last executing test programs: 16.923527902s ago: executing program 2 (id=78): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000400)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000440)) r2 = socket(0x2a, 0x2, 0x0) socket(0x2, 0x5, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r3 = socket(0x2a, 0x2, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) r5 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10) sendmmsg$inet(r5, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4102a}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048050}, 0x4000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_ACT={0x38, 0x3, [@m_connmark={0x34, 0x1, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x6c}}, 0x24000000) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xfffa, 0xffe0}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x81}, 0x24004000) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x237, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x6, 0xd0, 0x1, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x2, 0x8, {0x9, 0x21, 0xc3, 0x1, 0x1, {0x22, 0x6c3}}, {{{0x9, 0x5, 0x81, 0x3, 0x410, 0x71, 0xa5, 0x4}}}}}]}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0}) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 14.258865347s ago: executing program 0 (id=83): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @empty, 0x20000007}, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r2}, &(0x7f0000000340), &(0x7f0000000440)=r1}, 0x20) sendmsg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40051) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) timer_create(0x2, 0x0, 0x0) timer_create(0x2, 0x0, &(0x7f0000000080)=0x0) timer_delete(r3) r4 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000240)='asymmetric\x00', 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000280)=@chain={'key_or_keyring:', r5}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x25, 0x0, 0x0) 13.252459128s ago: executing program 0 (id=85): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, 0x0, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000440)='xprtrdma_op_set_cto\x00', r0, 0x0, 0x81}, 0x18) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x88000) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xffffffffffffff1d) socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f0000000200), 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000400)={r6, &(0x7f00000005c0)="e95015e07c5ecb4b1637c768a6b3ffd9e8b2a26c6be65e0f9ee49a09033331929544383e7822e5d6b4f0", &(0x7f00000006c0)=""/174}, 0x20) ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0xffffffffffffffb6) unshare(0x40000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001201400000010000100000000000000000000840300"], 0xd0}}, 0x20050800) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1000000, 0xb, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x2, 0xb, &(0x7f0000000040)=ANY=[@ANYRESHEX], &(0x7f0000000180)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x990}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 10.280346169s ago: executing program 3 (id=90): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 9.315787067s ago: executing program 2 (id=91): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000002000070000000000000000000a00204000000007ff0000001400110076657468305f746f5f6272696467650008000a00fbffffff140002"], 0x4c}, 0x1, 0x0, 0x0, 0x24040804}, 0x40000) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) 8.557790458s ago: executing program 0 (id=94): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x7e, 0x9e, 0xb4, 0x10, 0x54c, 0x38, 0x16f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0xc5, 0x38}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x8, 0x3}, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 7.963802646s ago: executing program 1 (id=95): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 7.460208397s ago: executing program 2 (id=96): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x3c}}, 0x44000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x10) r1 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) r2 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{{0x80000000, 0x0}}, {{0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000400)={r4, &(0x7f00000007c0)=[{0x80000000}], &(0x7f0000000500)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000280)={r6, 0x0, &(0x7f0000000080)=[{{0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f000000a300)={{r5, r8, 0x0, [0x1, 0x2]}, {r7, r3, 0x0, [0xc1b, 0x8]}, 0x1, [0x1007e, 0x9]}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a28000000000a030000000000000000000100000908000240000000050900010073797a30000000002800"], 0x78}, 0x1, 0x0, 0x0, 0x890}, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) 7.402636512s ago: executing program 2 (id=97): socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x5d032, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000b31000/0x2000)=nil, &(0x7f0000000000/0x3000)=nil, 0x2000, 0x2}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0xa41) ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000200)={"1b00", 0x3, 0x5, 0x2, 0x6397, 0x0, "0400b7e7a2aac9779bf500", "20000100", "032000", "18b637c7", ["8bbb00fda8e45cfe00000900", "ab5286400300000000008516", "400000000000000000fe4800", "000b000000000000001000"]}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000480)=""/177, 0xb1, 0xa6) ioctl$IOMMU_TEST_OP_ACCESS_PAGES(0xffffffffffffffff, 0x3ba0, &(0x7f0000000440)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x9, 0x7}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000540)=[{0x3, 0x0, 0x0, 0x7fff7ffb}]}) 6.972858436s ago: executing program 1 (id=98): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') pread64(r0, 0x0, 0x0, 0xa6) 6.728155756s ago: executing program 1 (id=99): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000380)={{0x3, 0x81}, 'port0\x00', 0x41, 0x20010, 0x2, 0x1ff, 0x8000, 0xfffffffe, 0x8, 0x0, 0x4, 0xf4}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil) syz_emit_ethernet(0x6a, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb08004500005c0000000000019078ac1e0001ac1414aa05009078e00000e0400000000000000000110000ac14"], 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000c80), 0x7, 0xc82) ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f0000000cc0)={0x0, 0x0, {0xfffff982, 0x8, 0x300f, 0x3, 0x7, 0x0, 0x2, 0x4}}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000001e40)=ANY=[], 0x48) ioctl$SIOCSIFHWADDR(r3, 0x8b0f, &(0x7f0000000140)={'wlan1\x00', @random="0300000000eb"}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) shutdown(r3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x4, 0x7fff0000}]}) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}, r4}}, 0x48) 6.317538039s ago: executing program 0 (id=100): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000400)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000440)) r2 = socket(0x2a, 0x2, 0x0) socket(0x2, 0x5, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r3 = socket(0x2a, 0x2, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) r5 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) connect$inet(r5, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10) sendmmsg$inet(r5, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4102a}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048050}, 0x4000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_ACT={0x38, 0x3, [@m_connmark={0x34, 0x1, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x6c}}, 0x24000000) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xfffa, 0xffe0}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x81}, 0x24004000) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x237, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x6, 0xd0, 0x1, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x2, 0x8, {0x9, 0x21, 0xc3, 0x1, 0x1, {0x22, 0x6c3}}, {{{0x9, 0x5, 0x81, 0x3, 0x410, 0x71, 0xa5, 0x4}}}}}]}}]}}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0}) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 5.682460541s ago: executing program 2 (id=101): socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48}) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r3, 0x0) 5.276190824s ago: executing program 2 (id=102): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, 0x0, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000440)='xprtrdma_op_set_cto\x00', r0, 0x0, 0x81}, 0x18) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x88000) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0xffffffffffffff1d) socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f0000000200), 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000400)={r6, &(0x7f00000005c0)="e95015e07c5ecb4b1637c768a6b3ffd9e8b2a26c6be65e0f9ee49a09033331929544383e7822e5d6b4f0", &(0x7f00000006c0)=""/174}, 0x20) ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0xffffffffffffffb6) unshare(0x40000000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001201400000010000100000000000000000000840300"], 0xd0}}, 0x20050800) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1000000, 0xb, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x2, 0xb, &(0x7f0000000040)=ANY=[@ANYRESHEX], &(0x7f0000000180)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x990}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.236439357s ago: executing program 3 (id=103): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @empty, 0x20000007}, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r2}, &(0x7f0000000340), &(0x7f0000000440)=r1}, 0x20) sendmsg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40051) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) timer_create(0x2, 0x0, 0x0) timer_create(0x2, 0x0, &(0x7f0000000080)=0x0) timer_delete(r3) r4 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000240)='asymmetric\x00', 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000280)=@chain={'key_or_keyring:', r5}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x25, 0x0, 0x0) 3.495816608s ago: executing program 3 (id=104): socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$igmp(0x2, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) inotify_init() ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) r3 = epoll_create1(0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, &(0x7f0000000380)=0x102) fcntl$dupfd(r3, 0x2, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mremap(&(0x7f00004d6000/0x4000)=nil, 0x4000, 0x4000, 0x2, &(0x7f00001e2000/0x4000)=nil) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18) syz_emit_ethernet(0x95, 0x0, &(0x7f0000000100)={0x80000001, 0x8000001, [0x997, 0x8bf, 0xe4b, 0xc70]}) munlockall() write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r2, 0x0, 0x0, 0x200000000}) 3.312246132s ago: executing program 1 (id=105): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x3c}}, 0x44000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x10) r1 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) r2 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{{0x80000000, 0x0}}, {{0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000400)={r4, &(0x7f00000007c0)=[{0x80000000}], &(0x7f0000000500)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r2, 0xc0287c02, &(0x7f0000000280)={r6, 0x0, &(0x7f0000000080)=[{{0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f000000a300)={{r5, r8, 0x0, [0x1, 0x2]}, {r7, r3, 0x0, [0xc1b, 0x8]}, 0x1, [0x1007e, 0x9]}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a28000000000a030000000000000000000100000908000240000000050900010073797a30000000002800"], 0x78}, 0x1, 0x0, 0x0, 0x890}, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) 3.071525792s ago: executing program 1 (id=106): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_rdma(0x10, 0x3, 0x14) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x9}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600894f0000200002"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, 0x0) socket(0x2, 0x80805, 0x0) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r5, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r5, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYRES64=r4], 0x18}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000380)={0x0, 0x0, 0x10}, 0xc) 1.401002317s ago: executing program 3 (id=107): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00') pread64(r0, 0x0, 0x0, 0xa6) 1.252275079s ago: executing program 3 (id=108): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 571.514984ms ago: executing program 0 (id=109): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0xf, 0x5, 0x8}) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, 0x0) 552.546495ms ago: executing program 1 (id=110): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_rdma(0x10, 0x3, 0x14) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x9}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600894f00"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, 0x0) socket(0x2, 0x80805, 0x0) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r5, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r5, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYRES64=r4], 0x18}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000380)={0x0, 0x0, 0x10}, 0xc) 270.494828ms ago: executing program 3 (id=111): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) 0s ago: executing program 0 (id=112): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @empty, 0x20000007}, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r2}, &(0x7f0000000340), &(0x7f0000000440)=r1}, 0x20) sendmsg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40051) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) timer_create(0x2, 0x0, 0x0) timer_create(0x2, 0x0, &(0x7f0000000080)=0x0) timer_delete(r3) r4 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) r5 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r4}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, 0x0, &(0x7f0000000280)=@chain={'key_or_keyring:', r5}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x25, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts. [ 77.163090][ T5778] cgroup: Unknown subsys name 'net' [ 77.296862][ T5778] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 78.932758][ T5778] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.274117][ T5798] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.303895][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.309321][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.312656][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.326033][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.329386][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.334495][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.348729][ T5803] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.349158][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.357212][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.363708][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.370401][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.377631][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.385805][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.398193][ T5803] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.405401][ T5794] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.409508][ T5798] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.413105][ T5803] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.427206][ T5803] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.434281][ T5798] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.448553][ T5106] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.457910][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.468107][ T5803] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.492278][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.901376][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 82.162981][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 82.181359][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 82.305470][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.315786][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.325783][ T5790] bridge_slave_0: entered allmulticast mode [ 82.335918][ T5790] bridge_slave_0: entered promiscuous mode [ 82.352221][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 82.377428][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.384771][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.392038][ T5790] bridge_slave_1: entered allmulticast mode [ 82.399633][ T5790] bridge_slave_1: entered promiscuous mode [ 82.486527][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.547729][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.595760][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.603201][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.610490][ T5789] bridge_slave_0: entered allmulticast mode [ 82.617424][ T5789] bridge_slave_0: entered promiscuous mode [ 82.665563][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.672898][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.680912][ T5789] bridge_slave_1: entered allmulticast mode [ 82.687878][ T5789] bridge_slave_1: entered promiscuous mode [ 82.697433][ T5790] team0: Port device team_slave_0 added [ 82.706446][ T5790] team0: Port device team_slave_1 added [ 82.724223][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.731474][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.739375][ T5788] bridge_slave_0: entered allmulticast mode [ 82.746367][ T5788] bridge_slave_0: entered promiscuous mode [ 82.792895][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.800390][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.807651][ T5787] bridge_slave_0: entered allmulticast mode [ 82.815077][ T5787] bridge_slave_0: entered promiscuous mode [ 82.822706][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.829978][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.837261][ T5788] bridge_slave_1: entered allmulticast mode [ 82.845039][ T5788] bridge_slave_1: entered promiscuous mode [ 82.854452][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.866847][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.894158][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.901507][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.909169][ T5787] bridge_slave_1: entered allmulticast mode [ 82.916636][ T5787] bridge_slave_1: entered promiscuous mode [ 82.961379][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.968459][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.995722][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.034834][ T5789] team0: Port device team_slave_0 added [ 83.044006][ T5789] team0: Port device team_slave_1 added [ 83.051425][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.059113][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.085802][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.114285][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.144941][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.156731][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.191032][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.198312][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.224356][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.237879][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.245266][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.271987][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.285444][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.363800][ T5788] team0: Port device team_slave_0 added [ 83.373338][ T5788] team0: Port device team_slave_1 added [ 83.385919][ T5790] hsr_slave_0: entered promiscuous mode [ 83.392689][ T5790] hsr_slave_1: entered promiscuous mode [ 83.403522][ T5787] team0: Port device team_slave_0 added [ 83.412527][ T5787] team0: Port device team_slave_1 added [ 83.445883][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.453185][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.479164][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.527430][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.535476][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.540761][ T5803] Bluetooth: hci0: command tx timeout [ 83.561626][ T50] Bluetooth: hci3: command tx timeout [ 83.567321][ T5803] Bluetooth: hci1: command tx timeout [ 83.572938][ T50] Bluetooth: hci2: command tx timeout [ 83.584130][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.625118][ T5789] hsr_slave_0: entered promiscuous mode [ 83.632304][ T5789] hsr_slave_1: entered promiscuous mode [ 83.638723][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.646586][ T5789] Cannot create hsr debugfs directory [ 83.673192][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.680533][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.706914][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.724343][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.732061][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.758264][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.834768][ T5788] hsr_slave_0: entered promiscuous mode [ 83.841902][ T5788] hsr_slave_1: entered promiscuous mode [ 83.848435][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.856009][ T5788] Cannot create hsr debugfs directory [ 83.934098][ T5787] hsr_slave_0: entered promiscuous mode [ 83.941653][ T5787] hsr_slave_1: entered promiscuous mode [ 83.947878][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.955526][ T5787] Cannot create hsr debugfs directory [ 84.279776][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.304701][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.322525][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.333361][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.414956][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.436894][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.447640][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.478818][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.549216][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.577424][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.588862][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.600281][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.696379][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.719923][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.731612][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.745462][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.774443][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.819971][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.866066][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.873597][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.902525][ T2897] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.909748][ T2897] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.947464][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.006035][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.076841][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.090775][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.108431][ T2897] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.115550][ T2897] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.143049][ T2891] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.150292][ T2891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.160073][ T2891] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.167270][ T2891] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.204007][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.247820][ T2891] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.255074][ T2891] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.345813][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.376708][ T3511] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.383911][ T3511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.421176][ T3511] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.428389][ T3511] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.608481][ T50] Bluetooth: hci3: command tx timeout [ 85.609691][ T5803] Bluetooth: hci0: command tx timeout [ 85.613929][ T50] Bluetooth: hci2: command tx timeout [ 85.625230][ T5792] Bluetooth: hci1: command tx timeout [ 85.667354][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.801870][ T5790] veth0_vlan: entered promiscuous mode [ 85.837184][ T5790] veth1_vlan: entered promiscuous mode [ 85.921975][ T5790] veth0_macvtap: entered promiscuous mode [ 85.963473][ T5790] veth1_macvtap: entered promiscuous mode [ 86.025740][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.039694][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.072482][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.089719][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.100691][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.110804][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.120104][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.130004][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.203121][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.235955][ T5787] veth0_vlan: entered promiscuous mode [ 86.282071][ T5787] veth1_vlan: entered promiscuous mode [ 86.338685][ T2897] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.354490][ T2897] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.416282][ T5789] veth0_vlan: entered promiscuous mode [ 86.434179][ T2897] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.435301][ T5787] veth0_macvtap: entered promiscuous mode [ 86.451684][ T5788] veth0_vlan: entered promiscuous mode [ 86.452605][ T2897] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.469543][ T5788] veth1_vlan: entered promiscuous mode [ 86.496547][ T5787] veth1_macvtap: entered promiscuous mode [ 86.517250][ T5789] veth1_vlan: entered promiscuous mode [ 86.576757][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.588219][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.601386][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.614816][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.626171][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.637801][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.682751][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.708094][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.716871][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.732878][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.768962][ T5789] veth0_macvtap: entered promiscuous mode [ 86.791531][ T5788] veth0_macvtap: entered promiscuous mode [ 86.834594][ T5789] veth1_macvtap: entered promiscuous mode [ 86.866491][ T5788] veth1_macvtap: entered promiscuous mode [ 86.888602][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.896927][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.918279][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.926915][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.962161][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 87.035062][ T5887] bpq0: entered promiscuous mode [ 87.374092][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.428055][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.467907][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.482534][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 87.524139][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.576563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 87.615767][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.667102][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.678942][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 87.694921][ T50] Bluetooth: hci0: command tx timeout [ 87.694925][ T5803] Bluetooth: hci3: command tx timeout [ 87.694961][ T5803] Bluetooth: hci1: command tx timeout [ 87.701926][ T5792] Bluetooth: hci2: command tx timeout [ 87.741757][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.788835][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.825928][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.835984][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.847224][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.861088][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.885658][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.910972][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.958999][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.979368][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.997020][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.019542][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.032913][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.043169][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.053848][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.063756][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.074251][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.085484][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.115011][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.127096][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.135954][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.142406][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.154104][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.163128][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.176376][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.185775][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.194928][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.204079][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.283485][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.294433][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.308386][ T5859] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 88.409513][ T3559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.425260][ T3559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.448084][ T3559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.471506][ T3559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.509099][ T5859] usb 1-1: Using ep0 maxpacket: 8 [ 88.519511][ T5859] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 88.554925][ T5859] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 88.579099][ T5859] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.587162][ T5859] usb 1-1: Product: syz [ 88.594724][ T5859] usb 1-1: Manufacturer: syz [ 88.622032][ T5859] usb 1-1: SerialNumber: syz [ 88.667007][ T5859] usb 1-1: config 0 descriptor?? [ 88.716173][ T5859] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 88.768068][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.777037][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.810381][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.823094][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.769719][ T5792] Bluetooth: hci1: command tx timeout [ 89.769757][ T5805] Bluetooth: hci0: command tx timeout [ 89.775805][ T50] Bluetooth: hci3: command tx timeout [ 89.781122][ T5803] Bluetooth: hci2: command tx timeout [ 89.918016][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 89.968189][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 90.075854][ T5909] netlink: 'syz.1.9': attribute type 3 has an invalid length. [ 92.048775][ T5922] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 92.140169][ T5859] gspca_zc3xx: reg_r err -32 [ 92.175327][ T9] cfg80211: failed to load regulatory.db [ 92.398299][ T5880] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 92.595726][ T5880] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 92.608743][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.625615][ T5880] usb 3-1: config 0 descriptor?? [ 92.644435][ T5880] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 92.758662][ T5859] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 92.765106][ T5859] gspca_zc3xx: probe of 1-1:0.0 failed with error -32 [ 92.828040][ T27] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 93.497063][ T5859] usb 1-1: USB disconnect, device number 2 [ 93.639503][ T5880] usb 3-1: USB disconnect, device number 2 [ 93.699750][ T5940] netlink: 'syz.0.19': attribute type 3 has an invalid length. [ 93.828022][ T27] usb 2-1: Using ep0 maxpacket: 16 [ 93.851109][ T27] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 93.860455][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.869669][ T27] usb 2-1: Product: syz [ 93.873952][ T27] usb 2-1: Manufacturer: syz [ 93.879067][ T27] usb 2-1: SerialNumber: syz [ 93.887263][ T5945] input: syz1 as /devices/virtual/input/input5 [ 93.889881][ T27] usb 2-1: config 0 descriptor?? [ 93.908855][ T27] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 94.286667][ T5951] warning: `syz.3.22' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 94.326878][ T27] usb 2-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 94.533229][ T27] usb 2-1: USB disconnect, device number 2 [ 94.595595][ T27] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 94.645401][ T27] visor 2-1:0.0: device disconnected [ 95.445069][ T5968] netlink: 666 bytes leftover after parsing attributes in process `syz.3.28'. [ 95.488110][ T27] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 95.718012][ T27] usb 2-1: Using ep0 maxpacket: 8 [ 96.443985][ T27] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 96.456421][ T27] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 96.486431][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.515184][ T27] usb 2-1: Product: syz [ 96.528477][ T27] usb 2-1: Manufacturer: syz [ 96.533359][ T27] usb 2-1: SerialNumber: syz [ 96.549107][ T27] usb 2-1: config 0 descriptor?? [ 96.568397][ T27] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 96.863649][ T5983] netlink: 'syz.0.34': attribute type 3 has an invalid length. [ 96.898203][ T5880] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 97.068185][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 97.098110][ T5880] usb 4-1: Using ep0 maxpacket: 16 [ 97.105645][ T5880] usb 4-1: too many configurations: 123, using maximum allowed: 8 [ 97.114901][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.126435][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.140844][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.153551][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.165659][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.177511][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.189184][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.200974][ T5880] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.215849][ T5880] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 97.225520][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 97.233776][ T5880] usb 4-1: SerialNumber: syz [ 97.240870][ T5880] usb 4-1: config 0 descriptor?? [ 97.252636][ T9] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 97.253668][ T5880] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input6 [ 97.269218][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.289367][ T55] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 97.309414][ T9] usb 3-1: config 0 descriptor?? [ 97.330098][ T9] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 97.477424][ T5975] input: syz1 as /devices/virtual/input/input7 [ 97.498064][ T55] usb 1-1: Using ep0 maxpacket: 16 [ 97.500718][ T5880] usb 4-1: USB disconnect, device number 2 [ 97.506920][ T5146] bcm5974 4-1:0.0: could not read from device [ 97.532460][ T55] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 97.550842][ T5806] bcm5974 4-1:0.0: could not read from device [ 97.561399][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.570631][ T55] usb 1-1: Product: syz [ 97.576187][ T55] usb 1-1: Manufacturer: syz [ 97.581568][ T55] usb 1-1: SerialNumber: syz [ 97.599769][ T55] usb 1-1: config 0 descriptor?? [ 97.619654][ T55] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 97.943291][ T9] usb 3-1: USB disconnect, device number 3 [ 98.031667][ T55] usb 1-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 98.244925][ T5880] usb 1-1: USB disconnect, device number 3 [ 98.279175][ T5880] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 98.299267][ T5880] visor 1-1:0.0: device disconnected [ 98.588811][ T5994] netlink: 666 bytes leftover after parsing attributes in process `syz.2.38'. [ 98.789675][ T5997] bpq0: left promiscuous mode [ 98.794571][ T5997] bpq0: entered allmulticast mode [ 99.138265][ T27] gspca_zc3xx: reg_w_i err -110 [ 100.067750][ T6009] netlink: 'syz.3.44': attribute type 3 has an invalid length. [ 100.218054][ T27] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 100.231141][ T6010] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 100.246022][ T6017] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.263251][ T27] gspca_zc3xx: probe of 2-1:0.0 failed with error -110 [ 100.265884][ T27] usb 2-1: USB disconnect, device number 3 [ 101.978274][ T6030] mmap: syz.3.48 (6030) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 102.914346][ T55] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 103.101306][ T55] usb 3-1: Using ep0 maxpacket: 16 [ 103.121057][ T55] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 103.130370][ T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.139949][ T5793] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 103.151744][ T55] usb 3-1: Product: syz [ 103.157086][ T55] usb 3-1: Manufacturer: syz [ 103.162990][ T55] usb 3-1: SerialNumber: syz [ 103.176036][ T55] usb 3-1: config 0 descriptor?? [ 103.184785][ T55] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 103.622269][ T5793] usb 1-1: Using ep0 maxpacket: 8 [ 103.787008][ T5793] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 103.998465][ T5793] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 104.017575][ T55] usb 3-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 104.048150][ T5793] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.107995][ T5793] usb 1-1: Product: syz [ 104.126469][ T5793] usb 1-1: Manufacturer: syz [ 104.154575][ T5793] usb 1-1: SerialNumber: syz [ 104.189199][ T9] usb 3-1: USB disconnect, device number 4 [ 104.200321][ T5793] usb 1-1: config 0 descriptor?? [ 104.214076][ T9] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 104.239903][ T5793] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 104.250624][ T9] visor 3-1:0.0: device disconnected [ 104.335106][ T6050] netlink: 'syz.3.54': attribute type 3 has an invalid length. [ 104.655123][ T6053] kvm: pic: non byte write [ 105.004615][ T6062] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 106.006225][ T6072] netlink: 16 bytes leftover after parsing attributes in process `syz.1.58'. [ 107.368790][ T5793] gspca_zc3xx: reg_r err -32 [ 108.602878][ T6092] netlink: 'syz.2.63': attribute type 3 has an invalid length. [ 108.638026][ T5793] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 108.652292][ T5793] gspca_zc3xx: probe of 1-1:0.0 failed with error -32 [ 108.679270][ T5793] usb 1-1: USB disconnect, device number 4 [ 109.111753][ T6104] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 109.169655][ T5880] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 109.367981][ T5880] usb 3-1: Using ep0 maxpacket: 16 [ 109.379884][ T5880] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 109.394207][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.409185][ T5880] usb 3-1: Product: syz [ 109.427178][ T5880] usb 3-1: Manufacturer: syz [ 109.445082][ T5880] usb 3-1: SerialNumber: syz [ 109.488095][ T5880] usb 3-1: config 0 descriptor?? [ 109.501144][ T5880] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 110.607724][ T5880] usb 3-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 110.889282][ T5880] usb 3-1: USB disconnect, device number 5 [ 110.912888][ T5880] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 110.937634][ T5880] visor 3-1:0.0: device disconnected [ 111.178156][ T27] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 111.369237][ T27] usb 2-1: Using ep0 maxpacket: 8 [ 111.376453][ T27] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 111.400476][ T27] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 111.423284][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.459373][ T27] usb 2-1: Product: syz [ 111.471903][ T27] usb 2-1: Manufacturer: syz [ 111.483502][ T27] usb 2-1: SerialNumber: syz [ 111.493327][ T27] usb 2-1: config 0 descriptor?? [ 111.524866][ T27] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 112.478659][ T6124] netlink: 666 bytes leftover after parsing attributes in process `syz.3.73'. [ 114.506788][ T27] gspca_zc3xx: reg_r err -32 [ 114.576833][ T6146] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 114.959009][ T5938] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 115.148126][ T5938] usb 3-1: Using ep0 maxpacket: 8 [ 115.161354][ T5938] usb 3-1: unable to get BOS descriptor or descriptor too short [ 115.169265][ T27] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 115.179604][ T27] gspca_zc3xx: probe of 2-1:0.0 failed with error -32 [ 115.187406][ T5938] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 113, changing to 10 [ 115.216433][ T5938] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1040, setting to 1024 [ 115.250813][ T5938] usb 3-1: config 1 interface 0 has no altsetting 0 [ 115.266843][ T5938] usb 3-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.40 [ 115.278022][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.291114][ T5938] usb 3-1: Product: syz [ 115.297402][ T5938] usb 3-1: Manufacturer: syz [ 115.305465][ T5938] usb 3-1: SerialNumber: syz [ 115.326012][ T6148] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 115.585716][ T6142] trusted_key: encrypted_key: insufficient parameters specified [ 115.792389][ T6145] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.801176][ T6145] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.968051][ T55] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 115.996927][ T9] usb 2-1: USB disconnect, device number 4 [ 116.168571][ T55] usb 4-1: Using ep0 maxpacket: 16 [ 116.193243][ T55] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 116.221626][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.257829][ T55] usb 4-1: Product: syz [ 116.275391][ T55] usb 4-1: Manufacturer: syz [ 116.290540][ T55] usb 4-1: SerialNumber: syz [ 116.305071][ T55] usb 4-1: config 0 descriptor?? [ 116.331055][ T55] visor 4-1:0.0: Sony Clie 3.5 converter detected [ 116.759710][ T55] usb 4-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 116.972607][ T55] usb 4-1: USB disconnect, device number 3 [ 117.034401][ T55] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 117.066529][ T55] visor 4-1:0.0: device disconnected [ 119.277426][ T6145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.427873][ T6145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.426819][ T5938] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input8 [ 120.470647][ T5146] bcm5974 3-1:1.0: could not read from device [ 120.553407][ T5146] bcm5974 3-1:1.0: could not read from device [ 120.679899][ T5802] bcm5974 3-1:1.0: could not read from device [ 120.780946][ T5146] bcm5974 3-1:1.0: could not read from device [ 120.849908][ T5146] bcm5974 3-1:1.0: could not read from device [ 120.898502][ T5802] bcm5974 3-1:1.0: could not read from device [ 120.924233][ T5146] bcm5974 3-1:1.0: could not read from device [ 120.932252][ T5802] udevd[5802]: Error opening device "/dev/input/event4": Input/output error [ 120.942939][ T6193] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 120.967844][ T5802] udevd[5802]: Unable to EVIOCGABS device "/dev/input/event4" [ 120.986691][ T5802] udevd[5802]: Unable to EVIOCGABS device "/dev/input/event4" [ 121.006357][ T6145] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.023217][ T5802] udevd[5802]: Unable to EVIOCGABS device "/dev/input/event4" [ 121.031288][ T6145] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.053602][ T5802] udevd[5802]: Unable to EVIOCGABS device "/dev/input/event4" [ 121.053952][ T6145] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.075401][ T6145] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.091383][ T5146] bcm5974 3-1:1.0: could not read from device [ 121.331280][ T5938] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 121.559362][ T5938] usb 4-1: Using ep0 maxpacket: 8 [ 121.571365][ T5938] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 121.619370][ T5938] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 121.639593][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.647688][ T5938] usb 4-1: Product: syz [ 121.662435][ T5938] usb 4-1: Manufacturer: syz [ 121.667097][ T5938] usb 4-1: SerialNumber: syz [ 121.688842][ T5938] usb 4-1: config 0 descriptor?? [ 121.759941][ T5938] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 121.900342][ T9] usb 3-1: USB disconnect, device number 6 [ 122.326633][ T6203] netlink: 16 bytes leftover after parsing attributes in process `syz.2.91'. [ 123.518023][ T5793] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 123.698027][ T5793] usb 1-1: Using ep0 maxpacket: 16 [ 123.709272][ T5793] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 123.718636][ T5793] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.727106][ T5793] usb 1-1: Product: syz [ 123.731976][ T5793] usb 1-1: Manufacturer: syz [ 123.736619][ T5793] usb 1-1: SerialNumber: syz [ 123.745462][ T5793] usb 1-1: config 0 descriptor?? [ 123.760147][ T5793] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 124.182288][ T5793] usb 1-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 124.380859][ T5880] usb 1-1: USB disconnect, device number 5 [ 124.406905][ T5880] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 124.429190][ T5880] visor 1-1:0.0: device disconnected [ 124.548666][ T5938] gspca_zc3xx: reg_r err -32 [ 125.297323][ T5938] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 125.317950][ T5938] gspca_zc3xx: probe of 4-1:0.0 failed with error -32 [ 125.764680][ T6230] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 125.798017][ T5938] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 125.997992][ T5938] usb 1-1: Using ep0 maxpacket: 8 [ 126.036369][ T5793] usb 4-1: USB disconnect, device number 4 [ 126.038712][ T5938] usb 1-1: unable to get BOS descriptor or descriptor too short [ 126.106750][ T5938] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 113, changing to 10 [ 126.138872][ T5938] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1040, setting to 1024 [ 126.338151][ T5938] usb 1-1: config 1 interface 0 has no altsetting 0 [ 127.389414][ T6226] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.397467][ T6226] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.503107][ T5938] usb 1-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.40 [ 127.513751][ T5938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.526907][ T5938] usb 1-1: Product: syz [ 127.538085][ T5938] usb 1-1: Manufacturer: syz [ 127.542867][ T5938] usb 1-1: SerialNumber: syz [ 127.672170][ T6228] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 127.990671][ T6225] trusted_key: encrypted_key: insufficient parameters specified [ 130.052391][ T6226] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.096501][ T6226] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.395869][ T6226] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.406242][ T6226] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.418746][ T6226] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.427797][ T6226] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.715720][ T5938] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input9 [ 130.747552][ T5146] bcm5974 1-1:1.0: could not read from device [ 130.843157][ T5938] usb 1-1: USB disconnect, device number 6 [ 131.025604][ T6277] bpq0: entered promiscuous mode [ 131.030758][ T6277] bpq0: left allmulticast mode [ 131.091539][ T5802] udevd[5802]: Error opening device "/dev/input/event4": No such file or directory [ 131.171625][ T5802] udevd[5802]: Unable to EVIOCGABS device "/dev/input/event4" [ 131.220610][ T5802] udevd[5802]: Unable to EVIOCGABS device "/dev/input/event4" [ 131.245191][ T5802] udevd[5802]: Unable to EVIOCGABS device "/dev/input/event4" [ 131.253332][ T5802] udevd[5802]: Unable to EVIOCGABS device "/dev/input/event4" [ 131.261838][ T5802] udevd[5802]: Assertion 'close_nointr(fd) != -EBADF' failed at util.c:228, function safe_close(). Aborting. [ 131.494457][ T5161] udevd[5161]: worker [5802] terminated by signal 6 (Aborted) [ 131.502888][ T5161] udevd[5161]: worker [5802] failed while handling '/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input9/event4' [ 131.549541][ T6257] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 131.666896][ T6282] ================================================================== [ 131.675080][ T6282] BUG: KASAN: slab-use-after-free in rose_transmit_link+0x5ba/0x740 [ 131.683091][ T6282] Read of size 1 at addr ffff88801a340c32 by task syz.1.110/6282 [ 131.690817][ T6282] [ 131.693156][ T6282] CPU: 1 PID: 6282 Comm: syz.1.110 Not tainted 6.6.101-syzkaller #0 [ 131.701141][ T6282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 131.711222][ T6282] Call Trace: [ 131.714951][ T6282] [ 131.717912][ T6282] dump_stack_lvl+0x16c/0x230 [ 131.722639][ T6282] ? __lock_acquire+0x7c80/0x7c80 [ 131.727686][ T6282] ? show_regs_print_info+0x20/0x20 [ 131.732909][ T6282] ? load_image+0x3b0/0x3b0 [ 131.737454][ T6282] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 131.742851][ T6282] ? __virt_addr_valid+0x18c/0x540 [ 131.747995][ T6282] ? __virt_addr_valid+0x469/0x540 [ 131.753146][ T6282] print_report+0xac/0x220 [ 131.757576][ T6282] ? rose_transmit_link+0x5ba/0x740 [ 131.762793][ T6282] kasan_report+0x117/0x150 [ 131.767334][ T6282] ? kmem_cache_alloc_node+0x17f/0x330 [ 131.772811][ T6282] ? rose_transmit_link+0x5ba/0x740 [ 131.778033][ T6282] rose_transmit_link+0x5ba/0x740 [ 131.783091][ T6282] ? skb_put+0x11b/0x210 [ 131.787350][ T6282] rose_write_internal+0x11d1/0x1ab0 [ 131.792656][ T6282] ? rose_validate_nr+0x120/0x120 [ 131.797699][ T6282] ? __timer_delete+0x6b/0x290 [ 131.802479][ T6282] ? skb_queue_purge_reason+0x6c/0x1c0 [ 131.807962][ T6282] rose_release+0x24e/0x510 [ 131.812508][ T6282] sock_close+0xbd/0x230 [ 131.816851][ T6282] ? sock_mmap+0xa0/0xa0 [ 131.821114][ T6282] __fput+0x234/0x970 [ 131.825125][ T6282] task_work_run+0x1ce/0x250 [ 131.829732][ T6282] ? task_work_cancel+0x240/0x240 [ 131.834783][ T6282] get_signal+0x1235/0x1400 [ 131.839559][ T6282] ? task_work_add+0x3a3/0x440 [ 131.844330][ T6282] ? __ia32_sys_pidfd_getfd+0x90/0x90 [ 131.849722][ T6282] ? wake_bit_function+0x200/0x200 [ 131.854850][ T6282] ? __might_fault+0xaa/0x120 [ 131.859557][ T6282] arch_do_signal_or_restart+0x96/0x780 [ 131.865116][ T6282] ? __sys_connect+0x240/0x420 [ 131.869890][ T6282] ? get_sigframe_size+0x20/0x20 [ 131.874844][ T6282] ? exit_to_user_mode_loop+0x3b/0x110 [ 131.880324][ T6282] exit_to_user_mode_loop+0x70/0x110 [ 131.885621][ T6282] exit_to_user_mode_prepare+0xb1/0x140 [ 131.891192][ T6282] syscall_exit_to_user_mode+0x1a/0x50 [ 131.896669][ T6282] do_syscall_64+0x61/0xb0 [ 131.901091][ T6282] ? clear_bhb_loop+0x40/0x90 [ 131.905784][ T6282] ? clear_bhb_loop+0x40/0x90 [ 131.910471][ T6282] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 131.916377][ T6282] RIP: 0033:0x7fd49b38ebe9 [ 131.920832][ T6282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.940460][ T6282] RSP: 002b:00007fd49c25f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 131.948901][ T6282] RAX: fffffffffffffe00 RBX: 00007fd49b5b6180 RCX: 00007fd49b38ebe9 [ 131.956877][ T6282] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000010 [ 131.964862][ T6282] RBP: 00007fd49b411e19 R08: 0000000000000000 R09: 0000000000000000 [ 131.972943][ T6282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.980921][ T6282] R13: 00007fd49b5b6218 R14: 00007fd49b5b6180 R15: 00007ffc601d99f8 [ 131.988909][ T6282] [ 131.991932][ T6282] [ 131.994269][ T6282] Allocated by task 5997: [ 131.998605][ T6282] kasan_set_track+0x4e/0x70 [ 132.003203][ T6282] __kasan_kmalloc+0x8f/0xa0 [ 132.007813][ T6282] rose_add_node+0x23a/0xdd0 [ 132.012414][ T6282] rose_rt_ioctl+0xa42/0xfb0 [ 132.017009][ T6282] rose_ioctl+0x3cf/0x8b0 [ 132.021441][ T6282] sock_do_ioctl+0xd7/0x2f0 [ 132.025959][ T6282] sock_ioctl+0x623/0x7a0 [ 132.030301][ T6282] __se_sys_ioctl+0xfd/0x170 [ 132.034896][ T6282] do_syscall_64+0x55/0xb0 [ 132.039319][ T6282] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 132.045223][ T6282] [ 132.047542][ T6282] Freed by task 6277: [ 132.051517][ T6282] kasan_set_track+0x4e/0x70 [ 132.056111][ T6282] kasan_save_free_info+0x2e/0x50 [ 132.061152][ T6282] ____kasan_slab_free+0x126/0x1e0 [ 132.066302][ T6282] slab_free_freelist_hook+0x130/0x1b0 [ 132.071765][ T6282] __kmem_cache_free+0xba/0x1f0 [ 132.076624][ T6282] rose_rt_device_down+0x43d/0x490 [ 132.081744][ T6282] rose_device_event+0x604/0x690 [ 132.086687][ T6282] notifier_call_chain+0x197/0x390 [ 132.091805][ T6282] __dev_notify_flags+0x18e/0x2e0 [ 132.096838][ T6282] dev_change_flags+0xe8/0x1a0 [ 132.101618][ T6282] dev_ifsioc+0x6a7/0xe20 [ 132.105956][ T6282] dev_ioctl+0x7e2/0x1170 [ 132.110328][ T6282] sock_do_ioctl+0x226/0x2f0 [ 132.115020][ T6282] sock_ioctl+0x623/0x7a0 [ 132.119368][ T6282] __se_sys_ioctl+0xfd/0x170 [ 132.124006][ T6282] do_syscall_64+0x55/0xb0 [ 132.128454][ T6282] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 132.134552][ T6282] [ 132.136870][ T6282] The buggy address belongs to the object at ffff88801a340c00 [ 132.136870][ T6282] which belongs to the cache kmalloc-512 of size 512 [ 132.150921][ T6282] The buggy address is located 50 bytes inside of [ 132.150921][ T6282] freed 512-byte region [ffff88801a340c00, ffff88801a340e00) [ 132.164626][ T6282] [ 132.166946][ T6282] The buggy address belongs to the physical page: [ 132.173379][ T6282] page:ffffea000068d000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a340 [ 132.183553][ T6282] head:ffffea000068d000 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 132.192571][ T6282] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 132.200654][ T6282] page_type: 0xffffffff() [ 132.204995][ T6282] raw: 00fff00000000840 ffff888017841c80 dead000000000100 dead000000000122 [ 132.213618][ T6282] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 132.222209][ T6282] page dumped because: kasan: bad access detected [ 132.228644][ T6282] page_owner tracks the page as allocated [ 132.234354][ T6282] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 116, tgid 116 (kworker/u4:1), ts 6795281068, free_ts 0 [ 132.254585][ T6282] post_alloc_hook+0x1cd/0x210 [ 132.259392][ T6282] get_page_from_freelist+0x195c/0x19f0 [ 132.264959][ T6282] __alloc_pages+0x1e3/0x460 [ 132.269559][ T6282] alloc_slab_page+0x5d/0x170 [ 132.274251][ T6282] new_slab+0x87/0x2e0 [ 132.278349][ T6282] ___slab_alloc+0xc6d/0x12f0 [ 132.283039][ T6282] __kmem_cache_alloc_node+0x1a2/0x260 [ 132.288530][ T6282] kmalloc_trace+0x2a/0xe0 [ 132.292953][ T6282] alloc_bprm+0x56/0x9c0 [ 132.297289][ T6282] kernel_execve+0x98/0x9c0 [ 132.301828][ T6282] call_usermodehelper_exec_async+0x20b/0x350 [ 132.307935][ T6282] ret_from_fork+0x48/0x80 [ 132.312395][ T6282] ret_from_fork_asm+0x11/0x20 [ 132.317176][ T6282] page_owner free stack trace missing [ 132.322542][ T6282] [ 132.324872][ T6282] Memory state around the buggy address: [ 132.330511][ T6282] ffff88801a340b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.338840][ T6282] ffff88801a340b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.346918][ T6282] >ffff88801a340c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.354981][ T6282] ^ [ 132.360607][ T6282] ffff88801a340c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.368682][ T6282] ffff88801a340d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 132.376806][ T6282] ================================================================== [ 132.616916][ T6282] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 132.624166][ T6282] CPU: 0 PID: 6282 Comm: syz.1.110 Not tainted 6.6.101-syzkaller #0 [ 132.632156][ T6282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 132.642244][ T6282] Call Trace: [ 132.645557][ T6282] [ 132.648514][ T6282] dump_stack_lvl+0x16c/0x230 [ 132.653247][ T6282] ? show_regs_print_info+0x20/0x20 [ 132.658472][ T6282] ? load_image+0x3b0/0x3b0 [ 132.663019][ T6282] panic+0x2c0/0x710 [ 132.666945][ T6282] ? bpf_jit_dump+0xd0/0xd0 [ 132.671510][ T6282] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 132.677766][ T6282] ? rose_transmit_link+0x5ba/0x740 [ 132.682971][ T6282] ? check_panic_on_warn+0x70/0xa0 [ 132.688098][ T6282] ? rose_transmit_link+0x5ba/0x740 [ 132.693311][ T6282] check_panic_on_warn+0x84/0xa0 [ 132.698305][ T6282] ? rose_transmit_link+0x5ba/0x740 [ 132.703525][ T6282] end_report+0x6f/0x140 [ 132.707843][ T6282] kasan_report+0x128/0x150 [ 132.712386][ T6282] ? kmem_cache_alloc_node+0x17f/0x330 [ 132.718300][ T6282] ? rose_transmit_link+0x5ba/0x740 [ 132.723521][ T6282] rose_transmit_link+0x5ba/0x740 [ 132.728580][ T6282] ? skb_put+0x11b/0x210 [ 132.732856][ T6282] rose_write_internal+0x11d1/0x1ab0 [ 132.738160][ T6282] ? rose_validate_nr+0x120/0x120 [ 132.743194][ T6282] ? __timer_delete+0x6b/0x290 [ 132.747973][ T6282] ? skb_queue_purge_reason+0x6c/0x1c0 [ 132.753457][ T6282] rose_release+0x24e/0x510 [ 132.757977][ T6282] sock_close+0xbd/0x230 [ 132.762254][ T6282] ? sock_mmap+0xa0/0xa0 [ 132.766570][ T6282] __fput+0x234/0x970 [ 132.770574][ T6282] task_work_run+0x1ce/0x250 [ 132.775178][ T6282] ? task_work_cancel+0x240/0x240 [ 132.780237][ T6282] get_signal+0x1235/0x1400 [ 132.784779][ T6282] ? task_work_add+0x3a3/0x440 [ 132.789570][ T6282] ? __ia32_sys_pidfd_getfd+0x90/0x90 [ 132.794985][ T6282] ? wake_bit_function+0x200/0x200 [ 132.800103][ T6282] ? __might_fault+0xaa/0x120 [ 132.804789][ T6282] arch_do_signal_or_restart+0x96/0x780 [ 132.810355][ T6282] ? __sys_connect+0x240/0x420 [ 132.815128][ T6282] ? get_sigframe_size+0x20/0x20 [ 132.820108][ T6282] ? exit_to_user_mode_loop+0x3b/0x110 [ 132.825591][ T6282] exit_to_user_mode_loop+0x70/0x110 [ 132.830907][ T6282] exit_to_user_mode_prepare+0xb1/0x140 [ 132.836748][ T6282] syscall_exit_to_user_mode+0x1a/0x50 [ 132.842232][ T6282] do_syscall_64+0x61/0xb0 [ 132.846658][ T6282] ? clear_bhb_loop+0x40/0x90 [ 132.851363][ T6282] ? clear_bhb_loop+0x40/0x90 [ 132.856045][ T6282] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 132.861954][ T6282] RIP: 0033:0x7fd49b38ebe9 [ 132.866376][ T6282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.885992][ T6282] RSP: 002b:00007fd49c25f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 132.894413][ T6282] RAX: fffffffffffffe00 RBX: 00007fd49b5b6180 RCX: 00007fd49b38ebe9 [ 132.902408][ T6282] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 0000000000000010 [ 132.910491][ T6282] RBP: 00007fd49b411e19 R08: 0000000000000000 R09: 0000000000000000 [ 132.918488][ T6282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.926462][ T6282] R13: 00007fd49b5b6218 R14: 00007fd49b5b6180 R15: 00007ffc601d99f8 [ 132.934445][ T6282] [ 132.937766][ T6282] Kernel Offset: disabled [ 132.942090][ T6282] Rebooting in 86400 seconds..