last executing test programs: 3.05958456s ago: executing program 0 (id=15): mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 2.770541841s ago: executing program 0 (id=19): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x11, &(0x7f0000000100)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffd}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x2c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}}, 0xb8}}, 0x0) 2.49390068s ago: executing program 2 (id=23): r0 = syz_open_dev$vim2m(&(0x7f00000003c0), 0xb, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000100)={0x1, @pix_mp={0x8, 0x80, 0x50565559, 0x8, 0x7, [{0x6, 0x2}, {0xdf34, 0x9}, {0x6, 0xfffffffb}, {0x31d, 0x2}, {0x5, 0x2}, {0x5, 0xffffffff}, {0x1, 0x8}, {0x18, 0x3}], 0x2, 0x40, 0x2, 0x2, 0x6}}) 2.473364473s ago: executing program 0 (id=24): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}}, 0x0) 2.224897538s ago: executing program 0 (id=27): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000000)={0x0, 0x31384142, 0x0, @stepwise={0x0, 0x400}}) 1.987214238s ago: executing program 2 (id=31): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x24, 0x3e, 0x107, 0xfffffffc, 0x25dfdbfd, {0x2, 0x7c}, [@nested={0x4, 0x136}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x8e\n'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x488c0}, 0xc050) 1.935095365s ago: executing program 0 (id=32): r0 = socket(0x200000000000011, 0x2, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000180), &(0x7f00000001c0)=0x8) 1.625197734s ago: executing program 0 (id=37): syz_usb_connect(0x0, 0x51, &(0x7f0000000000)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905ee63dd0000000009050300000000000009050cf2010002060209050f000000400000090507c6"], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x181c82, 0x0) 1.605119403s ago: executing program 3 (id=38): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004780)={0x38, 0x3e, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x14, 0x2, 0x0, 0x1, [@nested={0x10, 0x17, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x5, 0x14, 0x0, 0x0, @binary="b6"}]}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x2000c000) 1.59524695s ago: executing program 2 (id=39): syz_mount_image$fuse(0x0, 0x0, 0x4004a, 0x0, 0x8, 0x8, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) 1.416995796s ago: executing program 4 (id=41): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000280000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4308123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762011052eac2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dc8aff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e4b9ec7a410ec42315255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798ab20000000bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d2000000000000000819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba84279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5603a9d801300000000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9060000006a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d535556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba0790ee0d112f99e59ba82e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee52303da186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c44500f8ffff970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c1b04e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305977eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f87204311327c18380fedf3d3dad8549f99bf6c5cb060fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce1060f3e6806e774a5f079c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae794286b6c3e1f5a76b85ed6e1f0000c608b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1951393352bc756f3fcaad2c1c399a3e43eaaeca70db90f2fa395964434476719334482eb5424c81814079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fbdd351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2dff78ce9308c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416f80ba17d21d53961471b2d2d459e4bb23230d676ca49633b25e26a322024beb7c3427da59f7daa70a5d44a0eb895f29245df6401295d3da939954e126a3be932f47fe61ef1bfe83086651af7e23c2a8fa702b9aaa65aa3edaaa6b3f5a0c7cdfd008c898d73bb97168ca390ef539800000000000077a5ad1e683aeff92bb0b66b33ed878df1e344b99450086c819bf174578705c049d2fb25a91ba04643cde1a3c391d8646e5249dbf28b13b1c4d5127f685ee0c0576bf74e17cd3b4df4eb7095e504e361689572b0f93ff1dc6f52e8728a03e5a4df80a32c6055df8f4f4152c0bf4d793b20ac2cfa907b5af80716118f82027d3e4cb096fe86de545008b85cb9b637bca30d765b0c3ad489db32955454dcfe000000002830e5e125322d2f5829040a91405bf2fe5bf14833fd7b1e72c775f267bc45"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000040)="2b1c52ac82e71ea05b0c5e43ede4", 0x0, 0xb20c, 0x0, 0x0, 0xc0, 0x0, &(0x7f0000001200)="4c4228369f88e91870041ef4c8baa41449dc6ad5553764e898ddee1dfbb587ef4e6854a6bea12aecd99ac5dd4e39745d195df155a8628b7483b791d4de8609a893ccfbe9dc5c2ed555df193d92968b81da97fe3f0f220dd48b29c98152d9ecb2bb68cbf0bfe454a10e0adf453bd021ba3b502665c757d209f1fa9daa8979aa1fc22684d52bba1cd3c5946a6ea16b40f3bf8cc0134fb55a63817f6bac437682ed4c30147c2d86997f970ba094a19b0de4904bf83ff6fc3f0e46aba38692387ce1", 0x4}, 0x4c) 1.287950157s ago: executing program 3 (id=42): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000420000000600000008"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x40008001, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xff07}, 0x50) 1.13133853s ago: executing program 2 (id=43): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000002a80)={0x1c, 0x5e, 0xe25, 0x0, 0x3, "", [@nested={0xc, 0x13b, 0x0, 0x1, [@typed={0x8, 0x13, 0x0, 0x0, @uid}]}]}, 0x1c}], 0x1, 0x0, 0x0, 0x20000000}, 0x20048000) 1.109513411s ago: executing program 1 (id=44): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x33524742, 0x7, 0xa, [{}, {0x0, 0x8}, {}, {0x80}]}}) 985.698528ms ago: executing program 4 (id=45): r0 = openat$udambuf(0xffffff9c, &(0x7f0000000080), 0x2) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0xb92744578577b4eb, 0x1000000000000}) 967.419392ms ago: executing program 3 (id=46): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x19, 0x70bd2c, 0x27dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x40da7, 0x7927d}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_IFNAME={0x14, 0x3, 'ip6gretap0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0xcc93f1266b7358bf}, 0x8044) 884.431661ms ago: executing program 1 (id=47): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20044001}, 0x240080d0) 794.391578ms ago: executing program 4 (id=48): r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$nl_xfrm(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f00000017c0)=@migrate={0x50, 0x21, 0x20, 0x70bd29, 0x25dfdbfb, {{@in=@remote, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e23, 0x1, 0x4e24, 0x5, 0x1c, 0x80, 0x0, 0x31}, 0x6e6bb9, 0x2}}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x800) 705.45846ms ago: executing program 2 (id=49): r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$SIOCGETSGCNT_IN6(r0, 0x89e1, &(0x7f00000000c0)={@private0={0xfc, 0x0, '\x00', 0x1}, @mcast1}) 689.094091ms ago: executing program 3 (id=50): r0 = io_uring_setup(0x4aa5, &(0x7f00000000c0)={0x0, 0x0, 0x40}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, 0x0, 0x0) 688.520669ms ago: executing program 1 (id=51): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000340)={0x0, 0x80006, 0x1, 0x2, '\x00', '\x00', '\x00', 0x7, 0x0, 0x2000100, 0x0, "a900"}) 576.589763ms ago: executing program 4 (id=52): r0 = syz_open_dev$video(&(0x7f0000000040), 0x7, 0x800) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000100)={0x5, {0x2, 0x3, 0x40, 0xe}}) 432.614703ms ago: executing program 1 (id=53): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x9}, @IFLA_GRE_IKEY={0x8, 0x4, 0xf}]}}}]}, 0x54}}, 0x0) 413.492782ms ago: executing program 3 (id=54): prctl$PR_MCE_KILL(0x35, 0x0, 0x8) prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x2) 309.527061ms ago: executing program 4 (id=55): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000002200)='/sys/kernel/kexec_crash_size', 0x82802, 0xab) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRESOCT=r0], 0x34) 258.797982ms ago: executing program 2 (id=56): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'wlan0\x00', &(0x7f0000000180)=@ethtool_perm_addr={0x4b, 0x37, "4372071e845c1497c84d37968b0000000000f240baa65697f30000db68"}}) 215.70597ms ago: executing program 1 (id=57): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001140)={0x30, 0x3e, 0x107, 0xfffffffe, 0xfffffffc, {0x1, 0x7c}, [@nested={0x8, 0x142, 0x0, 0x1, [@typed={0x4, 0x8}]}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0x4, 0x1e}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000) 166.884427ms ago: executing program 3 (id=58): r0 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502) ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000002f00)={0x0, 0xfffffffffffffd41, 0x0, 0x0, 0x62, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000180)=[{}, {}, {}, {}], 0x0, 0x0, 0x0}) 84.527374ms ago: executing program 1 (id=59): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000017000b63d25a80648c2594f941a3c92b", 0x14}], 0x1}, 0x0) 0s ago: executing program 4 (id=60): r0 = socket$kcm(0xa, 0x1, 0x106) setsockopt$sock_attach_bpf(r0, 0x29, 0x1a, 0x0, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.242' (ED25519) to the list of known hosts. [ 79.348439][ T5854] cgroup: Unknown subsys name 'net' [ 79.548442][ T5854] cgroup: Unknown subsys name 'cpuset' [ 79.558027][ T5854] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.215888][ T5854] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.854289][ T5866] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.867245][ T5870] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.875917][ T5870] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.884197][ T5870] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.894888][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.903980][ T5870] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.912766][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.932483][ T5877] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.961314][ T5877] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.993279][ T5877] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.003071][ T5875] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.012475][ T5877] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.043737][ T5870] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.052178][ T5870] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.054715][ T5872] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.060214][ T5870] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.068065][ T5872] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.073927][ T5870] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.089231][ T5875] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.091247][ T5870] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.097182][ T5875] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.107368][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.120395][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.128417][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.136242][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.735149][ T5879] chnl_net:caif_netlink_parms(): no params data found [ 84.961285][ T5881] chnl_net:caif_netlink_parms(): no params data found [ 85.029552][ T5882] chnl_net:caif_netlink_parms(): no params data found [ 85.151649][ T5883] chnl_net:caif_netlink_parms(): no params data found [ 85.198854][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.206307][ T5879] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.214694][ T5879] bridge_slave_0: entered allmulticast mode [ 85.222029][ T5879] bridge_slave_0: entered promiscuous mode [ 85.248821][ T5884] chnl_net:caif_netlink_parms(): no params data found [ 85.262032][ T5879] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.269323][ T5879] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.276600][ T5879] bridge_slave_1: entered allmulticast mode [ 85.284710][ T5879] bridge_slave_1: entered promiscuous mode [ 85.434294][ T5879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.448980][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.456724][ T5881] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.463998][ T5881] bridge_slave_0: entered allmulticast mode [ 85.471105][ T5881] bridge_slave_0: entered promiscuous mode [ 85.478701][ T5882] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.486632][ T5882] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.495741][ T5882] bridge_slave_0: entered allmulticast mode [ 85.503091][ T5882] bridge_slave_0: entered promiscuous mode [ 85.520020][ T5879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.537509][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.544782][ T5881] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.551920][ T5881] bridge_slave_1: entered allmulticast mode [ 85.560790][ T5881] bridge_slave_1: entered promiscuous mode [ 85.568501][ T5882] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.576806][ T5882] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.584134][ T5882] bridge_slave_1: entered allmulticast mode [ 85.591240][ T5882] bridge_slave_1: entered promiscuous mode [ 85.716290][ T5881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.755310][ T5879] team0: Port device team_slave_0 added [ 85.779981][ T5883] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.787916][ T5883] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.795211][ T5883] bridge_slave_0: entered allmulticast mode [ 85.803513][ T5883] bridge_slave_0: entered promiscuous mode [ 85.813135][ T5881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.840662][ T5882] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.854085][ T5879] team0: Port device team_slave_1 added [ 85.860294][ T5884] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.867625][ T5884] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.875122][ T5884] bridge_slave_0: entered allmulticast mode [ 85.882533][ T5884] bridge_slave_0: entered promiscuous mode [ 85.889993][ T5883] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.897786][ T5883] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.905099][ T5883] bridge_slave_1: entered allmulticast mode [ 85.912587][ T5883] bridge_slave_1: entered promiscuous mode [ 85.935159][ T5882] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.958662][ T5884] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.966017][ T5884] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.973768][ T5874] Bluetooth: hci0: command tx timeout [ 85.973941][ T5884] bridge_slave_1: entered allmulticast mode [ 85.987517][ T5884] bridge_slave_1: entered promiscuous mode [ 86.010335][ T5881] team0: Port device team_slave_0 added [ 86.076120][ T5881] team0: Port device team_slave_1 added [ 86.085853][ T5883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.111287][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.118500][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.144868][ T5879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.158964][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.166299][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.193019][ T5879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.212529][ T5874] Bluetooth: hci2: command tx timeout [ 86.212576][ T5870] Bluetooth: hci1: command tx timeout [ 86.229312][ T5883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.255316][ T5882] team0: Port device team_slave_0 added [ 86.288195][ T5884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.302700][ T5870] Bluetooth: hci4: command tx timeout [ 86.302709][ T5874] Bluetooth: hci3: command tx timeout [ 86.333681][ T5882] team0: Port device team_slave_1 added [ 86.341136][ T5883] team0: Port device team_slave_0 added [ 86.348029][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.355633][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.381723][ T5881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.394919][ T5881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.401891][ T5881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.428059][ T5881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.450579][ T5884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.475127][ T5883] team0: Port device team_slave_1 added [ 86.540372][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.547725][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.573963][ T5882] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.641004][ T5882] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.648464][ T5882] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.674831][ T5882] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.706595][ T5879] hsr_slave_0: entered promiscuous mode [ 86.714094][ T5879] hsr_slave_1: entered promiscuous mode [ 86.723112][ T5884] team0: Port device team_slave_0 added [ 86.729816][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.736998][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.763091][ T5883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.794289][ T5881] hsr_slave_0: entered promiscuous mode [ 86.800623][ T5881] hsr_slave_1: entered promiscuous mode [ 86.807131][ T5881] debugfs: 'hsr0' already exists in 'hsr' [ 86.813001][ T5881] Cannot create hsr debugfs directory [ 86.839244][ T5884] team0: Port device team_slave_1 added [ 86.861483][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.868631][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.894791][ T5883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.067710][ T5884] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.076735][ T5884] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.103991][ T5884] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.127275][ T5882] hsr_slave_0: entered promiscuous mode [ 87.134509][ T5882] hsr_slave_1: entered promiscuous mode [ 87.140936][ T5882] debugfs: 'hsr0' already exists in 'hsr' [ 87.151945][ T5882] Cannot create hsr debugfs directory [ 87.196931][ T5884] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.205061][ T5884] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.231320][ T5884] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.434614][ T5883] hsr_slave_0: entered promiscuous mode [ 87.441067][ T5883] hsr_slave_1: entered promiscuous mode [ 87.447598][ T5883] debugfs: 'hsr0' already exists in 'hsr' [ 87.453384][ T5883] Cannot create hsr debugfs directory [ 87.506570][ T5884] hsr_slave_0: entered promiscuous mode [ 87.514890][ T5884] hsr_slave_1: entered promiscuous mode [ 87.521201][ T5884] debugfs: 'hsr0' already exists in 'hsr' [ 87.527373][ T5884] Cannot create hsr debugfs directory [ 88.000119][ T5879] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.015068][ T5879] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.041484][ T5879] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.057810][ T5870] Bluetooth: hci0: command tx timeout [ 88.064660][ T5879] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.152590][ T5881] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.164904][ T5881] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.178143][ T5881] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.191469][ T5881] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.292716][ T5870] Bluetooth: hci2: command tx timeout [ 88.292828][ T5874] Bluetooth: hci1: command tx timeout [ 88.318663][ T5882] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.330733][ T5882] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.344524][ T5882] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.357789][ T5882] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.372516][ T5874] Bluetooth: hci3: command tx timeout [ 88.372802][ T5870] Bluetooth: hci4: command tx timeout [ 88.467192][ T5883] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 88.499819][ T5883] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 88.538071][ T5883] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 88.550340][ T5883] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 88.636200][ T5879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.665393][ T5884] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.705316][ T5884] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.731498][ T5879] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.747145][ T5884] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.759803][ T5884] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.827388][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.834643][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.892679][ T5881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.910571][ T2139] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.917774][ T2139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.951386][ T5882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.007732][ T5881] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.055594][ T5882] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.078729][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.085878][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.127234][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.134462][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.151036][ T5883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.171077][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.178297][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.204537][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.211681][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.260167][ T5883] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.291504][ T1033] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.298706][ T1033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.338153][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.345300][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.385476][ T5884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.469979][ T5884] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.493775][ T3021] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.500908][ T3021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.524083][ T5879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.535580][ T3021] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.542759][ T3021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.591726][ T5883] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 89.603302][ T5883] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.651228][ T5881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.751203][ T5883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.814688][ T5882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.854260][ T5881] veth0_vlan: entered promiscuous mode [ 89.883626][ T5884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.899902][ T5879] veth0_vlan: entered promiscuous mode [ 89.915997][ T5881] veth1_vlan: entered promiscuous mode [ 89.964190][ T5879] veth1_vlan: entered promiscuous mode [ 90.001771][ T5883] veth0_vlan: entered promiscuous mode [ 90.066230][ T5883] veth1_vlan: entered promiscuous mode [ 90.107212][ T5882] veth0_vlan: entered promiscuous mode [ 90.132942][ T5870] Bluetooth: hci0: command tx timeout [ 90.150576][ T5881] veth0_macvtap: entered promiscuous mode [ 90.175893][ T5884] veth0_vlan: entered promiscuous mode [ 90.191397][ T5882] veth1_vlan: entered promiscuous mode [ 90.206194][ T5881] veth1_macvtap: entered promiscuous mode [ 90.235970][ T5879] veth0_macvtap: entered promiscuous mode [ 90.264311][ T5879] veth1_macvtap: entered promiscuous mode [ 90.290075][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.306032][ T5883] veth0_macvtap: entered promiscuous mode [ 90.326120][ T5884] veth1_vlan: entered promiscuous mode [ 90.346449][ T5881] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.359434][ T5882] veth0_macvtap: entered promiscuous mode [ 90.368811][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.373674][ T5870] Bluetooth: hci2: command tx timeout [ 90.377607][ T5874] Bluetooth: hci1: command tx timeout [ 90.383987][ T5883] veth1_macvtap: entered promiscuous mode [ 90.420412][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.430332][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.441474][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.453011][ T5874] Bluetooth: hci4: command tx timeout [ 90.454532][ T5870] Bluetooth: hci3: command tx timeout [ 90.486812][ T5882] veth1_macvtap: entered promiscuous mode [ 90.494063][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.505224][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.540634][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.560101][ T3021] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.569353][ T3021] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.593582][ T5884] veth0_macvtap: entered promiscuous mode [ 90.603878][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.614704][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.638456][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.664414][ T5884] veth1_macvtap: entered promiscuous mode [ 90.684506][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.707742][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.728703][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.741156][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.770322][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.789271][ T5882] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.817921][ T5884] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.858468][ T3021] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.868048][ T3021] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.899748][ T5884] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.908295][ T3021] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.919388][ T3021] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.961435][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.979669][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.005982][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.016243][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.041734][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.049961][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.061877][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.071560][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.172024][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.180882][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.209446][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.222202][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.229088][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.234874][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.341260][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.349685][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.381679][ T5879] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.427647][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.457880][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.565792][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.587762][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.770921][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.802299][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.877450][ T5968] netlink: 92 bytes leftover after parsing attributes in process `syz.0.7'. [ 91.905570][ T1033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.935011][ T1033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.063418][ T9] cfg80211: failed to load regulatory.db [ 92.213119][ T5870] Bluetooth: hci0: command tx timeout [ 92.339611][ T5979] program syz.3.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 92.454130][ T5870] Bluetooth: hci1: command tx timeout [ 92.532635][ T5870] Bluetooth: hci4: command tx timeout [ 92.532915][ T5874] Bluetooth: hci3: command tx timeout [ 93.082738][ T5999] syz.1.20 uses obsolete (PF_INET,SOCK_PACKET) [ 94.241746][ T6037] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 94.311684][ T6041] netlink: 'syz.1.40': attribute type 10 has an invalid length. [ 94.384491][ T6041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.430630][ T6041] team0: Port device bond0 added [ 94.482991][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 94.687020][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 94.714372][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 94.750066][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 94.799745][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 94.843310][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 94.879860][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 94.917946][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 94.976784][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 95.020258][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 95.060638][ T9] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 95.118495][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.143779][ T9] usb 1-1: Product: syz [ 95.148006][ T9] usb 1-1: Manufacturer: syz [ 95.171306][ T9] usb 1-1: SerialNumber: syz [ 95.209890][ T9] usb 1-1: config 0 descriptor?? [ 95.247419][ T6036] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 95.318201][ T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 95.672811][ C1] ================================================================== [ 95.680964][ C1] BUG: KASAN: slab-use-after-free in snd_usbmidi_error_timer+0x15d/0x660 [ 95.689425][ C1] Read of size 4 at addr ffff888026d1ff10 by task syz.2.56/6075 [ 95.697086][ C1] [ 95.699434][ C1] CPU: 1 UID: 0 PID: 6075 Comm: syz.2.56 Not tainted syzkaller #0 PREEMPT(full) [ 95.699457][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 95.699468][ C1] Call Trace: [ 95.699476][ C1] [ 95.699484][ C1] dump_stack_lvl+0x189/0x250 [ 95.699510][ C1] ? rcu_is_watching+0x15/0xb0 [ 95.699529][ C1] ? __kasan_check_byte+0x12/0x40 [ 95.699556][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.699576][ C1] ? rcu_is_watching+0x15/0xb0 [ 95.699594][ C1] ? lock_release+0x4b/0x3e0 [ 95.699622][ C1] ? __virt_addr_valid+0x1c8/0x5c0 [ 95.699645][ C1] ? __virt_addr_valid+0x4a5/0x5c0 [ 95.699669][ C1] print_report+0xca/0x240 [ 95.699687][ C1] ? snd_usbmidi_error_timer+0x15d/0x660 [ 95.699707][ C1] kasan_report+0x118/0x150 [ 95.699733][ C1] ? snd_usbmidi_error_timer+0x15d/0x660 [ 95.699756][ C1] kasan_check_range+0x2b0/0x2c0 [ 95.699783][ C1] snd_usbmidi_error_timer+0x15d/0x660 [ 95.699806][ C1] call_timer_fn+0x17b/0x5f0 [ 95.699832][ C1] ? __pfx_snd_usbmidi_error_timer+0x10/0x10 [ 95.699851][ C1] ? call_timer_fn+0xbe/0x5f0 [ 95.699875][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 95.699904][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 95.699932][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.699950][ C1] ? __pfx_snd_usbmidi_error_timer+0x10/0x10 [ 95.699970][ C1] __run_timer_base+0x61a/0x860 [ 95.699994][ C1] ? ktime_get+0x3e/0x1f0 [ 95.700019][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 95.700041][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 95.700077][ C1] run_timer_softirq+0xb7/0x180 [ 95.700101][ C1] handle_softirqs+0x283/0x870 [ 95.700121][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 95.700142][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 95.700162][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 95.700186][ C1] __irq_exit_rcu+0xca/0x1f0 [ 95.700203][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 95.700225][ C1] irq_exit_rcu+0x9/0x30 [ 95.700242][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 95.700261][ C1] [ 95.700267][ C1] [ 95.700274][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 95.700295][ C1] RIP: 0010:next_uptodate_folio+0x38f/0x5d0 [ 95.700316][ C1] Code: 83 e6 01 31 ff e8 31 38 c8 ff 49 83 e5 01 0f 85 11 02 00 00 4c 89 e7 be 08 00 00 00 e8 4a b3 2b 00 31 f6 f0 49 0f ba 2c 24 00 <41> 0f 93 c5 40 0f 92 c6 bf 02 00 00 00 e8 1f 36 c8 ff 45 84 ed 75 [ 95.700332][ C1] RSP: 0000:ffffc9000466f9b8 EFLAGS: 00000246 [ 95.700350][ C1] RAX: ffffffff81f77a01 RBX: 00000000000000df RCX: ffffffff81f77a56 [ 95.700364][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffea0001d22580 [ 95.700376][ C1] RBP: 1ffffd40003a44b1 R08: ffffea0001d22587 R09: 1ffffd40003a44b0 [ 95.700390][ C1] R10: dffffc0000000000 R11: fffff940003a44b1 R12: ffffea0001d22580 [ 95.700403][ C1] R13: 0000000000000000 R14: ffffea0001d22588 R15: ffffc9000466fb40 [ 95.700420][ C1] ? next_uptodate_folio+0x331/0x5d0 [ 95.700439][ C1] ? next_uptodate_folio+0x386/0x5d0 [ 95.700461][ C1] ? next_uptodate_folio+0x386/0x5d0 [ 95.700484][ C1] filemap_map_pages+0x102b/0x1740 [ 95.700512][ C1] ? filemap_map_pages+0x150/0x1740 [ 95.700533][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 95.700557][ C1] ? __handle_mm_fault+0x27b7/0x5440 [ 95.700581][ C1] ? __handle_mm_fault+0x27b7/0x5440 [ 95.700605][ C1] __handle_mm_fault+0x34ac/0x5440 [ 95.700628][ C1] ? __lock_acquire+0xab9/0xd20 [ 95.700660][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 95.700689][ C1] ? lock_vma_under_rcu+0xdf/0x3d0 [ 95.700714][ C1] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 95.700743][ C1] handle_mm_fault+0x40a/0x8e0 [ 95.700771][ C1] do_user_addr_fault+0xa81/0x1390 [ 95.700804][ C1] ? rcu_is_watching+0x15/0xb0 [ 95.700822][ C1] ? trace_page_fault_user+0x84/0x1e0 [ 95.700840][ C1] exc_page_fault+0x76/0xf0 [ 95.700859][ C1] asm_exc_page_fault+0x26/0x30 [ 95.700876][ C1] RIP: 0023:0xf706eb9b [ 95.700892][ C1] Code: 24 14 83 e9 01 c1 e1 0e 89 f0 89 fa 0f ac fe 03 0f ac d0 06 8d 14 0b 89 f1 25 ff 3f 00 00 83 e1 07 01 d0 ba 01 00 00 00 d3 e2 <84> 90 20 20 00 00 0f 85 69 fd ff ff e9 0a fe ff ff e8 0f 3c fe ff [ 95.700906][ C1] RSP: 002b:00000000f751f9e0 EFLAGS: 00010202 [ 95.700922][ C1] RAX: 000000000c30aa5b RBX: 000000000c230000 RCX: 0000000000000004 [ 95.700934][ C1] RDX: 0000000000000010 RSI: 00000000f03f52dc RDI: 00000000ffffffff [ 95.700946][ C1] RBP: 00000000f7f25610 R08: 0000000000000000 R09: 0000000000000000 [ 95.700958][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 95.700970][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 95.700988][ C1] [ 95.700995][ C1] [ 96.153965][ C1] Allocated by task 9: [ 96.158381][ C1] kasan_save_track+0x3e/0x80 [ 96.163072][ C1] __kasan_kmalloc+0x93/0xb0 [ 96.167665][ C1] __kmalloc_noprof+0x27a/0x4f0 [ 96.172519][ C1] usb_alloc_urb+0x46/0x150 [ 96.177021][ C1] snd_usbmidi_in_endpoint_create+0xb4/0xa30 [ 96.183014][ C1] __snd_usbmidi_create+0x2223/0x2a70 [ 96.188403][ C1] snd_usb_midi_v2_create+0x43e6/0x4660 [ 96.193975][ C1] usb_audio_probe+0xb78/0x1e10 [ 96.198929][ C1] usb_probe_interface+0x668/0xc30 [ 96.204041][ C1] really_probe+0x26a/0x9e0 [ 96.208646][ C1] __driver_probe_device+0x18c/0x2f0 [ 96.214028][ C1] driver_probe_device+0x4f/0x430 [ 96.219059][ C1] __device_attach_driver+0x2ce/0x530 [ 96.224434][ C1] bus_for_each_drv+0x251/0x2e0 [ 96.229287][ C1] __device_attach+0x2b8/0x400 [ 96.234051][ C1] bus_probe_device+0x185/0x260 [ 96.238953][ C1] device_add+0x7b6/0xb50 [ 96.243289][ C1] usb_set_configuration+0x1a87/0x20e0 [ 96.248751][ C1] usb_generic_driver_probe+0x8d/0x150 [ 96.254214][ C1] usb_probe_device+0x1c4/0x390 [ 96.259251][ C1] really_probe+0x26a/0x9e0 [ 96.263755][ C1] __driver_probe_device+0x18c/0x2f0 [ 96.269040][ C1] driver_probe_device+0x4f/0x430 [ 96.274067][ C1] __device_attach_driver+0x2ce/0x530 [ 96.279441][ C1] bus_for_each_drv+0x251/0x2e0 [ 96.284289][ C1] __device_attach+0x2b8/0x400 [ 96.289056][ C1] bus_probe_device+0x185/0x260 [ 96.293904][ C1] device_add+0x7b6/0xb50 [ 96.298237][ C1] usb_new_device+0xa39/0x16f0 [ 96.303009][ C1] hub_event+0x2958/0x4a20 [ 96.307434][ C1] process_scheduled_works+0xae1/0x17b0 [ 96.312974][ C1] worker_thread+0x8a0/0xda0 [ 96.317568][ C1] kthread+0x70e/0x8a0 [ 96.321635][ C1] ret_from_fork+0x439/0x7d0 [ 96.326219][ C1] ret_from_fork_asm+0x1a/0x30 [ 96.331037][ C1] [ 96.333358][ C1] Freed by task 9: [ 96.337074][ C1] kasan_save_track+0x3e/0x80 [ 96.341750][ C1] kasan_save_free_info+0x46/0x50 [ 96.346768][ C1] __kasan_slab_free+0x5b/0x80 [ 96.351533][ C1] kfree+0x18e/0x440 [ 96.355427][ C1] snd_usbmidi_in_endpoint_delete+0xde/0x680 [ 96.361403][ C1] snd_usbmidi_rawmidi_free+0xae/0x160 [ 96.366864][ C1] snd_rawmidi_free+0x3bc/0x410 [ 96.371709][ C1] snd_rawmidi_dev_free+0x38/0x50 [ 96.376734][ C1] __snd_device_free+0x1d2/0x2e0 [ 96.381693][ C1] snd_device_free_all+0xcf/0x180 [ 96.386719][ C1] release_card_device+0x75/0x1b0 [ 96.391752][ C1] device_release+0x9c/0x1c0 [ 96.396342][ C1] kobject_put+0x22b/0x480 [ 96.400762][ C1] snd_card_free+0x110/0x190 [ 96.405353][ C1] usb_audio_probe+0x193f/0x1e10 [ 96.410300][ C1] usb_probe_interface+0x668/0xc30 [ 96.415407][ C1] really_probe+0x26a/0x9e0 [ 96.419909][ C1] __driver_probe_device+0x18c/0x2f0 [ 96.425191][ C1] driver_probe_device+0x4f/0x430 [ 96.430217][ C1] __device_attach_driver+0x2ce/0x530 [ 96.435594][ C1] bus_for_each_drv+0x251/0x2e0 [ 96.440442][ C1] __device_attach+0x2b8/0x400 [ 96.445201][ C1] bus_probe_device+0x185/0x260 [ 96.450048][ C1] device_add+0x7b6/0xb50 [ 96.454376][ C1] usb_set_configuration+0x1a87/0x20e0 [ 96.459838][ C1] usb_generic_driver_probe+0x8d/0x150 [ 96.465393][ C1] usb_probe_device+0x1c4/0x390 [ 96.470253][ C1] really_probe+0x26a/0x9e0 [ 96.474754][ C1] __driver_probe_device+0x18c/0x2f0 [ 96.480040][ C1] driver_probe_device+0x4f/0x430 [ 96.485062][ C1] __device_attach_driver+0x2ce/0x530 [ 96.490438][ C1] bus_for_each_drv+0x251/0x2e0 [ 96.495292][ C1] __device_attach+0x2b8/0x400 [ 96.500059][ C1] bus_probe_device+0x185/0x260 [ 96.504909][ C1] device_add+0x7b6/0xb50 [ 96.509236][ C1] usb_new_device+0xa39/0x16f0 [ 96.514005][ C1] hub_event+0x2958/0x4a20 [ 96.518426][ C1] process_scheduled_works+0xae1/0x17b0 [ 96.523969][ C1] worker_thread+0x8a0/0xda0 [ 96.528563][ C1] kthread+0x70e/0x8a0 [ 96.532634][ C1] ret_from_fork+0x439/0x7d0 [ 96.537259][ C1] ret_from_fork_asm+0x1a/0x30 [ 96.542127][ C1] [ 96.544450][ C1] The buggy address belongs to the object at ffff888026d1ff00 [ 96.544450][ C1] which belongs to the cache kmalloc-192 of size 192 [ 96.558511][ C1] The buggy address is located 16 bytes inside of [ 96.558511][ C1] freed 192-byte region [ffff888026d1ff00, ffff888026d1ffc0) [ 96.572218][ C1] [ 96.574542][ C1] The buggy address belongs to the physical page: [ 96.581034][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26d1f [ 96.589878][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 96.596988][ C1] page_type: f5(slab) [ 96.600970][ C1] raw: 00fff00000000000 ffff88801a4413c0 dead000000000100 dead000000000122 [ 96.609555][ C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 96.618135][ C1] page dumped because: kasan: bad access detected [ 96.624544][ C1] page_owner tracks the page as allocated [ 96.630258][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 9693441177, free_ts 9693107974 [ 96.648579][ C1] post_alloc_hook+0x240/0x2a0 [ 96.653348][ C1] get_page_from_freelist+0x21e4/0x22c0 [ 96.658889][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 96.664691][ C1] alloc_pages_mpol+0x232/0x4a0 [ 96.669542][ C1] allocate_slab+0x8a/0x370 [ 96.674041][ C1] ___slab_alloc+0xbeb/0x1420 [ 96.678719][ C1] __kvmalloc_node_noprof+0x429/0x5f0 [ 96.684090][ C1] rhashtable_init_noprof+0x4ee/0xbb0 [ 96.689473][ C1] rhltable_init_noprof+0x1e/0x60 [ 96.694497][ C1] sta_info_init+0x54/0x130 [ 96.699003][ C1] ieee80211_alloc_hw_nm+0x7f0/0x1f20 [ 96.704376][ C1] mac80211_hwsim_new_radio+0x1ee/0x5340 [ 96.710012][ C1] init_mac80211_hwsim+0x45e/0x580 [ 96.715140][ C1] do_one_initcall+0x233/0x820 [ 96.719903][ C1] do_initcall_level+0x104/0x190 [ 96.724837][ C1] do_initcalls+0x59/0xa0 [ 96.729170][ C1] page last free pid 918 tgid 918 stack trace: [ 96.735315][ C1] __free_frozen_pages+0xbc4/0xd30 [ 96.740431][ C1] vfree+0x25a/0x400 [ 96.744324][ C1] delayed_vfree_work+0x55/0x80 [ 96.749168][ C1] process_scheduled_works+0xae1/0x17b0 [ 96.754710][ C1] worker_thread+0x8a0/0xda0 [ 96.759296][ C1] kthread+0x70e/0x8a0 [ 96.763372][ C1] ret_from_fork+0x439/0x7d0 [ 96.767958][ C1] ret_from_fork_asm+0x1a/0x30 [ 96.772735][ C1] [ 96.775065][ C1] Memory state around the buggy address: [ 96.780690][ C1] ffff888026d1fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 96.788923][ C1] ffff888026d1fe80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 96.796985][ C1] >ffff888026d1ff00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 96.805042][ C1] ^ [ 96.809626][ C1] ffff888026d1ff80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 96.817776][ C1] ffff888026d20000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 96.825919][ C1] ================================================================== [ 96.834249][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 96.841566][ C1] CPU: 1 UID: 0 PID: 6075 Comm: syz.2.56 Not tainted syzkaller #0 PREEMPT(full) [ 96.850712][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 96.860799][ C1] Call Trace: [ 96.864107][ C1] [ 96.866966][ C1] dump_stack_lvl+0x99/0x250 [ 96.871577][ C1] ? __asan_memcpy+0x40/0x70 [ 96.876191][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.881416][ C1] ? __pfx__printk+0x10/0x10 [ 96.886078][ C1] vpanic+0x281/0x750 [ 96.890084][ C1] ? __pfx_vpanic+0x10/0x10 [ 96.894601][ C1] ? irqentry_exit+0x74/0x90 [ 96.899211][ C1] panic+0xb9/0xc0 [ 96.902964][ C1] ? __pfx_panic+0x10/0x10 [ 96.907395][ C1] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 96.913317][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 96.919333][ C1] ? snd_usbmidi_error_timer+0x15d/0x660 [ 96.924988][ C1] check_panic_on_warn+0x89/0xb0 [ 96.929971][ C1] ? snd_usbmidi_error_timer+0x15d/0x660 [ 96.935627][ C1] end_report+0x78/0x160 [ 96.939897][ C1] kasan_report+0x129/0x150 [ 96.944427][ C1] ? snd_usbmidi_error_timer+0x15d/0x660 [ 96.950081][ C1] kasan_check_range+0x2b0/0x2c0 [ 96.955046][ C1] snd_usbmidi_error_timer+0x15d/0x660 [ 96.960527][ C1] call_timer_fn+0x17b/0x5f0 [ 96.965240][ C1] ? __pfx_snd_usbmidi_error_timer+0x10/0x10 [ 96.971323][ C1] ? call_timer_fn+0xbe/0x5f0 [ 96.976110][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 96.981351][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 96.986571][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 96.991873][ C1] ? __pfx_snd_usbmidi_error_timer+0x10/0x10 [ 96.997938][ C1] __run_timer_base+0x61a/0x860 [ 97.002814][ C1] ? ktime_get+0x3e/0x1f0 [ 97.007163][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 97.012559][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 97.018940][ C1] run_timer_softirq+0xb7/0x180 [ 97.023847][ C1] handle_softirqs+0x283/0x870 [ 97.028652][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 97.033528][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 97.038928][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 97.044151][ C1] __irq_exit_rcu+0xca/0x1f0 [ 97.048776][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 97.054010][ C1] irq_exit_rcu+0x9/0x30 [ 97.058274][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 97.064027][ C1] [ 97.067058][ C1] [ 97.070005][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 97.076109][ C1] RIP: 0010:next_uptodate_folio+0x38f/0x5d0 [ 97.082047][ C1] Code: 83 e6 01 31 ff e8 31 38 c8 ff 49 83 e5 01 0f 85 11 02 00 00 4c 89 e7 be 08 00 00 00 e8 4a b3 2b 00 31 f6 f0 49 0f ba 2c 24 00 <41> 0f 93 c5 40 0f 92 c6 bf 02 00 00 00 e8 1f 36 c8 ff 45 84 ed 75 [ 97.101970][ C1] RSP: 0000:ffffc9000466f9b8 EFLAGS: 00000246 [ 97.108076][ C1] RAX: ffffffff81f77a01 RBX: 00000000000000df RCX: ffffffff81f77a56 [ 97.116246][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffea0001d22580 [ 97.124245][ C1] RBP: 1ffffd40003a44b1 R08: ffffea0001d22587 R09: 1ffffd40003a44b0 [ 97.132256][ C1] R10: dffffc0000000000 R11: fffff940003a44b1 R12: ffffea0001d22580 [ 97.140250][ C1] R13: 0000000000000000 R14: ffffea0001d22588 R15: ffffc9000466fb40 [ 97.148340][ C1] ? next_uptodate_folio+0x331/0x5d0 [ 97.153664][ C1] ? next_uptodate_folio+0x386/0x5d0 [ 97.158989][ C1] ? next_uptodate_folio+0x386/0x5d0 [ 97.164414][ C1] filemap_map_pages+0x102b/0x1740 [ 97.169567][ C1] ? filemap_map_pages+0x150/0x1740 [ 97.174796][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 97.180289][ C1] ? __handle_mm_fault+0x27b7/0x5440 [ 97.185614][ C1] ? __handle_mm_fault+0x27b7/0x5440 [ 97.190938][ C1] __handle_mm_fault+0x34ac/0x5440 [ 97.196076][ C1] ? __lock_acquire+0xab9/0xd20 [ 97.200970][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 97.206466][ C1] ? lock_vma_under_rcu+0xdf/0x3d0 [ 97.211633][ C1] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 97.217262][ C1] handle_mm_fault+0x40a/0x8e0 [ 97.222067][ C1] do_user_addr_fault+0xa81/0x1390 [ 97.227213][ C1] ? rcu_is_watching+0x15/0xb0 [ 97.232008][ C1] ? trace_page_fault_user+0x84/0x1e0 [ 97.237395][ C1] exc_page_fault+0x76/0xf0 [ 97.241919][ C1] asm_exc_page_fault+0x26/0x30 [ 97.246794][ C1] RIP: 0023:0xf706eb9b [ 97.250968][ C1] Code: 24 14 83 e9 01 c1 e1 0e 89 f0 89 fa 0f ac fe 03 0f ac d0 06 8d 14 0b 89 f1 25 ff 3f 00 00 83 e1 07 01 d0 ba 01 00 00 00 d3 e2 <84> 90 20 20 00 00 0f 85 69 fd ff ff e9 0a fe ff ff e8 0f 3c fe ff [ 97.270688][ C1] RSP: 002b:00000000f751f9e0 EFLAGS: 00010202 [ 97.276787][ C1] RAX: 000000000c30aa5b RBX: 000000000c230000 RCX: 0000000000000004 [ 97.285213][ C1] RDX: 0000000000000010 RSI: 00000000f03f52dc RDI: 00000000ffffffff [ 97.293217][ C1] RBP: 00000000f7f25610 R08: 0000000000000000 R09: 0000000000000000 [ 97.301225][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 97.309256][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.317700][ C1] [ 97.321151][ C1] Kernel Offset: disabled [ 97.325470][ C1] Rebooting in 86400 seconds..