last executing test programs: 9.021111632s ago: executing program 3 (id=2345): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0) setitimer$auto(0x2, &(0x7f0000000000)={{0x8000, 0x6}, {0xa4b, 0x6}}, 0x0) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) ioctl$auto_TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000940)=0x3) write$auto(r0, &(0x7f0000000180)='/dvo/kvm\x00', 0x20) io_uring_setup$auto(0x0, &(0x7f0000000000)={0x8, 0x66, 0x2, 0x14, 0x4, 0x4, 0xffffffffffffffff, [0x0, 0x34, 0x7fffffff], {0x101, 0x6, 0x4355, 0x80000000, 0xa5, 0x800, 0xb, 0x6, 0x5}, {0xfffffc00, 0x6, 0x0, 0x401, 0x8, 0x8, 0x0, 0x7, 0x6}}) lstat$auto(&(0x7f0000000000)='./file1\x00', 0x0) r1 = socket(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010026bd7000080000000000d0e14479a1f91413ef65d28a31e4ade75a353990e722e3b2f2396cfc5bb1f65211c480e22eddeb93764077942927d5bfb365cd8f2c68bd4f43c1c0cfc4b561953d69c5500c1ec9ef9c6c73556d5bb3b46a67fe86f5b07bffe8e89887951b07cc8a876da3994bf2c2937c4e3656adeebd5d140aab66e30a5233b1e692a2a821834ee25abef7a186e680ffdd8c32cd22577d7c6d0aceb4faf3b99e0a818b83d6765fa920192140cf0c1b8164086dab64459875d86516823e37325b5f74eb575656543fa200801eb7c0c3"], 0x14}, 0x1, 0x0, 0x0, 0x4008841}, 0x884) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'team_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r3, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) bind$auto(0x3, 0x0, 0x6a) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}}, 0x20044000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x103, 0x0) 7.494362887s ago: executing program 3 (id=2359): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlockall$auto(0x7) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x61a7c2, 0x2a) r1 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/error_log\x00', 0x101301, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, r1, 0x8000) r2 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000180), r0) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="029f0d3b2cb9d179c3d4e53e580e3740da816202b498bb688dd03b2a315c95dc5bd02edea7b27c21e004e000"/56, @ANYRES16=r2, @ANYBLOB="00012dbd7000fcdbdf250100000006000100090000000600010004000000"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x80) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon13\x00', 0x20100, 0x0) close_range$auto(0x2, r3, 0x0) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001180)='/dev/input/mice\x00', 0x1a1382, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ram11\x00', 0x60883, 0x0) r5 = socket(0x10, 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x10000000000000a, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000340)=ANY=[@ANYRESDEC, @ANYRES16=r8, @ANYRES64, @ANYRES32=r8, @ANYRESDEC=r6, @ANYRES64, @ANYRES32=r0], 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x200c004) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x3, 0x4008) ioctl$auto_BLKIOOPT(r4, 0x1279, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) socket(0xa, 0x9, 0x0) socket(0xa, 0x801, 0x84) getsockopt$auto(r3, 0x0, 0x2, 0x0, &(0x7f0000000280)=0x229) setsockopt$auto(r0, 0x85, 0x200, 0x0, 0xd) 6.263465993s ago: executing program 2 (id=2358): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fcntl$auto(r0, 0x402, 0x8000000000000000) unshare$auto(0x40000080) (async) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) munmap$auto(0x20001000, 0x7) (async) epoll_create$auto(0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nullb0/queue/io_timeout\x00', 0x80880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000180)=""/187, 0xbb) (async) unshare$auto(0x0) (async) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) close_range$auto(r2, 0xfffffffffffff000, 0xff) (async) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000001b40)='/sys/kernel/debug/dri/vkms/Virtual-1/force\x00', 0x149c40, 0x0) (async) readv$auto(0x3, &(0x7f0000003080)={&(0x7f0000003040), 0x4}, 0x9) (async) mmap$auto(0xfffffffffffffffe, 0x8, 0x8005, 0x15, 0xfffffffffffffff9, 0x8000) openat$auto_dfs_dom_ops_debugfs(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) (async) bpf$auto(0x10, &(0x7f0000000180)=@info={0xffffffffffffffff, 0x5, 0x3}, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x40000, 0x0) (async) r4 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\b\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000f9dbdf250100000008000a00080000000500070000000000080009009c781e01060002000100000008001700", @ANYRES32, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) 5.862326878s ago: executing program 3 (id=2364): sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x2000c041) fsconfig$auto(0x6, 0x0, 0xfffffffffffffffe, 0x0, 0x5) r0 = socket(0xa, 0x800, 0x3a) r1 = fcntl$auto_F_SETOWN(r0, 0x8, 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r0) sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="f0000000", @ANYRES16=r2, @ANYBLOB="010002000000ffdbdf257900000008006900ab26ffffd40048014d1d9db9c8f8ac9cc533fe6fc950eef09b33df1e502c4e6f2f48b3e583d3855a9f2b6c10b45bdc5bfc09db35ddfa558b3c90230df75df19c85a2ec9437ce1b611d87254ae85fa049b1cbb18c758189a1badf163011a5bf048e3a277430df8bb95103bf39e3fea32b7d5c214747eab94dba4c540553e55844428f0195e1fc2111257620d1877e776ee1e7a6a58becb3ae1889a99240cb6e118708ac27a357136d497ad738f21d477f361641062f992c07d4217da7d431969188f4d8fecdbfed72850787bddac9266dd4400ca980358a00251f630c7a065b83fdc40b79886afd34ee69879668f6a4e9cc4e0eb6f03b19dcf4d5fcf1d4be808984b9fec0ba4896b8fb0d2c3be6c1b75b85cbcce6f0120b"], 0xf0}, 0x1, 0x0, 0x0, 0x54}, 0x24040805) r3 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/mem\x00', 0x2001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffbfffffffff0002, 0x15) settimeofday$auto(&(0x7f0000000180)={0x100000001, 0x1}, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r0, 0x6, &(0x7f0000000380)="2f0dd13752bd1f04c6cafa7b04e9de6db94bd4f14229a1089950311436773aa10d488f720f921b406d4b7daa2bda8424abb609ab864ff5a10a89a0034c8324c2b628cbacb494a058082a23ccce9c950fae367fc415eb75f044df89563a737cd9426a4c7db5b38767bc437c29cf80e6b42577210113618d6ab34a4636faffffff798fcb5e072e9e17ccc2955b21ca35844a4ddde8b23eb4229dcc518a40990d8cdd46e893ec506ed7aca198d06c1105e765fe1f9f0525", 0x3) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) syz_open_procfs$namespace(0x0, 0x0) fcntl$auto(0x8000000000000001, 0x26, 0x8) lseek$auto(r3, 0x8001, 0x4) setsockopt$auto(r0, 0x29, 0x49, 0x0, 0x1) setsockopt$auto(r0, 0x4, 0xba, &(0x7f0000000080)='*&,&*\x00', 0x7f) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c810}, 0x34000010) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x5, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x40000000000f, 0x8, 0x40000402, 0x7ffffffb, 0x0, 0xffffffff80000000, 0x9, 0x7, 0x200000100103}) socket$nl_generic(0x10, 0x3, 0x10) 4.814382975s ago: executing program 1 (id=2367): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) write$auto(0x800000000000c8, 0x0, 0x1a) mmap$auto(0x6, 0x9, 0x6, 0x32d4, 0x10000, 0x80000001) ioctl$auto(0xc8, 0xffffffff800454dd, 0x4000000000008) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x41142, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x7fffffffffffffff, 0xdf, 0x15, 0x7, 0x28000) write$auto(0xffffffffffffffff, 0x0, 0x7fffffff) read$auto(r0, 0x0, 0x80) madvise$auto(0x0, 0x3, 0x66) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000080), 0x3050c0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/virtual/tty/ptmx/uevent\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/4096, 0x1000) ioctl$auto_SNAPSHOT_S2RAM(r1, 0x330b, 0x0) r3 = socket(0xa, 0x1, 0x84) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001040)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x101000, 0x0) r4 = getsockopt$auto(r3, 0x1, 0x1b, 0x0, &(0x7f0000000040)=0x400) mmap$auto(0x0, 0x4, 0x10, 0x40eb2, 0x402, 0x300000000003) capset$auto(0x0, 0x0) r5 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r0, 0x0, 0x8000039b8) mmap$auto(0xfffffffffffffffe, 0x2000b, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r6 = getpid() process_vm_readv$auto(r6, &(0x7f00000010c0)={0x0, 0xfff}, 0x800000001, &(0x7f0000001100)={&(0x7f0000001140)="41e0a24930a8b9291eefe1052b570b795a659f5980ade0e75383a40c213af422cdd9bdc5727d038d8f971cbcadee530600c59c2497f0564ff1d56792550b39e22c8ed4e19e59591f6b5ed66d70e03ea7845a8f7d9da28c0c94448109a7edca25f4719de968578346b90ae52a58e59337209bcc8acb296ce45f596e3f8e4569276b119781b50312e40cc74f0d5d00566a317377038995bf7b849b60bd5c4fb34bf89c4bf744149c0ec4abf2f40792df1cae53da55bef975d06564a49bd2dc4143a1554138c57ef0f5eb06", 0x7}, 0x5, 0x0) sendmsg$auto_TIPC_NL_SOCK_GET(r4, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000002240)=ANY=[@ANYRES32=r3, @ANYRES16=0x0, @ANYBLOB="080025bd7000ffdbdf25060000007a0000002ae79782c67fd378e8b33bf455eea66cb2b6facb8c96a5e79b2b0e7ad1d978d06bf5f1d61454e5cb26ea98d2a248f0e968b9b343eb4990ec33dad6d2f23e3482255bd34a5c00b140edced1d9945427b97b9b2407e0e56291fea79d1a08e15e29a371bcc39c2fd69d35828dde934df40566a1f087b4ae0000fa050780040087006d014880bc25c64d5268473e54e36ae94b82e21eb235ae938f5ca1bc62432bba63a57bba42fa692f867d1ce68b7c844d1d39dfe22ff9287473f4b74e3780cdd354ab8219fcc6b0c8ab1ff383f131cb00b5009b079919e9540b7bb7bb020000000000000099243712992b7e6e62f1252ce2746f222ae8549ccf5fbefa776e8dbba764bf967701a4eae76a9bda69792e23bdb6c4757a047e33ce80f092cbb810448f33d95cc0955f288d8e30d16f18daab42a33ca4e38b8f3830a04ce315ba7c88971a21b66eddcee96adb6f43e62869afc5941a5e8689fe1d4e22a9d4899daf22d8be11c573b8aaf0272294085bad3823b35ad47bd650aa8dea5345d5219f89666290eed238452e9d96aa58f33f235b487e9899bb9f84adc441000800d000640101010400e08069d16022e69082e9105f273b163028af6c6425e0d41c8e5572fb721fc680003b1f0145ce88462fb9af9d70a04764026884eae4040067800e00a9002f6465762f72616d370000000000000800cf000a01010004012680040015800e0036002f6465762f72616d370000000800fa00", @ANYRES32=r5, @ANYBLOB="0c0092000600000000000000040033804b35d3593943821e09624c777d1f05698184d7785c33a7f3a9c049860b7ca8432a527570af19074058a00ded08b72425b0906aef0c22c231659f65736730121eb41f244ab26e463164cd9b9f7fd60c21d5ea74e9e70787219eaa5f54dc33395527ab622e164cea04326f6288ffba16cb841a1bee3a0efc00c249908b8e8e0243c3844e865c7c3eb95f8b32941b0dedbfc88c380ba22136ae208a607bd8c269c7c7c75659f9607fce2c06c976b673aee4be6b54d1d5499810df10a2b10513e73c2001d92338a8a8c0827b8e5a7e6e9cdc8bde60f69e01b4802f15b67bb5567ff2e55accdaaf9675779f07c421172bd04cdb043259431a094cb697343a4ba076c5e1c2f64e60f64ef5ea04a695c1d2db84a664a88483d79f0f631333c9ac3f002edb30e0b20926f84788cd1701145a93e10e221c2884621c6f07915038efa2c9cf6a84003d1ecdff1abc15a236e338c4094d4c0cab564190ba2a851fb01c6748317561cc280313f168d282c49d98c229bf528d06ac22ad733fafd8d0759adec7c0e269fed1211f016428a626195fdd8369c903964903b4f3356c636a1d0af8924bc132179aafb77b7499ac80829b4c9b17cc9394e4737091795f342ec14bfb65574e50885810c296adc5b3751201c4249b7070bde5acc5f2703124e784920bc50d3a3725edc1c68af7b1e6c9e0b33c7860d5e2489067891fd77b729974d97eca3c04efedb0d52470cb", @ANYRESHEX=r0, @ANYBLOB="dfd6e6d9ac6c9c6bd4fc9e372b10b3e561b46da5ee5f91dc8467ff6c89fb0c9cad6ee4e5e72e94981359b743bfeb3e2943616157eeaadce7bb8615844bf0e99cd08cdf277867ff653bc33265c17bb3524308a71e1a59c11ff03e50ad039ea64988b29bf1bcf23ea7e3e5da04000f800000e38d3b349c56c2803b1063268b64db2d9fc42243f86ae4d5f312d1de504b1d488198172bafad54d853d58c8447392f1d34e00c6d7506f9925c2568b36d75a55c32732efa3f015707c6afd49f1462430172085d74ad9321cefe71dd91b42918b98fb708f0b477b80d4a15ced773b81024f2a24eafca8363eb4787ff7143541e5200b7cd63ac591265504d5f4cce164a170ab00eebb121cae629778918ab38aea6655218c198b9922b17e1eda60c2f3b43a6ea5178bf6c859f0dcf557dc8a700cf80eb43a5abe107c9c663ecaa76d69d31620cfc1375fa0fa1ead7a2c4a207c59fcecfb8302fa3e906299aaf6ff936200d88f7cf8f9f4957f2828e1b92136e9bc9955a19b18ef51166907177296a68fb89fd138148c271215ba0c043ae91106bb7b3370c000d98a0b4969ee24c9386a166b6959a7aa6f1d6e1a02f0d63136d0423ad640bf9ffdfd2593f8bab2c33d3df10c9a02809d12425418eba36e6338395d304007180005c82580830b4f8ac27fa02762a4f85bec0b0a7ad4fc41d5a5168c180aca0987cdd790bc4df600d5da93d4c21d176895d553ec7b9a5e40f0d89979d0a271bac4e56552a4cd6b9de47bf24f67bd6331b9e36c1252b5e3163e9b81f2d0d4648f896ca0e8f6b924c84cfcb815cb0499dfe78d00000b41104800c007c00ffffffffffffff7fdd1c083c1c8fe3e8578d16dec1b85ff475c68a747242d437a3795c567a0e48b64a9073f1fc78bc0cf4d7e3d6531286b6392f85117457fd3e5d46a3523ce86bfe2f785d59f53d7d5f80debfd0ba0b445cf0b7cbda5c955435bdc25f95742802efb30fef73ef2b8de5ffc3e964d2b3a1ca0876a8a4c0fa0f5d784c9ff891426db667bc055fe848ab8ca08de93d216eb3208d5e9b9202f334650cd9217dbe5c5ba97087308140acde207b7ecc3cd4bbf1cb0c4b92af083d866ef75671add5c38541a4e81ff5f21f0767791dee2468a8cb22103e03d6a55ff3541325e22b950f43ca847e5aa694c7ad14259a1ba03735f096688527d2b5aab17eb679845273377596a4278ea1a56cdb78dad5fac57af5a3e27debec5db9e5a99d7bf59a663bf804dea0896575b717edb63e6d3fbf4324851f537bf280ed10eeb71b95c2ba7918b48e7cd8fd55c9a486a028646f3d01abe1a11e3c00552884dcc7b673614deb4d1fb2f8ba4c25f40d2449462353d10c9e926aea3c0c02f538edfe075b64aaa78044b235bf29dfb1c107a7fd2ce23ddbded6f458cd729bf962ee9c62812d184b85812125b10c009efcf213386619ac29eb8f2f888150d0aa4a7e0346bc0d8773baee7461df2d3d73486c5275d8bd046e3852ee71774c21674fa2606faad2e6d190a3cd983a8d8895650f9a0263eaff86e778044a311ff3237240b9d904fa29fee1733db839fcb0300be878385c5e9360fdce13a0cb423af0fcc206c4b18fd80c391a9a5e541e07fbefa7cec8d926fe50f41732ebe6d25e0c81257d22d1bac48e0fa6e1cf9c18f1f8bd2003e9564860777c91c43b30d75d01063bb5b19b66a6745e89bfbd27781de50c6d3454cd5122064a419478822ebf67c844c8c2a279cde05554dcfb5e2d097bb245e2d6ea32b7bd2e377de1bbd09e37af0065eea17e1f2546dc056db62668d877c26f7b2151e7238fe172d8f08c6895f232afd698fb8ed52cda423f78f440fc372f7ec63020df3a1585f7eb0a84ee3782a6e59e14d14f47dcefb9aa77d6356a12db42ee58e8f35485b1302c34cc907bc9cb1c7423e1a85ce190e98c7ab2609f0193bb37a641cee4f0ad7f884be904eeb77ae0cea90a3456e63f72fbc0c13459f8633c23b2d5f881d85c2ad8612bc367ef44baf4ab05bb0d93be9cb0458c6626b9964b173e72f2fa7fa50e66f76fce9ba93cd67c6da9bb97ed1336ebcad27dcadd7f168aab60e09c174007aaa98432038ea9e929ef338d1a0a29e11edef7e6d7557f83360262bcf26574a857eddf1a196a69617898a5abd072bdb356df109a43bd5028c95dde7fca07e7fb416d0b4fedb53e78e3dc6f3d354242d92c25158076ba3c78d2296a082d6796c57f4c7be978ea3636d92bdac8607ec7bbb715ea36b03e2aa4118152ac2d1dd147871d12d09758af3dc31b703379d6a6d6e239346b8d6ddc03838ed00b93ec11196add4b5daa1e05d978452db589d3640e5fb6885c4d5b09efb98cae796ca9d4b1ea48e12984fb59d2e7f599a78824a5f56566eac0287689461ddeab8ba3869809cdcf39afd866737050116770d36ebd5d4862a89fda83227432da000ab86501b3022e04c27a8ce343c71a846d1ab7b29e5bc9b18021aa5d72c350ed8481323c14c7f03c0368fdd2a154f0c7f1cb9846434470ded8d73a6d52b7c0f81d286237f9e42e3c11a07e7301c42f0453dd54c7a522ba8bf15b5ae9924634fe758876d7bb5c5be47d49ba82fe1b4cf74a5d81449124ac55f79cbdcc0c210be397f698fca97688b421e5b0a418458fa078f309223efdae85eb475ac82a5f150394c25b497ec76ea2ca5dbf1db39b7e1ca6376e2f51925e1d4794da9ccc0a982567cb0fcb5018e3a5bfdff340a8048adbf5555b627f28c17d4b3c603e472bcfe9ee2c3a55d22932f66689f492fe6afe86076d336f2484802fd8b16c22ab1692e04c6081ee46a9326796575464f11e3c0f57f0f8d8fd73c4635ebbddc806f69d12064576e28a00868d186f6564511dc80cfb1740cfec5a545762bdfe48e9dfc6e2c27171a7ad3bb43f79821310eac0617b900b3b9823c3b6ac07ee1f95fead2410a06b1e5b724fa6ec8f7f054413827ac21980b157f5995341bbd2c83eb8017e08e9b0d12a9c7f03c76f61051e44a5c7b6b30ab34c53888622f7de35d96d76240f6b80db0564ac09fd72a086d3ab07ce5238d6043575a3ddee18849938efdc05874a0ece34ae9d0d489631cb1175f7e56185e692ca8365021955fe0a9851295637081327a3e99c3b9115a4ec9d01629c0262c4d311370c5d9d84d466f7158c3b0a1af47f4dd901cfded9f7b7459bf044486a20c5904dfc318eb4f160441d7dccb57b00c5a9c34555ede75a14b0b0fb8f449b2aeb6b47f0ea46b68ff8ac822fc854af81b0499dbc930430c9316f99fb4737b6302ecff010e35319fda48843c5c16c34f50cee9b51c7792694d2635c1832922a571dbdb63c01260e39dc7808636ffe444cbcc51fe6d656a9b8a56a92a8c96fd482f7156f0c5edc9ea9cf58d6049ee5de1641ad3081c598c37652369d9d7a77ecbf4780281f37fa59cd891919e00643daaeaebf91d1885a37d30798533bd350e4cc5260595bf304e453fdd73381da7d571ee33c400c1a24ff06a222dee1cace2a123565a0972126d96f6d17fd166630c4bd0d51d8a5ae28fb43f1199394a9e1418923d0df381f1772b49383503415ac1379eb16a831a1f06ea8310948a758c20bd76344d184c3a02a47985bdc7fe47e71d580be9579e750d0aa21f71781b6d0c1e3f1d4ce1eeb6cb69cecdc862cdb9498371e757822777aaa6e6295a680d4195d2dce0a625fb42534045dd859f92a38d8a139a7bd3dc91995749e2e96d1706b15841ca91f733e3914a8018e49598b8be1462aa551234bd85eb2baba1838802ef019af6470e62dcd87e30b50e4c2ad1be30b1abacfcf0cc67a5f119c9b93a31fc48c06a459e413432cff11bf9ad144bd01b6f6efdf5d226266ea72427dfa378e870b6b36c5c72e110234df109902f0354e05189a11aa9594c65f42181ecb699f07c9f283f5b593c6ac957be0f6991bf3ef0fbdd26dec81b5483dc5097a35959b93a6436f7bab4bf7ef784183339fdf61d5327a4de10c16d84517e599be7881474345e6b7caf3166b2436a23784528bd1c54030cad69efcc5636de287cdca7445b45dc76c71a9b12c6c0bb37f1373364f1a22d6914fb74d9c7f49b40dd4e93ec663c30d8198a88480a98e21215e5e251fecc5ceb966b3786e0345179b89919041bc10151ab5357765d5023afe7fdaa4b524fd084ab5385f5361594767681655d87300c8d1f7d1f61a0057d71a000b91e76c8051258a2f3bbdfcd26aa4686441193ff8cc65fb3d39c10c354349471be016a4c8b89bb78a5ff287546b7dad147addf4968640ba49a4ef6150785cf9240f444eb58983557d0fcb9ab32ecf1cc9e900c0426f172e60f166094615f88a55b2edba76e3847b95cf4afd919b1f64fd6d09730b981be50233f048b22ee3b025a946045197be5d781b12af155035cc2d34cc5be9100f03f5b56f79f6f032bce37788bfa074709d139a20d59e15fc266b3642277d67a816135877e318a4908cb968af9be381a2fa80f9542acb8638a2152fe602de9a9dd8511f2e0af0219dc765252879da858d3d2caf22d43898e17e54f301e2f2076aa96a5e9457be31a160934e2d79ada8860fc0ea8c8f9f856deb7076a76c882a7199c9694f66fd60b3fdf4ef225f699d1d8847159773c7ef5c81c849d12f532c2982e557e6d692a44f405b2f5de80f50560fc6101f4e73ec14ef9c44d3d05459e26869c13ccbab73c9a06087eab7b6314e7450c357507c8993f3c2e339f825aca84baaa7d27edca134225433bc0f8ba6aac57a97f9508bcb4dae19c4b00ff7d58c74f13fc7a72af646cee72124dc19bb7efc84aafead3f006b67517e0a2f020ff01ce80a89981621489b06cd0c75a1ca48b52deb9d8fc9b163090e00abf5829b4c9511ec1e8bcc020a8b2ee7f42733a8703bd416829bec78ef683cabd9864046f737ef591c2d87b7ab55b4a40d24b9845721f606dedd0ccb058a9f59b1f0872e402f9340941ab0c0e3cc108f636d3b42902411376c947d99ea458e35ab3275845253ffadeb99aec56f36267d6dce379de262e239b83f1dfa0d659533a35eb1e1472705e11076268dec1f8184b154217ae412a326bd0e354fdc2de279c6e3841b2d8cad11d08d94c5d0aed3d88702b1c16432ab9c2e27ea5a4e489d32285296cc60f36a69f949c8e8c472be5d1266987b2a0a83bcd97bd6fa120fb8e8e1674b30e9dfedeab445c3378ac01a3e398112878a86ec32081b33368646091040180dbcaf4be81d344fbeac6188b25405fd8c41f9c5b0239b34db02ce37bffa42dd3843ac66f04490798b1e34d2dfc46a7afab0e30ad20f2eba4384de178cf7cb8a8b619b6a796eeaf6829d58bef34ef595722929c028e86b5fa0e862f9fcf6924107d81ae2443f415cb61b60506ab6ae86b702c27f03218123329043c329276060d6a2464cc076917771be5ba0b4c2ad500638f008129171affb93785d9528f03a7f9313ad7bf28cbb6fe94dd01c04d93081a2a475a24485977df14799f7a408db2edb434a8a9173c1cc399aa978fa1b37a3ecdb270389b86c36ddd761b6922d67bf7be394cbc08785ee9f9a7397a2a098989aa43aa2453b30ce562b4da353375e2ebad3352dbeb1e4bc6758db79c51fccbeb7822ae2e16dc01b0b5b7b4d6264fcd218b5ea0578cbc62a21d0b659e4d65b99b63f3010eef1cf79f6868550eaf46c89eacdcc155ca844dc8b1fe4e4996c6c55d316c85617fdb3a8e5a766bf9f447730bfbf3aac47733861ab7490e0f11ec6ea7813eff9c6db2ed5a5839dfb443defccaf3ab1d81f4f09dadee6f867374b19e52dc33d529f539d427649faf965b3347f46678349a6ac2170df6088edf8952b7c10b825e5e8870a545a2edb05c8374eb5d3f5a4228ede345ced276d1665734079113d258343d190bbd99f30dd1b58cc19eb13e10914ffdefa23fc58e568e74fe1a48d87ba89cfbcd5cacc7ded5d8624b4c627514c73d3cff59f04ff252b56e81f93ec7ed25ce69b3f0bb0f50da118b6981fabed94db2b36a8e07d1ad95fc8fd78fd2339a7dff4a1c03d31889f3b4b228b83962d1ac534b40704b6a0c48a6b06f41471b9fe1d77db7a62d229f425b17a29051efee58a67bb600a6e59bbc49cd0b82984705e487b4f3a30e3348b22cf560996de03338940664c0977636265be389fb0b90dc106d9938db9f673ef32c2d77a80973dab3c95d53b9a353c49eefb265ea807906cb5054d0ad3d85d7f7f3a9d0397f2fc6526453d25b5aa9992b44eef517753f8c6a3b111c5a0b0519577c649e2bf5dfd9c14ba424f167a53f38a6c5f0509f426727bc4fb7273809181d6a266e3f552097947443fa6229be981c68e07c6583bc996d20a50c13d38fca42d0685c462dd7710451db2d5dab428f028d9bca27347af764c486113804134ac07c688795b91eefa2e64e3415bb1c82b3fd3e4bc30be397355f5020b32515af4fbe899c0c7499e77b0023343d33d4bef14f16f31ac3001e0524b82c7bc85bbbc1fc16fe86e1489e92a0ea6710ae73c18627d690d48c6eff22559b95dd38fc84d56d248236c7dcf69694bb51ead9ddb0c5b9f17aa9148ed54a9f03dbbe201f5db8d662be51ee3b3d7e0ed67f87f64b84e9e4524151786ebc340541ae2a952a5ddd0a31b9e8c292caf004b0077a6fdaf9cefb2fcb9981074b9a6bfeca56c8d3ecc1e9c34dad2fc6d8a16011e769c1b37f200519999d4fda0b2b91544dbbcfd5d577506663de9aa4f62176d7f96018861bae1d6d88c740a924349f5f3a8b65451c3762a42850fd9269c9357a82d07e24c78c9eb39ad0ed89e26b16488abe3820aac4625eba20f3277864ae4072cad451cfa5e4b423ef3c84aed08ca8a8fdd99c4dd0b89f46245d65e1b851d396c0ca7bb68ddcbcee4a29300a376e1b426da60be14735352b85cc65d94267cede045c618f0d69200bdd5c91dc98f2e78bb645147293bbcb9785d1e556a8e41fb532f2797dbb3efdb1ef44fbaf31aba7503a7a124590cb50a9b0843cc5899eb32f1a93a46e51e884b4bb80c2b0ee3a9ec32c5ee97efd55962b4cd1d94adfdf9f3d26ca707b3307bedc4b305b56998805e383e764f436d8f5501a866bc2eb4c3010986cb07ee3b40c72861503ff3ff2476742325ef07c8fd1db0a8fafc9cdcc7cc87719cb605a15afd3efa3a9d7f105c93bd08915b49f75a65b5b82be1e6ad18ddb697e628da0cd6a58ccfa86a092455611711211cf31cb87308009d00", @ANYRES64=r3, @ANYRES16=r1], 0x1840}, 0x1, 0x0, 0x0, 0x8001}, 0x0) 4.751204147s ago: executing program 2 (id=2369): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000011c0)='./cgroup.cpu/hugetlb.1GB.rsvd.failcnt\x00', 0x0, 0x0) socket(0x2, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/ptp/ptp0/n_periodic_outputs\x00', 0x40000, 0x0) fanotify_init$auto(0x5, 0x0) memfd_create$auto(&(0x7f0000000000)='!\x00', 0x16) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x1, 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) socket(0x1d, 0x2, 0x6) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20b02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = socketpair$auto(0xfdffffff, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r2, 0x0, 0xc3) setsockopt$auto_SO_NOFCS(r1, 0x1, 0x2b, &(0x7f0000000080)='-%-\x00', 0x9) read$auto(r0, 0x0, 0x20) 4.296701863s ago: executing program 2 (id=2370): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.13/usbmon/usbmon36/power/runtime_status\x00', 0x20200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/255, 0xff) getpid() openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x48041, 0x0) write$auto(0x3, 0x0, 0xfffffdef) semctl$auto_GETNCNT(0x0, 0x9, 0xe, 0x7ff) openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) bpf$auto(0x0, 0x0, 0x6f4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) statmount$auto(0x0, &(0x7f0000000180)={0x40, 0x1, 0xffffffffffffc82e, 0x3, 0x16, 0x93f, 0x1ffe4, 0x3, 0x7, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, [0x0, 0x80005, 0x2, 0x400000000, 0x0, 0x0, 0x2, 0x4, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x40000000, 0xfffffffffffffffe, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0xfffffffffffffffc, 0x40, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8000000000000002, 0x0, 0x0, 0xffffffff]}, 0x1fe, 0x81) syz_clone3(&(0x7f0000000540)={0x8b820400, &(0x7f0000000380)=0xffffffffffffffff, &(0x7f00000003c0), &(0x7f0000000400), {0x1}, &(0x7f0000000440)=""/74, 0x4a, &(0x7f00000004c0)=""/14, &(0x7f0000000500), 0x0, {r1}}, 0x58) bind$auto(r2, &(0x7f00000005c0)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x2}, 0x1) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20008005}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x8, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) write$auto(0x3, 0x0, 0xffd8) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) write$auto(0x3, 0x0, 0x10001) 3.966217084s ago: executing program 0 (id=2371): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) fsopen$auto(&(0x7f0000002680)='veth1_virt_wifi\x00', 0x3) (async) r0 = fsopen$auto(&(0x7f0000002680)='veth1_virt_wifi\x00', 0x3) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="69b5b2dfdabb136c46000229"], 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x5) (async) r1 = socket(0xa, 0x3, 0x5) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) (async) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) select$auto(0x8, &(0x7f0000000240)={[0x8, 0x8, 0x2000000000000000, 0x4dbe, 0xffffffffffff7fff, 0x2, 0x0, 0x5, 0x7ff, 0x10000000003, 0x5, 0x4, 0x5, 0x5, 0x6, 0x5]}, 0x0, 0x0, 0x0) sendmmsg$auto(r1, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x8, 0x80000000}, 0x5}, 0x1, 0xa) r2 = socket$nl_generic(0x10, 0x3, 0x10) newfstatat$auto(r0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x5, 0x5, 0x224d, 0x101, 0xee00, 0x0, 0x0, 0x889, 0x1, 0x3, 0x0, 0x7fff, 0x8, 0x2, 0x5, 0x5, 0x1ff}, 0x75f) shmctl$auto_SHM_STAT(0x7696b872, 0xd, &(0x7f00000005c0)={{0xa1, 0xee01, 0xee00, 0x8, 0x0, 0x6, 0x4}, 0x7ff, 0x8, 0x0, 0x4, @raw=0x9, @inferred=0xffffffffffffffff, 0x5, 0x0, &(0x7f0000000440)="9076c58a71929fed437e4b60adf5a01afb3732b658d74afbeee738d4064dc082c437c48332d08673ce7534787f688220821f997d246c792a28b91c8f370d9b4f9549337f2420aed1f8ee8053f8a6a3bede1c53a5e8cc7c545d1bbcceaf10a56468ad80e0c1cc3dcc9c11fd0e7b5f0f498947ea20298c0b447fc32c302ecefa127768bf9e8bba00db110a8599252cd89d5d70a21dc2a1c64735d7d46d99bffb3804", &(0x7f0000000500)="9a0cfb00ad6948eb8e94cad9887397c8679f75826e9d55cc6b3d320bcdc5d23ec8978ee95a0a83f87972e16f08d5178fe320077f828d78c4ebc04070ee89c3f2936403534e75aab48fd3a3b56c66f7f147869db2a63af4753596cad33a188f6b92fe2c345c3d59176a626388bbbddad38546924cd83aa0602951550b885542f75b0f91c9bce24365c0aa806b360010b5088e422576bdc04cf231071196f0d8ecb30b77"}) lstat$auto(&(0x7f0000000300)='./file0\x00', &(0x7f0000000640)={0x2, 0x8000000000000000, 0x610, 0x7, r3, r4, 0x0, 0xfff, 0x0, 0x8000000000000000, 0x5, 0x0, 0x9, 0xe, 0x3, 0x4, 0x7}) (async) lstat$auto(&(0x7f0000000300)='./file0\x00', &(0x7f0000000640)={0x2, 0x8000000000000000, 0x610, 0x7, r3, r4, 0x0, 0xfff, 0x0, 0x8000000000000000, 0x5, 0x0, 0x9, 0xe, 0x3, 0x4, 0x7}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'veth1_virt_wifi\x00', 0x0}) sendmsg$auto_NL80211_CMD_JOIN_IBSS(r2, &(0x7f0000002640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000026c0)=ANY=[@ANYBLOB="88031100", @ANYRES16=0x0, @ANYBLOB="14012abd7000fcdbdf252b000000000800030000000000000000", @ANYRES32=r5, @ANYBLOB="1400360183483348850d301d9174644ec8e2dda641007d800c0003003d0000000000000026e0a685f8aa121054e43785c7b68322e48b428497437b6dcc0fd4643e27de5d6608a7cdc7f6b048c5002e7b284fbad62500000004004a010400440194222c8064b40c094815d844cc83d000827350fc4037279232628cf5ab855759523c6253d09b7d98a7e1e13d61e2ccd4339c28a150de6f6d61d1907c5263a320ab7c61898a401e847fb8b1dcc0b09f810200f86fbc111b2ef3258faabc1e1af2b6e657e8a19c7c51d40273af2e9fc929ead4f4b2f729610d1d135fbbc5a4060931160367c242ca379bfd9537f410a87278455ef43e6459b59d831d4ceed1d8ee3e6a9a125ba4bdb35b06d5b8a35e01ba7c0d5d021ad21327e357db4c95001400b453f130def2333c18ce3c8af778a3b58fd6f41dd528f7d68f9823087824d34034d06a9f2243ed712dad8fb9fb0a6e0994d2b3570982307aa42ab32406311defbac8cbd21a2e0f6218c3e57e068ada9d5894baccc51162f2a96aa3855a63abeadeb17c8700e95bfdff984fdc3a490204a02679ac22b08d717f1378dd5266459da5af1ce5132f393990aba3b5a11f99879b0000000800ae00", @ANYRES32=0xee01, @ANYRESDEC], 0x2318}, 0x1, 0x0, 0x0, 0x40}, 0x408d0) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x40000000029, 0x11, 0xfffffffffffffffe, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3.407610911s ago: executing program 0 (id=2372): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x25, 0x1, 0x0) (async) r0 = socket(0x25, 0x1, 0x0) setsockopt$auto(r0, 0x116, 0x7f, 0x0, 0x400) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0xffffffff, &(0x7f0000000180)=@bpf_attr_5={@target_fd=r1, 0xffffffffffffffff, 0x40000008, 0x1ff, r1, @relative_id=0x2, 0xe600}, 0x2) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) (async) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1c, 0x1, 0x0, 0x0) (async) socketpair$auto(0x1c, 0x1, 0x0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyv1\x00', 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/usbip-vudc.0/udc/usbip-vudc.0/is_a_peripheral\x00', 0x100580, 0x0) read$auto(r3, &(0x7f00000000c0)='/\x91\xecsys/dfices/platfm/vhci_hcd.7/usb\fQ3{\x04\x7f23/23-0:1.0/ep_81/int\x00\x0fS\xe6x\x13\xbaCSJUkZ7\xcf\x9b-\xd7%\xae\x15\xf2\xd4\x93G\xf4\x9e.\xb52\xdd\x8e\x16>\x86Nl\x16\xeb', 0x3) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x8924, 0x0) (async) ioctl$auto_TCFLSH2(r2, 0x8924, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/loginuid\x00', 0x309c02, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/9/smp_affinity\x00', 0x129542, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/9/smp_affinity\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0x7) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0xc) 3.399557022s ago: executing program 2 (id=2373): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x228002, 0x0) r2 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/netdevsim/netdevsim1/health/break_health\x00', 0x2081, 0x0) r3 = semctl$auto_IPC_STAT(0x80, 0x7, 0x2, 0x800000000000) r4 = fcntl$auto_F_GETLK(r2, 0x5, r3) io_uring_register$auto(r1, 0x6355, &(0x7f00000000c0)="7474c05d53c028fb117f99ff6775a5974001f30a322c273701f34763bef461dad9f2e15a4879336c04446f67ab462b60ad8881419971655432a96de629b44d1bf477fe5bf50551e4cd721988f061730456435fafe369abcdd98722124b22c5ee2b85bc46849309a0671a1d2df748025ee9cfb545e207b580f7b1b78d4e6beb859d3e5006060a451c13370492219cbe6dacee4d4dd7e54b398b9b6a41bb6b83e8385973a08c7db7b0e4d335db8d1bff817cba5e9670364707d18baf95868873e4e9557b59343387f0225e72bc9a7c16d4ebf252d5bc4e2a24141c8cfcbaf780faa42f3bdf768efcdced52e73ce8a139e89588e01ff592bb98dc495384889f702b3475477adace28febcd90713816af2c9445f71b8b1475c2046b06e0fbd02b6c65b3befa868ad4fd525c9c5c3aa2dd61ae2daeafe9ef5496bd63761fc9df16cf47664891f972afddf65049fa1a85041a4475981fa6e026f3372997c7425e29284604e0ae812fa7e8d916704adbe5f8cf7a3dedaa1e8703654e7d0a93ded8d391b548e0932b9308af75afb63a8664538fcb52c4b89705ac6a91a228f05bb250b0bc512e3cdd1c458cd71e30ad4a9b8f3a833632b0ae3ec0c44a4cb42d1c4cff6cfbd157dddbded6b8cc3b41ace43c660512aa9613cc29ae8e76f2bf2b0972710dc9503d7ddbb9c8f151cab5d55c987c8f3cf62687ecc76e95e333c0e69fae5ce3bc52f5572d2aa6dcff835bb6ea8a12207505f46d7c0ab5ad711d9a62ed6589d8766320e61d30f057cfc9cc98587b39a7bbe69441ef941026019543dcc8549a07bedf74131b03384e2eb7621222ad0180796d7cea090cd075ef15c32fe8e36f6b51907b6d5bb96fd80b30c99e3e9ca7ad38654583d153a317f80d8cac2a21f3a66ea8439221a1cdc3b985638558319ede7a3d5cfa3a41f84bda1c8e18c5db4612d74b488418fc23f931c34ab7f672f29624f25c1c6367d91325493f555f76ea61f2df0a9b09eed8c745fc1f93919c62de09e725a5fe5726d633d7b41693a2f4bfd907bb0674707b6fc1f73be144c5694bccbe350aec306d51bb087ed18c14c70014c4202f5fc8327ce3169189b85fa674bf624c6c5a919b13f5aa7ca41f61b850c5cccb97a0a479c7c35849540aaec2c887ab908cab0fe331a998998847c08ad3eaaf949bbacf51defb30191256dbf323604ce1636c46bcc602b3efaaac29bfc4d7dde52a86fb8cbc437f970b36880ff3b158ac0681d17b74430211b56e6a091d50e75fdc1ea650f5749459c74ef783a1c40d483d8186387b373fa52d547f00d634b2df567cda1fee9c140698add9f58a886f6aff644fef6b22d98a8d062fab489b05a0dd3c1b50a22995841b3b584664afd07919220d541734409fee6c653e1826ea8a4138f706ac85ea124a7ae732c012adc0421c20db0d11fae79793958625aceaeb022731bd447febb5c96d0b5f4a464784ce6e108c8cb99743adc6a7bca2560730283b314a575f375760e07576cb0b6bd087b14f32e0ba828342d67bac9c28c5197c366401350c6f6df620b45fb7ca1137815329654502bc16a8c0b3cfaf7665941e8e0313bc595e6aca34be4a24dadc3b51254c98fdd9dde27460c0508666d24ec93782294b4e0faa6a30a801b4f3f5394f602ecc529ab861222be8ff428148106330b9c46732a941d7da65ff8a43a1ace8534d4ffef46f43ff7c0d35571b03dcb6a8d417eaabec67b929bdccd3bdd0997220ef2348bfb641ae3d3efea50cf362aacaefd10daca7c5e82ffb43a84573e4b4933142d0b91402d815b10a1a0b5b21e93e402a1cd05ca2ee0a963bab17f8f75e79f044e29daf310530577d422950e28ebd36e7c288d93ae54a2985c6997bbd3e7f62078e3f035deb13d5255fc2b66254f82cbf04d7e663c8084fc7794a6dc005aca3c5cc4d8b30fa0ae7c4747bea3097499596486b9435cef867287f01b2c1fea029271956d6028a3bfd1f1ff19663ec059f046c461331ed233398e821f75ef9d92ac3d2d3d797e23acb7bfc649880e40ec20dc782a3dac80e1f0c5f8f62ab7ca9fd8fd72b1243edf19a2ad75828cc33d3d009937e8b6a7a778c00e6afb70a6e9814485aecbda1d61322cb2dbb1daca82881e497ed097d90a5c0d0c2b25520e421036b183d51d52a5730d1886b14ca518ea31fdef4cfaca0b20b4b9279764a96291dbb4ce65ae9b90da5eec6b0b8c63369caa27e7821ca7c5d76cc1d12926a148c015e1c0318b7975a7841acb113ccf635760e9d78414dc8d2469537fd83088e85d339d10fcf8e076d8e657454356ff73769e845a7f344adf56a321acbf0b89ea7c6124fefbf41fc76b5197e7641dafd2ffa707650be36e2ffa2b81a7bd21e153b488fbefed9661868dfdfc1ad4b63956dda6fc03231ddb8a69a83360d9c19e40d74171073995c9b7bcdce82b51371398fcda9d93585ec88ac4bbef5a39389f1706ccde37150ffdb4ad81267c8ee7041e0b15f966a8717e27e14e7cf12e45d1cd6f4d48f505e3b9979a503620ad2b861adf56a9db17f29bf8056bb153a07fd1daedea2043e38bf28bde7525696563ce37a310857294e040376da799ca74a3af7228d135224c9dff7ab5c2bc910854d35046d0f0ac3d8f0e792ae20872095c850277846b7a18b296389ec60a0932f6c46cebfe00a3db2ad88ad99297d6d5b93e9e78c4c75f4e908750572ac5b6bae8f65d59f989b191aa48c25fc7ba2fa23705a5f3778bf89ae995ac824f28ad0ee271631ea5d67a552a16e5820491a2f7d4100393396ad4b632be8a06b0f0f104e236379a3bc82a4b9684502a43cd04587022152a6d700af38101875cb5bb09c178f9f8084d91406b33e131ed3c0445f27e8496ca494236df26952adea114c57a3d86beed4bc67332b1639b8860482c4b65f525f2dcc85b0056d2b49bb3e134e063bc0fdb862109fa8b336b4bede021da0b4c507c29be504cb14273631f834ba53f253790724f06b925a75c88c1ede1e31697e386f753c5ca903481874268babfaf7570337473b875e2bdb7ec57eea26ddb5956479fcc655176bbb3e8c6fda36338efda489fac4a7bf5565fbc19fcefdd5c30b6733ababa3d0a1ff0467a92cb6c719a5c06dc4f100d7776ba16d6ce01dd96cbce97bbb5d37236a0efccd949d5f9f64787a11794e9080112142d275cb0fd8ecdb399bf39c31e6b5eefa2c12b3122074221bd32d37bee62b0fcb3de5d782ba2cbad81043c7ed6ccba6e2ee956d8fb2bd4623dc74c6654bbb1fed21101ee87187e5dff5e530008fc691f77718c9a645efdf2008f7021b9c8e196708b0d1a6d7f7bc3dbb9bd3619f73fe0ec716a6f09df2a5866759067c2cbd924c2df11b290770c9485d96755e973bd41acbee19a0d6930763a2fd36bb8658939ec399508399089625a54b85744686d9c2d12c153053c12fd66cc12614692ad285a8291724613ab18ab7dc1f8e77b6f0b2178aa0444b0ac778763e7f84a4b844ad24fec9c28f17411e1725767c2a4b0148020df01f8a103b6cd975f90fe4bc07a8264b01f8e3795bf4b6976e27a90516a3ef3de1798f3eb26ac2370cb6d672dbdb75cf1ce6827ad3699482b6d65830e334bdc8b6b5b9c06ea53587f92a9ecb23c73c08c4eac0c2e679ca79b03981245b8aec30305d1bd501898c7899e968c4d93634475e40a8674285f719a64a2bb4f3d4b2b94cf93667883116df9286afb282d1cf1b65ced8e76f5a1a9ac708e57f5b7c5d7a58bef1635fadf4b4c99064c0e46a1f5ea2cff038f2253028ad3c28a1a24eccd6d756cf6a064e97b5eb2e377d3b98a0d339c5f518d8f27251d5f1288061148decd36b16c4b3c8afb837b1e8ed7f8cd0e5a8e1adb93326eda29b1887fcd0b8c3a09ab4b9d61a786552acc4a805b9d6c6ec34ddd52f74a5699fdb007b9fea941800713587e11dd5ff8b3f1d8d0ef0d833be2bb73c8aa5f6166deaed68d57743749285d400384b312e85839e5db3d240a1ade6802266b9da5082bf2c849dc7e16bd958545f493d07f3091a404ab2672df0a7301939f70ead7d28ba80af57cef558f7697ec4da8315b32ed88c653b7031ba9a3bf715e14f9874deccff5246a571773c9b287c2f0b3bcee0f002b3f55c8c9c7c52ca46e733559324b54966f6c85b72e8f4f8bfdf590b2c324449ca3208ab0fae8dbf5e7ba7c1ea6b277a92257c02af47d3d7b8aaaf304b78cdf2aecadc8f159905dadbe00d015f1506deedcd083b6aea967f74b52ce624146e11711b8b9452243433cd500bcfc3eac6e34b81c88af2ec2c88af04f5d1768fa4343b5e2592bd2f24e270396bd5b20f19b6c48dc10862d3f266b1f3f31c3495e28fa5ad829c324e6504fb41465256a501bdd95f0bd45e91bd70a05dd38350599293d88c45ee3c7dc23bddab4de3af5130b3456156565bd210bf47fc61d0d489df90f37b2334c465ddfbe9983427a86a0520cd58703dfa614ff5c7848675207df95bca861dd17a4c276beb6298c5a58f2a81271f7048bcdcc97eaf4860cfde3d1e2e1e303d0ca2c1299d5ff2654014d27c600ebe06cb644ca7b416d6bcbe917cf1c73d25074b1e0506acbf17f4b9cb0271a371fa3729f97e48074e3b9e01b618b56b9fc227278a1dba86b876da6d0ed15086c3136a587b298af39dc3ae9375af08fe50871a696e3ca211a177f768234c70dcc49c72a38f809a4ba723f21b8df9b0f2a4340a91fe0bb5a02ff52ae0cedfbe7a7c7666464cccf31eeb15c9bbb50369a9b38335d2c0837f829025033d232b5a1e33c3205deeada34a2ceb813d7ede7ecdc246398a0487995d49fdf2884ecf7738766acea7d74a39ee2424d962ad3c0852e4af9911dbd0f1725c815ee707ef9a8df9826779aac29076a5186a9bdebfcf75339e3d70fffce60365bde5ede898bdbd75dd3585f41c3fee77e318187eed6ee1ab7effc155a043bda5666f318d6e6c540dd2968e87b92d82dbba53b3aacb0535a8de86d3965c388eee819121267b522c62682d9a007f066a66018206af531b1ac8cbce6a0708d8d97f4585890e9d19ab23dc89b9a132146abc40b832d0f14f1f97912b984c856b762ba425413084c89ebfac7f658c848b3a554cdb5f052cf12f86081ab87a80f0c07ef6d58d968bf6b52b8c1e38beed1c1e87860689ccc76f956c5965dd8d1390137388b1333c8895434b835eac6e06ee4b514d0a271e314f1ce5f906f0f63c5f252f7a873007bee9d1b1e083f7a39941a1d03014af309a83631a4f6093e77d0e6e21f30c09ed1f7314d689e4995310ac3e0fd78eca77c829b138a911f9ebd2082986ac0ac082741e2c3a1bbcea22a5961b322bdb9faf86ba36da2bb400caaf1518e5748ff932c54c3c45291743a06fcae7d75f416f5e4499605c9f64d06b3a1c666ccb5196d92bc329d8cf9732b6aeccffa02bf426f6006456d03b27a7ceb7eec382b10a834552a4b119decb2506848cb9a1b9b5eb69e5f06860d6d40973371b33b13fa9ea2055b3b442f06095e1f5749e841d8a5b2caf8a573c45e57c75610ecd968eee39c63da43431ef0ce56e175f373775a44f3cfd7b398746254cb823a70e408c2dd8f6dcabcb934c4f43cde95b4a4ae9264c3371589d64e7c3448b232bd1c6e37d37da9aa8b7363a9d4f419ab72b59a3207ae86bdd355b1013f920ec6de62bf25fdd89eef0902bf750e93425b03c5e501eb7fc8ad6f2cbd32d88cb2417f29c9112d37f3a04b3b941a55ed36b25ba3150006eb9023a7fca82aa073086733095cd3d39f81bf21f4d921568ec9b188", 0x6) mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) r5 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001140)={'pimreg\x00'}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000001180)={'macsec0\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000011c0)={'macsec0\x00'}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001200)={'wg2\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r6) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) prctl$auto(0x2, 0x80000000000005, 0x4, 0x5, 0xe99) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0) setitimer$auto(0x2, 0x0, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) mmap$auto(0xfffffffffffffffd, 0x20009, 0x4000000000df, 0x11, 0x401, 0x8000) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r8 = openat$auto_objects_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x103600, 0x0) read$auto(r8, &(0x7f0000000000)='){}$-$\x00', 0x10000) 3.274545604s ago: executing program 1 (id=2374): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) prctl$auto(0x1000000003b, 0xb, 0x4, 0x3, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x40000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0x11, 0x80003, 0x300) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x0, 0x9, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4018aee3, 0x0) socket(0x11, 0x80003, 0x300) openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/apparmor/exec\x00', 0x8002, 0x0) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/options/blk_cgname\x00', 0x40000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/card0/dummy_pcm\x00', 0x141401, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x442242, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1942, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_TCFLSH2(r2, 0x5411, 0x0) 3.007693031s ago: executing program 0 (id=2375): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/workqueue/scsi_tmf_0/max_active\x00', 0x123902, 0x0) syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000000), 0xffffffffffffffff) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x141241, 0x0) mq_open$auto(0x0, 0x40, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 2.825409341s ago: executing program 2 (id=2376): userfaultfd$auto(0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi0\x00', 0x80800, 0x0) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000006380), 0x1, 0x0) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x38, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x2}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x1a, 0xbe, "e8ddb304466d5e18d3b985b8493ddc0e6486afb17731"}]}, 0x38}, 0x1, 0x0, 0x0, 0x850}, 0x4850) r1 = socket(0x10, 0x2, 0xc) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000002c0), 0xffffffffffffffff) socket(0x2b, 0x6, 0x5) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x71, r2, 0x10, 0x70bd2c, 0x25dfdbfb, {0xa, 0x0, 0xa00}, [@CTRL_ATTR_OP={0x8, 0xa, 0x5}, @CTRL_ATTR_FAMILY_ID={0x0, 0x1, 0x6}]}, 0xf8}}, 0x10004010) writev$auto(r0, 0x0, 0x1ff) mmap$auto(0x0, 0x80000000, 0x80000000, 0x9b76, 0x7, 0x28001) write$auto(0x3, 0x0, 0x7fffffff) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) prctl$auto(0x23, 0x5, 0x2008, 0x0, 0x0) r3 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r3, &(0x7f00000000c0)=""/4096, 0x1000) 2.696558399s ago: executing program 0 (id=2377): mmap$auto(0x0, 0x2020009, 0xfffffffffffffff7, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) unshare$auto(0x200) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video0\x00', 0x0, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00') setns(r0, 0x0) (async) mount$auto(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x100000, 0x0) syz_clone(0x14220000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) (async) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x3, 0x0) umount2$auto(&(0x7f0000000080)='.\x00', 0xa) set_mempolicy_home_node$auto(0x1000, 0x4, 0xd4c3, 0x0) (async) close_range$auto(0xffffffffffffffff, 0xfffffffffffff000, 0x2) (async) socket$nl_generic(0x10, 0x3, 0x10) r1 = io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0x3, 0x1, 0x82400001, 0x0, 0x0, 0x18) mmap$auto(0x2000000000000, 0x9, 0xdf, 0x1000000eb1, r1, 0x8000) (async) socket(0x25, 0x5, 0x0) (async) recvfrom$auto(0xffffffffffffffff, 0x0, 0x800000000e, 0xfd, 0x0, 0xfffffffffffffffd) (async) io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) (async) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x6, 0x4000000000df, 0xeb1, 0x400, 0x8000) socket(0xa, 0x3, 0x100) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) eventfd$auto(0x3) 2.419507793s ago: executing program 0 (id=2378): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0) setitimer$auto(0x2, &(0x7f0000000000)={{0x8000, 0x6}, {0xa4b, 0x6}}, 0x0) r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f00000000c0), 0x108881, 0x0) ioctl$auto_TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000940)=0x3) write$auto(r0, &(0x7f0000000180)='/dvo/kvm\x00', 0x20) io_uring_setup$auto(0x0, &(0x7f0000000000)={0x8, 0x66, 0x2, 0x14, 0x4, 0x4, 0xffffffffffffffff, [0x0, 0x34, 0x7fffffff], {0x101, 0x6, 0x4355, 0x80000000, 0xa5, 0x800, 0xb, 0x6, 0x5}, {0xfffffc00, 0x6, 0x0, 0x401, 0x8, 0x8, 0x0, 0x7, 0x6}}) lstat$auto(&(0x7f0000000000)='./file1\x00', 0x0) r1 = socket(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010026bd7000080000000000d0e14479a1f91413ef65d28a31e4ade75a353990e722e3b2f2396cfc5bb1f65211c480e22eddeb93764077942927d5bfb365cd8f2c68bd4f43c1c0cfc4b561953d69c5500c1ec9ef9c6c73556d5bb3b46a67fe86f5b07bffe8e89887951b07cc8a876da3994bf2c2937c4e3656adeebd5d140aab66e30a5233b1e692a2a821834ee25abef7a186e680ffdd8c32cd22577d7c6d0aceb4faf3b99e0a818b83d6765fa920192140cf0c1b8164086dab64459875d86516823e37325b5f74eb575656543fa200801eb7c0c3"], 0x14}, 0x1, 0x0, 0x0, 0x4008841}, 0x884) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'team_slave_1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r3, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}}, 0x20044000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x103, 0x0) 2.317859431s ago: executing program 1 (id=2379): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x2, 0x0, 0x0) sendmsg$auto_IOAM6_CMD_DUMP_SCHEMAS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8d0}, 0x800) r1 = open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0x538, 0x80, 0x10000, 0x0, r1, 0x1000, "72fea04183dce563f03f2a25077b3383", 0x0, r1, 0x4, 0x6, 0x101, 0x1, r1}, 0x6f3) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs4\x00', 0x200, &(0x7f00000001c0)) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r2 = socket(0x29, 0x2, 0x0) unshare$auto(0x40000080) recvmmsg$auto(0x3, 0x0, 0x687bcbd, 0x8, 0x0) unshare$auto(0x40000080) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r3) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='%\a\x00\x00', @ANYRES16=r4, @ANYBLOB="010329bd7000fedbdf250c000000"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8000) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r5, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socket(0xa, 0x1, 0x1) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) close_range$auto(0x2, 0x8000, 0x0) ioctl$auto(r2, 0x89ff, 0x24) 2.072857257s ago: executing program 3 (id=2380): r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000300), 0x161080, 0x0) socket(0x2b, 0x1, 0x1) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdds\x1cJ\x99\x00:2\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) mprotect$auto(0x4852c750, 0x10, 0x2f) close_range$auto(0x0, 0xfffffffffffff000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_CQM(r4, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f00000017c0)={0x40, r3, 0x181, 0x70bd25, 0x25dfdbfb, {}, [@NL80211_ATTR_BEACON_HEAD={0x29, 0xe, "8bfa17e0acc74ae55238c615d33bc7e1444386f103d4609366980c7c4195f5f93304cab47a"}]}, 0x40}, 0x1, 0x0, 0x0, 0x4c815}, 0x40000) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1c, r2, 0x305, 0x70bd23, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8008}, 0x4000040) bpf$auto(0x0, &(0x7f0000000340)=@bpf_attr_1={r5, 0x7, @value, 0x6}, 0x6f3) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) bpf$auto(0x19, &(0x7f0000000100)=@prog_bind_map={0xffffffffffffffff, r0, 0xfe5}, 0x10001) ioctl$auto(0x3, 0xffffffff40088a01, 0xffffffffffffffff) 1.965787236s ago: executing program 2 (id=2381): get_mempolicy$auto(0x0, &(0x7f0000000140)=0x1, 0x2, 0x86, 0x9) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_4={0x1e, 0x4, 0x7fffffff, 0x8}, 0x6f4) open(&(0x7f0000000800)='./file0\x00', 0x2e2c2, 0x1ec) socket(0xa, 0x3, 0x3c) mknod$auto(&(0x7f00000003c0)='./file0\x00', 0x9, 0x9) mount$auto(&(0x7f0000000000)='veth0_macvtap\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='nfs\x00', 0x1, &(0x7f0000000340)) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x40000000000a5, 0x18000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0xb}, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'pimreg\x00'}) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.6/usb7/power/wakeup_expire_count\x00', 0x8000, 0x0) fsconfig$auto_EROFS_MOUNT_DAX_NEVER(r1, 0x4, &(0x7f00000001c0)=',\xdf#\x00', &(0x7f0000000200)="a4beba24522050cfc154926f6fa1a06602dc0713457d9b6ea70a772bd9eb64813d03a70653a41105826b44c8bd28f8361453502715b9ffc9fa41cb068e7141fe593677b25b4713133481282d88728b5ee21890357f63ee00aa634f3866f6728e9721dce7159bf267217512061987c8de65b399521d75b5081a888900a350f8dd9aa45725f213a49c0b48b3", 0x80) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000300)=""/210, 0xd2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/ptp/ptp0/n_vclocks\x00', 0x22100, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r3 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/kfence/stats\x00', 0x100, 0x0) pread64$auto(r3, 0x0, 0x2, 0x3) listxattr$auto(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='/syi\x0ft:\xf8\xac\xa5,\xbe\x00\x00\x00\x00kUrnel/debug/ieee80211/phy0\x00reset\x00\xaf\xa379\xb2\xf5\xfa\xe9\x04\xba`\xcf\xf2:\x93#o\xccD\x9d\xf6\xf4\xc6+D\x92-\xa1p\xf2', 0x9) 1.783285863s ago: executing program 0 (id=2382): socket(0x15, 0x5, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x60641, 0x0) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x2000020009, 0xdf, 0xebf, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) execve$auto(0x0, 0x0, 0x0) mmap$auto(0x2, 0x400008, 0xdf, 0x10, r0, 0xe49e) ioctl$auto(0x3, 0xc040563d, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x7, &(0x7f0000000000)={@sival_int=0x88, @inferred, 0x4, @_tid}, 0x0) mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_vdpa(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_ADD_NAMESPACE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=ANY=[@ANYBLOB="14bd05a0161380ffffffffff42dc065c80a9104e3b9575fa4f55be1f9337ba63b1a939a7eb2c93820b5ea09dff8750a80000000000000000", @ANYRES16=r2, @ANYBLOB="01002cbd7000fddbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x8840) io_uring_register$auto(0x2, 0x14, 0x0, 0x7) io_uring_register$auto(0x2, 0x18, &(0x7f0000000000), 0x1) capget$auto(0x0, 0xfffffffffffffffe) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0xfdf3, 0x39) capset$auto(0x0, &(0x7f0000000180)={0x1, 0xb, 0x6}) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r3, 0x4b68, 0xffffffffffffffff) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) pwrite64$auto(0xffffffffffffffff, 0x0, 0x0, 0xe950eaf) 1.759846406s ago: executing program 3 (id=2383): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000100), 0xffffffffffffffff) ioperm$auto(0xde, 0x9, 0x100402) brk$auto(0xfff) sendmsg$auto_HANDSHAKE_CMD_ACCEPT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x14, r1, 0x7904a4a47fe859c7, 0x70bd22, 0x25dfdbfc}, 0x14}}, 0x40810) r2 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFC_CMD_START_POLL(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x1f0, r2, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, 0x9}, @NFC_ATTR_VENDOR_DATA={0xeb, 0x1f, "5bd9f9fee6b3f6611f7d93a2566f658595a08e9e31a9533d4ea5afaa7c6dc039060f340747d5d5d3d251458ad4bf2382ad9e3696c31fd0178f97c8674519d81d539459df518ac153903d7340f730601fdf47e5fb886ae3b9f9d3564bfc6325b579bc3a6d29bd6ce469d4783b891397edd7c0c48230012907d9e601182da630c7b233462b075b6d9019a173826b3db487d586340aa0c68a4a12525f582db5bc0b04255e5bed39949fefac4546a105879850827930866802c57453d80c408a7accb3abc252a914c0d71b7fd1e95fa5c9f16023fd0775ddb6047f547804556be89f93a265860f8a07"}, @NFC_ATTR_SE_APDU={0xd8, 0x19, "ab466fde3903ebebba07b079a7eada9755a944977b797f0650e555764e328fc99d1fe3e878cfd48369f2b55c630b831d4c8cc9c48f56751bc67ae54889b3b4918c9575b9d2da1b769a2104ab5735bc254ec09b5c6fe0f8d3d7b62634da5cac13d0817f35aaeb30b513edf6869d886a3b6681dd1558a632437f106727dbd2f6035309d788e336e79f3d925826176e438368434fc09285216e202fcb4dd4c6f8d677b66e0ffbb482b25ccaa2d1482b60cebe91613d211a139ce4215804176d20e1c2f3433064c621078868ac513927dca3e85adf01"}, @NFC_ATTR_IM_PROTOCOLS={0x8, 0xd, 0x2}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x5}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x1}, 0x20000081) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) pkey_free$auto(0xfffffffd) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) 1.083799129s ago: executing program 1 (id=2384): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/loop13/queue/max_sectors_kb\x00', 0x109206, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)='-', 0x1) madvise$auto(0x0, 0xffffffffffff0001, 0x15) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) 632.982883ms ago: executing program 1 (id=2385): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) socket(0x2, 0x6, 0x0) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/stat\x00', 0x80800, 0x0) read$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000080)=""/4096, 0x1000) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x4, 0x0) mlock$auto(0x7c89, 0x47fff) timer_create$auto(0x9, 0x0, 0x0) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000000), r0) io_uring_setup$auto(0x6, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8002, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x101080, 0x0) read$auto_snd_rawmidi_f_ops_rawmidi(r2, &(0x7f0000000080)=""/45, 0x2d) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x80180, 0x0) close_range$auto(0x2, 0x8, 0x0) msync$auto(0x80000000, 0x0, 0x7) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x500, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) clone$auto(0x8000000000000004, 0x4, 0x0, 0x0, 0xdd6) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x18000, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x403c6f2b, 0x0) ioctl$auto(0xffffffffffffffff, 0x7ffd, 0x10000000000402) 509.9524ms ago: executing program 3 (id=2386): mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) connect$auto(0x3, 0x0, 0x57) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) timer_create$auto(0xfffffffd, 0x0, 0x0) timer_settime$auto(0x0, 0x803, &(0x7f00000000c0)={{0x8, 0x8}, {0x9, 0x37}}, 0x0) timer_gettime$auto(0x0, 0x0) io_uring_setup$auto(0x3ff, 0x0) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) write$auto(0x3, 0x0, 0xfffffdef) setsockopt$auto(0xffffffffffffffff, 0x4, 0x8001, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0x9f, 0x9b72, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0x9b6, 0x8000000008011, 0x20000000000003, 0x8000) syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0x20200, 0x15) 0s ago: executing program 1 (id=2387): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) r1 = getpid() r2 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/mem\x00', 0x2001, 0x0) lseek$auto(r2, 0x8001, 0x4) setreuid$auto(0x0, 0x0) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) syz_open_procfs$namespace(r1, &(0x7f0000000000)='ns/ipc\x00') r3 = fcntl$auto(r0, 0x402, 0x2) r4 = open(&(0x7f0000000800)='./file0\x00', 0xc2fc0, 0x174) execveat$auto(r4, &(0x7f0000000200)='\x00', 0x0, 0x0, 0x1000) r5 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'team_slave_1\x00', 0x0}) bind$auto(r2, &(0x7f0000000140)=@xdp={0x2c, 0x4, r6, 0x1e}, 0x8) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dmmidi2\x00', 0x1, 0x0) write$auto(r7, 0x0, 0xa3d9) ioctl$auto(0x3, 0x40044d0e, 0x38) ioctl$auto_VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000040)=r5) r9 = openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/hci1/force_wakeup\x00', 0x101200, 0x0) read$auto_force_wakeup_fops_hci_vhci(r9, 0x0, 0x0) vmsplice$auto(r8, &(0x7f00000000c0)={&(0x7f0000000080), 0x32}, 0x5, 0x3) fcntl$auto(r0, 0x402, 0x400000fffffffd) kernel console output (not intermixed with test programs): hci2: unexpected cc 0x0c38 length: 249 > 2 [ 69.568153][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 69.577318][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.869954][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 69.989652][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 70.035337][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.043480][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.051477][ T5829] bridge_slave_0: entered allmulticast mode [ 70.059099][ T5829] bridge_slave_0: entered promiscuous mode [ 70.068437][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.075606][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.082809][ T5829] bridge_slave_1: entered allmulticast mode [ 70.089784][ T5829] bridge_slave_1: entered promiscuous mode [ 70.104395][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 70.163057][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.195640][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.275312][ T5829] team0: Port device team_slave_0 added [ 70.281389][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.289857][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.297160][ T5828] bridge_slave_0: entered allmulticast mode [ 70.303757][ T5828] bridge_slave_0: entered promiscuous mode [ 70.313578][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.320740][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.327996][ T5828] bridge_slave_1: entered allmulticast mode [ 70.335207][ T5828] bridge_slave_1: entered promiscuous mode [ 70.346408][ T5829] team0: Port device team_slave_1 added [ 70.360123][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 70.390552][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.398002][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.405608][ T5831] bridge_slave_0: entered allmulticast mode [ 70.412210][ T5831] bridge_slave_0: entered promiscuous mode [ 70.438228][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.447912][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.474661][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.486697][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.493884][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.501275][ T5831] bridge_slave_1: entered allmulticast mode [ 70.508021][ T5831] bridge_slave_1: entered promiscuous mode [ 70.528963][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.540520][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.550870][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.557875][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.583813][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.639086][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.651405][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.672489][ T5828] team0: Port device team_slave_0 added [ 70.705133][ T5828] team0: Port device team_slave_1 added [ 70.722911][ T5831] team0: Port device team_slave_0 added [ 70.732809][ T5829] hsr_slave_0: entered promiscuous mode [ 70.739605][ T5829] hsr_slave_1: entered promiscuous mode [ 70.770303][ T5831] team0: Port device team_slave_1 added [ 70.786186][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.793207][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.819512][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.832458][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.840031][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.866431][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.877997][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.886288][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.893641][ T5830] bridge_slave_0: entered allmulticast mode [ 70.900561][ T5830] bridge_slave_0: entered promiscuous mode [ 70.909374][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.917058][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.924463][ T5830] bridge_slave_1: entered allmulticast mode [ 70.931028][ T5830] bridge_slave_1: entered promiscuous mode [ 70.946917][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.954045][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.980198][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.030804][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.039186][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.065683][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.092285][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.120586][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.173802][ T5828] hsr_slave_0: entered promiscuous mode [ 71.180654][ T5828] hsr_slave_1: entered promiscuous mode [ 71.187529][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.196770][ T5828] Cannot create hsr debugfs directory [ 71.219571][ T5830] team0: Port device team_slave_0 added [ 71.228092][ T5830] team0: Port device team_slave_1 added [ 71.246814][ T5831] hsr_slave_0: entered promiscuous mode [ 71.252926][ T5831] hsr_slave_1: entered promiscuous mode [ 71.259668][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.267474][ T5831] Cannot create hsr debugfs directory [ 71.309538][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.316803][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.344298][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.382372][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.389636][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.416323][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.557120][ T5830] hsr_slave_0: entered promiscuous mode [ 71.563336][ T5830] hsr_slave_1: entered promiscuous mode [ 71.569448][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.577096][ T5830] Cannot create hsr debugfs directory [ 71.605498][ T5835] Bluetooth: hci3: command tx timeout [ 71.605501][ T53] Bluetooth: hci1: command tx timeout [ 71.614118][ T53] Bluetooth: hci2: command tx timeout [ 71.617505][ T5835] Bluetooth: hci0: command tx timeout [ 71.652793][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.665662][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.686895][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.711224][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.759919][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.771437][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.778023][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.808426][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.832839][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.842246][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.885499][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.917708][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.931760][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.943666][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 72.003058][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 72.032603][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 72.043121][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 72.053338][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 72.142161][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.168566][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.206259][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.222934][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.239679][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.247027][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.271209][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.278373][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.289540][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.296661][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.322236][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.329496][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.388760][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.420895][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.469572][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.507084][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.529320][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.536475][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.569442][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.576570][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.628555][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.635714][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.662696][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.669887][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.719965][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.762311][ T5830] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 72.775266][ T5830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.863057][ T5828] veth0_vlan: entered promiscuous mode [ 72.892480][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.912668][ T5828] veth1_vlan: entered promiscuous mode [ 72.980895][ T5828] veth0_macvtap: entered promiscuous mode [ 73.017258][ T5828] veth1_macvtap: entered promiscuous mode [ 73.045993][ T5829] veth0_vlan: entered promiscuous mode [ 73.069178][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.092274][ T5829] veth1_vlan: entered promiscuous mode [ 73.107856][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.133777][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.153596][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.163662][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.172531][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.181870][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.228698][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.258458][ T5829] veth0_macvtap: entered promiscuous mode [ 73.271609][ T5829] veth1_macvtap: entered promiscuous mode [ 73.321607][ T765] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.341283][ T5831] veth0_vlan: entered promiscuous mode [ 73.350149][ T765] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.372297][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.388660][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.400447][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.436073][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.447362][ T5830] veth0_vlan: entered promiscuous mode [ 73.456614][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.457573][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.481502][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.492500][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.501366][ T5831] veth1_vlan: entered promiscuous mode [ 73.518422][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.527605][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.537575][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.548197][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.569427][ T5830] veth1_vlan: entered promiscuous mode [ 73.603575][ T5831] veth0_macvtap: entered promiscuous mode [ 73.626520][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 73.628547][ T5831] veth1_macvtap: entered promiscuous mode [ 73.686239][ T5835] Bluetooth: hci2: command tx timeout [ 73.686358][ T53] Bluetooth: hci3: command tx timeout [ 73.691746][ T5835] Bluetooth: hci1: command tx timeout [ 73.697337][ T5840] Bluetooth: hci0: command tx timeout [ 73.743462][ T5830] veth0_macvtap: entered promiscuous mode [ 73.777049][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.788542][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.800021][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.810924][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.823363][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.849803][ T5830] veth1_macvtap: entered promiscuous mode [ 73.863341][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.876600][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.887067][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.898152][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.909828][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.937074][ T5831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.937139][ T5831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.937179][ T5831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.937210][ T5831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.954334][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.954377][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.972535][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.972561][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.972574][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.972588][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.972598][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.972613][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.973550][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.106225][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.106248][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.106258][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.106270][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.106280][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.106301][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.107437][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.162495][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.198046][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.198086][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.198128][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.207916][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.207940][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.323279][ T2995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.377331][ T2995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.390338][ T5896] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 74.439021][ T3016] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.460727][ T3016] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.499813][ T2995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.512698][ T2995] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.567727][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.600349][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.810695][ T5902] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 75.637523][ T5918] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 75.765451][ T5835] Bluetooth: hci3: command tx timeout [ 75.769489][ T53] Bluetooth: hci0: command tx timeout [ 75.772024][ T5835] Bluetooth: hci2: command tx timeout [ 75.776868][ T5837] Bluetooth: hci1: command tx timeout [ 76.640674][ T5940] tipc: Started in network mode [ 76.649854][ T5940] tipc: Node identity ee00, cluster identity 4711 [ 76.674051][ T5940] tipc: Node number set to 60928 [ 77.075267][ T5952] sp0: Synchronizing with TNC [ 77.452527][ T5958] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 77.845712][ T5837] Bluetooth: hci2: command tx timeout [ 77.851187][ T5837] Bluetooth: hci1: command tx timeout [ 77.856883][ T53] Bluetooth: hci3: command tx timeout [ 77.862320][ T53] Bluetooth: hci0: command tx timeout [ 78.863290][ T5986] tipc: Started in network mode [ 78.891582][ T5986] tipc: Node identity ee00, cluster identity 4711 [ 78.911789][ T5986] tipc: Node number set to 60928 [ 78.960883][ T5984] Zero length message leads to an empty skb [ 84.239405][ T6059] netlink: 334 bytes leftover after parsing attributes in process `syz.3.41'. [ 84.647627][ T6073] netlink: 20 bytes leftover after parsing attributes in process `syz.0.42'. [ 86.327260][ T6097] netlink: 28 bytes leftover after parsing attributes in process `syz.3.48'. [ 86.835066][ T6111] mmap: syz.1.51 (6111) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 87.135130][ T9] cfg80211: failed to load regulatory.db [ 89.950600][ T6150] netlink: 20 bytes leftover after parsing attributes in process `syz.2.61'. [ 90.492536][ T6153] netlink: 32 bytes leftover after parsing attributes in process `syz.0.63'. [ 91.859461][ T6182] netlink: 28 bytes leftover after parsing attributes in process `syz.0.70'. [ 92.309403][ T6182] syz.0.70 (6182) used greatest stack depth: 20816 bytes left [ 92.676380][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.685314][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.695279][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.928699][ T6201] netlink: 4 bytes leftover after parsing attributes in process `syz.1.76'. [ 92.938530][ T6201] process 'syz.1.76' launched ':,' with NULL argv: empty string added [ 93.895751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.737484][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.806533][ T6226] FAULT_INJECTION: forcing a failure. [ 94.806533][ T6226] name failslab, interval 1, probability 0, space 0, times 1 [ 94.969261][ T6226] CPU: 1 UID: 0 PID: 6226 Comm: syz.1.83 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 94.969295][ T6226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 94.969311][ T6226] Call Trace: [ 94.969318][ T6226] [ 94.969327][ T6226] dump_stack_lvl+0x16c/0x1f0 [ 94.969367][ T6226] should_fail_ex+0x497/0x5b0 [ 94.969399][ T6226] ? fs_reclaim_acquire+0xae/0x150 [ 94.969430][ T6226] should_failslab+0xc2/0x120 [ 94.969453][ T6226] kmem_cache_alloc_lru_noprof+0x73/0x3b0 [ 94.969487][ T6226] ? __d_alloc+0x35/0x8c0 [ 94.969512][ T6226] __d_alloc+0x35/0x8c0 [ 94.969536][ T6226] d_alloc_pseudo+0x1c/0xc0 [ 94.969562][ T6226] alloc_file_pseudo+0xd2/0x200 [ 94.969586][ T6226] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 94.969623][ T6226] ? shmem_get_inode+0x737/0xf00 [ 94.969653][ T6226] __shmem_file_setup+0x210/0x300 [ 94.969682][ T6226] shmem_zero_setup+0x93/0x1b0 [ 94.969715][ T6226] __mmap_region+0x2025/0x2760 [ 94.969740][ T6226] ? __pfx___mmap_region+0x10/0x10 [ 94.969760][ T6226] ? hlock_class+0x4e/0x130 [ 94.969788][ T6226] ? mark_lock+0xb5/0xc60 [ 94.969830][ T6226] ? stack_depot_save_flags+0x28/0x9e0 [ 94.969862][ T6226] ? __lock_acquire+0xcc5/0x3c40 [ 94.969925][ T6226] ? mm_get_unmapped_area+0x95/0xe0 [ 94.969958][ T6226] ? shmem_get_unmapped_area+0x183/0xa20 [ 94.969980][ T6226] ? cap_mmap_addr+0x53/0x320 [ 94.970007][ T6226] mmap_region+0x127/0x320 [ 94.970043][ T6226] do_mmap+0xa09/0x1050 [ 94.970079][ T6226] vm_mmap_pgoff+0x203/0x3a0 [ 94.970115][ T6226] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 94.970158][ T6226] ksys_mmap_pgoff+0x7d/0x5c0 [ 94.970183][ T6226] ? rcu_is_watching+0x12/0xc0 [ 94.970217][ T6226] __x64_sys_mmap+0x125/0x190 [ 94.970246][ T6226] do_syscall_64+0xcd/0x250 [ 94.970272][ T6226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.970297][ T6226] RIP: 0033:0x7fdf5ab8cd29 [ 94.970315][ T6226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.970336][ T6226] RSP: 002b:00007fdf5ba5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 94.970358][ T6226] RAX: ffffffffffffffda RBX: 00007fdf5ada5fa0 RCX: 00007fdf5ab8cd29 [ 94.970373][ T6226] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 94.970385][ T6226] RBP: 00007fdf5ac0e2a0 R08: fffffffffffffffa R09: 0000000000008000 [ 94.970404][ T6226] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 94.970417][ T6226] R13: 0000000000000000 R14: 00007fdf5ada5fa0 R15: 00007ffdb300cd98 [ 94.970447][ T6226] [ 95.230300][ C1] vkms_vblank_simulate: vblank timer overrun [ 95.661303][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.670376][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.712540][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.279271][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.370466][ T6248] svc: failed to register nfsdv3 RPC service (errno 111). [ 96.397198][ T6248] svc: failed to register nfsaclv3 RPC service (errno 111). [ 96.891265][ T6246] svc: failed to register nfsdv3 RPC service (errno 111). [ 96.932753][ T6246] svc: failed to register nfsaclv3 RPC service (errno 111). [ 97.558845][ T6255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.89'. [ 97.633917][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.864390][ T6271] netlink: 504 bytes leftover after parsing attributes in process `syz.1.94'. [ 99.933886][ T6285] bridge0: port 3(bond0) entered blocking state [ 99.942918][ T6285] bridge0: port 3(bond0) entered disabled state [ 99.952658][ T6285] bond0: entered allmulticast mode [ 99.957784][ T6285] bond_slave_0: entered allmulticast mode [ 99.971587][ T6285] bond_slave_1: entered allmulticast mode [ 100.000322][ T6285] bond0: entered promiscuous mode [ 100.009744][ T6285] bond_slave_0: entered promiscuous mode [ 100.027827][ T6285] bond_slave_1: entered promiscuous mode [ 100.040634][ T6285] bridge0: port 3(bond0) entered blocking state [ 100.047153][ T6285] bridge0: port 3(bond0) entered forwarding state [ 100.056689][ T29] audit: type=1800 audit(1737617197.326:2): pid=6286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.96" name="lu_gp_id" dev="configfs" ino=9374 res=0 errno=0 [ 105.187558][ T6386] syz.2.115 uses obsolete (PF_INET,SOCK_PACKET) [ 105.275468][ T6389] netlink: 24 bytes leftover after parsing attributes in process `syz.0.121'. [ 105.932651][ T6404] netlink: 322 bytes leftover after parsing attributes in process `syz.0.117'. [ 107.605428][ T6439] ======================================================= [ 107.605428][ T6439] WARNING: The mand mount option has been deprecated and [ 107.605428][ T6439] and is ignored by this kernel. Remove the mand [ 107.605428][ T6439] option from the mount to silence this warning. [ 107.605428][ T6439] ======================================================= [ 109.161595][ T6471] block nbd0: not configured, cannot reconfigure [ 109.600553][ T6487] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[6487] [ 109.731803][ T6485] usb usb15: usbfs: process 6485 (syz.3.137) did not claim interface 0 before use [ 109.785254][ T6485] netlink: 40 bytes leftover after parsing attributes in process `syz.3.137'. [ 112.274439][ T6535] netlink: zone id is out of range [ 112.310071][ T6535] netlink: zone id is out of range [ 112.328708][ T6537] Process accounting resumed [ 112.335336][ T6535] netlink: zone id is out of range [ 112.340491][ T6535] netlink: zone id is out of range [ 112.386083][ T6535] netlink: zone id is out of range [ 112.391330][ T6535] netlink: zone id is out of range [ 112.445175][ T6535] netlink: zone id is out of range [ 112.450348][ T6535] netlink: zone id is out of range [ 112.465225][ T6535] netlink: zone id is out of range [ 112.470385][ T6535] netlink: zone id is out of range [ 113.104287][ T6544] netlink: 28 bytes leftover after parsing attributes in process `syz.3.151'. [ 118.887538][ T6687] netlink: 32 bytes leftover after parsing attributes in process `syz.3.188'. [ 120.297627][ T6728] netlink: 4 bytes leftover after parsing attributes in process `syz.2.196'. [ 121.303527][ T6766] bridge0: port 3(vlan1) entered blocking state [ 121.407447][ T6766] bridge0: port 3(vlan1) entered disabled state [ 121.413919][ T6766] vlan1: entered allmulticast mode [ 121.419223][ T6766] veth0_vlan: entered allmulticast mode [ 121.426254][ T6766] vlan1: entered promiscuous mode [ 121.431917][ T6766] bridge0: port 3(vlan1) entered blocking state [ 121.438289][ T6766] bridge0: port 3(vlan1) entered forwarding state [ 122.828090][ T6785] could not allocate digest TFM handle [ 123.677973][ T6807] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.641838][ T6837] netlink: 20 bytes leftover after parsing attributes in process `syz.1.218'. [ 124.741391][ T6751] syz.0.203 (6751) used greatest stack depth: 20704 bytes left [ 126.004261][ T6872] device-mapper: ioctl: Invalid ioctl structure: uuid , name , dev 400008000010006 [ 128.503195][ T6963] netlink: 28 bytes leftover after parsing attributes in process `syz.1.239'. [ 128.522147][ T6963] geneve1: entered allmulticast mode [ 128.759285][ T6974] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 128.868458][ T6655] syz.0.177 (6655) used greatest stack depth: 20256 bytes left [ 129.153107][ T6976] netlink: 16 bytes leftover after parsing attributes in process `syz.1.242'. [ 129.162833][ T6972] netlink: 334 bytes leftover after parsing attributes in process `syz.3.240'. [ 129.740455][ T6995] sock: sock_timestamping_bind_phc: sock not bind to device [ 129.760210][ T6995] : entered promiscuous mode [ 130.476329][ T7004] netlink: 4 bytes leftover after parsing attributes in process `syz.2.247'. [ 130.494571][ T7006] netlink: 4 bytes leftover after parsing attributes in process `syz.2.247'. [ 132.413825][ T7046] bridge0: port 3(veth1_to_hsr) entered blocking state [ 132.444068][ T7046] bridge0: port 3(veth1_to_hsr) entered disabled state [ 132.453967][ T7046] veth1_to_hsr: entered allmulticast mode [ 132.474806][ T7046] veth1_to_hsr: entered promiscuous mode [ 132.486816][ T7046] bridge0: port 3(veth1_to_hsr) entered blocking state [ 132.493825][ T7046] bridge0: port 3(veth1_to_hsr) entered forwarding state [ 133.226063][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.232424][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.288860][ T7096] nbd: couldn't find a device at index 3723 [ 134.301265][ T7095] nbd: couldn't find a device at index 3723 [ 135.472684][ T7140] Invalid ELF header magic: != ELF [ 138.734245][ T7200] sysfs_service_op_show: Client not running :-5: [ 138.885958][ T7201] netlink: 146 bytes leftover after parsing attributes in process `syz.3.295'. [ 140.076209][ T7245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.304'. [ 140.877481][ T7275] netlink: 28 bytes leftover after parsing attributes in process `syz.1.310'. [ 140.948362][ T7275] veth0_macvtap: left promiscuous mode [ 140.976437][ T7275] macvtap0: entered allmulticast mode [ 141.256342][ T29] audit: type=1326 audit(4294967298.810:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7287 comm="syz.0.312" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2fc4f8cd29 code=0x0 [ 141.376920][ T7304] netlink: 226 bytes leftover after parsing attributes in process `syz.1.314'. [ 141.386937][ T7304] netlink: 4 bytes leftover after parsing attributes in process `syz.1.314'. [ 141.407427][ T7304] net_ratelimit: 22 callbacks suppressed [ 141.407448][ T7304] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 141.894369][ T7321] can: request_module (can-proto-0) failed. [ 143.050276][ T7345] syz.3.322 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 143.162984][ T29] audit: type=1326 audit(4294967300.720:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7357 comm="syz.0.325" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2fc4f8cd29 code=0x0 [ 143.909631][ T7358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 144.186481][ T7373] netlink: 28 bytes leftover after parsing attributes in process `syz.0.330'. [ 144.215374][ T7373] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.235336][ T7373] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.279949][ T7373] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.297849][ T7373] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.401867][ T7375] FAULT_INJECTION: forcing a failure. [ 144.401867][ T7375] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 144.435240][ T7375] CPU: 1 UID: 0 PID: 7375 Comm: syz.2.331 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 144.435284][ T7375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 144.435299][ T7375] Call Trace: [ 144.435305][ T7375] [ 144.435315][ T7375] dump_stack_lvl+0x16c/0x1f0 [ 144.435371][ T7375] should_fail_ex+0x497/0x5b0 [ 144.435417][ T7375] _copy_from_iter+0x29b/0x1400 [ 144.435446][ T7375] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 144.435485][ T7375] ? __pfx__copy_from_iter+0x10/0x10 [ 144.435511][ T7375] ? alloc_pages_mpol_noprof+0x327/0x620 [ 144.435540][ T7375] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 144.435574][ T7375] copy_page_from_iter+0xa5/0x120 [ 144.435604][ T7375] pipe_write+0xd1e/0x1b30 [ 144.435648][ T7375] ? __pfx_pipe_write+0x10/0x10 [ 144.435683][ T7375] ? apparmor_file_permission+0x251/0x400 [ 144.435710][ T7375] ? bpf_lsm_file_permission+0x9/0x10 [ 144.435732][ T7375] ? security_file_permission+0x71/0x210 [ 144.435769][ T7375] vfs_write+0x5ae/0x1150 [ 144.435800][ T7375] ? __pfx_pipe_write+0x10/0x10 [ 144.435835][ T7375] ? __pfx_vfs_write+0x10/0x10 [ 144.435862][ T7375] ? do_futex+0x123/0x350 [ 144.435897][ T7375] ? __fget_files+0x40/0x3a0 [ 144.435945][ T7375] ksys_write+0x207/0x250 [ 144.435975][ T7375] ? __pfx_ksys_write+0x10/0x10 [ 144.436014][ T7375] do_syscall_64+0xcd/0x250 [ 144.436042][ T7375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.436069][ T7375] RIP: 0033:0x7f6fa1f8cd29 [ 144.436089][ T7375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.436110][ T7375] RSP: 002b:00007f6fa2dea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 144.436141][ T7375] RAX: ffffffffffffffda RBX: 00007f6fa21a5fa0 RCX: 00007f6fa1f8cd29 [ 144.436165][ T7375] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 144.436178][ T7375] RBP: 00007f6fa200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 144.436193][ T7375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.436206][ T7375] R13: 0000000000000000 R14: 00007f6fa21a5fa0 R15: 00007fffb4836598 [ 144.436239][ T7375] [ 145.400479][ T7394] ptrace attach of "./syz-executor exec"[5830] was attempted by ""[7394] [ 145.631527][ T7391] Process accounting resumed [ 145.795828][ T7398] netlink: 'syz.2.337': attribute type 1 has an invalid length. [ 146.456157][ T7415] netlink: 226 bytes leftover after parsing attributes in process `syz.2.341'. [ 146.465589][ T7415] netlink: 4 bytes leftover after parsing attributes in process `syz.2.341'. [ 146.477933][ T7415] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 147.828019][ T7434] Process accounting resumed [ 147.878167][ T7436] Process accounting resumed [ 148.593783][ T29] audit: type=1800 audit(4294967306.150:5): pid=7453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.346" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 150.728372][ T29] audit: type=1326 audit(4294967308.290:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7488 comm="syz.3.356" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbb7d18cd29 code=0x0 [ 151.290561][ T7503] netlink: 326 bytes leftover after parsing attributes in process `syz.1.357'. [ 151.633070][ T7507] bonding: no command found in bonding_masters - use +ifname or -ifname [ 153.545270][ T7544] openvswitch: netlink: IP tunnel TTL not specified. [ 153.607059][ T7544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.368'. [ 153.625268][ T7544] tc_dump_action: action bad kind [ 153.641055][ T7532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 153.903669][ T7554] syz.0.371 (7554): /proc/7553/oom_adj is deprecated, please use /proc/7553/oom_score_adj instead. [ 154.411767][ T7567] netlink: 'syz.3.376': attribute type 2 has an invalid length. [ 155.072814][ T7571] could not allocate digest TFM handle [ 155.236270][ T7568] could not allocate digest TFM handle [ 156.234412][ T7604] Invalid ELF header magic: != ELF [ 156.775567][ T7621] netlink: 28 bytes leftover after parsing attributes in process `syz.2.387'. [ 156.784758][ T7621] ip_vti0: entered promiscuous mode [ 158.497167][ T7638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.525636][ T7662] Line length is too long: Should be less than 4094 [ 160.166150][ T7685] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 161.041499][ T7714] warning: `syz.0.414' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 162.933511][ T7764] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.955401][ T7856] netlink: 'syz.2.436': attribute type 33 has an invalid length. [ 170.013985][ T7856] netlink: 322 bytes leftover after parsing attributes in process `syz.2.436'. [ 173.018776][ T7926] netlink: 330 bytes leftover after parsing attributes in process `syz.1.453'. [ 174.429018][ T7964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.461'. [ 175.104870][ T7971] Invalid ELF header magic: != ELF [ 177.830944][ T8039] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 177.967927][ T8042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.256551][ T8046] [U] [ 178.259557][ T8046] [U] [ 178.262272][ T8046] [U] [ 178.264975][ T8046] [U] [ 178.285913][ T8046] [U] [ 178.288683][ T8046] [U] [ 178.291411][ T8046] [U] [ 178.294235][ T8046] [U] [ 178.317735][ T8046] [U] [ 178.320505][ T8046] [U] [ 178.323234][ T8046] [U] [ 178.325937][ T8046] [U] [ 178.352720][ T8046] [U] [ 178.355483][ T8046] [U] [ 178.358209][ T8046] [U] [ 178.360946][ T8046] [U] [ 178.380611][ T8046] [U] [ 178.383374][ T8046] [U] [ 178.386106][ T8046] [U] [ 178.388827][ T8046] [U] [ 178.402814][ T8046] [U] [ 178.405566][ T8046] [U] [ 178.408346][ T8046] [U] [ 178.411048][ T8046] [U] [ 178.475454][ T8046] [U] [ 178.478231][ T8046] [U] [ 178.480965][ T8046] [U] [ 178.483688][ T8046] [U] [ 178.556413][ T8046] [U] [ 178.559234][ T8046] [U] [ 178.562053][ T8046] [U] [ 178.564785][ T8046] [U] [ 178.665234][ T8046] [U] [ 178.667997][ T8046] [U] [ 178.670721][ T8046] [U] [ 178.673447][ T8046] [U] [ 178.730934][ T8046] [U] [ 178.733710][ T8046] [U] [ 178.736474][ T8046] [U] [ 178.739203][ T8046] [U] [ 178.808904][ T8046] [U] [ 178.811756][ T8046] [U] [ 178.814482][ T8046] [U] [ 178.817220][ T8046] [U] [ 178.906802][ T8046] [U] [ 178.909577][ T8046] [U] [ 178.912299][ T8046] [U] [ 178.915028][ T8046] [U] [ 179.277528][ T8046] [U] [ 179.280301][ T8046] [U] [ 179.283021][ T8046] [U] [ 179.285752][ T8046] [U] [ 179.365390][ T8046] [U] [ 179.368161][ T8046] [U] [ 179.370886][ T8046] [U] [ 179.373606][ T8046] [U] [ 179.425366][ T8046] [U] [ 179.425432][ T8046] [U] [ 179.425469][ T8046] [U] [ 179.425504][ T8046] [U] [ 179.425553][ T8046] [U] [ 179.425588][ T8046] [U] [ 179.425626][ T8046] [U] [ 179.425660][ T8046] [U] [ 179.425739][ T8046] [U] [ 179.425775][ T8046] [U] [ 179.425809][ T8046] [U] [ 179.425847][ T8046] [U] [ 179.425902][ T8046] [U] [ 179.425937][ T8046] [U] [ 179.425972][ T8046] [U] [ 179.426007][ T8046] [U] [ 179.426084][ T8046] [U] [ 179.426119][ T8046] [U] [ 179.426157][ T8046] [U] [ 179.426194][ T8046] [U] [ 179.426241][ T8046] [U] [ 179.426276][ T8046] [U] [ 179.426311][ T8046] [U] [ 179.426346][ T8046] [U] [ 179.426421][ T8046] [U] [ 179.426459][ T8046] [U] [ 179.426494][ T8046] [U] [ 179.426528][ T8046] [U] [ 179.426575][ T8046] [U] [ 179.426612][ T8046] [U] [ 179.426650][ T8046] [U] [ 179.426684][ T8046] [U] [ 179.427284][ T8046] [U] [ 179.427322][ T8046] [U] [ 179.427361][ T8046] [U] [ 179.427395][ T8046] [U] [ 179.427594][ T8046] [U] [ 179.427633][ T8046] [U] [ 179.427669][ T8046] [U] [ 179.427704][ T8046] [U] [ 179.428125][ T8046] [U] [ 179.428164][ T8046] [U] [ 179.428199][ T8046] [U] [ 179.428236][ T8046] [U] [ 179.428285][ T8046] [U] [ 179.428321][ T8046] [U] [ 179.428356][ T8046] [U] [ 179.428393][ T8046] [U] [ 179.428473][ T8046] [U] [ 179.428511][ T8046] [U] [ 179.428546][ T8046] [U] [ 179.428581][ T8046] [U] [ 179.428627][ T8046] [U] [ 179.428663][ T8046] [U] [ 179.428697][ T8046] [U] [ 179.428735][ T8046] [U] [ 179.428812][ T8046] [U] [ 179.428850][ T8046] [U] [ 179.428896][ T8046] [U] [ 179.428931][ T8046] [U] [ 179.428979][ T8046] [U] [ 179.429016][ T8046] [U] [ 179.429051][ T8046] [U] [ 179.429086][ T8046] [U] [ 179.603408][ T8059] [U] [ 180.508872][ T8074] netlink: 28 bytes leftover after parsing attributes in process `syz.1.490'. [ 180.626080][ T8074] bridge0: port 3(bond0) entered disabled state [ 180.773919][ T8074] bond0 (unregistering): left allmulticast mode [ 180.780345][ T8074] bond_slave_0: left allmulticast mode [ 180.785968][ T8074] bond_slave_1: left allmulticast mode [ 180.792078][ T8074] bond0 (unregistering): left promiscuous mode [ 180.798370][ T8074] bond_slave_0: left promiscuous mode [ 180.803967][ T8074] bond_slave_1: left promiscuous mode [ 180.810049][ T8074] bridge0: port 3(bond0) entered disabled state [ 180.828373][ T8074] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 180.853853][ T8079] nbd: socks must be embedded in a SOCK_ITEM attr [ 180.861398][ T8074] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 180.876587][ T8074] bond0 (unregistering): Released all slaves [ 180.901188][ T5823] block nbd127: NBD_DISCONNECT [ 181.442847][ T8080] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 181.480080][ T8080] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 181.774110][ T8080] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 181.800390][ T8080] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 181.861735][ T8080] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 181.919421][ T8080] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 181.939258][ T8080] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 181.960811][ T8080] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 182.156188][ T8080] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 182.214192][ T8080] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 182.231314][ T8080] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 182.272728][ T8080] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 182.330524][ T8103] netlink: 342 bytes leftover after parsing attributes in process `syz.2.494'. [ 182.512550][ T8105] netlink: 50 bytes leftover after parsing attributes in process `syz.1.495'. [ 182.655523][ T8108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.496'. [ 182.755183][ T8108] tc_dump_action: action bad kind [ 183.136358][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 183.449996][ T8110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.530490][ T8125] Invalid ELF header magic: != ELF [ 183.856561][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 184.014732][ T8134] binder: 8131:8134 ioctl c0306202 ffffffffffffffff returned -22 [ 184.030512][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 184.081635][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.500'. [ 184.255419][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 184.662691][ T8152] netlink: 50 bytes leftover after parsing attributes in process `syz.3.507'. [ 184.785376][ T8156] netlink: 32 bytes leftover after parsing attributes in process `syz.0.508'. [ 184.847558][ T8154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.506'. [ 184.911159][ T8158] nbd: socks must be embedded in a SOCK_ITEM attr [ 185.001505][ T5823] block nbd127: NBD_DISCONNECT [ 185.215254][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 185.939028][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 186.105592][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 186.343796][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 186.918714][ T8177] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 186.985382][ T8177] File: /dev/ram7 PID: 8177 Comm: syz.1.512 [ 187.295411][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.015326][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 188.185293][ T53] Bluetooth: hci3: command 0x0c1a tx timeout [ 188.223080][ T8199] Invalid ELF header magic: != ELF [ 188.415256][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 189.676134][ T8218] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.995090][ T8214] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.995518][ T8221] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 190.655873][ T8233] netlink: 350 bytes leftover after parsing attributes in process `syz.1.527'. [ 190.788902][ T8213] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.673322][ T8260] netlink: 346 bytes leftover after parsing attributes in process `syz.3.535'. [ 192.603976][ T8274] netlink: 146 bytes leftover after parsing attributes in process `syz.1.537'. [ 192.877008][ T8269] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 193.266575][ T8280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.547'. [ 194.018896][ T8284] netlink: 350 bytes leftover after parsing attributes in process `syz.2.538'. [ 194.664317][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.671369][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.166994][ T8335] netlink: 330 bytes leftover after parsing attributes in process `syz.2.551'. [ 195.178412][ T8323] zram0: detected capacity change from 0 to 8 [ 195.198006][ T8335] mac80211_hwsim hwsim7 ›: renamed from wlan0 (while UP) [ 195.342750][ T8344] : Can't lookup blockdev [ 196.153413][ T8367] netlink: 'syz.2.560': attribute type 1 has an invalid length. [ 196.952868][ T8383] Invalid ELF header magic: != ELF [ 197.188972][ T8345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 198.528305][ T8400] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 198.983959][ T8428] netdevsim netdevsim103872 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.161811][ T8431] netlink: 'syz.0.575': attribute type 1 has an invalid length. [ 199.184830][ T8422] Process accounting resumed [ 199.569873][ T8438] Invalid ELF header magic: != ELF [ 202.096568][ T8490] Invalid ELF header magic: != ELF [ 202.189022][ T8502] netlink: 28 bytes leftover after parsing attributes in process `syz.2.593'. [ 202.211574][ T8502] vxcan1: entered promiscuous mode [ 203.529201][ T8504] mkiss: ax0: crc mode is auto. [ 205.100053][ T8545] Invalid ELF header magic: != ELF [ 205.122283][ T8537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.813064][ T8517] Process accounting resumed [ 205.822747][ T8517] bonding: no command found in bonding_masters - use +ifname or -ifname [ 205.978742][ T8513] delete_channel: no stack [ 207.069124][ T8572] Invalid ELF header magic: != ELF [ 208.138317][ T8593] Invalid ELF header magic: != ELF [ 209.286962][ T8617] Process accounting resumed [ 209.527315][ T8624] syz_tun: tun_chr_ioctl cmd 2148553947 [ 210.119933][ T8637] Invalid ELF header magic: != ELF [ 211.173720][ T8659] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 211.205578][ T8659] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 211.211685][ T8659] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 211.218963][ T8659] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 211.271129][ T8662] Process accounting resumed [ 211.847325][ T8680] nfs: Bad value for 'source' [ 212.219038][ T8692] : Can't lookup blockdev [ 212.294582][ T8694] Invalid ELF header magic: != ELF [ 213.184960][ T8718] netlink: 334 bytes leftover after parsing attributes in process `syz.1.644'. [ 213.206832][ T8718] netlink: 334 bytes leftover after parsing attributes in process `syz.1.644'. [ 213.215944][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 213.215996][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 213.216032][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 213.297362][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 214.947963][ T8751] Invalid ELF header magic: != ELF [ 215.117055][ T8765] Invalid ELF header magic: != ELF [ 216.017031][ T8778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.328316][ T8812] Invalid ELF header magic: != ELF [ 217.692023][ T8821] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 217.737096][ T8821] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 217.743404][ T8821] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 217.750473][ T8821] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 218.286627][ T8844] Invalid ELF header magic: != ELF [ 218.868979][ T8849] block mtdblock0: the capability attribute has been deprecated. [ 219.169699][ T8855] Invalid ELF header magic: != ELF [ 219.496683][ T8868] nfs: Bad value for 'source' [ 219.695336][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 219.782196][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 219.782262][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 219.788332][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 220.712310][ T8893] netlink: 130 bytes leftover after parsing attributes in process `syz.2.686'. [ 221.615506][ T8891] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 221.985823][ T8902] Invalid ELF header magic: != ELF [ 222.940189][ T8926] Invalid ELF header magic: != ELF [ 222.982814][ T8923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 223.260971][ T8946] netlink: 130 bytes leftover after parsing attributes in process `syz.2.701'. [ 223.764943][ T8961] Invalid ELF header magic: != ELF [ 224.174054][ T8975] Process accounting resumed [ 224.428502][ T8978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 224.642057][ T8965] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 224.649237][ T8965] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 224.663548][ T8965] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 224.676723][ T8965] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 224.694371][ T8987] netlink: 'syz.3.713': attribute type 2 has an invalid length. [ 224.705492][ T8988] netlink: 'syz.3.713': attribute type 2 has an invalid length. [ 225.366201][ T9018] Invalid ELF header magic: != ELF [ 226.019736][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 226.129411][ T9020] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.360128][ T9025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 226.655221][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 226.746102][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 226.746112][ T53] Bluetooth: hci3: command 0x0c1a tx timeout [ 227.219750][ T9063] Invalid ELF header magic: != ELF [ 227.719727][ T9080] netlink: zone id is out of range [ 227.734268][ T9080] netlink: zone id is out of range [ 227.744429][ T9080] netlink: zone id is out of range [ 227.757258][ T9080] netlink: zone id is out of range [ 227.762436][ T9080] netlink: zone id is out of range [ 227.778360][ T9080] netlink: zone id is out of range [ 227.827147][ T9080] netlink: zone id is out of range [ 227.832321][ T9080] netlink: zone id is out of range [ 227.865361][ T9080] netlink: zone id is out of range [ 227.873314][ T9080] netlink: zone id is out of range [ 227.938111][ T9070] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.490332][ T9078] delete_channel: no stack [ 228.646717][ T9098] Invalid ELF header magic: != ELF [ 229.375476][ T9110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.746'. [ 229.727488][ T9128] Invalid ELF header magic: != ELF [ 230.038860][ T9115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.262609][ T9133] Invalid ELF header magic: != ELF [ 230.443374][ T9151] Invalid ELF header magic: != ELF [ 234.493490][ T9211] Invalid ELF header magic: != ELF [ 235.421017][ T9229] Process accounting resumed [ 235.517925][ T9233] netlink: 74 bytes leftover after parsing attributes in process `syz.3.768'. [ 236.663651][ T9247] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 237.424651][ T9264] Invalid ELF header magic: != ELF [ 237.523499][ T9267] Process accounting resumed [ 237.819208][ T9262] could not allocate digest TFM handle [ 237.841241][ T9280] netlink: 338 bytes leftover after parsing attributes in process `syz.2.778'. [ 237.868709][ T9280] netlink: 338 bytes leftover after parsing attributes in process `syz.2.778'. [ 237.893567][ T9259] could not allocate digest TFM handle [ 237.907309][ T9280] netlink: 134 bytes leftover after parsing attributes in process `syz.2.778'. [ 238.979630][ T9310] kAFS: Invalid Command on /proc/fs/afs/cells file [ 238.994171][ T9308] Invalid ELF header magic: != ELF [ 239.020252][ T9312] Process accounting resumed [ 239.217757][ T9315] kafs: addr_prefs: Invalid Command [ 240.844467][ T9353] Process accounting resumed [ 240.991818][ T9363] Invalid ELF header magic: != ELF [ 241.492461][ T9373] netlink: 330 bytes leftover after parsing attributes in process `syz.3.804'. [ 241.555339][ T9376] net_ratelimit: 13 callbacks suppressed [ 241.555361][ T9376] openvswitch: netlink: nsh attr 160 is out of range max 3 [ 242.682970][ T9388] can: request_module (can-proto-5) failed. [ 242.741971][ T9397] Process accounting resumed [ 243.526244][ T9410] Invalid ELF header magic: != ELF [ 243.605305][ T9383] kexec: Could not allocate control_code_buffer [ 245.451683][ T9467] Process accounting resumed [ 247.562735][ T9525] Process accounting resumed [ 249.620851][ T9566] cifs: Unknown parameter 'ÿÿÿÿÿÿÿÿ' [ 250.660671][ T9587] syz.0.851: vmalloc error: size 86016, failed to allocate pages, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 250.765295][ T9587] CPU: 0 UID: 0 PID: 9587 Comm: syz.0.851 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 250.765328][ T9587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 250.765352][ T9587] Call Trace: [ 250.765359][ T9587] [ 250.765367][ T9587] dump_stack_lvl+0x16c/0x1f0 [ 250.765408][ T9587] warn_alloc+0x24d/0x3a0 [ 250.765451][ T9587] ? __pfx_warn_alloc+0x10/0x10 [ 250.765481][ T9587] ? policy_nodemask+0xea/0x4e0 [ 250.765507][ T9587] ? alloc_pages_mpol_noprof+0x327/0x620 [ 250.765535][ T9587] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 250.765562][ T9587] ? trace_kmalloc+0x2d/0xd0 [ 250.765587][ T9587] ? __pfx___might_resched+0x10/0x10 [ 250.765621][ T9587] __vmalloc_node_range_noprof+0x12c0/0x1530 [ 250.765667][ T9587] ? __snd_dma_alloc_pages+0x50/0x90 [ 250.765701][ T9587] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 250.765734][ T9587] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 250.765765][ T9587] ? __snd_dma_alloc_pages+0x50/0x90 [ 250.765792][ T9587] vmalloc_noprof+0x6b/0x90 [ 250.765822][ T9587] ? __snd_dma_alloc_pages+0x50/0x90 [ 250.765845][ T9587] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 250.765871][ T9587] __snd_dma_alloc_pages+0x50/0x90 [ 250.765897][ T9587] snd_dma_alloc_dir_pages+0x151/0x240 [ 250.765926][ T9587] do_alloc_pages+0x115/0x270 [ 250.765955][ T9587] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 250.765986][ T9587] snd_pcm_hw_params+0x15e6/0x1b20 [ 250.766013][ T9587] ? snd_pcm_hw_param_near.constprop.0+0x73e/0x8f0 [ 250.766050][ T9587] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 250.766076][ T9587] ? snd_pcm_hw_param_near.constprop.0+0x743/0x8f0 [ 250.766114][ T9587] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 250.766155][ T9587] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 250.766182][ T9587] snd_pcm_oss_change_params_locked+0x1410/0x3a50 [ 250.766246][ T9587] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 250.766278][ T9587] ? __mutex_lock+0x1cc/0xb10 [ 250.766327][ T9587] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 250.766366][ T9587] snd_pcm_oss_ioctl+0x21d5/0x3780 [ 250.766404][ T9587] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 250.766447][ T9587] ? __fget_files+0x206/0x3a0 [ 250.766482][ T9587] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 250.766516][ T9587] __x64_sys_ioctl+0x190/0x200 [ 250.766546][ T9587] do_syscall_64+0xcd/0x250 [ 250.766572][ T9587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.766597][ T9587] RIP: 0033:0x7f2fc4f8cd29 [ 250.766615][ T9587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.766635][ T9587] RSP: 002b:00007f2fc5e9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 250.766656][ T9587] RAX: ffffffffffffffda RBX: 00007f2fc51a6080 RCX: 00007f2fc4f8cd29 [ 250.766670][ T9587] RDX: 00000000200000c0 RSI: 00000000c0045002 RDI: 000000000000000b [ 250.766683][ T9587] RBP: 00007f2fc500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 250.766696][ T9587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 250.766709][ T9587] R13: 0000000000000000 R14: 00007f2fc51a6080 R15: 00007ffd953ad8e8 [ 250.766741][ T9587] [ 250.766750][ T9587] Mem-Info: [ 251.086174][ T9587] active_anon:54423 inactive_anon:259 isolated_anon:0 [ 251.086174][ T9587] active_file:6381 inactive_file:51454 isolated_file:0 [ 251.086174][ T9587] unevictable:768 dirty:0 writeback:0 [ 251.086174][ T9587] slab_reclaimable:10617 slab_unreclaimable:94913 [ 251.086174][ T9587] mapped:36121 shmem:35111 pagetables:1001 [ 251.086174][ T9587] sec_pagetables:0 bounce:0 [ 251.086174][ T9587] kernel_misc_reclaimable:0 [ 251.086174][ T9587] free:1264894 free_pcp:22285 free_cma:0 [ 251.159689][ T9587] Node 0 active_anon:220992kB inactive_anon:1036kB active_file:25524kB inactive_file:205740kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:146284kB dirty:0kB writeback:0kB shmem:142008kB shmem_thp:14336kB shmem_pmdmapped:8192kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12792kB pagetables:4004kB sec_pagetables:0kB all_unreclaimable? no [ 251.229438][ T9587] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 251.266824][ T9587] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 251.297669][ T9587] lowmem_reserve[]: 0 2489 2489 0 0 [ 251.315272][ T9587] Node 0 DMA32 free:1182768kB boost:0kB min:34408kB low:43008kB high:51608kB reserved_highatomic:0KB active_anon:257776kB inactive_anon:1036kB active_file:25476kB inactive_file:205436kB unevictable:1536kB writepending:176kB present:3129332kB managed:2549216kB mlocked:0kB bounce:0kB free_pcp:3392kB local_pcp:2052kB free_cma:0kB [ 251.365210][ T9587] lowmem_reserve[]: 0 0 0 0 0 [ 251.371285][ T9587] Node 0 Normal free:4kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:304kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 251.439851][ T9587] lowmem_reserve[]: 0 0 0 0 0 [ 251.444694][ T9587] Node 1 Normal free:3857396kB boost:0kB min:55488kB low:69360kB high:83232kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:48816kB local_pcp:25384kB free_cma:0kB [ 251.524820][ T9587] lowmem_reserve[]: 0 0 0 0 0 [ 251.536242][ T9587] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 251.575196][ T9587] Node 0 DMA32: 190*4kB (UE) 104*8kB (UME) 52*16kB (UME) 160*32kB (UME) 181*64kB (UE) 303*128kB (UME) 390*256kB (UME) 224*512kB (UME) 134*1024kB (UME) 20*2048kB (UM) 176*4096kB (UM) = 1171512kB [ 251.635296][ T9587] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 251.665200][ T9587] Node 1 Normal: 254*4kB (UME) 60*8kB (UME) 63*16kB (UME) 221*32kB (UME) 121*64kB (UME) 49*128kB (UME) 30*256kB (UME) 27*512kB (UME) 17*1024kB (UM) 17*2048kB (UME) 918*4096kB (M) = 3857448kB [ 251.715219][ T9587] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 251.752730][ T9587] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 251.790757][ T9587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 251.818723][ T9587] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 251.828126][ T9587] 105180 total pagecache pages [ 251.832903][ T9587] 84 pages in swap cache [ 251.845647][ T9587] Free swap = 121060kB [ 251.849849][ T9587] Total swap = 124996kB [ 251.854019][ T9587] 2097051 pages RAM [ 251.858823][ T9587] 0 pages HighMem/MovableOnly [ 251.863806][ T9587] 428025 pages reserved [ 251.875225][ T9587] 0 pages cma reserved [ 252.015174][ T9609] lo: entered allmulticast mode [ 252.062250][ T9611] netlink: 4 bytes leftover after parsing attributes in process `syz.0.856'. [ 252.085920][ T9611] netlink: 4 bytes leftover after parsing attributes in process `syz.0.856'. [ 252.395733][ T9606] lo: left allmulticast mode [ 252.622107][ T29] audit: type=1326 audit(4294967410.179:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9615 comm="syz.2.858" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6fa1f8cd29 code=0x0 [ 253.624406][ T9640] delete_channel: no stack [ 255.619388][ T9692] netlink: 'syz.0.877': attribute type 27 has an invalid length. [ 255.743302][ T9692] netlink: 334 bytes leftover after parsing attributes in process `syz.0.877'. [ 256.099349][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.105964][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.223569][ T9785] vhci_hcd: default hub control req: 7300 v0000 i0000 l0 [ 261.437269][ T9789] netlink: 330 bytes leftover after parsing attributes in process `syz.2.901'. [ 262.392405][ T9806] netlink: 12 bytes leftover after parsing attributes in process `syz.3.905'. [ 263.725160][ T29] audit: type=1326 audit(4294967421.279:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9825 comm="syz.0.910" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2fc4f8cd29 code=0x0 [ 263.760578][ T9826] Process accounting resumed [ 264.801086][ T9851] netdevsim netdevsim106674 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 265.014273][ T9862] netlink: 12 bytes leftover after parsing attributes in process `syz.3.916'. [ 266.909541][ T9923] netlink: 342 bytes leftover after parsing attributes in process `syz.0.932'. [ 268.555919][ T9994] netlink: 93 bytes leftover after parsing attributes in process `syz.0.943'. [ 270.121267][T10047] netlink: 342 bytes leftover after parsing attributes in process `syz.1.962'. [ 270.852003][T10066] netlink: 8 bytes leftover after parsing attributes in process `syz.2.970'. [ 275.365949][T10163] mmap: syz.2.991 (10163): VmData 20955136 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 278.368209][T10266] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1014'. [ 281.256904][T10346] Invalid ELF header magic: != ELF [ 282.093981][T10354] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 282.100402][T10354] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 282.165611][T10354] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 282.171789][T10354] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 282.714126][T10369] Process accounting resumed [ 282.736279][T10369] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10369 comm: syz.1.1035) [ 282.980867][T10383] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 10383 comm: syz.1.1037) [ 283.001161][T10377] Process accounting resumed [ 283.557545][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 284.175467][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 284.259878][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 284.259948][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 284.459080][T10424] FAULT_INJECTION: forcing a failure. [ 284.459080][T10424] name failslab, interval 1, probability 0, space 0, times 0 [ 284.505358][T10424] CPU: 0 UID: 0 PID: 10424 Comm: syz.0.1047 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 284.505392][T10424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 284.505405][T10424] Call Trace: [ 284.505411][T10424] [ 284.505420][T10424] dump_stack_lvl+0x16c/0x1f0 [ 284.505459][T10424] should_fail_ex+0x497/0x5b0 [ 284.505492][T10424] ? fs_reclaim_acquire+0xae/0x150 [ 284.505523][T10424] should_failslab+0xc2/0x120 [ 284.505546][T10424] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 284.505579][T10424] ? security_file_alloc+0x34/0x2b0 [ 284.505615][T10424] security_file_alloc+0x34/0x2b0 [ 284.505645][T10424] init_file+0x93/0x480 [ 284.505666][T10424] alloc_empty_file+0x91/0x1e0 [ 284.505690][T10424] alloc_file_pseudo+0x13d/0x200 [ 284.505714][T10424] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 284.505741][T10424] ? alloc_fd+0x41f/0x760 [ 284.505776][T10424] sock_alloc_file+0x50/0x1d0 [ 284.505804][T10424] __sys_socket+0x1c2/0x260 [ 284.505835][T10424] ? __pfx___sys_socket+0x10/0x10 [ 284.505874][T10424] ? rcu_is_watching+0x12/0xc0 [ 284.505912][T10424] __x64_sys_socket+0x72/0xb0 [ 284.505940][T10424] ? lockdep_hardirqs_on+0x7c/0x110 [ 284.505972][T10424] do_syscall_64+0xcd/0x250 [ 284.505997][T10424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.506022][T10424] RIP: 0033:0x7f2fc4f8cd29 [ 284.506040][T10424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.506061][T10424] RSP: 002b:00007f2fc5e9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 284.506082][T10424] RAX: ffffffffffffffda RBX: 00007f2fc51a6080 RCX: 00007f2fc4f8cd29 [ 284.506097][T10424] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 284.506109][T10424] RBP: 00007f2fc500e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 284.506123][T10424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 284.506135][T10424] R13: 0000000000000000 R14: 00007f2fc51a6080 R15: 00007ffd953ad8e8 [ 284.506166][T10424] [ 285.667306][T10452] netlink: 85 bytes leftover after parsing attributes in process `syz.0.1054'. [ 288.455504][T10516] Process accounting resumed [ 289.633686][T10542] cgroup: fork rejected by pids controller in /syz3 [ 294.232336][T10755] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1103'. [ 295.319657][T10775] netlink: 85 bytes leftover after parsing attributes in process `syz.3.1108'. [ 295.541508][T10788] Process accounting resumed [ 297.179385][T10825] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1121'. [ 297.224982][T10826] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1120'. [ 297.258222][T10821] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1120'. [ 297.799416][T10839] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1124'. [ 298.245694][T10844] openvswitch: netlink: IP tunnel attribute has 5 unknown bytes. [ 298.535954][T10839] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 298.638424][T10839] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 298.687562][T10839] bond0 (unregistering): Released all slaves [ 298.992643][T10856] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1129'. [ 301.590783][T10947] Process accounting resumed [ 302.470762][T10971] syz_tun: tun_chr_ioctl cmd 1074025678 [ 302.476514][T10971] syz_tun: group set to 23693 [ 302.485531][T10963] netlink: 294 bytes leftover after parsing attributes in process `syz.1.1151'. [ 305.368197][T11048] delete_channel: no stack [ 307.903447][T11106] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1187'. [ 307.942524][T11106] Invalid ELF header magic: != ELF [ 308.434180][T11121] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(3) [ 308.844891][T11129] could not allocate digest TFM handle [ 308.894335][T11131] could not allocate digest TFM handle [ 308.918454][T11140] Invalid ELF header magic: != ELF [ 310.265989][T11182] netlink: 294 bytes leftover after parsing attributes in process `syz.2.1205'. [ 310.654974][T11192] ptrace attach of "./syz-executor exec"[5828] was attempted by ""[11192] [ 310.822143][T11190] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1207'. [ 311.260486][T11205] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1207'. [ 312.952806][T11238] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1211'. [ 313.468151][T11248] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1219'. [ 314.317085][T11268] can: request_module (can-proto-5) failed. [ 314.674789][T11281] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1226'. [ 314.684473][T11281] team_slave_0: entered allmulticast mode [ 315.453898][T11308] netlink: ct family unspecified [ 316.773179][T11369] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1243'. [ 317.544415][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.551084][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.594712][T11426] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1251'. [ 319.604855][T11427] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1251'. [ 324.771207][T11544] scsi_dev_info_list_add_str: bad dev info string '' '' '' [ 325.145765][T11553] netlink: get zone limit has 8 unknown bytes [ 329.465682][T11620] syz_tun: tun_chr_ioctl cmd 1074025673 [ 331.471874][T11677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1311'. [ 331.494137][T11673] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1310'. [ 332.070725][T11702] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1313'. [ 332.237618][T11702] hsr_slave_1 (unregistering): left promiscuous mode [ 333.551927][T11727] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 333.562617][T11760] HfR: entered promiscuous mode [ 333.606489][T11760] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1322'. [ 333.617087][T11760] HfR: left promiscuous mode [ 333.636436][T11727] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 333.646095][T11727] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 333.707578][T11727] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 333.966879][T11769] HfR: entered promiscuous mode [ 334.909934][T11812] ecryptfs_parse_packet_length: Error parsing packet length [ 334.918685][T11812] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22] [ 335.385257][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 335.610821][T11823] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1333'. [ 335.705540][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 335.711724][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 335.727811][T11827] capability: warning: `syz.3.1333' uses 32-bit capabilities (legacy support in use) [ 335.775346][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 336.056740][T11831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1335'. [ 336.526875][T11847] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1338'. [ 338.384912][T11886] netlink: zone id is out of range [ 338.422855][T11886] netlink: zone id is out of range [ 338.436485][T11886] netlink: zone id is out of range [ 338.441672][T11886] netlink: zone id is out of range [ 338.474101][T11886] netlink: zone id is out of range [ 338.500744][T11886] netlink: zone id is out of range [ 338.522179][T11886] netlink: zone id is out of range [ 338.542055][T11886] netlink: zone id is out of range [ 338.578976][T11886] netlink: zone id is out of range [ 338.579900][T11887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.585184][T11886] netlink: zone id is out of range [ 338.654852][T11887] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.051993][ T29] audit: type=1800 audit(4294967499.609:9): pid=12058 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1382" name="discovery_nqn" dev="configfs" ino=36377 res=0 errno=0 [ 342.806273][T12087] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1391'. [ 342.834025][T12087] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1391'. [ 343.076183][T12096] FAULT_INJECTION: forcing a failure. [ 343.076183][T12096] name failslab, interval 1, probability 0, space 0, times 0 [ 343.095277][T12096] CPU: 0 UID: 0 PID: 12096 Comm: syz.1.1393 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 343.095316][T12096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 343.095330][T12096] Call Trace: [ 343.095337][T12096] [ 343.095348][T12096] dump_stack_lvl+0x16c/0x1f0 [ 343.095394][T12096] should_fail_ex+0x497/0x5b0 [ 343.095428][T12096] ? fs_reclaim_acquire+0xae/0x150 [ 343.095463][T12096] should_failslab+0xc2/0x120 [ 343.095488][T12096] __kmalloc_node_noprof+0xd1/0x520 [ 343.095527][T12096] ? alloc_slab_obj_exts+0x41/0xa0 [ 343.095563][T12096] alloc_slab_obj_exts+0x41/0xa0 [ 343.095594][T12096] new_slab+0x314/0x410 [ 343.095628][T12096] ___slab_alloc+0xbcd/0x1590 [ 343.095659][T12096] ? sock_alloc_inode+0x25/0x1c0 [ 343.095703][T12096] ? sock_alloc_inode+0x25/0x1c0 [ 343.095731][T12096] ? __slab_alloc.constprop.0+0x56/0xb0 [ 343.095761][T12096] __slab_alloc.constprop.0+0x56/0xb0 [ 343.095796][T12096] kmem_cache_alloc_lru_noprof+0xf0/0x3b0 [ 343.095833][T12096] ? sock_alloc_inode+0x25/0x1c0 [ 343.095865][T12096] ? __pfx_sock_alloc_inode+0x10/0x10 [ 343.095897][T12096] sock_alloc_inode+0x25/0x1c0 [ 343.095925][T12096] alloc_inode+0x5d/0x230 [ 343.095963][T12096] sock_alloc+0x40/0x280 [ 343.095992][T12096] __sock_create+0xc1/0x8d0 [ 343.096042][T12096] __sys_socket+0x14f/0x260 [ 343.096076][T12096] ? __pfx___sys_socket+0x10/0x10 [ 343.096111][T12096] ? rcu_is_watching+0x12/0xc0 [ 343.096150][T12096] __x64_sys_socket+0x72/0xb0 [ 343.096181][T12096] ? lockdep_hardirqs_on+0x7c/0x110 [ 343.096216][T12096] do_syscall_64+0xcd/0x250 [ 343.096243][T12096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.096269][T12096] RIP: 0033:0x7fdf5ab8cd29 [ 343.096289][T12096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.096311][T12096] RSP: 002b:00007fdf5ba5f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 343.096334][T12096] RAX: ffffffffffffffda RBX: 00007fdf5ada5fa0 RCX: 00007fdf5ab8cd29 [ 343.096351][T12096] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 343.096365][T12096] RBP: 00007fdf5ac0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 343.096379][T12096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 343.096392][T12096] R13: 0000000000000000 R14: 00007fdf5ada5fa0 R15: 00007ffdb300cd98 [ 343.096424][T12096] [ 344.045336][T12123] Process accounting resumed [ 344.240522][T12132] Invalid ELF header magic: != ELF                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       syzkaller syzkaller login: [ 483.213404][T15477] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2182'. [ 484.222323][T15494] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2187'. [ 484.280055][T15494] netlink: 'syz.0.2187': attribute type 1 has an invalid length. [ 486.055280][ T29] audit: type=1800 audit(4294967356.349:17): pid=15547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2198" name="version" dev="configfs" ino=51096 res=0 errno=0 [ 488.096500][T15575] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 488.102749][T15575] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 488.115474][T15575] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 488.121856][T15575] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 489.577846][T15621] netlink: 1204 bytes leftover after parsing attributes in process `syz.1.2214'. [ 489.631376][T15621] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2214'. [ 490.178895][T14669] Bluetooth: hci2: command 0x0c1a tx timeout [ 490.178937][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 490.184967][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 490.191099][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 490.977516][T15642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2217'. [ 492.382292][T15677] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2227'. syzkaller syzkaller login: [ 492.701646][T15683] futex_wake_op: syz.1.2230 tries to shift op by 64; fix this program [ 492.715286][T15684] futex_wake_op: syz.1.2230 tries to shift op by 64; fix this program [ 492.786505][T15689] Malformed UNC in devname [ 492.786505][T15689] [ 492.793418][T15689] CIFS: VFS: Malformed UNC in devname [ 493.132714][T15696] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 493.175356][T15696] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 493.181567][T15696] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 493.243679][T15696] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 493.552506][T15702] FAULT_INJECTION: forcing a failure. [ 493.552506][T15702] name failslab, interval 1, probability 0, space 0, times 0 [ 493.566025][T15702] CPU: 0 UID: 0 PID: 15702 Comm: syz.2.2234 Tainted: G U 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 493.566063][T15702] Tainted: [U]=USER [ 493.566071][T15702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 493.566086][T15702] Call Trace: [ 493.566092][T15702] [ 493.566102][T15702] dump_stack_lvl+0x16c/0x1f0 [ 493.566158][T15702] should_fail_ex+0x497/0x5b0 [ 493.566193][T15702] ? fs_reclaim_acquire+0xae/0x150 [ 493.566227][T15702] should_failslab+0xc2/0x120 [ 493.566252][T15702] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 493.566288][T15702] ? mas_alloc_nodes+0x18b/0x880 [ 493.566327][T15702] mas_alloc_nodes+0x18b/0x880 [ 493.566367][T15702] mas_node_count_gfp+0x105/0x130 [ 493.566403][T15702] mas_preallocate+0x53f/0xce0 [ 493.566436][T15702] ? __pfx_mas_preallocate+0x10/0x10 [ 493.566478][T15702] ? anon_vma_name+0x75/0x100 [ 493.566507][T15702] __split_vma+0x474/0x1210 [ 493.566547][T15702] ? __pfx___split_vma+0x10/0x10 [ 493.566598][T15702] vms_gather_munmap_vmas+0x38b/0x1730 [ 493.566645][T15702] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 493.566685][T15702] ? mas_walk+0x6a6/0x910 [ 493.566732][T15702] __mmap_region+0x32c/0x2760 [ 493.566761][T15702] ? __pfx___mmap_region+0x10/0x10 [ 493.566783][T15702] ? hlock_class+0x4e/0x130 [ 493.566813][T15702] ? mark_lock+0xb5/0xc60 [ 493.566846][T15702] ? psi_task_change+0x1a2/0x2d0 [ 493.566881][T15702] ? __pfx___schedule+0x10/0x10 [ 493.566913][T15702] ? psi_group_change+0x6dc/0xd20 [ 493.566942][T15702] ? find_held_lock+0x2d/0x110 [ 493.567015][T15702] ? mm_get_unmapped_area+0x95/0xe0 [ 493.567048][T15702] ? shmem_get_unmapped_area+0x183/0xa20 [ 493.567071][T15702] ? cap_mmap_addr+0x53/0x320 [ 493.567101][T15702] mmap_region+0x127/0x320 [ 493.567148][T15702] do_mmap+0xa09/0x1050 [ 493.567190][T15702] vm_mmap_pgoff+0x203/0x3a0 [ 493.567233][T15702] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 493.567269][T15702] ? __x64_sys_futex+0x1e1/0x4c0 [ 493.567310][T15702] ksys_mmap_pgoff+0x7d/0x5c0 [ 493.567340][T15702] ? rcu_is_watching+0x12/0xc0 [ 493.567374][T15702] __x64_sys_mmap+0x125/0x190 [ 493.567405][T15702] do_syscall_64+0xcd/0x250 [ 493.567432][T15702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.567459][T15702] RIP: 0033:0x7f6fa1f8cd29 [ 493.567479][T15702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.567501][T15702] RSP: 002b:00007f6fa2dea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 493.567523][T15702] RAX: ffffffffffffffda RBX: 00007f6fa21a5fa0 RCX: 00007f6fa1f8cd29 [ 493.567540][T15702] RDX: 00000000000000f9 RSI: 0000000000020009 RDI: 0000000000000000 [ 493.567554][T15702] RBP: 00007f6fa200e2a0 R08: 0000000000000401 R09: 0000000000008000 [ 493.567568][T15702] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 493.567581][T15702] R13: 0000000000000000 R14: 00007f6fa21a5fa0 R15: 00007fffb4836598 [ 493.567612][T15702] [ 495.135471][ T53] Bluetooth: hci1: command 0x0c1a tx timeout [ 495.215315][ T53] Bluetooth: hci3: command 0x0c1a tx timeout [ 495.221400][ T53] Bluetooth: hci0: command 0x0c1a tx timeout [ 495.295167][ T53] Bluetooth: hci2: command 0x0c1a tx timeout [ 495.338706][T15717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2238'. [ 498.636596][T15748] netlink: 306 bytes leftover after parsing attributes in process `syz.2.2241'. [ 498.730969][T15745] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2242'. [ 498.745942][T15745] delete_channel: no stack [ 499.206508][T15758] Invalid ELF header magic: != ELF [ 499.507137][T15763] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2245'. [ 499.535288][T15763] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 501.858864][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.865394][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.082786][T15817] lo: entered allmulticast mode [ 502.096025][T15818] Invalid ELF header magic: != ELF [ 502.126691][T15814] lo: left allmulticast mode [ 504.295117][ T29] audit: type=1800 audit(4294967315.180:18): pid=15853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2270" name="features" dev="configfs" ino=53355 res=0 errno=0 [ 505.014932][T15869] Process accounting resumed [ 506.279503][T15883] Invalid ELF header magic: != ELF [ 508.425833][T15892] Process accounting resumed [ 510.657987][T15626] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 510.670103][T15626] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 510.678558][T15626] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 510.687286][T15626] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 510.695171][T15626] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 510.702568][T15626] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 510.937223][T15958] chnl_net:caif_netlink_parms(): no params data found [ 511.387426][T15958] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.394574][T15958] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.419478][T15958] bridge_slave_0: entered allmulticast mode [ 511.445474][T15958] bridge_slave_0: entered promiscuous mode [ 511.455474][T15958] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.462697][T15958] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.490380][T15958] bridge_slave_1: entered allmulticast mode [ 511.498120][T15958] bridge_slave_1: entered promiscuous mode [ 511.695503][T15981] netlink: 'syz.2.2303': attribute type 11 has an invalid length. [ 511.713670][T15981] netlink: 'syz.2.2303': attribute type 11 has an invalid length. [ 511.838760][T15958] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 512.017683][T15958] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 512.314524][T15958] team0: Port device team_slave_0 added [ 512.351529][T15958] team0: Port device team_slave_1 added [ 512.735515][T15626] Bluetooth: hci4: command tx timeout [ 513.014192][T15958] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 513.045260][T15958] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.161081][T15958] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 513.232343][T15958] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.258096][T15958] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.338467][T15958] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 513.996217][T15958] hsr_slave_0: entered promiscuous mode [ 514.002701][T15958] hsr_slave_1: entered promiscuous mode [ 514.051699][T15958] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 514.080137][T15958] Cannot create hsr debugfs directory [ 514.136488][T15698] syz.0.2232 (15698) used greatest stack depth: 19264 bytes left [ 514.825212][T15626] Bluetooth: hci4: command tx timeout [ 514.954108][T15958] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.187495][T15958] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.204622][T16026] Invalid ELF header magic: != ELF [ 515.284495][T15958] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.455953][T15958] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.737544][T15958] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 515.767771][T15958] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 515.778097][T15958] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 515.836000][T15958] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 515.983687][T15958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 516.019578][T15958] 8021q: adding VLAN 0 to HW filter on device team0 [ 516.050282][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.057557][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 516.100079][ T6912] bridge0: port 2(bridge_slave_1) entered blocking state [ 516.107316][ T6912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 516.462171][T15958] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 516.597018][T15958] veth0_vlan: entered promiscuous mode [ 516.677478][T15958] veth1_vlan: entered promiscuous mode [ 516.707277][T15958] veth0_macvtap: entered promiscuous mode [ 516.717694][T15958] veth1_macvtap: entered promiscuous mode [ 516.762786][T15958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 516.785133][T15958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.795012][T15958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 516.815166][T15958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.825027][T15958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 516.835933][T15958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.846996][T15958] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 516.868153][T15958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.881958][T15958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.892512][T15958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 516.904399][T15626] Bluetooth: hci4: command tx timeout [ 516.915423][T15958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 516.966923][T15958] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 517.009025][T15958] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 517.032640][T15958] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 517.120082][T15958] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.134117][T15958] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.144548][T15958] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.159483][T15958] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.362514][ T9077] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.382020][ T9077] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 517.459176][ T9077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.472787][ T9077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 517.697309][T16064] tipc: Started in network mode [ 517.702236][T16064] tipc: Node identity ee00, cluster identity 4711 [ 517.745180][T16064] tipc: Node number set to 60928 [ 518.285754][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 518.296597][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 518.305826][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 518.313760][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 518.323391][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 518.334162][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 518.822611][T16066] chnl_net:caif_netlink_parms(): no params data found [ 518.975154][T15626] Bluetooth: hci4: command tx timeout [ 519.126547][T16066] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.134748][T16066] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.142440][T16066] bridge_slave_0: entered allmulticast mode [ 519.150337][T16066] bridge_slave_0: entered promiscuous mode [ 519.161661][T16066] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.168988][T16066] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.176601][T16066] bridge_slave_1: entered allmulticast mode [ 519.183683][T16066] bridge_slave_1: entered promiscuous mode [ 519.254430][T16066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 519.287218][T16066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 519.465780][T16066] team0: Port device team_slave_0 added [ 519.503804][T16066] team0: Port device team_slave_1 added [ 519.685119][T16066] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 519.692488][T16066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.766435][T16066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 519.831630][T16066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 519.871834][T16066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.946255][T16066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 520.057128][T16104] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2333'. [ 520.074000][T16104] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 520.090956][T16104] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 520.136652][T16066] hsr_slave_0: entered promiscuous mode [ 520.143285][T16066] hsr_slave_1: entered promiscuous mode [ 520.155772][T16066] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 520.167836][T16104] usbcore.quirks: string doesn't fit in 127 chars. [ 520.185022][T16066] Cannot create hsr debugfs directory [ 520.416654][T15626] Bluetooth: hci3: command tx timeout [ 520.501507][T16116] MTRR 1 not used [ 520.532434][T16066] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.563289][T16114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2334'. [ 520.572485][T16114] ksmbd: Unknown IPC event: 4, ignore. [ 520.720899][T16066] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.959287][T16066] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.079298][T16126] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2346'. [ 521.090805][T16066] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.175929][T16126] nbd: socks must be embedded in a SOCK_ITEM attr [ 521.189471][T16126] block nbd0: shutting down sockets [ 521.358742][T16066] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 521.409514][T16066] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 521.432208][T16066] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 521.464341][T16066] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 521.898477][T16066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 521.990661][T16066] 8021q: adding VLAN 0 to HW filter on device team0 [ 522.109413][ T6875] bridge0: port 1(bridge_slave_0) entered blocking state [ 522.116602][ T6875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 522.312492][ T7472] bridge0: port 2(bridge_slave_1) entered blocking state [ 522.319727][ T7472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 522.495950][T15626] Bluetooth: hci3: command tx timeout [ 523.017708][T16066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 523.127304][T16066] veth0_vlan: entered promiscuous mode [ 523.156482][T16066] veth1_vlan: entered promiscuous mode [ 523.208459][T16161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2345'. [ 523.238851][T16066] veth0_macvtap: entered promiscuous mode [ 523.262412][T16066] veth1_macvtap: entered promiscuous mode [ 523.276666][T16161] ksmbd: Unknown IPC event: 4, ignore. [ 523.290491][T16165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2345'. [ 523.315306][T16165] ksmbd: Unknown IPC event: 4, ignore. [ 523.418477][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.435512][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.446606][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.465371][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.475660][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.487076][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.497055][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 523.508088][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.526818][T16066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 523.667350][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 523.715382][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.735166][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 523.763392][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.784000][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 523.812724][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.837257][T16066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 523.851900][T16066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 523.878826][T16066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 523.906655][T16066] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.938228][T16066] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.957120][T16066] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 523.975428][T16066] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 524.203289][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.228035][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 524.309656][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 524.345097][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 524.494773][T16179] tipc: Started in network mode [ 524.510137][T16179] tipc: Node identity ee00, cluster identity 4711 [ 524.520813][T16179] tipc: Node number set to 60928 [ 524.575770][T15626] Bluetooth: hci3: command tx timeout [ 524.600135][T16183] Invalid ELF header magic: != ELF [ 525.378024][T16199] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2357'. [ 525.680799][T16207] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2361'. [ 526.665270][T15626] Bluetooth: hci3: command tx timeout [ 527.716388][T16250] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2370'. [ 528.939409][T16273] workqueue: max_active 106042982 requested for scsi_tmf_0 is out of range, clamping between 1 and 2048 [ 529.576476][T16282] netlink: 85 bytes leftover after parsing attributes in process `syz.2.2376'. [ 529.724558][T16284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2378'. [ 529.733926][T16284] ksmbd: Unknown IPC event: 4, ignore. [ 529.746846][T16284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2378'. [ 529.792034][T16284] ksmbd: Unknown IPC event: 4, ignore. [ 532.222798][T16322] ================================================================== [ 532.231089][T16322] BUG: KASAN: slab-use-after-free in force_wakeup_read+0x136/0x150 [ 532.239027][T16322] Read of size 1 at addr ffff888034868a31 by task syz.1.2387/16322 [ 532.246949][T16322] [ 532.249288][T16322] CPU: 1 UID: 0 PID: 16322 Comm: syz.1.2387 Tainted: G U 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 532.249322][T16322] Tainted: [U]=USER [ 532.249330][T16322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 532.249350][T16322] Call Trace: [ 532.249358][T16322] [ 532.249368][T16322] dump_stack_lvl+0x116/0x1f0 [ 532.249410][T16322] print_report+0xc3/0x620 [ 532.249433][T16322] ? __virt_addr_valid+0x5e/0x590 [ 532.249464][T16322] ? __phys_addr+0xc6/0x150 [ 532.249496][T16322] kasan_report+0xd9/0x110 [ 532.249519][T16322] ? force_wakeup_read+0x136/0x150 [ 532.249549][T16322] ? force_wakeup_read+0x136/0x150 [ 532.249582][T16322] force_wakeup_read+0x136/0x150 [ 532.249606][T16322] ? __pfx_force_wakeup_read+0x10/0x10 [ 532.249636][T16322] full_proxy_read+0xfd/0x1b0 [ 532.249661][T16322] ? __pfx_full_proxy_read+0x10/0x10 [ 532.249685][T16322] vfs_read+0x1df/0xbe0 [ 532.249711][T16322] ? __fget_files+0x1fc/0x3a0 [ 532.249739][T16322] ? __pfx___mutex_lock+0x10/0x10 [ 532.249760][T16322] ? __pfx_vfs_read+0x10/0x10 [ 532.249790][T16322] ? __fget_files+0x206/0x3a0 [ 532.249823][T16322] ksys_read+0x12b/0x250 [ 532.249851][T16322] ? __pfx_ksys_read+0x10/0x10 [ 532.249885][T16322] do_syscall_64+0xcd/0x250 [ 532.249910][T16322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.249936][T16322] RIP: 0033:0x7f0feb38cd29 [ 532.249956][T16322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 532.249979][T16322] RSP: 002b:00007f0fec237038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 532.250001][T16322] RAX: ffffffffffffffda RBX: 00007f0feb5a5fa0 RCX: 00007f0feb38cd29 [ 532.250018][T16322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 532.250032][T16322] RBP: 00007f0feb40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 532.250046][T16322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 532.250058][T16322] R13: 0000000000000000 R14: 00007f0feb5a5fa0 R15: 00007fff65090ca8 [ 532.250081][T16322] [ 532.250088][T16322] [ 532.456253][T16322] Allocated by task 5829: [ 532.460577][T16322] kasan_save_stack+0x33/0x60 [ 532.465320][T16322] kasan_save_track+0x14/0x30 [ 532.470005][T16322] __kasan_kmalloc+0xaa/0xb0 [ 532.474787][T16322] vhci_open+0x4c/0x430 [ 532.478971][T16322] misc_open+0x35a/0x420 [ 532.483231][T16322] chrdev_open+0x237/0x6a0 [ 532.487750][T16322] do_dentry_open+0xf59/0x1ea0 [ 532.492523][T16322] vfs_open+0x82/0x3f0 [ 532.496590][T16322] path_openat+0x1e81/0x2d70 [ 532.501200][T16322] do_filp_open+0x20c/0x470 [ 532.505710][T16322] do_sys_openat2+0x17a/0x1e0 [ 532.510392][T16322] __x64_sys_openat+0x175/0x210 [ 532.515268][T16322] do_syscall_64+0xcd/0x250 [ 532.519788][T16322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.525683][T16322] [ 532.527998][T16322] Freed by task 14313: [ 532.532057][T16322] kasan_save_stack+0x33/0x60 [ 532.536742][T16322] kasan_save_track+0x14/0x30 [ 532.541434][T16322] kasan_save_free_info+0x3b/0x60 [ 532.546464][T16322] __kasan_slab_free+0x51/0x70 [ 532.551240][T16322] kfree+0x14f/0x4b0 [ 532.555140][T16322] vhci_release+0xbb/0xf0 [ 532.559473][T16322] __fput+0x3f8/0xb60 [ 532.563454][T16322] task_work_run+0x14e/0x250 [ 532.568041][T16322] do_exit+0xad8/0x2d70 [ 532.572213][T16322] do_group_exit+0xd3/0x2a0 [ 532.576731][T16322] get_signal+0x2576/0x2610 [ 532.581255][T16322] arch_do_signal_or_restart+0x90/0x7e0 [ 532.586818][T16322] syscall_exit_to_user_mode+0x150/0x2a0 [ 532.592481][T16322] do_syscall_64+0xda/0x250 [ 532.596987][T16322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.602881][T16322] [ 532.605204][T16322] The buggy address belongs to the object at ffff888034868800 [ 532.605204][T16322] which belongs to the cache kmalloc-1k of size 1024 [ 532.619346][T16322] The buggy address is located 561 bytes inside of [ 532.619346][T16322] freed 1024-byte region [ffff888034868800, ffff888034868c00) [ 532.633258][T16322] [ 532.635590][T16322] The buggy address belongs to the physical page: [ 532.642005][T16322] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34868 [ 532.650770][T16322] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 532.659274][T16322] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 532.666818][T16322] page_type: f5(slab) [ 532.670807][T16322] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122 [ 532.679391][T16322] raw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 532.687977][T16322] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122 [ 532.696649][T16322] head: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000 [ 532.705318][T16322] head: 00fff00000000003 ffffea0000d21a01 ffffffffffffffff 0000000000000000 [ 532.714011][T16322] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 532.722766][T16322] page dumped because: kasan: bad access detected [ 532.729186][T16322] page_owner tracks the page as allocated [ 532.734982][T16322] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5500, tgid 5500 (dhcpcd), ts 41407726365, free_ts 41372471440 [ 532.755935][T16322] post_alloc_hook+0x2d1/0x350 [ 532.760713][T16322] get_page_from_freelist+0xfce/0x2f80 [ 532.766188][T16322] __alloc_pages_noprof+0x221/0x2470 [ 532.771486][T16322] alloc_pages_mpol_noprof+0x2c8/0x620 [ 532.776947][T16322] new_slab+0x2c9/0x410 [ 532.781106][T16322] ___slab_alloc+0xbcd/0x1590 [ 532.785787][T16322] __slab_alloc.constprop.0+0x56/0xb0 [ 532.791171][T16322] __kmalloc_node_track_caller_noprof+0x2ee/0x520 [ 532.797592][T16322] kmemdup_noprof+0x29/0x60 [ 532.802100][T16322] bpf_prog_store_orig_filter+0xff/0x1d0 [ 532.807739][T16322] bpf_prog_create_from_user+0x1c3/0x2d0 [ 532.813377][T16322] do_seccomp+0x7b6/0x2640 [ 532.817812][T16322] prctl_set_seccomp+0x4b/0x70 [ 532.822587][T16322] __do_sys_prctl+0x3a1/0x21b0 [ 532.827357][T16322] do_syscall_64+0xcd/0x250 [ 532.831857][T16322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.837776][T16322] page last free pid 5500 tgid 5500 stack trace: [ 532.844109][T16322] free_unref_page+0x661/0x1080 [ 532.848990][T16322] __put_partials+0x14c/0x170 [ 532.853674][T16322] qlist_free_all+0x4e/0x120 [ 532.858272][T16322] kasan_quarantine_reduce+0x195/0x1e0 [ 532.863912][T16322] __kasan_slab_alloc+0x69/0x90 [ 532.868769][T16322] kmem_cache_alloc_noprof+0x1c8/0x3b0 [ 532.874235][T16322] getname_flags.part.0+0x4c/0x550 [ 532.879343][T16322] getname+0x8d/0xe0 [ 532.883238][T16322] vfs_fstatat+0xdf/0xf0 [ 532.887481][T16322] __do_sys_newfstatat+0x98/0x120 [ 532.892499][T16322] do_syscall_64+0xcd/0x250 [ 532.897004][T16322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.902923][T16322] [ 532.905240][T16322] Memory state around the buggy address: [ 532.910888][T16322] ffff888034868900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 532.918943][T16322] ffff888034868980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 532.927006][T16322] >ffff888034868a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 532.935062][T16322] ^ [ 532.940691][T16322] ffff888034868a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 532.948751][T16322] ffff888034868b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 532.956804][T16322] ================================================================== [ 533.030082][T16322] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 533.037413][T16322] CPU: 1 UID: 0 PID: 16322 Comm: syz.1.2387 Tainted: G U 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 533.049348][T16322] Tainted: [U]=USER [ 533.053155][T16322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 533.063212][T16322] Call Trace: [ 533.066491][T16322] [ 533.069429][T16322] dump_stack_lvl+0x3d/0x1f0 [ 533.074034][T16322] panic+0x71d/0x800 [ 533.077941][T16322] ? __pfx_panic+0x10/0x10 [ 533.082376][T16322] ? preempt_schedule_thunk+0x1a/0x30 [ 533.087754][T16322] ? preempt_schedule_common+0x44/0xc0 [ 533.093225][T16322] check_panic_on_warn+0xab/0xb0 [ 533.098186][T16322] end_report+0x117/0x180 [ 533.102547][T16322] kasan_report+0xe9/0x110 [ 533.106969][T16322] ? force_wakeup_read+0x136/0x150 [ 533.112088][T16322] ? force_wakeup_read+0x136/0x150 [ 533.117205][T16322] force_wakeup_read+0x136/0x150 [ 533.122234][T16322] ? __pfx_force_wakeup_read+0x10/0x10 [ 533.127716][T16322] full_proxy_read+0xfd/0x1b0 [ 533.132406][T16322] ? __pfx_full_proxy_read+0x10/0x10 [ 533.137699][T16322] vfs_read+0x1df/0xbe0 [ 533.141867][T16322] ? __fget_files+0x1fc/0x3a0 [ 533.146552][T16322] ? __pfx___mutex_lock+0x10/0x10 [ 533.151577][T16322] ? __pfx_vfs_read+0x10/0x10 [ 533.156275][T16322] ? __fget_files+0x206/0x3a0 [ 533.160961][T16322] ksys_read+0x12b/0x250 [ 533.165213][T16322] ? __pfx_ksys_read+0x10/0x10 [ 533.169988][T16322] do_syscall_64+0xcd/0x250 [ 533.174491][T16322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.180412][T16322] RIP: 0033:0x7f0feb38cd29 [ 533.184857][T16322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 533.204485][T16322] RSP: 002b:00007f0fec237038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 533.214029][T16322] RAX: ffffffffffffffda RBX: 00007f0feb5a5fa0 RCX: 00007f0feb38cd29 [ 533.222004][T16322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 533.229978][T16322] RBP: 00007f0feb40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 533.237973][T16322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 533.245962][T16322] R13: 0000000000000000 R14: 00007f0feb5a5fa0 R15: 00007fff65090ca8 [ 533.253961][T16322] [ 533.257112][T16322] Kernel Offset: disabled [ 533.261426][T16322] Rebooting in 86400 seconds..