last executing test programs: 2.31785218s ago: executing program 0 (id=1): mmap$auto(0x83, 0x2020009, 0x8, 0xebf, 0xfffffffffffffffa, 0x2) setreuid$auto(0x7, 0x806) prlimit64$auto(0x0, 0xa3d, 0x0, 0x0) 2.157997899s ago: executing program 0 (id=5): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) write$auto(0xca, 0x0, 0x2d9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x21, 0x2, 0x9) socket$nl_generic(0x10, 0x3, 0x10) sendto$auto(0xffffffffffffffff, 0x0, 0x402, 0x0, 0x0, 0x19) mmap$auto(0x0, 0x1, 0xdf, 0x10, 0x7, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/net/bond0/queues/tx-6/traffic_class\x00', 0xe0a00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000010c0)=""/136, 0x88) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop15/queue/nomerges\x00', 0x2301, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) open(&(0x7f0000000100)='./cgroup\x00', 0x8000, 0x15a) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram2/queue/discard_max_bytes\x00', 0x1, 0x0) write$auto(r1, &(0x7f00000007c0)='1\x00\xb9:\xaa\xc1\r\x02T\xf5\b\x00\x00\x00\x00\x00\x00\x00\xa1\xd0\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\xcc!\"\xa6\"jH\xcd\x10&b/\x9a\xf1w\xddS\x87\xd1vi\xa9\xeaM\x1dY\xa6\x8d\xf2\\\xac\xe1\xcf\xf7\xff\xff\x148\t\xba\xa0Z\x00M\xbcHM{\xa9\xf1R3X\xdfMbe\t\t\x86\x11v\xa2W\x93m\xd9\x93\x98.7Z\xe7|\x9f\x88\x05\x9ej\xc5\xfaT\xa0\x9a\\i\xd1\xb3\x02\xfa\xfeaq\x8d\xf1\xba\xaf\xcc\xce\xb2\xd3~TR\xf1\xad\xd0\x90n\xb6\xd0\xfc(p\xa3\xabk\x19\xcb\xfda\xff&\xad1\x95\xc5\xa9Gb\xe3\xa4\xf1\xe2\x91\x0e\x91iy\xba%+=\xb7\xd3D\x1a\x19\b\x00\x00\x00\x00\x00\x00\x00\xadG\x94\v\xff\xa4\xfc\x95\x00By\xe9\x80\xd3U\xcd9\xe0\xbc\x8cK\xf3\xfd\x89\xda\xaeH.\xe3\x95Xbw\x02\x99\x03\x00\x00\x00\x00\x00\x00\x00\xaf\xc3\x89\x91\x19\xfc+\xe9l\xd3\xf5\x00\x00\x00\x00\x00\x00\x00\x85%c\xa6\x0f\xcfI\xb4a\x1d\xc4\x8f\x12X\xdf\xc2\xd7\x8e\xf4\xb9_\xf6\x10\xfc\x9b\xce\xab\xcf\xa9_\x88\xf4\x1b\x12\x12N\f\x84\r\vsI\x86\xe9\xe6J\xb8\xe4\x8f\x02\x9e\xf45\xd9\xf1\xbd\xfd\x97\xd8OU\t\x9e2K\xe2*~\x9dIe\x00\x00\x00\x00\x00\x00\xce;E\x8c\x05~\x1f\xa5\xa4\x9d\xf6\'\xc4\xf7\xa3\xf2\xfb\x85z>\xd71\xb8\x83\x8e\xa9c6I\x8f\x00\xb2\x03\xfd3\xb8\xe9Xo\xaa\xaeg\xb3\x9e\x8fM:\xa5\x1c \xbe\xfe\"\xa1\x11\xf4~\xa1\x90D/e\xe1\xb1C:}\xd2\x9dT\xc1\xd6[Ld\x06\xee\xc6\xe4\x99uT\xfdl\x94\xe1:\'2aO\xf1\xfa8l\n\xe0l\x1c\x89\xd7U\x99\xe9d?\x04\xd8\xf3\x9c\xd8t\x88@\x89\x15p\x84\xad\xa3V=,U\xa4_\xb9\xa7\xd7O\x91\xb2\x03\xbe\xd5\xa8\x03o\x0e\xa7\x93\xabubg\x10\x19\x82D\xa7\xae9\xf1\xc0\n\xfe;n)OAV\xfe\x8fE-\xea\x7fzO0\xde\xc0WK\xe1\x9b\xfe\xbfR\x8c$p\xf0\xe4\xa5\xbe_\x8d:\xd6\xc5\xf5\x80+\xe6O', 0x401) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ad00, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xffdc) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket(0x28, 0x1, 0x1) 2.095511147s ago: executing program 1 (id=2): ioctl$auto_XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, &(0x7f00000002c0)={{0xffffffffffffffff, &(0x7f0000000000)="63745702d7d158a8ab3347efaa8cc0939c461df7ad93388c6e84f81cc47d3326e7fe86b9d9d370260fded2417325524d08221563fbbc4991ddcfbae64a10eb56d1b6e4f6fed585b415fe1dcf65513506b3ed4c65183c38599d64fb33f2b2dca5e04ac2670117fe1bafa3c7306a7540489eb629cc0cc3dc39e61ba1562f885896e59108a96c54c629bd5cc9b650464a0c5fd6f3b34ffcb2767112aa340d0884dfa414bb2c533242129d", 0x0, &(0x7f00000000c0)="fcf9fab88b2775fdce1efa989e99e3", 0x9, &(0x7f0000000140)="e1a3ff0ee37408291db1d189a4152bc1dddfc5636c9bc2f53343a4ee2e57ebb869113ceddcca9b44999a713789ee05f70bc0484f9257fdf0ea6e33f1f715cbdbfb7d6cf5359acd8aea3128a0f4dcc6125ddf77c564276c658212470878f3a4d9f2ebfb0012bd7e0aa876dd8ffd421af9c74ae3379af9e3c2f661701dfd785440ab8cedb6dea615951c1583d106e273f10418cdc7195966829079758c6943788f3955a71e175c2eff112476f59ddef4655d80e12f43ddb9f3ce96f565e6794199ba3e", &(0x7f0000000240)=0xfffffff8}, {[0xd, 0x1000, 0xb, 0x1]}, 0x3, 0x8, &(0x7f0000000280)="7919f4dd3bc6e5147bc5ee6fc033cb9c25cc9de20505923332c17c80f391eb49bf8216469776b5b8"}) mmap$auto(0x0, 0x7, 0x1, 0xeb1, r0, 0x8000) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000380), r0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x20042, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) mmap$auto(0x0, 0x7, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xca, 0x0, 0x1ff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv6/neigh/bond_slave_1/proxy_qlen\x00', 0x40001, 0x0) mmap$auto(0x9, 0x20007, 0x8, 0xeb5, 0xfffffffffffffffd, 0x40000007ffe) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8094}, 0x40000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) fsconfig$auto_HIDEPID_OFF(r1, 0x3ff, &(0x7f0000000280)='/sys/devices/virtual/net/nr12/address\x00', &(0x7f0000000380)="d06dcecd5b21824cba9e7ba66a3bc2fb9a1edf72dd77bb162f6c2df60e4417e2a9d33deb35d03f15a78958adc02a2a57bda02db8f9e74d", 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000003c0)={0x0, 0x20000001a000}, 0x1, 0x0, 0x4, 0x9}, 0x6}, 0x3, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x274441, 0xc4) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) eventfd$auto(0x20007) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x22a40, 0x0) socket(0x2, 0x801, 0x100) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/drm/card1/card1-Virtual-1/status\x00', 0x20b42, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x21f}, 0x800000007) ioperm$auto(0x7, 0x6, 0x2) capset$auto(&(0x7f0000000040)={0x80}, &(0x7f00000001c0)={0x769, 0xc, 0x1}) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000300)={0x2d022000, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.152734355s ago: executing program 1 (id=6): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x1, 0x5, 0x0) getsockname$auto(r0, 0x0, 0x0) socket(0x2, 0x2, 0x88) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @private=0xa010101}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c06, 0x0, 0x1, 0x0, 0x4, 0x9}, 0x6}, 0x9, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x801, 0x100) getsockopt$auto(r1, 0x40000000029, 0x13, 0xfffffffffffffffe, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) sendmsg$auto_GTP_CMD_NEWPDP(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x44040080}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0xf, 0x9, 0x63, 0x0, 0x0, 0x0, 0xfffffffffefffffe, 0x40000000002f, 0x1000, 0xffffffffffffeffd, 0x7ffffffb, 0xc, 0xffffffff7ffffffc, 0x9, 0x9, 0x200000100103}) sysfs$auto(0x2, 0x23, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 1.10490192s ago: executing program 0 (id=7): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvfrom$auto(r0, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x20008800}, 0x1) mmap$auto(0xfffffffffffffffc, 0x400008, 0xdf, 0x7fffffff, 0x2, 0x7ffe) connect$auto(0x3, 0x0, 0x55) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000240}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x150, 0x0, 0x2, 0x70bd29, 0x25dfdbff, {}, [@HWSIM_ATTR_MLO_SUPPORT={0x4}, @HWSIM_ATTR_ADDR_RECEIVER={0x85, 0x1, "17dceaf56a1d1988e95aa145e0fb23816f53f15e3c087e4b9cf69b717fa44aae387fc7aea535d8528e3d8933b6579eddc3278b5fd62060c71019b9752ea687cabf3529edcdda81d2f41af4d6614a0707393614a41138c28144b9d9b2ead049719b60c29167dc19a8d6e127905dfe70adccb3234473e3e6ef7d6cc478dbc398f1b3"}, @HWSIM_ATTR_ADDR_TRANSMITTER={0x62, 0x2, "c6441e3808d0e533934e4edff6ed91ae866d13962018755709445db5ce3a24bce0e52cd3e4cb18f73234bf3d4805fd085791a4a26a449c1fb76d191f9540283ee5d4e1f2c3da98d97eab50c965170bce3971f1d70d94373349f3506f0f9c"}, @HWSIM_ATTR_NO_VIF={0x4}, @HWSIM_ATTR_TX_INFO_FLAGS={0x43, 0x15, "5ec5eca875b0e9e2cd8e680faacc1ccc11811cf2c36971f40fe6fa54e2254e7a2aa15fc38b75e7313c89696150cbab0e9167026c2cc4b05b7da354c8b310e9"}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x150}, 0x1, 0x0, 0x0, 0x20040000}, 0x4004001) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000100), r2) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x24, r3, 0x1, 0x4070bd27, 0x25dfdbf9, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x20044000) sendmsg$auto_BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x4c, r3, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_TT_LAST_TTVN={0x5, 0x12, 0x1}, @BATADV_ATTR_NEIGH_ADDRESS={0xa, 0x18, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @BATADV_ATTR_TT_FLAGS={0x8, 0x15, 0x3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9502}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_NEIGH_ADDRESS={0xa, 0x18, @remote}]}, 0x4c}, 0x1, 0x0, 0x0, 0x640000d0}, 0x8000) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) 1.06662142s ago: executing program 2 (id=3): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) bind$auto(0x3, 0x0, 0x6a) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x34, r4, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x80) r5 = socket(0x2d, 0x2, 0x0) mmap$auto(0x0, 0x2009, 0x4000000020df, 0xeb1, r5, 0x8000) bind$auto(0x3, 0x0, 0x6a) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x3, 0x65, 0x8000001f, 0x1000, 0x6d3e, 0x9, 0x2, 0x8]}, 0x0) sendmsg$auto(0xffffffffffffffff, 0x0, 0xfff) select$auto(0x9, &(0x7f00000000c0)={[0xeeda, 0x7, 0x100000001, 0x9, 0x6, 0x1ff, 0x6, 0x3, 0x4, 0x4618ecd2, 0x3, 0x42ff, 0x6, 0x9a8c, 0x9, 0x10001]}, 0x0, 0x0, &(0x7f0000000280)={0x6, 0xcb}) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(r2, 0xfffffffe, r2) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_avail_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/available_events\x00', 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/037/001\x00', 0x802, 0x0) unshare$auto(0x40000080) socket(0xa, 0x1, 0x100) 1.003308905s ago: executing program 3 (id=4): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000540)={"ef13a5421a8765cadfca437c4d1316833843180bb151ed36e8ce6cb454168d6c", 0x3ff, 0xc9, 0x1000, 0xd, 0x9}) ioctl$auto_BLKTRACESTART(r0, 0x1274, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) munmap$auto(0xfffffffffffff34b, 0x8592) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) ioctl$auto(0x3, 0xc0305615, 0x38) r2 = socket(0x25, 0x805, 0x3) r3 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) pivot_root$auto(&(0x7f0000000100)='/sys/kernel/debug/sync/sc=f\x16nc\x00', &(0x7f0000000140)='[&,\v') munmap$auto(0x1, 0x6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0xe0, 0x968a, 0x7, 0x15f4da07, 0x3, 0x3, 0x200000000fff, 0x8002001f, 0x1, 0x80080000002, 0x7fffffff, 0x2, 0x8]}, 0x0) mount$auto(&(0x7f0000000180)='macvtap0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='/proc/self/net/afs/cells\x00', 0x5e2, &(0x7f0000000240)="05ee5eef294c70eaa9c1d026388c94c1ab5a2e7a177b5c8944c4cadd2414fcc94a11de77c68a0cb8d410d4eeebc04301e333b5ba7fd8b66e694e863bc374794ba4eeef0fbb0650a1f5257cf7762fe870c6c2c881d3bfd00eef121cab4227cde43c11a92454") syz_genetlink_get_family_id$auto_tipcv2(0x0, r2) mmap$auto(0x773d, 0x4, 0x0, 0x1000000000078, r1, 0xfffdfffffffff98b) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x11, 0x5, 0x84) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/platform/dummy_hcd.0/usb1/bConfigurationValue\x00', 0x63102, 0x0) r6 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) ioctl$auto_TUNGETIFF(r6, 0x800454d2, 0x0) sendfile$auto(r5, r5, 0x0, 0x1) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/afs/cells\x00', 0x400, 0x0) read$auto_proc_reg_file_ops_compat_inode(r7, &(0x7f0000000040)=""/85, 0x55) 144.794634ms ago: executing program 1 (id=8): sendmsg$auto_SMC_NETLINK_REMOVE_UEID(0xffffffffffffffff, 0x0, 0x20000000) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendfile$auto(0xffffffffffffffff, r0, 0x0, 0x7fffeffd) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb5, 0x401, 0x300000000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1\x00', 0x1, 0x0) mmap$auto(0x0, 0x400004, 0xd, 0x12, 0x2, 0x6cb) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mknod$auto(0x0, 0x1, 0x7) lstat$auto(&(0x7f0000000300)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) ioctl$auto(0x3, 0x5420, 0x38) read$auto(r2, 0x0, 0x73) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto(0x3, 0x5404, 0x38) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x24008804) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) r4 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) mmap$auto(0xfffffffffffffff8, 0xef3f, 0x0, 0x17, r4, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r5, 0x4b47, 0x1) 0s ago: executing program 0 (id=9): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00'}) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2008000}, 0xc, &(0x7f0000000300)={&(0x7f00000003c0)={0xa4, 0x0, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0x6}, @ETHTOOL_A_MODULE_EEPROM_LENGTH={0x8, 0x3, 0x6}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1c}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0x4}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0x2}, @ETHTOOL_A_MODULE_EEPROM_I2C_ADDRESS={0x5, 0x6, 0x3}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0x10}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5, 0x4, 0x4}, @ETHTOOL_A_MODULE_EEPROM_HEADER={0x4}]}, 0xa4}, 0x1, 0x0, 0x0, 0x44001}, 0x24040081) sendmsg$auto_ETHTOOL_MSG_STATS_GET(r0, &(0x7f0000000600)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000020}, 0xc, &(0x7f00000005c0)={&(0x7f0000000140)={0x450, 0x0, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_STATS_GROUPS={0x413, 0x3, 0x0, 0x1, [@nested={0x26f, 0x103, 0x0, 0x1, [@nested={0x4, 0xcf}, @typed={0x42, 0xa9, 0x0, 0x0, @binary="136a7ad274d97b80d4e183cc1bf5d4e7b67dd66a6a78fa92f6471486b949b19540d2996373acbc71f1fce3a2195dc431d4d594f99b8bddfb2f985c575631"}, @generic="bc0c6f41dbeed365f514d5e4af7ef838f286c0fdc8e67150f788c24545cccb4a272c327ec78ead10f1a9ce9663ff6e7adf073ef61599d9adc801dc639ade65a588b241931e436f4345b5a51f3e1ea1bae7ad6f72d8853230c80e904345246e02fb3d3c9aaa54e63d529e2ff907b8a18bb4a7d46a99bda7903acc4c67bdf2a21802bf9472069e2326408f2247ba74aca7d37cbfae831b9cd73fa633cd", @generic="43678bebfe27d57f1044f523ecbab4897677cd7d", @generic="694a9a3f3bd1dcb6d0567382285e55b252b627c15ec13a58db25ef64faffbe72307e959a6e362aa7146656aed4260f4604ed229ac062fce9682751b1a063e58b83ca03886b5ad0cb09c80b4cc751614a263fcf2ac35200c5ed46afee66e4cb9041865d5a826aad75cf4a502216dfa232e49ebcbef3e814fdf7b824189c37dbd363bdd1d8608114d243fe8a8f0e519c09053f1a34b5c8b874d5f371516e8ae8e382b650c63944f0fd999d80dec781b2af53cb2a5b980a0d2d6cdff02fd1ad0affea", @nested={0x4, 0x138}, @generic="da421a0dd14782a51e8fd6bfe458568eb4f1a2426810968e8f940e0d15553c8c4bc2c510ebbea12d313105baea3b8a97bb55dab93ed636023c16f46d4466b3f47ec306cc45e9091ce7922897b2a0b9d0e5406e46ddee312acab6de003ae040d7a3080edc0367ae102a411dd09df75c", @generic="af319e9d2e9edb0ed0796270338095599e366b382cc8a2c0d87a780fc98812d364b169d7bd7b97611f2a6f3ac54f5c5d7b314139e783e03ac24bb40d27b7b8"]}, @generic="ae616a65e18a8e33bf757c1a950a3456a9ccde8a678b3ee9f8615b70542544394f109100e1924a79bb4977ca26abe8c3e8368c2340db906824004b54eda1ddd6d877930c22ad983bb70fdb7b1f24bfbf968409428016f082fd1ca344f6716b26e84ba7411853029bc6d1f9a64762a72f384976417e7feeda6ebd13d1555331e310302d6e4254949071d40df309b2458ed78df1bec8d7de245b85b990523403dbab35ea51bc0ab83fddf725cf908e9763ded19e329eaebdfbddaee2", @nested={0xe1, 0x124, 0x0, 0x1, [@generic="dbc5d034d21e5852b81453db4e6f6e329dcb2f99d90847effd1f164300d9cec11c3f3a95c373a32f98a086c61a2a2eadf6cdf2f8ea676ce0fbea37e89771c4532ca4db38a8d0501e24d5b31c05446f19b78a790486f0daff5f71d72a52b9ed890f37308633a6260a2695bf7f66c55ddaba42a6d14c90595e923387ae3a207ec24cc2bc0948d6b5dbce919baca959896b9e75e0b4dba0389202950e9951d1b2fa883d37d7f9bf29e0fbdbbcf8b0a23be61d7c22c0e08c52a5c8d5c95509ff329e2d3ae76f695f615e4ff0205c3f", @nested={0x4, 0x63}, @nested={0x4, 0xf2}, @nested={0x4, 0xeb}, @nested={0x4, 0x136}]}]}, @ETHTOOL_A_STATS_HEADER={0x28, 0x2, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2577}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}]}, 0x450}, 0x1, 0x0, 0x0, 0x4000}, 0x4090) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0xa, 0x0) r2 = socket(0xa, 0x2, 0x0) r3 = socket(0xa, 0x3, 0xff) connect$auto(r3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) mmap$auto(0x200, 0x400008, 0x200, 0x9b72, r2, 0x6) r4 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x20401, 0x0) write$auto_proc_mem_operations_base(r4, &(0x7f0000001680)="a7", 0x80000) mmap$auto(0x0, 0x20009, 0x4001000000df, 0xeb1, 0x401, 0x8000) syz_clone3(&(0x7f0000000080)={0x123060000, 0x0, 0x0, 0x0, {0x14}, 0x0, 0x0, 0x0, 0x0}, 0x58) madvise$auto(0x1ffff000, 0x7, 0x100000000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) ioperm$auto(0x7, 0x6, 0x2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.249' (ED25519) to the list of known hosts. [ 85.918985][ T5834] cgroup: Unknown subsys name 'net' [ 86.052940][ T5834] cgroup: Unknown subsys name 'cpuset' [ 86.062140][ T5834] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.685069][ T5834] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.741229][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.755172][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.762694][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.771152][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.778737][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.787020][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.794294][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.802912][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.819986][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.820229][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.869298][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.880766][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.882071][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.897261][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.903995][ T5166] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.909693][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.920028][ T5859] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.929398][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.942966][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.959745][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.472344][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 90.490879][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 90.573256][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 90.734123][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 90.744950][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.752492][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.760440][ T5843] bridge_slave_0: entered allmulticast mode [ 90.767713][ T5843] bridge_slave_0: entered promiscuous mode [ 90.810698][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.818040][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.825369][ T5843] bridge_slave_1: entered allmulticast mode [ 90.832687][ T5843] bridge_slave_1: entered promiscuous mode [ 90.885599][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.892842][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.900275][ T5847] bridge_slave_0: entered allmulticast mode [ 90.907342][ T5847] bridge_slave_0: entered promiscuous mode [ 90.926602][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.934358][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.943911][ T5852] bridge_slave_0: entered allmulticast mode [ 90.951274][ T5852] bridge_slave_0: entered promiscuous mode [ 90.976882][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.984151][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.991602][ T5847] bridge_slave_1: entered allmulticast mode [ 90.998937][ T5847] bridge_slave_1: entered promiscuous mode [ 91.008735][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.019269][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.026397][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.034328][ T5852] bridge_slave_1: entered allmulticast mode [ 91.041704][ T5852] bridge_slave_1: entered promiscuous mode [ 91.071107][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.113724][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.176833][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.202419][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.215368][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.224719][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.231958][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.239342][ T5854] bridge_slave_0: entered allmulticast mode [ 91.246446][ T5854] bridge_slave_0: entered promiscuous mode [ 91.268709][ T5843] team0: Port device team_slave_0 added [ 91.277776][ T5843] team0: Port device team_slave_1 added [ 91.298269][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.306268][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.313637][ T5854] bridge_slave_1: entered allmulticast mode [ 91.321007][ T5854] bridge_slave_1: entered promiscuous mode [ 91.383565][ T5847] team0: Port device team_slave_0 added [ 91.411432][ T5852] team0: Port device team_slave_0 added [ 91.432469][ T5847] team0: Port device team_slave_1 added [ 91.441503][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.451769][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.458767][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.485099][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.499348][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.506323][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.532735][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.546085][ T5852] team0: Port device team_slave_1 added [ 91.566568][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.650621][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.657590][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.693387][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.706558][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.717324][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.746574][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.765436][ T5854] team0: Port device team_slave_0 added [ 91.775348][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.785618][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.814905][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.884549][ T5854] team0: Port device team_slave_1 added [ 91.892492][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.899790][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.926985][ T5849] Bluetooth: hci0: command tx timeout [ 91.932738][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.970661][ T5843] hsr_slave_0: entered promiscuous mode [ 91.977403][ T5843] hsr_slave_1: entered promiscuous mode [ 92.000211][ T5849] Bluetooth: hci3: command tx timeout [ 92.002528][ T5846] Bluetooth: hci2: command tx timeout [ 92.005817][ T5849] Bluetooth: hci1: command tx timeout [ 92.107499][ T5847] hsr_slave_0: entered promiscuous mode [ 92.113844][ T5847] hsr_slave_1: entered promiscuous mode [ 92.120753][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.128479][ T5847] Cannot create hsr debugfs directory [ 92.141926][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.148892][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.175024][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.215092][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.222304][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.248796][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.277485][ T5852] hsr_slave_0: entered promiscuous mode [ 92.284031][ T5852] hsr_slave_1: entered promiscuous mode [ 92.290465][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.298047][ T5852] Cannot create hsr debugfs directory [ 92.525358][ T5854] hsr_slave_0: entered promiscuous mode [ 92.531673][ T5854] hsr_slave_1: entered promiscuous mode [ 92.537735][ T5854] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.545419][ T5854] Cannot create hsr debugfs directory [ 92.773857][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.804787][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.829969][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.855273][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.902020][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.931626][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.943937][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.954869][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.051411][ T5852] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.064095][ T5852] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.075530][ T5852] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.107287][ T5852] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.181080][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.192563][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.209563][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.221193][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.294845][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.362241][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.374474][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.410975][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.418168][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.441271][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.459666][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.466765][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.478358][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.485526][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.525633][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.532792][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.591140][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.646893][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.664696][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.702685][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.709877][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.768601][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.775877][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.797168][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.831223][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.838634][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.888049][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.895253][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.000834][ T5849] Bluetooth: hci0: command tx timeout [ 94.079733][ T5849] Bluetooth: hci1: command tx timeout [ 94.084062][ T5846] Bluetooth: hci2: command tx timeout [ 94.085160][ T5849] Bluetooth: hci3: command tx timeout [ 94.177165][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.212559][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.406841][ T5843] veth0_vlan: entered promiscuous mode [ 94.423362][ T5847] veth0_vlan: entered promiscuous mode [ 94.446380][ T5847] veth1_vlan: entered promiscuous mode [ 94.486557][ T5843] veth1_vlan: entered promiscuous mode [ 94.533343][ T5847] veth0_macvtap: entered promiscuous mode [ 94.564579][ T5847] veth1_macvtap: entered promiscuous mode [ 94.618684][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.631577][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.644326][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.661211][ T5847] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.670540][ T5847] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.679600][ T5847] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.688314][ T5847] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.713076][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.728966][ T5843] veth0_macvtap: entered promiscuous mode [ 94.744345][ T5843] veth1_macvtap: entered promiscuous mode [ 94.829744][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.856816][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.896984][ T5843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.906033][ T5843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.915502][ T5843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.924393][ T5843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.957351][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.966320][ T5852] veth0_vlan: entered promiscuous mode [ 94.973735][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.976697][ T5854] veth0_vlan: entered promiscuous mode [ 95.032957][ T5852] veth1_vlan: entered promiscuous mode [ 95.047071][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.058021][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.073716][ T5854] veth1_vlan: entered promiscuous mode [ 95.125393][ T5852] veth0_macvtap: entered promiscuous mode [ 95.166163][ T5852] veth1_macvtap: entered promiscuous mode [ 95.182176][ T5847] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.198443][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.213142][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.273439][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.284856][ T5854] veth0_macvtap: entered promiscuous mode [ 95.300465][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.317157][ T5854] veth1_macvtap: entered promiscuous mode [ 95.349728][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.381670][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.405545][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.456041][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.528355][ T5854] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.548399][ T5854] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.561085][ T5854] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.571395][ T5854] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.587896][ T5852] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.597788][ T5852] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.608168][ T5852] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.621122][ T5852] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.080019][ T5849] Bluetooth: hci0: command tx timeout [ 96.111839][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.133852][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.158643][ T4446] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.161778][ T5849] Bluetooth: hci3: command tx timeout [ 96.168269][ T5846] Bluetooth: hci2: command tx timeout [ 96.173304][ T5849] Bluetooth: hci1: command tx timeout [ 96.201536][ T4446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.238853][ T4446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.253642][ T4446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.283494][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.314165][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.645342][ T5952] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.767181][ T5959] bridge0: port 3(bond0) entered blocking state [ 96.803502][ T10] cfg80211: failed to load regulatory.db [ 96.835287][ T5959] bridge0: port 3(bond0) entered disabled state [ 96.850454][ T5959] bond0: entered allmulticast mode [ 96.857119][ T5959] bond_slave_0: entered allmulticast mode [ 96.866560][ T5959] bond_slave_1: entered allmulticast mode [ 96.877292][ T5959] bond0: entered promiscuous mode [ 96.908991][ T5959] bond_slave_0: entered promiscuous mode [ 96.942857][ T5959] bond_slave_1: entered promiscuous mode [ 96.959734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 97.005167][ T5959] bridge0: port 3(bond0) entered blocking state [ 97.011778][ T5959] bridge0: port 3(bond0) entered forwarding state [ 97.574434][ T5955] hub 1-0:1.0: USB hub found [ 97.673805][ T5955] hub 1-0:1.0: 1 port detected [ 97.883507][ T5981] ================================================================== [ 97.891623][ T5981] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 97.900351][ T5981] Read of size 1 at addr ffff88814570c007 by task syz.1.8/5981 [ 97.907927][ T5981] [ 97.910314][ T5981] CPU: 0 UID: 0 PID: 5981 Comm: syz.1.8 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 97.910352][ T5981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 97.910371][ T5981] Call Trace: [ 97.910381][ T5981] [ 97.910395][ T5981] dump_stack_lvl+0x116/0x1f0 [ 97.910433][ T5981] print_report+0xcd/0x610 [ 97.910468][ T5981] ? __virt_addr_valid+0x81/0x610 [ 97.910501][ T5981] ? __phys_addr+0xe8/0x180 [ 97.910534][ T5981] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 97.910575][ T5981] kasan_report+0xe0/0x110 [ 97.910610][ T5981] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 97.910658][ T5981] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 97.910700][ T5981] ? __lock_acquire+0x1053/0x1c90 [ 97.910748][ T5981] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 97.910794][ T5981] ? find_held_lock+0x2b/0x80 [ 97.910823][ T5981] ? __might_fault+0xe3/0x190 [ 97.910852][ T5981] ? __might_fault+0xe3/0x190 [ 97.910887][ T5981] ? __might_fault+0x13b/0x190 [ 97.910927][ T5981] ? proc_simple_write+0x117/0x1b0 [ 97.910964][ T5981] proc_simple_write+0x117/0x1b0 [ 97.911002][ T5981] ? __pfx_proc_simple_write+0x10/0x10 [ 97.911040][ T5981] proc_reg_write+0x23d/0x330 [ 97.911071][ T5981] ? __pfx_proc_reg_write+0x10/0x10 [ 97.911099][ T5981] vfs_writev+0x5dc/0xde0 [ 97.911143][ T5981] ? __pfx___mutex_trylock_common+0x10/0x10 [ 97.911193][ T5981] ? __pfx_vfs_writev+0x10/0x10 [ 97.911241][ T5981] ? __mutex_lock+0x1ca/0xb90 [ 97.911271][ T5981] ? kmem_cache_free+0x2d1/0x4d0 [ 97.911303][ T5981] ? __pfx___mutex_lock+0x10/0x10 [ 97.911340][ T5981] ? __fget_files+0x20e/0x3c0 [ 97.911392][ T5981] ? do_writev+0x132/0x340 [ 97.911437][ T5981] do_writev+0x132/0x340 [ 97.911483][ T5981] ? __pfx_do_writev+0x10/0x10 [ 97.911542][ T5981] do_syscall_64+0xcd/0x490 [ 97.911575][ T5981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.911607][ T5981] RIP: 0033:0x7f7a52f8e9a9 [ 97.911637][ T5981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.911669][ T5981] RSP: 002b:00007f7a53d2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 97.911696][ T5981] RAX: ffffffffffffffda RBX: 00007f7a531b6240 RCX: 00007f7a52f8e9a9 [ 97.911726][ T5981] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000009 [ 97.911743][ T5981] RBP: 00007f7a53010d69 R08: 0000000000000000 R09: 0000000000000000 [ 97.911760][ T5981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.911775][ T5981] R13: 0000000000000000 R14: 00007f7a531b6240 R15: 00007ffce6f6f2f8 [ 97.911802][ T5981] [ 97.911812][ T5981] [ 98.170159][ T5981] Allocated by task 5981: [ 98.174488][ T5981] kasan_save_stack+0x33/0x60 [ 98.179180][ T5981] kasan_save_track+0x14/0x30 [ 98.183887][ T5981] __kasan_kmalloc+0xaa/0xb0 [ 98.188495][ T5981] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 98.194942][ T5981] memdup_user_nul+0x2b/0x120 [ 98.199666][ T5981] proc_simple_write+0xc7/0x1b0 [ 98.204557][ T5981] proc_reg_write+0x23d/0x330 [ 98.209256][ T5981] vfs_writev+0x5dc/0xde0 [ 98.213614][ T5981] do_writev+0x132/0x340 [ 98.217897][ T5981] do_syscall_64+0xcd/0x490 [ 98.222407][ T5981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.228308][ T5981] [ 98.230657][ T5981] The buggy address belongs to the object at ffff88814570c000 [ 98.230657][ T5981] which belongs to the cache kmalloc-8 of size 8 [ 98.244369][ T5981] The buggy address is located 0 bytes to the right of [ 98.244369][ T5981] allocated 7-byte region [ffff88814570c000, ffff88814570c007) [ 98.245045][ T5849] Bluetooth: hci2: command tx timeout [ 98.258692][ T5981] [ 98.258701][ T5981] The buggy address belongs to the physical page: [ 98.258723][ T5981] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14570c [ 98.258758][ T5981] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) [ 98.264774][ T5846] Bluetooth: hci3: command tx timeout [ 98.266445][ T5981] page_type: f5(slab) [ 98.266478][ T5981] raw: 057ff00000000000 ffff88801b841500 ffffea000513e8c0 dead000000000002 [ 98.306846][ T5981] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 98.315433][ T5981] page dumped because: kasan: bad access detected [ 98.321851][ T5981] page_owner tracks the page as allocated [ 98.327563][ T5981] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 21476650263, free_ts 0 [ 98.345022][ T5981] post_alloc_hook+0x1c0/0x230 [ 98.349811][ T5981] get_page_from_freelist+0x1321/0x3890 [ 98.355384][ T5981] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 98.361297][ T5981] alloc_pages_mpol+0x1fb/0x550 [ 98.366166][ T5981] new_slab+0x23b/0x330 [ 98.370356][ T5981] ___slab_alloc+0xd9c/0x1940 [ 98.375062][ T5981] __slab_alloc.constprop.0+0x56/0xb0 [ 98.380456][ T5981] __kmalloc_cache_noprof+0xfb/0x3e0 [ 98.385756][ T5981] usb_control_msg+0xbc/0x4a0 [ 98.390447][ T5981] hub_power_on+0x1c3/0x4e0 [ 98.394965][ T5981] hub_activate+0x148a/0x1d60 [ 98.399655][ T5981] hub_probe+0x2253/0x3480 [ 98.404091][ T5981] usb_probe_interface+0x303/0x9c0 [ 98.409221][ T5981] really_probe+0x241/0xa90 [ 98.413774][ T5981] __driver_probe_device+0x1de/0x440 [ 98.419100][ T5981] driver_probe_device+0x4c/0x1b0 [ 98.424139][ T5981] page_owner free stack trace missing [ 98.429522][ T5981] [ 98.431866][ T5981] Memory state around the buggy address: [ 98.437497][ T5981] ffff88814570bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 98.445565][ T5981] ffff88814570bf80: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.453633][ T5981] >ffff88814570c000: 07 fc fc fc 06 fc fc fc 06 fc fc fc 06 fc fc fc [ 98.461688][ T5981] ^ [ 98.465752][ T5981] ffff88814570c080: 06 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 98.473825][ T5981] ffff88814570c100: 00 fc fc fc 05 fc fc fc fa fc fc fc 00 fc fc fc [ 98.481900][ T5981] ================================================================== [ 98.490376][ T5849] Bluetooth: hci0: command tx timeout [ 98.497587][ T5846] Bluetooth: hci1: command tx timeout [ 98.573007][ T5981] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 98.580251][ T5981] CPU: 0 UID: 0 PID: 5981 Comm: syz.1.8 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) [ 98.590242][ T5981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.600306][ T5981] Call Trace: [ 98.603596][ T5981] [ 98.606543][ T5981] dump_stack_lvl+0x3d/0x1f0 [ 98.611171][ T5981] panic+0x71c/0x800 [ 98.615097][ T5981] ? __pfx_panic+0x10/0x10 [ 98.619557][ T5981] ? mark_held_locks+0x49/0x80 [ 98.624372][ T5981] ? preempt_schedule_thunk+0x16/0x30 [ 98.629763][ T5981] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 98.635771][ T5981] ? preempt_schedule_common+0x44/0xc0 [ 98.641262][ T5981] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 98.647265][ T5981] check_panic_on_warn+0xab/0xb0 [ 98.652229][ T5981] end_report+0x107/0x170 [ 98.656578][ T5981] kasan_report+0xee/0x110 [ 98.661017][ T5981] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 98.667026][ T5981] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 98.672858][ T5981] ? __lock_acquire+0x1053/0x1c90 [ 98.677913][ T5981] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 98.684089][ T5981] ? find_held_lock+0x2b/0x80 [ 98.688786][ T5981] ? __might_fault+0xe3/0x190 [ 98.693486][ T5981] ? __might_fault+0xe3/0x190 [ 98.698174][ T5981] ? __might_fault+0x13b/0x190 [ 98.702963][ T5981] ? proc_simple_write+0x117/0x1b0 [ 98.708096][ T5981] proc_simple_write+0x117/0x1b0 [ 98.713057][ T5981] ? __pfx_proc_simple_write+0x10/0x10 [ 98.718543][ T5981] proc_reg_write+0x23d/0x330 [ 98.723246][ T5981] ? __pfx_proc_reg_write+0x10/0x10 [ 98.728460][ T5981] vfs_writev+0x5dc/0xde0 [ 98.732831][ T5981] ? __pfx___mutex_trylock_common+0x10/0x10 [ 98.738765][ T5981] ? __pfx_vfs_writev+0x10/0x10 [ 98.743679][ T5981] ? __mutex_lock+0x1ca/0xb90 [ 98.748385][ T5981] ? kmem_cache_free+0x2d1/0x4d0 [ 98.753344][ T5981] ? __pfx___mutex_lock+0x10/0x10 [ 98.758403][ T5981] ? __fget_files+0x20e/0x3c0 [ 98.763131][ T5981] ? do_writev+0x132/0x340 [ 98.767571][ T5981] do_writev+0x132/0x340 [ 98.771869][ T5981] ? __pfx_do_writev+0x10/0x10 [ 98.776668][ T5981] do_syscall_64+0xcd/0x490 [ 98.781186][ T5981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.787092][ T5981] RIP: 0033:0x7f7a52f8e9a9 [ 98.791520][ T5981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.811147][ T5981] RSP: 002b:00007f7a53d2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 98.819581][ T5981] RAX: ffffffffffffffda RBX: 00007f7a531b6240 RCX: 00007f7a52f8e9a9 [ 98.827579][ T5981] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000009 [ 98.835564][ T5981] RBP: 00007f7a53010d69 R08: 0000000000000000 R09: 0000000000000000 [ 98.843557][ T5981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.851540][ T5981] R13: 0000000000000000 R14: 00007f7a531b6240 R15: 00007ffce6f6f2f8 [ 98.859538][ T5981] [ 98.862888][ T5981] Kernel Offset: disabled [ 98.867220][ T5981] Rebooting in 86400 seconds..