000000440)=0x4) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)={0x40, r0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}]]}, 0x40}}, 0x0) 2.883350744s ago: executing program 2 (id=15): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'veth0_to_hsr\x00'}) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1_to_team\x00', 0x0}) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="b91a000000000000113accbc000008000100", @ANYRES32=r3, @ANYBLOB], 0x1c}}, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r2, 0x10, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000) setsockopt$inet6_int(r0, 0x29, 0x19, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x0, 0xffffffffffffffff}) r5 = syz_usb_connect(0x0, 0x202, &(0x7f0000000780)=ANY=[@ANYBLOB="1201100152018b401e040740185d000000010902f00101040000030904"], 0x0) syz_usb_control_io$printer(r5, 0x0, &(0x7f00000006c0)={0x34, &(0x7f00000003c0)=ANY=[@ANYRESOCT=0x0, @ANYRESHEX=r5, @ANYRES64=r4, @ANYBLOB="f62f86b9117fd76da4c516b48d5d585c9ac824a9bcbe81fcef5055e477c427db7b31c6927282b27fb76396de4df1c3d5cb7b0dd7b321df289dc3a82368e169d0c0e3d0e96c26155d1b0537fe35aecb27e9f0631ee6c77a1b343fe65a11ff24a286dd425ea095500d6fc3d83f1273adbb7779df09f5765b69ddb3e48279ddbb9cffec17842bbc8e3723a69efc0859d486d8b2cbbb5bfd262da87fce6d2728f670ecb0be745a7790d2e5957a6442a91065ed708513bbd8414e1ffa3421f48a6111ee2e", @ANYRES64=r0, @ANYRESHEX=r5, @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$DRM_IOCTL_MODE_GETENCODER(r6, 0xc01464a6, &(0x7f0000000000)={0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000900)={&(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, r7, 0x0, 0x40, 0x2, 0x7, 0xff57, {0x400, 0x6, 0x0, 0x59, 0x6, 0x1, 0x0, 0x3, 0x6, 0x0, 0x0, 0x0, 0x6, 0x70, "220d5b81c6f7b1c3455db2cb90070d8f3e4c4a17bf1b02b53651a02c3989c886"}}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f00000002c0)={&(0x7f0000000100), &(0x7f0000000140)=[{}, {}], &(0x7f0000000240), &(0x7f0000000280)=[0x0], 0x2}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, 0x0) 2.70146481s ago: executing program 3 (id=16): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) dup(r0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_udp_int(r1, 0x11, 0xa, 0x0, &(0x7f0000000100)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) capset(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r4}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r5, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 81.120397ms ago: executing program 3 (id=17): write$6lowpan_enable(0xffffffffffffffff, &(0x7f00000001c0)='1', 0x1) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_kthread_work_execute_end\x00', r0, 0x0, 0x1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r4, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff", 0xb8) sendto$inet(r4, 0x0, 0x0, 0x20024094, &(0x7f0000000040)={0x2, 0xfffd, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) 80.739068ms ago: executing program 4 (id=18): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r0], 0xd8}}, 0x0) (async, rerun: 64) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async, rerun: 64) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121701, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000279600"}) (async) r3 = syz_open_pts(r2, 0x129640) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0xe, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000000bae3000000000000000000850000007b00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000640)='kfree\x00', r7}, 0x10) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r9, &(0x7f0000000080)=ANY=[@ANYBLOB="1500"], 0x15) r10 = dup(r9) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r10}}) (async, rerun: 32) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4) creat(&(0x7f0000000000)='./file0\x00', 0x0) (async, rerun: 32) mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)='ubifs\x00') (async, rerun: 32) mount(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='ubifs\x00', 0x0, 0x0) (async) mount$cgroup(0x0, 0x0, &(0x7f0000008e40), 0x0, &(0x7f0000008e80)={[{@xattr}]}) r11 = dup(r3) ioctl$TIOCSSOFTCAR(r11, 0x541e, 0x0) recvmsg(r1, &(0x7f0000002700)={&(0x7f0000000100)=@caif=@dgm, 0x80, &(0x7f0000001640)=[{&(0x7f0000000080)=""/21, 0x15}, {&(0x7f0000000180)=""/107, 0x6b}, {&(0x7f0000000200)=""/49, 0x31}, {&(0x7f0000002740)=""/91, 0x5b}, {&(0x7f00000002c0)=""/70, 0x46}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/228, 0xe4}, {&(0x7f0000001440)}, {&(0x7f0000001480)=""/152, 0x98}, {&(0x7f0000001540)=""/215, 0xd7}], 0xa, &(0x7f0000001700)=""/4096, 0x1000}, 0x140) 0s ago: executing program 0 (id=19): openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) userfaultfd(0x801) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000220095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000040)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. [ 67.622582][ T5818] cgroup: Unknown subsys name 'net' [ 67.738281][ T5818] cgroup: Unknown subsys name 'cpuset' [ 67.747299][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 69.273273][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.408945][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.424082][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.593837][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.604420][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.612490][ T5838] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.621392][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.630205][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.638487][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.665157][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.674284][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.682288][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.684781][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.690045][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.701087][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.703891][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.712477][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.724602][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.726840][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.733315][ T5847] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 71.740150][ T5846] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 71.745958][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.753519][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.759924][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.766978][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.775223][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.781137][ T5846] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 71.789973][ T5838] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 71.796054][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.801703][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.809169][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.825160][ T5846] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 71.841344][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.300088][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 72.325216][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 72.429279][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 72.455518][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 72.473388][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 72.580330][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.588426][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.596307][ T5828] bridge_slave_0: entered allmulticast mode [ 72.603162][ T5828] bridge_slave_0: entered promiscuous mode [ 72.647237][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.657601][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.665273][ T5832] bridge_slave_0: entered allmulticast mode [ 72.671900][ T5832] bridge_slave_0: entered promiscuous mode [ 72.680058][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.687306][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.694790][ T5828] bridge_slave_1: entered allmulticast mode [ 72.701376][ T5828] bridge_slave_1: entered promiscuous mode [ 72.727317][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.735191][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.742431][ T5832] bridge_slave_1: entered allmulticast mode [ 72.749434][ T5832] bridge_slave_1: entered promiscuous mode [ 72.794860][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.802104][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.809702][ T5844] bridge_slave_0: entered allmulticast mode [ 72.816865][ T5844] bridge_slave_0: entered promiscuous mode [ 72.848284][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.855539][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.862689][ T5837] bridge_slave_0: entered allmulticast mode [ 72.873181][ T5837] bridge_slave_0: entered promiscuous mode [ 72.880558][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.888595][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.896072][ T5844] bridge_slave_1: entered allmulticast mode [ 72.902750][ T5844] bridge_slave_1: entered promiscuous mode [ 72.912975][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.925339][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.942699][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.949956][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.957361][ T5837] bridge_slave_1: entered allmulticast mode [ 72.964103][ T5837] bridge_slave_1: entered promiscuous mode [ 72.985502][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.999393][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.018559][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.025725][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.032843][ T5834] bridge_slave_0: entered allmulticast mode [ 73.039914][ T5834] bridge_slave_0: entered promiscuous mode [ 73.083072][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.090571][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.098625][ T5834] bridge_slave_1: entered allmulticast mode [ 73.105454][ T5834] bridge_slave_1: entered promiscuous mode [ 73.113490][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.126629][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.137951][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.149983][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.171582][ T5828] team0: Port device team_slave_0 added [ 73.225775][ T5832] team0: Port device team_slave_0 added [ 73.233096][ T5828] team0: Port device team_slave_1 added [ 73.250126][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.261899][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.282402][ T5844] team0: Port device team_slave_0 added [ 73.292344][ T5832] team0: Port device team_slave_1 added [ 73.318961][ T5837] team0: Port device team_slave_0 added [ 73.327744][ T5837] team0: Port device team_slave_1 added [ 73.335082][ T5844] team0: Port device team_slave_1 added [ 73.351467][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.358784][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.384998][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.398296][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.405443][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.431748][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.486619][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.493601][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.520383][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.536801][ T5834] team0: Port device team_slave_0 added [ 73.550731][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.559997][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.586681][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.599551][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.606832][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.632817][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.645811][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.652798][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.679190][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.695950][ T5834] team0: Port device team_slave_1 added [ 73.702212][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.709277][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.735485][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.747767][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.754790][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.781019][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.840950][ T5828] hsr_slave_0: entered promiscuous mode [ 73.847400][ T5828] hsr_slave_1: entered promiscuous mode [ 73.880943][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.888428][ T5846] Bluetooth: hci4: command tx timeout [ 73.888434][ T5838] Bluetooth: hci3: command tx timeout [ 73.888713][ T5838] Bluetooth: hci1: command tx timeout [ 73.900276][ T5846] Bluetooth: hci0: command tx timeout [ 73.910811][ T5836] Bluetooth: hci2: command tx timeout [ 73.920446][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.946704][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.959089][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.966213][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.992622][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.023767][ T5844] hsr_slave_0: entered promiscuous mode [ 74.030423][ T5844] hsr_slave_1: entered promiscuous mode [ 74.038629][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.046991][ T5844] Cannot create hsr debugfs directory [ 74.079293][ T5832] hsr_slave_0: entered promiscuous mode [ 74.086259][ T5832] hsr_slave_1: entered promiscuous mode [ 74.092290][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.100251][ T5832] Cannot create hsr debugfs directory [ 74.112299][ T5837] hsr_slave_0: entered promiscuous mode [ 74.118903][ T5837] hsr_slave_1: entered promiscuous mode [ 74.128558][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.136290][ T5837] Cannot create hsr debugfs directory [ 74.242391][ T5834] hsr_slave_0: entered promiscuous mode [ 74.249087][ T5834] hsr_slave_1: entered promiscuous mode [ 74.258592][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.267038][ T5834] Cannot create hsr debugfs directory [ 74.533600][ T5832] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 74.557558][ T5832] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 74.573422][ T5832] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 74.595956][ T5832] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 74.655528][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.686067][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.704772][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.718994][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.728666][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 74.738504][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 74.759632][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 74.777709][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 74.850373][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 74.917339][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 74.937116][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 74.980032][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 75.011676][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.052955][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.063064][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.079692][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 75.091910][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.106974][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 75.123871][ T3109] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.131196][ T3109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.181984][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.203583][ T991] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.210744][ T991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.250796][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.277938][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.300985][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.308106][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.318637][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.325761][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.368181][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.395578][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.435358][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.442481][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.452209][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.459904][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.538580][ T5828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.610550][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.681009][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.696904][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.729607][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.736777][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.763483][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.790483][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.797659][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.821323][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.874804][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.881902][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.911100][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.918288][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.964562][ T5831] Bluetooth: hci1: command tx timeout [ 75.970046][ T5831] Bluetooth: hci0: command tx timeout [ 75.979945][ T5846] Bluetooth: hci4: command tx timeout [ 75.980020][ T5838] Bluetooth: hci3: command tx timeout [ 75.992720][ T5836] Bluetooth: hci2: command tx timeout [ 76.132052][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.168555][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.253162][ T5844] veth0_vlan: entered promiscuous mode [ 76.311500][ T5844] veth1_vlan: entered promiscuous mode [ 76.377035][ T5828] veth0_vlan: entered promiscuous mode [ 76.401718][ T5832] veth0_vlan: entered promiscuous mode [ 76.429095][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.445863][ T5828] veth1_vlan: entered promiscuous mode [ 76.487842][ T5832] veth1_vlan: entered promiscuous mode [ 76.521836][ T5844] veth0_macvtap: entered promiscuous mode [ 76.546386][ T5844] veth1_macvtap: entered promiscuous mode [ 76.582347][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.612990][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.631646][ T5832] veth0_macvtap: entered promiscuous mode [ 76.639532][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.668987][ T5834] veth0_vlan: entered promiscuous mode [ 76.678948][ T5844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.689182][ T5844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.699626][ T5844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.708398][ T5844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.722997][ T5832] veth1_macvtap: entered promiscuous mode [ 76.738103][ T5834] veth1_vlan: entered promiscuous mode [ 76.747746][ T5828] veth0_macvtap: entered promiscuous mode [ 76.769791][ T5828] veth1_macvtap: entered promiscuous mode [ 76.787223][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.798077][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.810220][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.830117][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.841452][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.853773][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.879280][ T5832] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.889082][ T5832] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.899419][ T5832] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.908425][ T5832] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.933504][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.948522][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.958611][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.969887][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.981027][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.022673][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.033374][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.043609][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.055003][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.066830][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.088054][ T5834] veth0_macvtap: entered promiscuous mode [ 77.102934][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.113860][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.123496][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.132402][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.156517][ T5834] veth1_macvtap: entered promiscuous mode [ 77.173429][ T5837] veth0_vlan: entered promiscuous mode [ 77.193372][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.202270][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.222992][ T5837] veth1_vlan: entered promiscuous mode [ 77.241870][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.255295][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.265483][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.276079][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.285996][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.297236][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.308759][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.367413][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.378815][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.389215][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.399893][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.410679][ T5834] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.421437][ T5834] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.432541][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.446852][ T5834] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.456102][ T5834] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.465002][ T5834] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.473717][ T5834] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.486170][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.494468][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.540228][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.563558][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.585013][ T5837] veth0_macvtap: entered promiscuous mode [ 77.619551][ T5844] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 77.649297][ T5837] veth1_macvtap: entered promiscuous mode [ 77.688073][ T3109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.711567][ T3109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.728646][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.737225][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.785984][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.803591][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.815428][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.828020][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.838448][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.848965][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.859002][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.869554][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.884384][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 77.894414][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 77.933340][ T5918] FAULT_INJECTION: forcing a failure. [ 77.933340][ T5918] name failslab, interval 1, probability 0, space 0, times 1 [ 77.950918][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.958651][ T5918] CPU: 1 UID: 0 PID: 5918 Comm: syz.2.3 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0 [ 77.969099][ T5918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 77.979202][ T5918] Call Trace: [ 77.982518][ T5918] [ 77.985484][ T5918] dump_stack_lvl+0x241/0x360 [ 77.990228][ T5918] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.995466][ T5918] ? __pfx__printk+0x10/0x10 [ 78.000102][ T5918] ? fs_reclaim_acquire+0x93/0x130 [ 78.005259][ T5918] ? __pfx___might_resched+0x10/0x10 [ 78.010593][ T5918] should_fail_ex+0x3b0/0x4e0 [ 78.015310][ T5918] ? tomoyo_encode+0x26f/0x540 [ 78.020121][ T5918] should_failslab+0xac/0x100 [ 78.024841][ T5918] ? tomoyo_encode+0x26f/0x540 [ 78.029648][ T5918] __kmalloc_noprof+0xd8/0x400 [ 78.034446][ T5918] tomoyo_encode+0x26f/0x540 [ 78.039087][ T5918] tomoyo_realpath_from_path+0x59e/0x5e0 [ 78.044772][ T5918] tomoyo_path_number_perm+0x23a/0x880 [ 78.050295][ T5918] ? tomoyo_path_number_perm+0x208/0x880 [ 78.055974][ T5918] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 78.062038][ T5918] ? __fget_files+0x29/0x470 [ 78.066677][ T5918] ? __fget_files+0x3f3/0x470 [ 78.071397][ T5918] security_file_ioctl+0xc6/0x2a0 [ 78.076440][ T5918] __se_sys_ioctl+0x47/0x170 [ 78.081043][ T5918] do_syscall_64+0xf3/0x230 [ 78.085561][ T5918] ? clear_bhb_loop+0x35/0x90 [ 78.090251][ T5918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.096177][ T5918] RIP: 0033:0x7f9cd9b7e719 [ 78.100604][ T5918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.120241][ T5918] RSP: 002b:00007f9cda9b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 78.128671][ T5918] RAX: ffffffffffffffda RBX: 00007f9cd9d36058 RCX: 00007f9cd9b7e719 [ 78.136657][ T5918] RDX: 00000000200001c0 RSI: 0000000000003ba0 RDI: 0000000000000004 [ 78.144635][ T5918] RBP: 00007f9cda9b4090 R08: 0000000000000000 R09: 0000000000000000 [ 78.152614][ T5918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 78.160617][ T5918] R13: 0000000000000000 R14: 00007f9cd9d36058 R15: 00007ffca990e058 [ 78.168621][ T5918] [ 78.175859][ T5918] ERROR: Out of memory at tomoyo_realpath_from_path. [ 78.186603][ T5831] Bluetooth: hci1: command tx timeout [ 78.192046][ T54] Bluetooth: hci2: command tx timeout [ 78.198061][ T5838] Bluetooth: hci0: command tx timeout [ 78.203496][ T5838] Bluetooth: hci3: command tx timeout [ 78.209288][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.209513][ T5836] Bluetooth: hci4: command tx timeout [ 78.253683][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.264569][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.283605][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.311876][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.323812][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.341057][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.352225][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.364150][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.375339][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.386940][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.456058][ T5837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.480943][ T5837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.504433][ T5837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.521759][ T5837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.544418][ T3109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.560199][ T3109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.585480][ T5925] netlink: 'syz.2.7': attribute type 3 has an invalid length. [ 78.589805][ T3109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.608627][ T3109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.616704][ T5925] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.7'. [ 78.889101][ T3109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.914444][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.054251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 79.074144][ T3109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.095906][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.258989][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 79.361481][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 79.876466][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 80.019537][ T3109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.078651][ T3109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.154617][ T972] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 80.185359][ T5887] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 80.204402][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 80.366564][ T5836] Bluetooth: hci4: command tx timeout [ 80.366655][ T5846] Bluetooth: hci3: command tx timeout [ 80.372492][ T5836] Bluetooth: hci2: command tx timeout [ 80.386491][ T5836] Bluetooth: hci0: command tx timeout [ 80.394761][ T5838] Bluetooth: hci1: command tx timeout [ 80.404222][ T5833] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 80.429140][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.441148][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.490852][ T5950] tmpfs: Unknown parameter 'usrquota' [ 80.508265][ T5950] overlayfs: failed to resolve './file1': -2 [ 80.647048][ T5833] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 80.665098][ T5887] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 80.708342][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 80.744649][ T972] usb 3-1: Using ep0 maxpacket: 8 [ 81.254112][ T5887] usb 5-1: New USB device found, idVendor=1a34, idProduct=0f02, bcdDevice= 0.00 [ 81.543223][ T5833] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 81.565715][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.584242][ T5833] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 81.601037][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.635283][ T5887] usb 5-1: config 0 descriptor?? [ 81.674623][ T969] cfg80211: failed to load regulatory.db [ 81.681817][ T5833] usb 1-1: config 0 descriptor?? [ 81.816311][ T972] usb 3-1: config 0 has no interfaces? [ 81.823150][ T972] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 81.942505][ T972] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.958433][ T972] usb 3-1: config 0 descriptor?? [ 81.963772][ T972] usb 3-1: can't set config #0, error -71 [ 81.980463][ T972] usb 3-1: USB disconnect, device number 2 [ 82.294797][ T5944] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 82.427231][ T5969] rtc_cmos 00:00: Alarms can be up to one day in the future [ 82.654075][ T5944] usb 2-1: Using ep0 maxpacket: 32 [ 82.665006][ T5944] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 82.692146][ T5944] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 82.701382][ T5944] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 82.713197][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 82.723595][ T5944] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 82.733841][ T5944] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 82.764340][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 82.803694][ T5944] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 82.819402][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.839118][ T5944] usb 2-1: config 0 descriptor?? [ 82.956799][ T8] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 82.982380][ T8] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 83.018029][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.102207][ T8] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 83.111502][ T5944] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 83.192386][ T5944] usb 2-1: USB disconnect, device number 2 [ 83.239537][ T5944] usblp0: removed [ 83.684244][ T5944] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 83.854054][ T5944] usb 2-1: Using ep0 maxpacket: 32 [ 83.862711][ T5944] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 83.881072][ T5944] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 83.901461][ T5944] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 83.911052][ T5944] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 83.927022][ T5944] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 83.941782][ T5944] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 83.961027][ T5944] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 83.980796][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.993907][ T5944] usb 2-1: config 0 descriptor?? [ 84.214526][ T8] stv0680 3-1:4.0: STV(e): camera ping failed!! [ 84.242725][ T5944] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 84.415441][ T8] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 84.435872][ T8] stv0680 3-1:4.0: last error: 0, command = 0x0 [ 84.463523][ T8] usb 3-1: USB disconnect, device number 3 [ 84.690168][ T5887] hid-generic 0003:1A34:0F02.0001: hidraw0: USB HID v0.00 Device [HID 1a34:0f02] on usb-dummy_hcd.4-1/input0 [ 84.754000][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 84.798320][ T5887] usb 5-1: USB disconnect, device number 2 [ 84.807848][ T5833] ath6kl: Failed to submit usb control message: -110 [ 84.814778][ T5833] ath6kl: unable to send the bmi data to the device: -110 [ 84.821963][ T5833] ath6kl: Unable to send get target info: -110 [ 84.911136][ T5833] ath6kl: Failed to init ath6kl core: -110 [ 84.917839][ T5833] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 84.960247][ T5833] usb 1-1: USB disconnect, device number 2 [ 85.037675][ T25] usb 2-1: USB disconnect, device number 3 [ 85.046175][ T25] usblp0: removed [ 85.078432][ T5957] ================================================================== [ 85.086801][ T5957] BUG: KASAN: double-free in kref_put+0x4ab/0x7c0 [ 85.093243][ T5957] Free of addr ffff888026d9cd00 by task syz.1.13/5957 [ 85.100031][ T5957] [ 85.102370][ T5957] CPU: 1 UID: 0 PID: 5957 Comm: syz.1.13 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0 [ 85.112911][ T5957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 85.123000][ T5957] Call Trace: [ 85.126477][ T5957] [ 85.129603][ T5957] dump_stack_lvl+0x241/0x360 [ 85.134439][ T5957] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.139680][ T5957] ? __pfx__printk+0x10/0x10 [ 85.144302][ T5957] ? _printk+0xd5/0x120 [ 85.148505][ T5957] ? __virt_addr_valid+0x183/0x530 [ 85.153661][ T5957] ? __virt_addr_valid+0x183/0x530 [ 85.158807][ T5957] print_report+0x169/0x550 [ 85.163342][ T5957] ? __virt_addr_valid+0x183/0x530 [ 85.168471][ T5957] ? __virt_addr_valid+0x183/0x530 [ 85.173601][ T5957] ? __virt_addr_valid+0x45f/0x530 [ 85.178756][ T5957] ? __phys_addr+0xba/0x170 [ 85.183282][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.187637][ T5957] kasan_report_invalid_free+0x11a/0x140 [ 85.193326][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.197683][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.202057][ T5957] check_slab_allocation+0xc6/0x110 [ 85.207308][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.211658][ T5957] kfree+0x151/0x440 [ 85.215583][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.219945][ T5957] kref_put+0x4ab/0x7c0 [ 85.224145][ T5957] raw_release+0x135/0x1e0 [ 85.228602][ T5957] ? __pfx_raw_release+0x10/0x10 [ 85.233561][ T5957] __fput+0x23f/0x880 [ 85.237589][ T5957] task_work_run+0x24f/0x310 [ 85.242204][ T5957] ? __pfx_task_work_run+0x10/0x10 [ 85.247340][ T5957] ? syscall_exit_to_user_mode+0xa3/0x370 [ 85.253085][ T5957] syscall_exit_to_user_mode+0x168/0x370 [ 85.258746][ T5957] do_syscall_64+0x100/0x230 [ 85.263362][ T5957] ? clear_bhb_loop+0x35/0x90 [ 85.268066][ T5957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.273981][ T5957] RIP: 0033:0x7f0e2877e719 [ 85.278419][ T5957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.298054][ T5957] RSP: 002b:00007ffcabaa7408 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 85.306503][ T5957] RAX: 0000000000000000 RBX: 00007f0e28937a80 RCX: 00007f0e2877e719 [ 85.314515][ T5957] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 85.322514][ T5957] RBP: 00007f0e28937a80 R08: 0000000000000000 R09: 00007ffcabaa76ff [ 85.330513][ T5957] R10: 0000000000dbb590 R11: 0000000000000246 R12: 000000000001561b [ 85.338512][ T5957] R13: 00007ffcabaa7510 R14: 0000000000000032 R15: ffffffffffffffff [ 85.346518][ T5957] [ 85.349562][ T5957] [ 85.351902][ T5957] Allocated by task 5975: [ 85.356249][ T5957] kasan_save_track+0x3f/0x80 [ 85.360960][ T5957] __kasan_kmalloc+0x98/0xb0 [ 85.365583][ T5957] __kmalloc_node_track_caller_noprof+0x225/0x440 [ 85.372029][ T5957] memdup_user+0x2b/0xc0 [ 85.376317][ T5957] raw_ioctl+0xd0c/0x3cd0 [ 85.380677][ T5957] __se_sys_ioctl+0xf9/0x170 [ 85.385315][ T5957] do_syscall_64+0xf3/0x230 [ 85.389853][ T5957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.395780][ T5957] [ 85.398121][ T5957] Freed by task 5958: [ 85.402135][ T5957] kasan_save_track+0x3f/0x80 [ 85.407023][ T5957] kasan_save_free_info+0x40/0x50 [ 85.412081][ T5957] __kasan_slab_free+0x59/0x70 [ 85.416878][ T5957] kfree+0x1a0/0x440 [ 85.420804][ T5957] kref_put+0x4ab/0x7c0 [ 85.424995][ T5957] raw_release+0x135/0x1e0 [ 85.429441][ T5957] __fput+0x23f/0x880 [ 85.433441][ T5957] __x64_sys_close+0x7f/0x110 [ 85.438126][ T5957] do_syscall_64+0xf3/0x230 [ 85.442669][ T5957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.448579][ T5957] [ 85.450898][ T5957] The buggy address belongs to the object at ffff888026d9cd00 [ 85.450898][ T5957] which belongs to the cache kmalloc-16 of size 16 [ 85.464778][ T5957] The buggy address is located 0 bytes inside of [ 85.464778][ T5957] 16-byte region [ffff888026d9cd00, ffff888026d9cd10) [ 85.477791][ T5957] [ 85.480133][ T5957] The buggy address belongs to the physical page: [ 85.486567][ T5957] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d9c [ 85.495326][ T5957] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 85.502898][ T5957] page_type: f5(slab) [ 85.506894][ T5957] raw: 00fff00000000000 ffff88801ac41640 0000000000000000 dead000000000001 [ 85.515482][ T5957] raw: 0000000000000000 0000000000800080 00000001f5000000 0000000000000000 [ 85.524063][ T5957] page dumped because: kasan: bad access detected [ 85.530500][ T5957] page_owner tracks the page as allocated [ 85.536232][ T5957] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 35, tgid 35 (kworker/u8:2), ts 8792011275, free_ts 8784535053 [ 85.556495][ T5957] register_dummy_stack+0x8a/0xe0 [ 85.561536][ T5957] init_page_owner+0x3e/0x970 [ 85.566214][ T5957] page_ext_init+0x731/0x790 [ 85.570804][ T5957] mm_core_init+0x4c/0x60 [ 85.575151][ T5957] page last free pid 969 tgid 969 stack trace: [ 85.581294][ T5957] free_unref_page+0xcd0/0xf00 [ 85.586069][ T5957] vfree+0x186/0x2e0 [ 85.589978][ T5957] delayed_vfree_work+0x56/0x80 [ 85.594844][ T5957] process_scheduled_works+0xa63/0x1850 [ 85.600416][ T5957] worker_thread+0x870/0xd30 [ 85.605010][ T5957] kthread+0x2f0/0x390 [ 85.609085][ T5957] ret_from_fork+0x4b/0x80 [ 85.613553][ T5957] ret_from_fork_asm+0x1a/0x30 [ 85.618347][ T5957] [ 85.620689][ T5957] Memory state around the buggy address: [ 85.626342][ T5957] ffff888026d9cc00: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 85.634412][ T5957] ffff888026d9cc80: fa fb fc fc 00 00 fc fc fa fb fc fc 00 03 fc fc [ 85.642482][ T5957] >ffff888026d9cd00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 85.650537][ T5957] ^ [ 85.654597][ T5957] ffff888026d9cd80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 85.662654][ T5957] ffff888026d9ce00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 85.670742][ T5957] ================================================================== [ 85.684942][ T5957] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.692178][ T5957] CPU: 1 UID: 0 PID: 5957 Comm: syz.1.13 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0 [ 85.702714][ T5957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 85.712801][ T5957] Call Trace: [ 85.716103][ T5957] [ 85.719057][ T5957] dump_stack_lvl+0x241/0x360 [ 85.723763][ T5957] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.728982][ T5957] ? __pfx__printk+0x10/0x10 [ 85.733598][ T5957] ? preempt_schedule+0xe1/0xf0 [ 85.738481][ T5957] ? vscnprintf+0x5d/0x90 [ 85.742848][ T5957] panic+0x349/0x880 [ 85.746784][ T5957] ? check_panic_on_warn+0x21/0xb0 [ 85.751927][ T5957] ? __pfx_panic+0x10/0x10 [ 85.756380][ T5957] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 85.762404][ T5957] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.768773][ T5957] ? print_report+0x502/0x550 [ 85.773491][ T5957] check_panic_on_warn+0x86/0xb0 [ 85.778457][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.782784][ T5957] end_report+0x77/0x160 [ 85.787046][ T5957] kasan_report_invalid_free+0x12a/0x140 [ 85.792729][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.797093][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.801457][ T5957] check_slab_allocation+0xc6/0x110 [ 85.806682][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.811037][ T5957] kfree+0x151/0x440 [ 85.814959][ T5957] ? kref_put+0x4ab/0x7c0 [ 85.819313][ T5957] kref_put+0x4ab/0x7c0 [ 85.823492][ T5957] raw_release+0x135/0x1e0 [ 85.827934][ T5957] ? __pfx_raw_release+0x10/0x10 [ 85.832903][ T5957] __fput+0x23f/0x880 [ 85.836920][ T5957] task_work_run+0x24f/0x310 [ 85.841549][ T5957] ? __pfx_task_work_run+0x10/0x10 [ 85.846688][ T5957] ? syscall_exit_to_user_mode+0xa3/0x370 [ 85.852438][ T5957] syscall_exit_to_user_mode+0x168/0x370 [ 85.858100][ T5957] do_syscall_64+0x100/0x230 [ 85.862715][ T5957] ? clear_bhb_loop+0x35/0x90 [ 85.867419][ T5957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.873339][ T5957] RIP: 0033:0x7f0e2877e719 [ 85.877794][ T5957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.897425][ T5957] RSP: 002b:00007ffcabaa7408 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 85.905884][ T5957] RAX: 0000000000000000 RBX: 00007f0e28937a80 RCX: 00007f0e2877e719 [ 85.913882][ T5957] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 85.921881][ T5957] RBP: 00007f0e28937a80 R08: 0000000000000000 R09: 00007ffcabaa76ff [ 85.929878][ T5957] R10: 0000000000dbb590 R11: 0000000000000246 R12: 000000000001561b [ 85.937877][ T5957] R13: 00007ffcabaa7510 R14: 0000000000000032 R15: ffffffffffffffff [ 85.945885][ T5957] [ 85.949296][ T5957] Kernel Offset: disabled [ 85.953619][ T5957] Rebooting in 86400 seconds..