last executing test programs: 8.042276213s ago: executing program 2 (id=83): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100003b00015300000000fbdbdf2501"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 8.025830246s ago: executing program 2 (id=84): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x35, 0x0, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x6, @empty}, 0x1c) recvmmsg(r1, &(0x7f0000008cc0)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x2, 0x0) 4.215526469s ago: executing program 3 (id=100): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000dc0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000200)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010029bd7000fedbdf250f00000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x2004000}, 0x20004010) sendmsg$NL802154_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x300, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48081}, 0x2000c0c4) 3.666118402s ago: executing program 1 (id=103): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) getdents64(0xffffffffffffffff, 0x0, 0x0) 3.665852247s ago: executing program 3 (id=104): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100003b00010000000000fbdbdf25010117800c00160006ac0f0000000000140001"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 3.409622683s ago: executing program 3 (id=105): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000010711e0920000000000001090224000100000000090400090103000100092105000001220500090581030002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_connect$printer(0x6, 0x0, 0x0, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0) syz_usb_ep_write(r0, 0x81, 0xc, &(0x7f0000000040)="803d0c784189d6fb28bf1b33") preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000440)=""/4108, 0x100c}], 0x1, 0x8, 0x1) 2.786436421s ago: executing program 2 (id=107): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee9, 0x8031, r0, 0x215eb000) r1 = socket(0x14, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x61d0, 0x0) ioctl$sock_TIOCINQ(r1, 0x61d8, 0x0) 2.786171757s ago: executing program 0 (id=108): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='htcp', 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) 2.665446486s ago: executing program 1 (id=109): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x800, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000001c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800, 0x1, 0x1, 0x3}, 0x20) 2.555205611s ago: executing program 0 (id=110): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x1c, r1, 0x852dd6c070cd7e4b, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}, 0x4, 0x700000000000000}, 0x0) 2.106839105s ago: executing program 1 (id=111): socket$kcm(0x21, 0x2, 0xa) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20) close(0x3) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x0, 0x0, 0x1, 0x0, 0x20, 0x3}, 0x20) close(0x4) 1.729065481s ago: executing program 0 (id=112): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp', 0x5) sendto$inet6(r0, 0x0, 0x0, 0x200080c0, &(0x7f00000001c0)={0xa, 0x2, 0x8000, @loopback, 0x8}, 0x1c) shutdown(r0, 0x1) 1.476366823s ago: executing program 0 (id=113): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000300)=@netrom={'nr', 0x0}, 0x10) 1.358340534s ago: executing program 1 (id=114): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$kcm(0x11, 0x2, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000001440)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0xfffc, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x1, 0x2b, 0xfc0, 0x68, 0x0, 0x60, 0x73, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, "11f3305280f125e6e11a9314b296b53b5d25867c0a8c27b6478984da4eb57d56be4ee0efb45c215a64d718cb6f639e60026f3fcd218590d2fd47a1803f67d8c3c5ebe25ed9991203e04d3bdc1e70ef759d8f6ca8744bd9d672c1c9368faa9f538c1e6d3f741c022ddc02e6d3e1881c4ebf6d62df9fc11edf041909cea12539f7b05232c1cd9a748ff7e4a6b7ce7420bab33b3ce6da2742316d128730875e8c1d068a59aef9030e56546effdf83fe2b6fcadf2a73552e77d9cfdb452639cae6aa8f5c7aba74516be0a290f60c30c51e8de293376c07b999d87ac564e47f21f28fda4d277beb21a78ab228bfa2b84461fc73b9a82c9ac29bf066fa44f3f676ef64edab4c6dcaa57c48c0065817b0cbf3263361e93334a400fd74ae663ccc959da070390c833a3dc9381a771d719ae9417cd07b43c30e6a10ae8a59c4fd0a9004cc3f9cb772a64d240d7a0d0dac57f4d7978a304adf48f94ce0b7d6a2dff5d3ff8738a81daad9df5b8d6f361e7032c0d2cc84c73a7a2f07a35b1b26966bb08fe07ecb2438006de2d9ff9b9ca0b94bc44c858e785a261bbfbf5f6cfa78b017d671ee8180312522c8031744591711d0517fb8b120e27fb7752f0a0e85bbf1e7059aa2711bf2355fe98e3df0d7cece9741623e2fa492af8287e0fa75daea5725e0519e70aba398c00ae69c572e327755ba2fa81dc47bdcd4e5b722e0ecc8f92f4cd821d575f5f8421dc2e2994621d17da042fd59a2c3ee0ba998a771e066fcf3646007ef3c731edb9472baaa6a5722b09aa6a4da93d855fee7bc2a4db816880160449c576ed46b4ca1e299595f0116946b841308bbd9c2d8e82ce9bcd9173476523bfa8abb82cbd16ddf2efb4aeb5476ab0f5dadbe2528360195a317f3106d25b016901b65b6eed65062083234f205cf4fefe2ee0af15a86feb5d7473d1cdf202387127171d633c02dc39faca7d69721074c0e7eee28a671fb9e75d80d8fa6bc70a50bd71f60569cb9a30b0cf5599c790353590fd3fb91f77ec89257faa66ff3d13913906166604af616d8de1b92b9cc459a05daad927ebf023c53afdf5ebad5e1d73632777374dfe33b0b90e0cc4cf85bbba301ffe94b26b9f792bdde6d5a9c644bd15ad45c373f768a3a3868ed96c112f2429a27a97bd7756cec800e4ed644a22a81f1010ec376a5726e530d5bcecc635db756ff9a6e2ee89248949d52f88c84cf71be5428a4675430ecef15f1c8ff6a786e5b74eeb76fd26b53dd6287b8e9134b8096b9425f650039af1b3465ab57662ce70c5e29c559e6ffed62f731fd95d31c2f7fa57d98a8aa0b30e454ea73d4f8ba1242bb511e2d0d0e7a764f87cc6b208f85b79b980285cd890dacf77dc2668e3c2ad211998f5e3f15be32a3600a2c59821e7e48d46974d17d642ff7b3f1334057c88bea888120095582d257ccaa903d341c850bd2b446c31980acc6f02f0c559a895614f62aea0eee4a904bd1b35193fd2cbff4354834b5f7e8698bad049cfea27a76ec83dfbe2071ff1523bf127713b062ee3ebf6986bd12c31ab386a490734a47466cdde3a82dc7535b1b068a1aa585322c4bf8dd8cf0ca2b8eb56fcf98cf8129148142344d00fca2cd5611e42c607168abcf92c94be28c15be3485375290b825136e0f4047212a866831bc670b9b038355e0c976673b80584c640ec6681ae724ea58685581d493c809fc8861c60ff245cdc486228b0c3c0ac562a3fd777b7d3d43dcc4cf031b70a101bc64a3727d1f5890890070dfc14847f225a82f5a1b3c702970a25a672aa8c4a24bd7d414bb52c839611e48afe3a9022aa9eeedb2dc4cb20aaeb244b0e438f28d3c6cac9fb16171a8b66b93e48d1afb3feae84bb6a4ed0d00ba862dc6fd474fe210faa0d6d51132dcdc4dcdd5d4f94f1ba7dc8b5712188b0f80bd7f6cc211c1a2796d5c8568a97dbfb9e1bcc6e43858342767ffe5d648873215971e968382870afb0f0b33e3a0dbfe70b982abd73b340abaedd3f71ea30c90544b6a3fb8ce0c240d0bc9da7c12a927223185e5ba907d93c30089ca68525983f04ff85ef98314f69e5c9b4a388ca67813fcd0a9b2c083defac488cb3f7e4ebabc7bf6f4f7601a6c4c1a8d10c2fb13f6863c29cf3dcb8bd56768bb0a9e642bb6b94e5957deaeab3e24223e03764bbb16a7084a05735a8d188cbfabcccfce95848a804b56bd5e2051b1755a0e4262044ea2b037113af2e4e90bfed33bdcdc33824245cad3f94c4c9ea0f414a539c36b55d423fbfe4461774696012ee12e9d9c1d645d6dd72b57cca7e8526cc98b2f9e97e23503428642bd8793a87ab120f20092b6e4cbcbb52ec9a406dbb893e303077b675ecbd48e6bec13b700ab09d55e17c8815077a31cd75057c9cd65e7a881924a50bed228517be9c0abb19c3d24c458160405dab3ad0deb989a4e1b2e509b7fa57bcddbe8292512c9656df46acc62a028bb484ad0a6548ed9efdff0e83ca82a1d4c86c7d8810d1e4ff1846d1dc8e80f8206c6834bf9c433bc92ce73560d22ba0c8030b694d737fa0f4deb8b59ea9a35147efc891e993b6489a1ed86bbbf159c590bad0b5892c72383f5afedd58b7fa5e11271b35381dbf4a14daf70505b346cbd83b3258b1b413f7247d04e30e1a9eddbf82e8a25a70903c21e6a16ea34f6d7fe3cad0d51812e827596d50549153e394c4926e5e87b78d0faf440472c12929bb7fd49c959e5b06eb48c51915d80f003c2019525c91bdd4efc0e58d7811b083af3164f254c9c6cf3f8345525770033901308d02a9439131e632d073705e7a28312f8c1ccbeec064113009a34f177d7cd953c9a635f6bb12f0ed871a1d80ba86011e13df3220bda5e49c7c3d70f8c49397f69b7c57fa78d312c5abb5eea30720f31b38cac3ddc7758f7bd1c99dca967a5aa5c788faf18eb2d996be835c3e5901349104ea63bdf1c195f4d29b8c63a0dcf58d501a102b8ac34709e82c0b0d19f762b1d3c40f01e0cb05b0909b90fb587ea260cdc0a043ac67f649486d3c57b9dbf94e44334fd8034218f82c937e6b8c97b627e8803cab0a27f33ebf0e447ab198cdbfc81371fdb6061dcf8c87c24084614ddfdc71cc2a5324e0ea9a1f7cb21ec46d7e5fd936a2a9224e5fe3c39051eb7269f51832751a36814db4aa01eb1a79eca73480c12b1d7f79bb20ba7b957f7e8343af7c38c81edb6aa48eeb82e17f47f5335f4086ef2cb57c4e70e847a77362271e16158e010f95c3227162caa7f911e94893d3bdf17fb914dddddf7f982ae898914378e3f5a4bc810f246d84ae977290d20773761b8d52bb493076052022586b8ce915b1f4c8f6ef6093e3e12f56e642b1cde9dda220fd7fb26f40ba08899e0217cf2a0883ab552c9432a7d60c6316f936b57c271e13b35d5cc4f20dfbe5fb1b13e916e62cd39e5bec37d0885f6fb5523860f8ae09592d32574e3d9c570c641fa9f4db0d4b9fbd002af8b6919d7587504989123533804e4a496def7d1d9740ec83e0670233a732d55425014276efcf6b6634c5ed5a97f25deaab14fe934efe0eb13992ef48e29a7f190f253d3cce9929f3183c01c72315b6a36998016af08f84155ca1ad18acf1a54d23fe605957f7016873187a47d7ded54667d3ba4aab222319c5968d0192a1af47be415fce025329b81d5034d2c608ddb108d7acac2c145bf4abadb97cc6a05398c04a8385dab86979a0c857d2b27eeb7bdcd154e9f3ea7e394d3a41d81b0410356e252f5d0fba812d5099ede64b20d4a865fc359092ed619f0e3e6728acc69ce41b585e3c54f73fac28c38aa41ea53440cec35cebf03caaef987b18d9942c644c3f6a389970f3d7d18db8ea1f2c5ab2c0bb84478ce5e439c10749b278dfe8348391cb2bd4c7634a3ac813a6ea36f95bdd80c87fae037775834eb5029854cfe59c99a9597944e7cbce895d14ed0ee8b84ea586e77dc12fe709cf9a083c2a4806913d8914b379b4ecf27525e84fc1df3ff520f79ec244da60f680b59d848e591c89f069cec4b497d9579a86c19a710c5cc00239d6cf3c8596c924561843ae20ad5cac9bc92bf42157ab35329cd62242fec48117f1f6f801c68f9f3ec9677875916ceea7795dfbdd23121cfb3bb1813fe1ee14ddbd5a45985bc496449f82a2cc200905eaaadd1333bf79128459f47b580fdd5a10787094b08418c1dac843ab0e15d824aff2b3d242fe78d9762d39c713ded38cf972c227831ba6fb963c956458eef5689180baa3ef2aef3d3e57c63c2d4509759fb711dfe2772341ae308a7892e583be0917ef5355bfe68becce5bc5971733ca260055ee6481c0998698a49a1f03a0f537145d051179601c04cd887a64917480ba96ac046638dd6977599f72a7235506737e7e81a03095cc7e102586ec33b79eff0d1dc2b34912fa89dfb434f0256be53f6695685688af05361d3b6954d416f4be06b9ab7846a44ce25b39c7c79012b2f16159fdf96a3998098691364dbbf930a8e224701ee6f8b899fcde632077a03f649bcfad6f506924db17558b708d38d0b286d6f16f286b26cbf11094def0d017eda65328fe2a24d129bd7ac28679f2a98999e6ae508c3bb31b4e384de7593cf8ac46727cb8a07c30d97c87b638f154e1ae2223a8158e292d9467049cd9115051d3dc0c090f9e9ff6cc425f2fbcd3a4471af5182c0e45485194b6627839d356adf2cf7159b6360f7983a5c50f5cdfcf253cc40a413ed280b9ce7d9d70bef8233fbc8f6e0f5e9100f110519088ce84b41d861171f607338f5acf0664f56c88dd50e86851f59e81c2601f66ee9ced3ecae2dcbd37c55f6058390d6237837ff601900971806e987abbca25221d08f7ccb11a41b3a6246efffaff359e04fa52d7ac630f7d96bc5976817f8a347ddacfe079da0633d855343884bf4d2eb58638cd29d499de7af8490a6d9db3922363839371e819e49e54ef7dc953aa8125e053e3689a22d785c3c1729936eedccf682fd56e0aa6069c1ac88d46b0c06c1f43e631f74f9c8b4557678e90ad7788d25caca67b70da4470cc8d28606acf1fed5d4585085449ced76b1a871ebe8ede8d86570d505010c4f6f4656d2195b6190a1dfe423860b5f767f96c1e0fbf1194b9cab5c87dc2f6ce5f408681e2af319ada237e4232cd356574d7a5edbf7c292acc0c0ca04303614e46b6875f2b58f8b400fda08e24020739c2493ecf7c5d0695ecac14e486bc36a575e6a765d43313c4a4c43c5cc32488c045466504cc690f6b14f12e0a669b701d305a056c610b5f3e696e002bd5b940abac2edde34dbadc88881a5a5fc1d7db4389f33eed574ff8ed69eaf3a656635963e297cf2915c2da4bc7739c5d24017c4757a4aaca2b3323bd4fefefc004d2a675a40b7b31a221d825f79fc12f12b9d6637ca48fc2b55c9e982db14d8cce59172d7d7ee6a1f98a2839d263d7382e81ee306d27e7463a3a0cc71c74df84060ca69331afa4e19e0b124ddf430f4323e682d99f7d77854ba416162182dc161a41af02c75eef1688bef190ca86f712994db24d81831cfe4f54229ba2f5df634e45c2d2980cec96d8aefecdb35dcd7fb360c6117af12bcf894ada94069ba44814334ba4b4d487a866e484b45d7348e07a49460ab64c89f45f8b6f74507179fb6b5f03c202dedbc7cc70723ddb56accb1eb266787"}}, 0xfce) 1.216948586s ago: executing program 3 (id=115): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000dc0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000200)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r1, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0xff}]}, 0x24}, 0x1, 0x0, 0x0, 0x2004000}, 0x20004010) 779.332716ms ago: executing program 0 (id=116): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000026c0), r0) r2 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r2, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000027c0)={&(0x7f0000002740)={0x24, r1, 0x79964d8cba2f455d, 0xa070bd28, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}, @NBD_ATTR_SOCKETS={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040005}, 0x20000000) 610.748183ms ago: executing program 2 (id=117): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f64e40992f79ecf0", "53c272d8b763f690b35605dff8a4a8d2", "021000", "7cf56f776d00"}, 0x28) writev(r0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000140)="e2b5de1b04c03054", 0x8}], 0x2) 610.354147ms ago: executing program 3 (id=118): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb74fef", 0x87}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d05805063967de38327e", 0x9e}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb519864", 0x67}, {&(0x7f0000000800)}], 0x4}}], 0x1, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed88", 0x3a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 577.442188ms ago: executing program 1 (id=119): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd700003dcdf250100000008000100", @ANYRES32=r3, @ANYBLOB="400002803c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r1], 0x5c}, 0x1, 0x400000000000000}, 0x0) 432.401592ms ago: executing program 2 (id=120): r0 = socket$netlink(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c) 78.978688ms ago: executing program 3 (id=121): syz_usb_connect(0x2, 0x36, &(0x7f0000000080)=ANY=[], 0x0) 78.569435ms ago: executing program 1 (id=122): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r2, 0x0, 0x0) 48.217885ms ago: executing program 2 (id=123): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000010711e0920000000000001090224000100000000090400090103000100092105000001220500090581030002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_connect$printer(0x6, 0x0, 0x0, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0) syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000040)="803d0c784189d6") preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000440)=""/4108, 0x100c}], 0x1, 0x8, 0x1) 0s ago: executing program 0 (id=124): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r2, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c0001800500020007000000080004000500000008000100020000"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.148' (ED25519) to the list of known hosts. [ 84.486215][ T5811] cgroup: Unknown subsys name 'net' [ 84.727006][ T5811] cgroup: Unknown subsys name 'cpuset' [ 84.782889][ T5811] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.709856][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.996762][ T10] cfg80211: failed to load regulatory.db [ 90.624419][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.651627][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.659245][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.671685][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.678489][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.679216][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.690882][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.691761][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.693889][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.695885][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.696313][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.696559][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.696953][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.702355][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.703554][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.704792][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.705044][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.705603][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.712337][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.713067][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.740881][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 91.804471][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 91.811045][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 91.875615][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 92.099441][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.100537][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.100653][ T5822] bridge_slave_0: entered allmulticast mode [ 92.104208][ T5822] bridge_slave_0: entered promiscuous mode [ 92.171450][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.171583][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.171747][ T5822] bridge_slave_1: entered allmulticast mode [ 92.175859][ T5822] bridge_slave_1: entered promiscuous mode [ 92.202326][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.202471][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.202576][ T5824] bridge_slave_0: entered allmulticast mode [ 92.204147][ T5824] bridge_slave_0: entered promiscuous mode [ 92.230027][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.230149][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.230634][ T5825] bridge_slave_0: entered allmulticast mode [ 92.234526][ T5825] bridge_slave_0: entered promiscuous mode [ 92.263298][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.263422][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.263538][ T5824] bridge_slave_1: entered allmulticast mode [ 92.265088][ T5824] bridge_slave_1: entered promiscuous mode [ 92.292196][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.292354][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.293201][ T5825] bridge_slave_1: entered allmulticast mode [ 92.295971][ T5825] bridge_slave_1: entered promiscuous mode [ 92.299370][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.299489][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.299644][ T5823] bridge_slave_0: entered allmulticast mode [ 92.304029][ T5823] bridge_slave_0: entered promiscuous mode [ 92.336686][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.363739][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.363858][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.363976][ T5823] bridge_slave_1: entered allmulticast mode [ 92.365550][ T5823] bridge_slave_1: entered promiscuous mode [ 92.392806][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.425892][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.448134][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.468905][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.487989][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.491060][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.524940][ T5822] team0: Port device team_slave_0 added [ 92.543036][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.561830][ T5822] team0: Port device team_slave_1 added [ 92.596985][ T5824] team0: Port device team_slave_0 added [ 92.615539][ T5825] team0: Port device team_slave_0 added [ 92.743796][ T5830] Bluetooth: hci0: command tx timeout [ 92.822665][ T5830] Bluetooth: hci3: command tx timeout [ 92.822693][ T5827] Bluetooth: hci1: command tx timeout [ 92.823646][ T60] Bluetooth: hci2: command tx timeout [ 92.897439][ T5824] team0: Port device team_slave_1 added [ 92.918613][ T5825] team0: Port device team_slave_1 added [ 92.921661][ T5823] team0: Port device team_slave_0 added [ 92.940215][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.940228][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.940245][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.970641][ T5823] team0: Port device team_slave_1 added [ 93.046468][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.046483][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.046500][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.047454][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.047464][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.047488][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.048622][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.048636][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.048662][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.086671][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.086689][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.086713][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.089141][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.089156][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.089180][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.091542][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.091555][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.091579][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.130288][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.130306][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.130331][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.241738][ T5822] hsr_slave_0: entered promiscuous mode [ 93.244782][ T5822] hsr_slave_1: entered promiscuous mode [ 93.345891][ T5824] hsr_slave_0: entered promiscuous mode [ 93.347270][ T5824] hsr_slave_1: entered promiscuous mode [ 93.348746][ T5824] debugfs: 'hsr0' already exists in 'hsr' [ 93.348842][ T5824] Cannot create hsr debugfs directory [ 93.388470][ T5825] hsr_slave_0: entered promiscuous mode [ 93.390678][ T5825] hsr_slave_1: entered promiscuous mode [ 93.391615][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 93.391638][ T5825] Cannot create hsr debugfs directory [ 93.423154][ T5823] hsr_slave_0: entered promiscuous mode [ 93.424062][ T5823] hsr_slave_1: entered promiscuous mode [ 93.424643][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 93.424661][ T5823] Cannot create hsr debugfs directory [ 94.274781][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.318925][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.329777][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.359078][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.360296][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.380177][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.404604][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.437297][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.530923][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.555749][ T5825] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.558711][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.599938][ T5825] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.614326][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.656960][ T5825] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.680974][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.718524][ T5825] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.822733][ T5830] Bluetooth: hci0: command tx timeout [ 94.875714][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.902339][ T5830] Bluetooth: hci1: command tx timeout [ 94.904287][ T60] Bluetooth: hci2: command tx timeout [ 94.904382][ T5830] Bluetooth: hci3: command tx timeout [ 94.906752][ T5823] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.922777][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.957919][ T5823] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.960883][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.979962][ T5823] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 95.005491][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.039966][ T5823] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 95.169666][ T5824] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.199296][ T5824] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 95.207734][ T5824] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.238689][ T5824] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 95.250889][ T5824] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.276751][ T5824] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 95.287252][ T5824] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.327720][ T5824] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 95.419145][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.497482][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.500933][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.551663][ T148] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.551903][ T148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.589259][ T148] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.589387][ T148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.626001][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.655973][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.658765][ T1453] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.659517][ T1453] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.698559][ T1453] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.698706][ T1453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.757954][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.796452][ T172] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.796584][ T172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.814184][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.865592][ T172] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.865697][ T172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.941506][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.001550][ T172] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.007560][ T172] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.047694][ T172] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.047838][ T172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.489824][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.569158][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.790037][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.873968][ T5822] veth0_vlan: entered promiscuous mode [ 96.902436][ T5830] Bluetooth: hci0: command tx timeout [ 96.921790][ T5825] veth0_vlan: entered promiscuous mode [ 96.945647][ T5822] veth1_vlan: entered promiscuous mode [ 96.976223][ T5825] veth1_vlan: entered promiscuous mode [ 96.986955][ T5830] Bluetooth: hci1: command tx timeout [ 96.986990][ T5830] Bluetooth: hci3: command tx timeout [ 96.987014][ T5830] Bluetooth: hci2: command tx timeout [ 96.991941][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.073563][ T5823] veth0_vlan: entered promiscuous mode [ 97.109356][ T5822] veth0_macvtap: entered promiscuous mode [ 97.127371][ T5823] veth1_vlan: entered promiscuous mode [ 97.140459][ T5822] veth1_macvtap: entered promiscuous mode [ 97.155281][ T5825] veth0_macvtap: entered promiscuous mode [ 97.178936][ T5825] veth1_macvtap: entered promiscuous mode [ 97.211706][ T5824] veth0_vlan: entered promiscuous mode [ 97.219777][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.246667][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.249353][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.281322][ T5824] veth1_vlan: entered promiscuous mode [ 97.288559][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.308244][ T69] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.310584][ T5823] veth0_macvtap: entered promiscuous mode [ 97.328488][ T69] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.335553][ T69] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.355648][ T69] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.358601][ T69] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.359835][ T5823] veth1_macvtap: entered promiscuous mode [ 97.363062][ T69] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.372245][ T69] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.414007][ T69] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.736064][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.861643][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.871772][ T5824] veth0_macvtap: entered promiscuous mode [ 97.921304][ T5824] veth1_macvtap: entered promiscuous mode [ 97.924817][ T1484] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.963873][ T1484] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.970806][ T1453] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.987426][ T1453] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.998217][ T1453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.998240][ T1453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.123114][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.127955][ T1484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.127972][ T1484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.357110][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.398150][ T1009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.398174][ T1009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.469389][ T148] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.482367][ T148] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.484806][ T148] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.505868][ T1453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.505889][ T1453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.505928][ T148] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.727321][ T1453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.727343][ T1453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.984068][ T60] Bluetooth: hci0: command tx timeout [ 99.062711][ T5830] Bluetooth: hci3: command tx timeout [ 99.062722][ T5827] Bluetooth: hci1: command tx timeout [ 99.062769][ T60] Bluetooth: hci2: command tx timeout [ 99.154288][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.154310][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.298323][ T5914] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'. [ 99.347193][ T1514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.347217][ T1514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.631186][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.631208][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.382186][ T5923] overlayfs: failed to resolve './bus': -2 [ 101.022053][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.357630][ T5943] process 'syz.0.12' launched './file1' with NULL argv: empty string added [ 105.423003][ T5940] loop8: detected capacity change from 0 to 7 [ 105.547472][ T5940] Dev loop8: unable to read RDB block 7 [ 105.547524][ T5940] loop8: unable to read partition table [ 105.547783][ T5940] loop8: partition table beyond EOD, truncated [ 105.547823][ T5940] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 105.717184][ T5946] ======================================================= [ 105.717184][ T5946] WARNING: The mand mount option has been deprecated and [ 105.717184][ T5946] and is ignored by this kernel. Remove the mand [ 105.717184][ T5946] option from the mount to silence this warning. [ 105.717184][ T5946] ======================================================= [ 105.726111][ T5946] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 105.771990][ T5946] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 105.773584][ T5946] overlayfs: failed to look up (tracing) for ino (-66) [ 106.705811][ T5957] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.17' sets config #0 [ 107.010636][ T5962] syz.2.16 uses obsolete (PF_INET,SOCK_PACKET) [ 109.500093][ T5990] block nbd3: not configured, cannot reconfigure [ 110.580784][ T6018] netlink: 'syz.1.41': attribute type 1 has an invalid length. [ 110.580810][ T6018] netlink: 224 bytes leftover after parsing attributes in process `syz.1.41'. [ 111.752674][ T6040] netlink: 252 bytes leftover after parsing attributes in process `syz.1.50'. [ 111.755544][ T37] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 111.856237][ T6042] netlink: 36 bytes leftover after parsing attributes in process `syz.3.51'. [ 112.062724][ T37] usb 3-1: Using ep0 maxpacket: 16 [ 112.145909][ T37] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.145949][ T37] usb 3-1: config 0 interface 0 has no altsetting 0 [ 112.145990][ T37] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 112.146016][ T37] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.225920][ T32] IPVS: starting estimator thread 0... [ 112.314248][ T6053] IPVS: using max 14 ests per chain, 33600 per kthread [ 112.426945][ T37] usb 3-1: config 0 descriptor?? [ 112.889450][ T6068] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 113.110891][ T6068] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 113.110980][ T6068] overlayfs: failed to look up (tracing) for ino (-66) [ 113.162973][ T37] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 113.739692][ T6080] netlink: 84 bytes leftover after parsing attributes in process `syz.3.65'. [ 113.903447][ T6082] block nbd3: not configured, cannot reconfigure [ 114.698931][ T37] usb 3-1: USB disconnect, device number 2 [ 115.014185][ T6094] syz.3.71 (6094) used greatest stack depth: 18904 bytes left [ 115.215698][ T6109] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 115.227949][ T6100] syzkaller1: entered promiscuous mode [ 115.227976][ T6100] syzkaller1: entered allmulticast mode [ 115.821181][ T6118] warning: `syz.0.80' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 116.149351][ T6124] vxcan1 speed is unknown, defaulting to 1000 [ 116.163591][ T6124] vxcan1 speed is unknown, defaulting to 1000 [ 116.182323][ T5951] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 116.290389][ T6124] vxcan1 speed is unknown, defaulting to 1000 [ 116.362163][ T5951] usb 1-1: Using ep0 maxpacket: 16 [ 116.369784][ T5951] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.369822][ T5951] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.369860][ T5951] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 116.369885][ T5951] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.475020][ T5951] usb 1-1: config 0 descriptor?? [ 116.894937][ T5833] vxcan1 speed is unknown, defaulting to 1000 [ 116.895100][ T6124] infiniband syz2: set active [ 116.895119][ T6124] infiniband syz2: added vxcan1 [ 116.949030][ T6124] smbdirect: ib_dev[syz2]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000 [ 116.949074][ T6124] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32 [ 116.949117][ T6124] smbdirect: ib_dev[syz2]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005 [ 117.050351][ T6124] RDS/IB: syz2: added [ 117.059380][ T5951] nzxt-smart2 0003:1E71:2009.0002: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0 [ 117.079234][ T6124] smc: adding ib device syz2 with port count 1 [ 117.080529][ T6124] smc: ib device syz2 port 1 has no pnetid [ 117.089877][ T37] vxcan1 speed is unknown, defaulting to 1000 [ 117.243417][ T6124] vxcan1 speed is unknown, defaulting to 1000 [ 117.992602][ T6124] vxcan1 speed is unknown, defaulting to 1000 [ 118.025024][ T6146] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 118.630059][ T6124] vxcan1 speed is unknown, defaulting to 1000 [ 119.070381][ T821] usb 1-1: USB disconnect, device number 2 [ 119.200029][ T6161] Zero length message leads to an empty skb [ 119.743014][ T6172] netlink: 44 bytes leftover after parsing attributes in process `syz.3.99'. [ 119.830865][ T6124] vxcan1 speed is unknown, defaulting to 1000 [ 119.994329][ T6176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.100'. [ 120.494662][ T6187] netlink: 224 bytes leftover after parsing attributes in process `syz.3.104'. [ 120.548856][ T6188] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 121.052181][ T821] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 121.212706][ T821] usb 4-1: Using ep0 maxpacket: 16 [ 121.216664][ T821] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.216700][ T821] usb 4-1: config 0 interface 0 has no altsetting 0 [ 121.216738][ T821] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 121.216764][ T821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.312458][ T821] usb 4-1: config 0 descriptor?? [ 121.805713][ T821] nzxt-smart2 0003:1E71:2009.0003: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0 [ 122.251118][ T821] usb 4-1: USB disconnect, device number 2 [ 122.768626][ T6217] mpoa:mpoad_close: () going down [ 122.834331][ T6225] syzkaller1: entered promiscuous mode [ 122.834360][ T6225] syzkaller1: entered allmulticast mode [ 124.228613][ T5895] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 124.231394][ T6265] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 124.287973][ T6264] netlink: 36 bytes leftover after parsing attributes in process `syz.0.124'. [ 124.322286][ T32] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 124.348350][ T5833] ================================================================== [ 124.348368][ T5833] BUG: KASAN: slab-use-after-free in sock_def_readable+0x1ce/0x550 [ 124.348406][ T5833] Read of size 8 at addr ffff888059ddc480 by task kworker/1:4/5833 [ 124.348425][ T5833] [ 124.348437][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 124.348462][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 124.348477][ T5833] Workqueue: mld mld_ifc_work [ 124.348501][ T5833] Call Trace: [ 124.348510][ T5833] [ 124.348519][ T5833] dump_stack_lvl+0xe8/0x150 [ 124.348544][ T5833] print_address_description+0x55/0x1e0 [ 124.348569][ T5833] ? sock_def_readable+0x1ce/0x550 [ 124.348596][ T5833] print_report+0x58/0x70 [ 124.348617][ T5833] kasan_report+0x117/0x150 [ 124.348649][ T5833] ? sock_def_readable+0x1ce/0x550 [ 124.348679][ T5833] sock_def_readable+0x1ce/0x550 [ 124.348705][ T5833] ? sock_def_readable+0xae/0x550 [ 124.348732][ T5833] ? send_to_lecd+0x26d/0x830 [ 124.348759][ T5833] send_to_lecd+0x3e7/0x830 [ 124.348788][ T5833] lec_start_xmit+0xe4d/0x2880 [ 124.348819][ T5833] dev_hard_start_xmit+0x2df/0x860 [ 124.348848][ T5833] sch_direct_xmit+0x251/0x4c0 [ 124.348877][ T5833] ? __pfx_sch_direct_xmit+0x10/0x10 [ 124.348903][ T5833] ? rcu_needs_cpu+0xb0/0xb0 [ 124.348933][ T5833] ? rt_spin_trylock+0x13a/0x2b0 [ 124.348958][ T5833] __dev_queue_xmit+0x171e/0x3900 [ 124.348978][ T5833] ? __lock_acquire+0x6b5/0x2cf0 [ 124.349007][ T5833] ? __dev_queue_xmit+0x2b3/0x3900 [ 124.349031][ T5833] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 124.349060][ T5833] ? __pfx___dev_queue_xmit+0x10/0x10 [ 124.349081][ T5833] ? neigh_resolve_output+0x46e/0x780 [ 124.349109][ T5833] ? eth_header+0x11b/0x200 [ 124.349129][ T5833] ? __asan_memcpy+0x40/0x70 [ 124.349162][ T5833] ? eth_header+0x11b/0x200 [ 124.349183][ T5833] ? __pfx_eth_header+0x10/0x10 [ 124.349201][ T5833] ? neigh_resolve_output+0x65a/0x780 [ 124.349233][ T5833] ? ip6_output+0x126/0x550 [ 124.349254][ T5833] ip6_output+0x340/0x550 [ 124.349274][ T5833] ? __pfx_ip6_output+0x10/0x10 [ 124.349294][ T5833] NF_HOOK+0x177/0x4f0 [ 124.349316][ T5833] ? __pfx_NF_HOOK+0x10/0x10 [ 124.349336][ T5833] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 124.349359][ T5833] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 124.349392][ T5833] ? icmp6_dst_alloc+0x2b5/0x480 [ 124.349414][ T5833] mld_sendpack+0x8b4/0xe40 [ 124.349443][ T5833] ? mld_sendpack+0x213/0xe40 [ 124.349463][ T5833] ? __pfx_mld_sendpack+0x10/0x10 [ 124.349492][ T5833] mld_ifc_work+0x835/0xe70 [ 124.349513][ T5833] ? process_scheduled_works+0xa69/0x1910 [ 124.349535][ T5833] process_scheduled_works+0xb68/0x1910 [ 124.349569][ T5833] ? __pfx_process_scheduled_works+0x10/0x10 [ 124.349591][ T5833] ? assign_work+0x3d5/0x5e0 [ 124.349618][ T5833] worker_thread+0xa90/0x1040 [ 124.349650][ T5833] kthread+0x388/0x470 [ 124.349675][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 124.349694][ T5833] ? __pfx_kthread+0x10/0x10 [ 124.349719][ T5833] ret_from_fork+0x514/0xb70 [ 124.349742][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 124.349764][ T5833] ? __switch_to+0xc79/0x1410 [ 124.349795][ T5833] ? __pfx_kthread+0x10/0x10 [ 124.349823][ T5833] ret_from_fork_asm+0x1a/0x30 [ 124.349857][ T5833] [ 124.349865][ T5833] [ 124.349870][ T5833] Allocated by task 6197: [ 124.349881][ T5833] kasan_save_track+0x3e/0x80 [ 124.349905][ T5833] __kasan_slab_alloc+0x6c/0x80 [ 124.349930][ T5833] kmem_cache_alloc_lru_noprof+0x33c/0x680 [ 124.349958][ T5833] sock_alloc_inode+0x2c/0x190 [ 124.349983][ T5833] alloc_inode+0x6a/0x1b0 [ 124.350002][ T5833] __sock_create+0x12d/0x9d0 [ 124.350027][ T5833] __sys_socket+0xd6/0x1b0 [ 124.350052][ T5833] __x64_sys_socket+0x7a/0x90 [ 124.350077][ T5833] do_syscall_64+0x15f/0xf80 [ 124.350103][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.350124][ T5833] [ 124.350129][ T5833] Freed by task 29: [ 124.350147][ T5833] kasan_save_track+0x3e/0x80 [ 124.350171][ T5833] kasan_save_free_info+0x46/0x50 [ 124.350191][ T5833] __kasan_slab_free+0x5c/0x80 [ 124.350216][ T5833] kmem_cache_free+0x187/0x6c0 [ 124.350244][ T5833] rcu_cpu_kthread+0x99e/0x1470 [ 124.350270][ T5833] smpboot_thread_fn+0x541/0xa50 [ 124.350292][ T5833] kthread+0x388/0x470 [ 124.350315][ T5833] ret_from_fork+0x514/0xb70 [ 124.350335][ T5833] ret_from_fork_asm+0x1a/0x30 [ 124.350357][ T5833] [ 124.350362][ T5833] Last potentially related work creation: [ 124.350370][ T5833] kasan_save_stack+0x3e/0x60 [ 124.350391][ T5833] kasan_record_aux_stack+0xbd/0xd0 [ 124.350411][ T5833] call_rcu+0xee/0x890 [ 124.350439][ T5833] evict+0x95b/0xb10 [ 124.350466][ T5833] __dentry_kill+0x1a2/0x690 [ 124.350496][ T5833] finish_dput+0xc9/0x480 [ 124.350517][ T5833] __fput+0x6a3/0xa70 [ 124.350538][ T5833] task_work_run+0x1d9/0x270 [ 124.350565][ T5833] get_signal+0x11eb/0x1330 [ 124.350582][ T5833] arch_do_signal_or_restart+0xbc/0x830 [ 124.350612][ T5833] exit_to_user_mode_loop+0x86/0x480 [ 124.350635][ T5833] do_syscall_64+0x33e/0xf80 [ 124.350661][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.350681][ T5833] [ 124.350686][ T5833] The buggy address belongs to the object at ffff888059ddc380 [ 124.350686][ T5833] which belongs to the cache sock_inode_cache of size 1600 [ 124.350704][ T5833] The buggy address is located 256 bytes inside of [ 124.350704][ T5833] freed 1600-byte region [ffff888059ddc380, ffff888059ddc9c0) [ 124.350726][ T5833] [ 124.350731][ T5833] The buggy address belongs to the physical page: [ 124.350742][ T5833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x59dd8 [ 124.350763][ T5833] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 124.350780][ T5833] memcg:ffff88802a649201 [ 124.350790][ T5833] flags: 0x80000000000040(head|node=0|zone=1) [ 124.350807][ T5833] page_type: f5(slab) [ 124.350827][ T5833] raw: 0080000000000040 ffff888140adac80 dead000000000100 dead000000000122 [ 124.350847][ T5833] raw: 0000000000000000 0000000800120012 00000000f5000000 ffff88802a649201 [ 124.350866][ T5833] head: 0080000000000040 ffff888140adac80 dead000000000100 dead000000000122 [ 124.350885][ T5833] head: 0000000000000000 0000000800120012 00000000f5000000 ffff88802a649201 [ 124.350903][ T5833] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 124.350921][ T5833] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 124.350932][ T5833] page dumped because: kasan: bad access detected [ 124.350942][ T5833] page_owner tracks the page as allocated [ 124.350950][ T5833] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5823, tgid 5823 (syz-executor), ts 97568072887, free_ts 0 [ 124.350986][ T5833] post_alloc_hook+0x231/0x280 [ 124.351013][ T5833] get_page_from_freelist+0x27d6/0x2850 [ 124.351044][ T5833] __alloc_frozen_pages_noprof+0x18d/0x380 [ 124.351075][ T5833] allocate_slab+0x77/0x660 [ 124.351094][ T5833] refill_objects+0x33c/0x3d0 [ 124.351113][ T5833] __pcs_replace_empty_main+0x373/0x720 [ 124.351142][ T5833] kmem_cache_alloc_lru_noprof+0x433/0x680 [ 124.351169][ T5833] sock_alloc_inode+0x2c/0x190 [ 124.351193][ T5833] alloc_inode+0x6a/0x1b0 [ 124.351212][ T5833] __sock_create+0x12d/0x9d0 [ 124.351237][ T5833] __sys_socket+0xd6/0x1b0 [ 124.351259][ T5833] __x64_sys_socket+0x7a/0x90 [ 124.351283][ T5833] do_syscall_64+0x15f/0xf80 [ 124.351308][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.351328][ T5833] page_owner free stack trace missing [ 124.351336][ T5833] [ 124.351342][ T5833] Memory state around the buggy address: [ 124.351353][ T5833] ffff888059ddc380: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.351368][ T5833] ffff888059ddc400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.351382][ T5833] >ffff888059ddc480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.351392][ T5833] ^ [ 124.351403][ T5833] ffff888059ddc500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.351417][ T5833] ffff888059ddc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 124.351428][ T5833] ================================================================== [ 124.351659][ T5833] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 124.351676][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 124.351699][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 124.351713][ T5833] Workqueue: mld mld_ifc_work [ 124.351734][ T5833] Call Trace: [ 124.351742][ T5833] [ 124.351750][ T5833] vpanic+0x56c/0xa60 [ 124.351777][ T5833] ? __pfx_vpanic+0x10/0x10 [ 124.351802][ T5833] ? __pfx___schedule+0x10/0x10 [ 124.351831][ T5833] panic+0xc5/0xd0 [ 124.351856][ T5833] ? __pfx_panic+0x10/0x10 [ 124.351881][ T5833] ? preempt_schedule_thunk+0x16/0x30 [ 124.351915][ T5833] ? sock_def_readable+0x1ce/0x550 [ 124.351942][ T5833] check_panic_on_warn+0x89/0xb0 [ 124.351972][ T5833] ? sock_def_readable+0x1ce/0x550 [ 124.352003][ T5833] end_report+0x73/0x170 [ 124.352030][ T5833] ? sock_def_readable+0x1ce/0x550 [ 124.352054][ T5833] kasan_report+0x128/0x150 [ 124.352082][ T5833] ? sock_def_readable+0x1ce/0x550 [ 124.352110][ T5833] sock_def_readable+0x1ce/0x550 [ 124.352142][ T5833] ? sock_def_readable+0xae/0x550 [ 124.352168][ T5833] ? send_to_lecd+0x26d/0x830 [ 124.352193][ T5833] send_to_lecd+0x3e7/0x830 [ 124.352221][ T5833] lec_start_xmit+0xe4d/0x2880 [ 124.352252][ T5833] dev_hard_start_xmit+0x2df/0x860 [ 124.352280][ T5833] sch_direct_xmit+0x251/0x4c0 [ 124.352310][ T5833] ? __pfx_sch_direct_xmit+0x10/0x10 [ 124.352337][ T5833] ? rcu_needs_cpu+0xb0/0xb0 [ 124.352364][ T5833] ? rt_spin_trylock+0x13a/0x2b0 [ 124.352389][ T5833] __dev_queue_xmit+0x171e/0x3900 [ 124.352413][ T5833] ? __lock_acquire+0x6b5/0x2cf0 [ 124.352445][ T5833] ? __dev_queue_xmit+0x2b3/0x3900 [ 124.352471][ T5833] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 124.352504][ T5833] ? __pfx___dev_queue_xmit+0x10/0x10 [ 124.352528][ T5833] ? neigh_resolve_output+0x46e/0x780 [ 124.352559][ T5833] ? eth_header+0x11b/0x200 [ 124.352581][ T5833] ? __asan_memcpy+0x40/0x70 [ 124.352607][ T5833] ? eth_header+0x11b/0x200 [ 124.352628][ T5833] ? __pfx_eth_header+0x10/0x10 [ 124.352649][ T5833] ? neigh_resolve_output+0x65a/0x780 [ 124.352683][ T5833] ? ip6_output+0x126/0x550 [ 124.352704][ T5833] ip6_output+0x340/0x550 [ 124.352726][ T5833] ? __pfx_ip6_output+0x10/0x10 [ 124.352747][ T5833] NF_HOOK+0x177/0x4f0 [ 124.352770][ T5833] ? __pfx_NF_HOOK+0x10/0x10 [ 124.352789][ T5833] ? __local_bh_enable_ip+0x1ae/0x2b0 [ 124.352811][ T5833] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 124.352847][ T5833] ? icmp6_dst_alloc+0x2b5/0x480 [ 124.352871][ T5833] mld_sendpack+0x8b4/0xe40 [ 124.352900][ T5833] ? mld_sendpack+0x213/0xe40 [ 124.352922][ T5833] ? __pfx_mld_sendpack+0x10/0x10 [ 124.352954][ T5833] mld_ifc_work+0x835/0xe70 [ 124.352977][ T5833] ? process_scheduled_works+0xa69/0x1910 [ 124.353000][ T5833] process_scheduled_works+0xb68/0x1910 [ 124.353036][ T5833] ? __pfx_process_scheduled_works+0x10/0x10 [ 124.353059][ T5833] ? assign_work+0x3d5/0x5e0 [ 124.353080][ T5833] worker_thread+0xa90/0x1040 [ 124.353113][ T5833] kthread+0x388/0x470 [ 124.353148][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 124.353169][ T5833] ? __pfx_kthread+0x10/0x10 [ 124.353196][ T5833] ret_from_fork+0x514/0xb70 [ 124.353220][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 124.353241][ T5833] ? __switch_to+0xc79/0x1410 [ 124.353272][ T5833] ? __pfx_kthread+0x10/0x10 [ 124.353299][ T5833] ret_from_fork_asm+0x1a/0x30 [ 124.353332][ T5833] [ 124.353960][ T5833] Kernel Offset: disabled