last executing test programs: 19m7.729758623s ago: executing program 32 (id=449): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/block/loop10/queue/discard_max_bytes\x00', 0x0, 0x0) mmap$auto(0x0, 0x20006, 0x3, 0xe72, 0x401, 0x8000) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x30d03, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) socketpair$auto(0x1e, 0x1, 0xfffffffe, 0x0) write$auto(0x4, 0x0, 0x100082) eventfd$auto(0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x9, 0x7, 0x2e}, 0x6f4) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) ioctl$sock_SIOCGIFINDEX(r1, 0x4604, 0x0) close_range$auto(r0, r0, 0x200) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000600)=""/4096, 0x36) 18m17.150088869s ago: executing program 4 (id=686): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'veth0_to_hsr\x00', 0x0}) bpf$auto(0x5, &(0x7f0000000300)=@bpf_attr_3={0x3, 0x4, 0xf, 0x63, 0x400, 0x0, 0x1, 0x80f0c8, 0x0, "38c1d5cbcb9f6b5e511f0cd8ed068f65", r1, 0x113e33f2, 0xffffffffffffffff, 0xe4, 0x6, 0x5, 0x3ad, 0x3, 0x2000, 0x3, @attach_btf_obj_fd, 0x6, 0xffff, 0x8, 0x81, 0xfffffffe}, 0x4a) 18m16.717440305s ago: executing program 4 (id=688): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'vlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000040), r0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x1c, r3, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@THERMAL_GENL_ATTR_TZ_ID={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x40) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'veth1_to_team\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100cda4429629bd7100f9db5f250200000000000000", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80) r6 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x8, 0x4008) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) acct$auto(&(0x7f0000000340)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/dT\x02\xa2%h\xdd\xfep\x0e\xe6\x96w\x05r\x9c\xb6L\t0\x0f\x954\xf6\b\xa0&C\x83L\xc0\xe9\t\"\xa5\x8f\xce\x03\xb6\x16\x90\xc3\x97\xb7\n\"zB\xedCf\xfd \x87\xdb\x8f\x87\xe9\xea\x89-B\x06\x97\xcb+\xf09\xa1\xa5\x8d\x9b\b\xc8\x15\xb6|\xc7 t\xc8#\xf8,\xab\x96\xf6\x03Z\x93\xf5\xc8\x87\xc9z}]\x85\xcc\xd5d\x02_\xd4>b\x96\xc5\x93\xb1\xa0E\xda\xb8\xb1\xa5G\r\xf4[\xec \"\xd9\x13\x803\xa6V\xe3\x06\xc72\xc0d|?\xfaA\xd2\xd6\xce\xfa\x9a\x98\x01\aXV.\xf15>;\xfaR\xcb\xc2v\x0f\xfc\xb3:f\x8f\xae\xcc\xbb\xd2\xfa\xef%\xfa\x85\xd9\x7fL\xad\xab\xd0\xd1\xc9v{Ze\x8a\xeb~\xf1V<\xc2p~\x90\xe6\x1c\xf86\xeb\x11\xe2\x90\rr\xda.\x82\xbd\x0f\xbd{\x861\x03\xda-#\\^`\xc8\x01%V\xab\r\b\xde\xaa\xf8s\x86K\bR\x12\xbc{\xef\xc5<\xfd\x02\xe2\xf0\br\xb4\n\xe4\xa6\v\xbcd\x1e\xe9\xbd\x18\x89\xa1\xe8w\x0e7\xae\x10e\xb6\xce\xe25\xdf\xd8\x12X`\xec\n\x87\x86X\x9b\x80i7\xcb\xed\xbdQ\xe4\xbb*\xedq\xb0>\x92\xb6W\b\x1eV\xadk\x11\xa9\xa1\x1f\xe1\xac\xb7\xd0\xcc\x94\xc1g\x8c\xe5\xf0\"\xe1\xc2. \\X\xe0\xd30\xa9X\x8d@\xb1\xddS\xbey\xb4]j \x96\xe3\x84\xcc\x02C\xd23\x16T\xden\"\xea\xf2j\b\xd2\xf6\xe5\xc2a\xaa\xefr\x80\rZ\x06s\xa0\xaf\x93MmM|\xfdN\x19\xf0RS\xc4\xca\x84H\x19T\xd4\xc4>\x8e\x050\x9c\x8f\xa9P\x8a\xd0\xd48\xb4\x0e0\xff\x98\xce\x01\'\x83i\xd9\x94\xcf\xd7\x03_|J\x9b\x06q\x0e\xdf_/u\xfa\xcd\xb9\"L\x17\xc3\xdc\x16\xc7\x02\xb7\x91\x85Ot\xd0r\xc2r\xee\xce\xefU\x1a\x89\xd6,\x04\x96o\xb9\x1b\x00\xec\xf17\xbbpu\xeeW\xd7HSXt\xe4\xf07+\xc8\xd3\x87|\x15\x9b\x95t\x195l\xcb\xfd\xae@\xbd>\xdcd\xaa\x19r\xec_>\xf2\x7f\xe6\xe7\x1c\x1dE\x87k(k\x98\x81\xe8\t\"\xed\x94\xe33\xfd*\xc1\xcc\x98\x1d\xdd\x9c\v\xc3\xef\x9b\xc3\xca\x14\xb54\x8aS\xa0`*\xc4\xe6|n\xc7\xbf1\x02yc\xc2\xf3\xb1\x0e\xb4\xc5\xf3\xe2\x10\xa9\xbdQ\xb6') openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000027bd7000fedbdf250d0000e95831de00", @ANYRES32=r2, @ANYBLOB="08000300", @ANYRES32=r0, @ANYBLOB="04000280"], 0x28}, 0x1, 0x0, 0x0, 0x24040044}, 0x4) 18m15.841427062s ago: executing program 4 (id=691): r0 = socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) io_submit$auto(0x8, 0xa, &(0x7f0000000100)=&(0x7f0000000000)={0x4, 0x7, 0x7, 0xc4a3, 0xfe01, r0, 0x8, 0x3, 0x10040000010003, 0x0, 0xffffffff}) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000040)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xf}, 0x6, 0x0) socket(0x1, 0x803, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) connect$auto(0x5, 0x0, 0x9) r2 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) ioctl$auto_I2C_SMBUS(r2, 0x720, 0x4) socket(0xa, 0x3, 0xa) r3 = socket(0x23, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) socket(0x1d, 0x4, 0x2) memfd_secret$auto(0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) acct$auto(&(0x7f0000001080)='/sys//block/nbd3/que\xd6D\xf0\xfa^!\"B\xf9\xee\x0f]r\xd4\xed\xf9ue/rotational\x00\xda\xc8\x83\x8b\x82;\xf4\n\xcfn\thz\xb1\x8b\x96\xfdPw\xa4M@.\xe1\xe7P\xf0}\x98\xb6(\xa6[\xc2\xfcn\x115\xfbHX\x83\xbf\x141\xd6s\xa8\xb1\a-HG\xae\x03\xc3\x1f`\x84\x1b\x81\xda2r{$3d') mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mbind$auto(0x401, 0x400, 0x6, &(0x7f0000000040)=0x7, 0x7fff, 0x5) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0xb, 0x2, 0x0) open(0x0, 0x261c2, 0x84) ioctl$auto(r0, 0x8941, 0x4) select$auto(0x2a, &(0x7f0000000140)={[0x5, 0x5, 0x40, 0x7, 0x4, 0x4, 0x7fffffffffffffff, 0x5, 0x11, 0x4, 0x9, 0x6d30c22c, 0x0, 0x65, 0x7, 0xca1]}, &(0x7f00000001c0)={[0x7, 0x20b7b873, 0xfffffffffffffffc, 0x9, 0x7, 0x1, 0x0, 0x7, 0x9, 0x6e, 0x2, 0x2, 0x0, 0x5, 0x3, 0x73]}, &(0x7f00000002c0)={[0x1, 0x2, 0x6, 0x1, 0x400, 0xfffffffeffffffff, 0x3, 0x80, 0xffffffffe03ac364, 0x8, 0x40, 0xd42, 0x6, 0x4, 0x8, 0x8]}, &(0x7f00000000c0)={0xaa, 0x1}) 18m14.692937331s ago: executing program 4 (id=695): open(&(0x7f0000000100)='./file0\x00', 0x201c2, 0x10e) socket(0xa, 0x1, 0x1) bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0xfff, 0x5, 0x10, 0x0) socket(0x15, 0x5, 0x0) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x6, 0xfffffffb) pselect6$auto(0xffffffff, &(0x7f00000000c0)={[0x2, 0xfff, 0x6, 0xbda3, 0x0, 0x9, 0x5, 0xc7, 0x5, 0x400, 0x7, 0x3, 0x2, 0x7fffffff, 0x87d9, 0xa]}, 0x0, &(0x7f0000000200)={[0x8001, 0x0, 0x36d7, 0x39, 0x0, 0x800, 0x8, 0x7fffffff, 0x6, 0xe51d, 0x401, 0xffff, 0x95, 0x39d9eb, 0x8, 0x9]}, 0x0, 0x0) flock$auto(0x6, 0x1) keyctl$auto(0x8, 0xfffffffffffffffd, 0xffffffffffffffff, 0x5092, 0x2) mknod$auto(0x0, 0xc9, 0xc8) execve$auto(0x0, 0x0, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) shmget$auto(0x8, 0x10563, 0x568d1af2) madvise$auto(0x0, 0xffffffffffff0004, 0x19) io_uring_setup$auto(0x5, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0x401, 0x70bd26, 0x25dfdbfe, {}, [@GTPA_VERSION={0x8, 0x2, 0x38f}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8014) 18m10.727875986s ago: executing program 4 (id=700): r0 = openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, 0x0, 0x40802, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) ioctl$auto(0x3, 0xc0205649, 0x38) r1 = socket(0xf, 0x3, 0x2) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)={0x1fc, 0x0, 0x326, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_IE_PROBE_RESP={0x1b7, 0x7f, "5ee81a1a5a99d03205ac67ec1167274c397482d49738695cb825d057d04a4cde25479db689069666c8bdfb84092d91c7e8d081a28414bee7298adf7d37457dfdeaed9537acc402a9e9e6e525ca096c376e0cc98875bb52acac4d77a9edf0d84009d014c104df90407ce7c2ad8f6f1ab2e292da385f6e8fffeca52a14d81204480e70d7aeab1751e57e9a07f4c2e4d5b5d968586246ba4ff5ea31b02c2b31e39232b683d1066568f2d4bbf2476907a9e80b38fcf6f12a107ead31f10c89f68ff9a48fa1f313f68382554fa42fe64f490d07d131ceeea752bc9a21308893ee03f40014b3d028c185d9a924acdc8af3dcc219b9d45a1e74a555c9f752ce4e8f41b9d730bb27c66e423ff4dd40bca3eded216556f936e2e7118ba9fcff5006fd1db01d054182cbf57c5c0bc71557056e3edda9277e542415ebfccab7c2cf36863231f296bacb6b212c9c64b8817f7dc396fa97df815888c9e10a3a35a27f0bca307078087add491c49a2fb4b4ae72924ebeca91c84e7584e99a14513c8e42a376898c3ff67c1f31a2195c6cef5a84f8ed02a9f54e2f71bd8381c6379d26c69216b18cbab2b0627f3f1f76d928e2dbfb03a75b2f947"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "f7690fbdfaef16acb709bc6409975516a2bc2ff8abd8b170"}, @NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0xb6}, @NL80211_ATTR_HW_TIMESTAMP_ENABLED={0x4}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x2}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4000}, 0x24000020) uname$auto(0x0) inotify_init1$auto(0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xb, 0x8000) open(0x0, 0x80842, 0x91) write$auto_evm_key_ops_evm_secfs(r0, 0x0, 0xa) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/workqueue/nvme-reset-wq/cpumask\x00', 0x8802, 0x0) write$auto(r2, 0x0, 0x400fdea) 18m9.963068481s ago: executing program 4 (id=703): r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000015c0), r1) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="1400000018ba35"], 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x20) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r4) sendmsg$auto_NL80211_CMD_GET_STATION(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000002440)={0x14, r2, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40004001}, 0x4800) r5 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x1, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(r5, 0xfffffffd, r5, &(0x7f00000000c0)={0x4, 0xffffffff}) sendmsg$auto_OVS_FLOW_CMD_GET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r7, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0xc0}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) sendmsg$auto_OVS_FLOW_CMD_GET(r6, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c010000", @ANYRES16=r7, @ANYBLOB="210c25bd7000fbdbdf2503000000600007802e090ef2160e32b47e140cdfa0379bac548755340a44bf19ba140519ab4a1c1dc9af08bc20f2f4d4ad544e4ba94f1a56a9c7ff5b1d0ceee70b2ecea0bccc14838c4004fb1cf9edd5253ca3140e00c8002f6465762f637573650000000400080008000a0000000000c3000180a4e89216d2d21b4b73bf85d8c00a6b798ff898c58e6aa28365e7b7ec51dc5c854a2c71f8c538696997cbaf1a00fb5961d79445a9f0f809b72a2c4cd7e0b09b6871f5bf81b429b78c2784d999000982481e7e25db0ec8aefada65e2e2d675dcdfc34797e753111c3590e803e1fa6e3fa65b55b6ab59e2c8ff8413e0cfefc1bdeb03fdf5a6939a5fc53477128eff3fab06b7a244b0be1163bfc1fbbe2763224dbd44eead39d3d9c865eec49eb4857b5d247d103099f500b47b5843c0738d81800aa56702ed2a131a90a00004000800040008008219571d04fa45c31b1bc84e63e7d07e8d53381972bda6e448b6d096911d0000002e1c6f1a189cf8ab"], 0x14c}, 0x1, 0x0, 0x0, 0x400c000}, 0x4008080) r9 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) ioctl$auto_USB_RAW_IOCTL_EP_READ(r9, 0xc0085508, 0x0) shutdown$auto(0x200000003, 0x2) setsockopt$auto(0x3, 0x10000000084, 0x84, 0x0, 0x90) mmap$auto(0x100000000, 0x1000000000000004, 0x6, 0x40eb2, r0, 0x300008000000) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x800, 0x0) 17m54.552389412s ago: executing program 33 (id=703): r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000015c0), r1) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="1400000018ba35"], 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x20) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r4) sendmsg$auto_NL80211_CMD_GET_STATION(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000002440)={0x14, r2, 0x800, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40004001}, 0x4800) r5 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x2020009, 0x1, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(r5, 0xfffffffd, r5, &(0x7f00000000c0)={0x4, 0xffffffff}) sendmsg$auto_OVS_FLOW_CMD_GET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x24, r7, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0xc0}]}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) sendmsg$auto_OVS_FLOW_CMD_GET(r6, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c010000", @ANYRES16=r7, @ANYBLOB="210c25bd7000fbdbdf2503000000600007802e090ef2160e32b47e140cdfa0379bac548755340a44bf19ba140519ab4a1c1dc9af08bc20f2f4d4ad544e4ba94f1a56a9c7ff5b1d0ceee70b2ecea0bccc14838c4004fb1cf9edd5253ca3140e00c8002f6465762f637573650000000400080008000a0000000000c3000180a4e89216d2d21b4b73bf85d8c00a6b798ff898c58e6aa28365e7b7ec51dc5c854a2c71f8c538696997cbaf1a00fb5961d79445a9f0f809b72a2c4cd7e0b09b6871f5bf81b429b78c2784d999000982481e7e25db0ec8aefada65e2e2d675dcdfc34797e753111c3590e803e1fa6e3fa65b55b6ab59e2c8ff8413e0cfefc1bdeb03fdf5a6939a5fc53477128eff3fab06b7a244b0be1163bfc1fbbe2763224dbd44eead39d3d9c865eec49eb4857b5d247d103099f500b47b5843c0738d81800aa56702ed2a131a90a00004000800040008008219571d04fa45c31b1bc84e63e7d07e8d53381972bda6e448b6d096911d0000002e1c6f1a189cf8ab"], 0x14c}, 0x1, 0x0, 0x0, 0x400c000}, 0x4008080) r9 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) ioctl$auto_USB_RAW_IOCTL_EP_READ(r9, 0xc0085508, 0x0) shutdown$auto(0x200000003, 0x2) setsockopt$auto(0x3, 0x10000000084, 0x84, 0x0, 0x90) mmap$auto(0x100000000, 0x1000000000000004, 0x6, 0x40eb2, r0, 0x300008000000) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x800, 0x0) 7m38.733843157s ago: executing program 1 (id=2259): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.1/usb2/power/wakeup_total_time_ms\x00', 0x80, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000600)=""/4096, 0x1000) (fail_nth: 2) 7m35.693893303s ago: executing program 1 (id=2262): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x1000) mremap$auto(0x7fffffff, 0x7, 0x4, 0x8, 0xfffffffffffffffa) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) socket(0x28, 0x5, 0x0) settimeofday$auto(&(0x7f0000000180)={0x1ed5d7403, 0x1}, 0x0) connect$auto(0x3, &(0x7f0000000180), 0x54) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) 7m31.032061558s ago: executing program 1 (id=2268): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r0) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x14, r1, 0x301, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8000) 7m30.054222215s ago: executing program 1 (id=2270): statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0x44f, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xffffffffffffffff, 0x2, 0x9, 0x402000, 0x0, 0xf, 0x1, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0x8, 0x20000, 0x8, 0x10000000000, 0xffffffffffffffff, 0x4, 0x2e, 0x0, 0x0, 0x1006, 0x400000000005ba, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x4, 0x7, 0xfffffffffffffffc, 0x4000000000005, 0x8, 0x10001, 0xc567, 0x8000000000000000]}, 0x101fa, 0xd) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0x1d, 0x2, 0x6) bind$auto(0x3, &(0x7f00000000c0), 0xf) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth0/disable_ipv6\x00', 0x40802, 0x0) pwrite64$auto(r0, 0x0, 0x0, 0xe950eaf) close_range$auto(0x2, 0x8, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x500) 7m25.303095454s ago: executing program 1 (id=2275): prctl$auto(0x1000000001c, 0x5, 0x8, 0x9, 0x80001) setreuid$auto(0x15, 0x5) eventfd$auto(0x8c) socket(0x10, 0x2, 0x4) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x4, &(0x7f0000000000), 0x1) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) clone$auto(0x1, 0x1, 0x0, 0x0, 0x7) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0xfffffffffffffffd, 0x8000) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa1\x00', 0x48080, 0x0) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x42, 0x0) bind$auto(r0, &(0x7f0000000080)=@vsock={0x28, 0x0, 0x2711}, 0x0) write$auto_mousedev_fops_mousedev(r0, &(0x7f0000000040)='\\', 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/o2cb/logmask/ERROR\x00', 0x122d82, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) read$auto(0x3, 0x0, 0x80) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000001c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) statx$auto(0xffffffffffffff9c, 0x0, 0x2, 0x9, &(0x7f0000001400)={0x1, 0xe23b, 0xebee, 0x80000001, 0xffffffffffffffff, 0x0, 0x81, 0x1, 0xffff, 0xc, 0x4, 0x8, {0x0, 0xfb0}, {0x7, 0x401}, {0xb03, 0x6}, {0x7, 0x9}, 0x3, 0x7, 0x5, 0x9, 0x7, 0x7, 0x6, 0x3, 0xff, 0x40, 0x8001, 0x401, [0x9b, 0x0, 0x7fff, 0x3, 0x935c, 0x9, 0x4, 0x9e1]}) sendmsg$auto_MACSEC_CMD_UPD_OFFLOAD(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000012c0)=ANY=[@ANYBLOB="44010000", @ANYRES16=r2, @ANYBLOB="01002dbd7000fddbdf250a00000008000100", @ANYRES32, @ANYBLOB="280109800c00ea006d61637365633000e7002e80ea546656278c93952f9101afd392a22ad5dee5c3d6fea5031c8d17ca812af7fe7b240d9f6a3469659743be1864c7db436e9e76d49111fd550a1ca8b35a7d9748c7374ce3c5ee0cb000d2af41cf3ff5ca2140a4345cd86d7fa409604cd47536c8c89ac53fcf904f2040e3fa588f7845d5a5a3c758d76a6ea3243d41523307b728c1eae2fae8f36da92dc889cdc79fd55c8d4d0ad53e9f9120101cf27eaf1d15ddb64f597c46cf34373303f61cfc19c15f173d7f0d2f6870beddf607a1ebd3b22caddd7f9fd609a1115beabcf4f867ddee569d307ebe1240f53b7999a06b1f915f882e7e0008004300", @ANYRES32, @ANYBLOB="0b0042006d6163736563000014002d00fc010000000000000000000000000001080001"], 0x144}, 0x1, 0x0, 0x0, 0x4040085}, 0x0) newfstatat$auto(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9, 0x180000, 0xa, 0x5, 0xee00, 0x0, 0x0, 0x8001, 0x1, 0xd, 0x0, 0x100000001, 0xb2, 0x1000, 0x12, 0x2, 0x2}, 0xf375) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/midi2\x00', 0x42841, 0x0) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000040), 0x8}, 0x5) openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/comm\x00', 0x2, 0x0) 7m19.175116947s ago: executing program 1 (id=2283): mmap$auto(0x0, 0x20009, 0x10000000000df, 0x400000000000eb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x2, 0x88) recvmmsg$auto(r1, 0x0, 0x0, 0x9, &(0x7f0000000200)={0x6, 0x2}) socket(0x2, 0x6, 0x0) pipe$auto(0x0) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0x4040, 0x75) socket(0xa, 0x2, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000340)={0x80, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0x61, 0x2, "d985676638e0dfd36e2094dc1619653f003c46a07abfa3909c5c03852f4f6506304f7964d9eb47b08e35922533315871b53819dcdb8269bc08b18b603c59346b3f9598cf04531958ce6cf4297a9a5e92efb2c5858c3e51c11f064f641f"}, @HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x6}]}, 0x80}, 0x1, 0x0, 0x0, 0x4040014}, 0x4010) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) ioctl$auto(r2, 0x4004510f, 0x3) r3 = socket(0x2, 0x2, 0x88) setsockopt$auto(r3, 0x88, 0xa, &(0x7f0000000000)='\xba\xba\xd3\xc8[&P\x9c\xe7AJz\'\x91\xce=B}v+7n\xa2r0\x92\xc3\x0eE\x96\xf63\xec\xe0\xb2\f\xa86v\xeb\xf1\xcb\xd4\xa9\v\xe1\xcc\x18', 0x80000e) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) acct$auto(&(0x7f0000000000)='/dev/sequencer\x00') r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x40001, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0) 7m16.972910924s ago: executing program 0 (id=2285): openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000080), 0x4001, 0x0) 7m15.661703488s ago: executing program 0 (id=2287): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1f, 0x1, 0x3, 0x0) sysfs$auto(0x8000, 0x14, 0x8) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) syz_clone(0x4000411, 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_clone(0x4000411, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/ext4/sda1/mb_groups\x00', 0x14b402, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x8000, 0x3, 0x3, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) read$auto(r0, 0x0, 0xc9e3) (async) read$auto(r0, 0x0, 0xc9e3) ioperm$auto(0x3, 0xe, 0x2000000000000149) r2 = openat$auto_proc_auxv_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/auxv\x00', 0x56702, 0x0) ppoll$auto(&(0x7f0000000000)={r2, 0x4}, 0x2, 0x0, 0x0, 0x8) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x1, 0x40009, 0xdf, 0x17, 0x7, 0x200000000028000) (async) mmap$auto(0x1, 0x40009, 0xdf, 0x17, 0x7, 0x200000000028000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r3, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x101200, 0x0) (async) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x101200, 0x0) ioctl$auto(r4, 0x540b, 0x1) r5 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg1\x00', 0x20100, 0x0) ioctl$auto_sg_fops_sg(r5, 0x2, &(0x7f0000000080)="040c8b8c1d6ab09f7003670e0d9f42c47c61966973fc72f7d751f7f62eae259de25d925e407f2724c00324af41773c7fdc84f8d02f032795d328916eed6b2e34ab9057b5bb91752cd7b257cef27d0e3fd0abd37d96792cc2b36b9c420132c2853cad857ab71fd9fd74248cd182e1493ed99095b4e10085802aca606119042766be9a5e987195cf76322cd3b0d820d707f64b017a") (async) ioctl$auto_sg_fops_sg(r5, 0x2, &(0x7f0000000080)="040c8b8c1d6ab09f7003670e0d9f42c47c61966973fc72f7d751f7f62eae259de25d925e407f2724c00324af41773c7fdc84f8d02f032795d328916eed6b2e34ab9057b5bb91752cd7b257cef27d0e3fd0abd37d96792cc2b36b9c420132c2853cad857ab71fd9fd74248cd182e1493ed99095b4e10085802aca606119042766be9a5e987195cf76322cd3b0d820d707f64b017a") fsopen$auto(0x0, 0x1) (async) fsopen$auto(0x0, 0x1) socket(0x1, 0x1, 0x1) socket(0x2c, 0x80003, 0x0) getsockopt$auto(0x6, 0x84, 0xa, 0x0, 0x0) (async) getsockopt$auto(0x6, 0x84, 0xa, 0x0, 0x0) 7m12.953956772s ago: executing program 0 (id=2295): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x301, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000) (fail_nth: 4) 7m11.652214609s ago: executing program 0 (id=2297): r0 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy17/airtime_flags\x00', 0x81, 0x0) writev$auto(r0, 0x0, 0x8) 7m10.462043908s ago: executing program 0 (id=2301): openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/v4l-subdev2\x00', 0x80000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x3, 0xc0205648, 0x38) openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000804) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r1) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000fcdbdf250500000018000002006261746164763000"/38], 0x2c}, 0x1, 0x0, 0x0, 0x20000881}, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000afd003a5394e965231da1bd312e7af6d67d09340d0a4bd7805e18ac78f35cb77d1029c69e7270148078c13a91f6dff64055ad11608f0fbde86431805e62c4fa1bc29082995845eae0603"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x10000, 0x0) sendmmsg$auto(r3, &(0x7f00000004c0)={{&(0x7f0000000300)="14d94017c42e43c1f1e197eba4f4ba2e0cdf896406c75f94c303dfe8cd17677e86b697daa44434d14aaa02485f5ef5ef059ff62155d30af7", 0x4424b1c7, &(0x7f0000000400)={&(0x7f0000000340)="08a81a3029564af8b09caa0f93f3a551b0029b2e0e0e507515bfb992626867c0d6baf1d81d50b8d56c515c7fceca6dfaafdcd2ff8b9d6ca87cd01019d1eaa85d09b1ca432c0f168d874d944f25a6d715ce128ab7ca471a94415f40d86380dfaded78bbcb80ee4b09cfd4b84b82a43e0d827281438723e44b443b7e15211ac534ee672307e8ca6b3066291925f2fd7d4d66a6642443ae9ce3789d79f3f69928d482c4e6eac5cd4629169442", 0x69ae}, 0x3430, &(0x7f0000000440)="1cbac537a9b0ba4158ab07d1ac7fb50186bf74307332115f97cc3263ece9b9955759c5947210d73bba47822803774a94ed541b5dcb2b9c01119c9d6c46dd715237dd69af9056c507947c4caa6eadcaeae2769cfa418e0c3ce175cd", 0x4, 0x200}, 0xfffffffc}, 0x9, 0x7) 7m4.441961698s ago: executing program 0 (id=2305): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) r1 = fcntl$auto(0x3, 0x4, 0xa553) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0d566b3dd008e4edd9650200000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x2000c041) ioctl$auto_UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000180)={0x80, 0x7, [{r1, 0x0, 0x4, 0x3}, {r0, 0x0, 0x4, 0xfffffffffffffffc}, {r0, 0x0, 0xc7, 0x9}, {r1, 0x0, 0x4, 0xf}, {r0, 0x0, 0xffffffff, 0x5}, {r1, 0x0, 0x61a, 0x6}, {r1, 0x0, 0x4, 0x32}]}) bind$auto(0x3, 0x0, 0x6b) connect$auto(0x3, &(0x7f00000000c0), 0x55) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) r2 = openat$auto_hwsim_simulate_radar_(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy1/hwsim/dfs_simulate_radar\x00', 0x2, 0x0) read$auto_hwsim_simulate_radar_(r2, &(0x7f0000000300)=""/31, 0x1f) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) 7m3.404205289s ago: executing program 34 (id=2283): mmap$auto(0x0, 0x20009, 0x10000000000df, 0x400000000000eb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x2, 0x88) recvmmsg$auto(r1, 0x0, 0x0, 0x9, &(0x7f0000000200)={0x6, 0x2}) socket(0x2, 0x6, 0x0) pipe$auto(0x0) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0x4040, 0x75) socket(0xa, 0x2, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000340)={0x80, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0x61, 0x2, "d985676638e0dfd36e2094dc1619653f003c46a07abfa3909c5c03852f4f6506304f7964d9eb47b08e35922533315871b53819dcdb8269bc08b18b603c59346b3f9598cf04531958ce6cf4297a9a5e92efb2c5858c3e51c11f064f641f"}, @HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x6}]}, 0x80}, 0x1, 0x0, 0x0, 0x4040014}, 0x4010) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) ioctl$auto(r2, 0x4004510f, 0x3) r3 = socket(0x2, 0x2, 0x88) setsockopt$auto(r3, 0x88, 0xa, &(0x7f0000000000)='\xba\xba\xd3\xc8[&P\x9c\xe7AJz\'\x91\xce=B}v+7n\xa2r0\x92\xc3\x0eE\x96\xf63\xec\xe0\xb2\f\xa86v\xeb\xf1\xcb\xd4\xa9\v\xe1\xcc\x18', 0x80000e) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) acct$auto(&(0x7f0000000000)='/dev/sequencer\x00') r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x40001, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0) 6m48.938057105s ago: executing program 35 (id=2305): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) r1 = fcntl$auto(0x3, 0x4, 0xa553) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0d566b3dd008e4edd9650200000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, 0x0, 0x2000c041) ioctl$auto_UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000180)={0x80, 0x7, [{r1, 0x0, 0x4, 0x3}, {r0, 0x0, 0x4, 0xfffffffffffffffc}, {r0, 0x0, 0xc7, 0x9}, {r1, 0x0, 0x4, 0xf}, {r0, 0x0, 0xffffffff, 0x5}, {r1, 0x0, 0x61a, 0x6}, {r1, 0x0, 0x4, 0x32}]}) bind$auto(0x3, 0x0, 0x6b) connect$auto(0x3, &(0x7f00000000c0), 0x55) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) r2 = openat$auto_hwsim_simulate_radar_(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/ieee80211/phy1/hwsim/dfs_simulate_radar\x00', 0x2, 0x0) read$auto_hwsim_simulate_radar_(r2, &(0x7f0000000300)=""/31, 0x1f) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) 6m41.233135354s ago: executing program 5 (id=2327): r0 = openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, 0x0, 0x4000, 0x0) ioctl$auto_NS_GET_TGID_IN_PIDNS(r0, 0x8004b709, &(0x7f0000000540)=0x8) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) lseek$auto(0xffffffffffffffff, 0x0, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r1) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x14, r2, 0x1, 0x5, 0x25dfdbfb}, 0x14}, 0x1, 0x3e7, 0x0, 0x44004811}, 0x40000c0) ioctl$auto(0xffffffffffffffff, 0x9, 0x9) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(r3, 0x0, 0xdb01) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0) ppoll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0x2, 0x3}, 0x2b3, 0x0, &(0x7f0000000340)={0x7fff}, 0x8) poll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x3, 0x9}, 0x1, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mincore$auto(0x1000, 0x8001, 0x0) syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x15, 0x0, 0x28) syz_genetlink_get_family_id$auto_ovs_flow(0x0, r4) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000380), 0x200, 0x0) 6m37.507640097s ago: executing program 5 (id=2333): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) socketpair$auto(0x8, 0x5, 0x3, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) name_to_handle_at$auto(0x6, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x6) keyctl$auto(0xb, 0xfffffffd, 0x5, 0xfffffffffff00003, 0x9) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r1, 0x40345410, 0x0) 6m35.082360341s ago: executing program 5 (id=2337): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x880) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x0, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x180, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000000)=""/194, 0xc2) madvise$auto(0x0, 0x200007, 0x19) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x2) mq_open$auto(&(0x7f0000000280)='\\*)A ', 0x7e, 0x9, 0x0) mq_notify$auto(0x5, &(0x7f00000000c0)={@sival_int=0x9d2, @inferred, 0x1}) mq_timedsend$auto(0x5, &(0x7f0000000000)=']#%$\x00', 0x5, 0x9, 0x0) bpf$auto(0x5, &(0x7f0000001080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 6m30.893969048s ago: executing program 5 (id=2341): r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0x40040, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(r0, 0xc0105702, &(0x7f0000000040)) r1 = socket(0xf, 0x4, 0xa) mmap$auto(0x0, 0xe987, 0xe5, 0xeb1, r1, 0x0) read$auto(0x3, 0x0, 0x80) connect$auto(0x3, &(0x7f00000000c0), 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 6m29.963521069s ago: executing program 5 (id=2342): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x301, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000) (fail_nth: 7) 6m25.666989276s ago: executing program 3 (id=2356): close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) semctl$auto(0x7, 0x2, 0x13, 0x1) lsm_list_modules$auto(0x0, 0x0, 0x0) readv$auto(r0, &(0x7f0000000080)={&(0x7f0000000040)="e7deff99c47e22b3d0abcfa2549c3b738f6a2b2ad4b0485a3460563136046e479035", 0x51}, 0xffffffffffffff63) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0xff00) 6m24.667550833s ago: executing program 5 (id=2359): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mkdir$auto(&(0x7f00000003c0)='}[,&*}\x00', 0x6) 6m20.697421394s ago: executing program 3 (id=2363): statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0x44f, 0x7, 0x5, 0x7181, 0x1ffde, 0x7, 0x3, 0x8, 0x9, 0x80003, 0x4, 0x200000000001, 0x384, 0x9, 0x8, 0x10006, 0x400007f, 0x0, 0x0, 0xe, 0x22000, 0x200, 0x0, 0x84, [0x3, 0x2, 0xffffffffffffffff, 0x2, 0x9, 0x402000, 0x0, 0xf, 0x1, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x8, 0x0, 0x6, 0x0, 0x8, 0x20000, 0x8, 0x10000000000, 0xffffffffffffffff, 0x4, 0x2e, 0x0, 0x0, 0x1006, 0x400000000005ba, 0xffff, 0x0, 0x100, 0x0, 0x6, 0x2, 0x88e, 0x40, 0xfffffffffffffffc, 0x8, 0xa38, 0x4, 0x7, 0xfffffffffffffffc, 0x4000000000005, 0x8, 0x10001, 0xc567, 0x8000000000000000]}, 0x101fa, 0xd) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0x1d, 0x2, 0x6) bind$auto(0x3, &(0x7f00000000c0), 0xf) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/veth0/disable_ipv6\x00', 0x40802, 0x0) pwrite64$auto(r0, 0x0, 0x0, 0xe950eaf) close_range$auto(0x2, 0x8, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x500) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xfffffff7effffd04, &(0x7f0000000000)="5d5580e0c091767773183adbd479924c0537866d8c65c31a7ad1fe97aa765387d770edc730c877912fdfab81cf273183e35527b7bb91fe58d5a086718987f1f2531a345440") 6m18.45780499s ago: executing program 3 (id=2369): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf25030000000600070008000000060007000080000008000200", @ANYRES32=0x0, @ANYRES32=0x0], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop7\x00', 0xc441, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) ioctl$auto(0x3, 0x1269, 0x38) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) pidfd_send_signal$auto(r0, 0x0, 0x0, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x3f, 0x100000001, 0xffffffff, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0xc53d, 0x5, 0xffffffff80000000, 0x1, 0x61, 0x103}) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/dummy_udc.0/gadget.0/function\x00', 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 6m11.574010798s ago: executing program 3 (id=2374): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128\x00', 0x60000, 0x0) poll$auto(&(0x7f0000000040)={r0, 0x7, 0x8}, 0x0, 0x2) ioctl$auto_COMEDI_SETRSUBD(r1, 0x6410, 0x1000000000000000) 6m9.089137331s ago: executing program 36 (id=2359): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mkdir$auto(&(0x7f00000003c0)='}[,&*}\x00', 0x6) 6m9.056727196s ago: executing program 3 (id=2377): r0 = socket(0xa, 0x1, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x6, 0x9, 0x0, 0xfb3) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x6, 0x5, 0x0, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = open(&(0x7f0000000080)='./cgroup\x00', 0x200, 0x10a) open_by_handle_at$auto(r2, &(0x7f0000000040)={0x8, 0x2, "0600000000000000"}, 0xffff) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000880), r1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000f034f80e77bdac07a2631b82dd8629fd462e058b94b265b7a8bede88194661211e0369add7849429b20a33d1aa8de4d4dc99378ca47c940a8dd7cb69100e61ccfd59cfefcbf601af4490862aa3be8287b1f0f17a917f3c41c64d9e6fa361ae2c3b3cc6c49409adc47364c02ca620475f01be62a422253a14245dbfdfd74c970edd853778149ba5de2b99620504b64c7c7263bf4805efbba5c0ecaa801ff12ad0f828895dd76cdd02bf27daf591f60f623fbc0e610739378aa3cb6bad9c0688bf94a7b741cb41e41b4480d32bde2f497ddaec1afdd5b31b21ded8722bdc70d90fd658ff9d356001000d530adeee52e6cc6d75597fe8b2c8304d9d50688648b7204d932fab0c46b530c51948ce7490716b72919e0f4ded6aaeea1e0aaaf4066d29e8938da7ab551bb5ff5727db26605ce36d6282a1d820aa9e21ebba357abee41584547222b52942e221a1acb6d75c45181a6844c36b7d7fb7dfb339ccc5558f0cd510495156d1d6a9fb7b677221a9dac1fa19e78f2cd323cb6318ba5e4e6d2c9b26926510df2182b8c67650e2627a47dbab591ec1ae22ca77f7", @ANYRES16=r3, @ANYBLOB="93ab2cbd7000fbdbdf250800000008000300", @ANYRES32=r4, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc811}, 0x10) 6m5.788480187s ago: executing program 3 (id=2381): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) lgetxattr$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='/proc/thread-self/net/netlink\x00', &(0x7f0000000100)="be35bc7e878981f869ec472053728cb6e4f22faf6bd853839b8c908cee2fe8d0342c411497d7c982037375a0e677050cdd090e5d28d1c767ec6f1bceb88f2551596ddfcdc4e41ec614db6c1b405e509b468bcad74337bbd7fcd0c324cdd96ef8287e86a53d8bc1ee83ffdc95d6492b61faacce926f9335281be05b848ebcc92338a954bcc23b745a67436b9ca5d5b142f3064212e97adb5847f00d9b66cd5151617a9effd6ba788b189d58e19df28ea7274fffb5c4d75617015d02f8c82c4acbbee71b3c423ab33becb56b87c73b5d0f6137c7afe6fd93ca69618f", 0x1) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/netlink\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x8, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioprio_set$auto(0x2, 0x800000000, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x400015) mlockall$auto(0x2) r1 = semctl$auto(0x1ff, 0x2, 0x3c50, 0x1) r2 = socket(0x2a, 0x80b, 0x0) connect$auto(r2, &(0x7f0000000040)=@can, 0x8) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(r0, 0x104, r1) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) socket(0x21, 0x2, 0x3d) setsockopt$auto(r3, 0x29, 0xcc, 0x0, 0xf5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/queues/tx-3/tx_timeout\x00', 0x4c9a42, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.5/power/runtime_status\x00', 0x20000, 0x0) write$auto(0x3, 0x0, 0x4) madvise$auto(0x4, 0x766, 0x2) mremap$auto(0x4000, 0xfee0, 0x7, 0x3, 0xfffff003) socket(0xa, 0x5, 0x0) pipe2$auto(0x0, 0x80) 5m50.451307719s ago: executing program 37 (id=2381): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) lgetxattr$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='/proc/thread-self/net/netlink\x00', &(0x7f0000000100)="be35bc7e878981f869ec472053728cb6e4f22faf6bd853839b8c908cee2fe8d0342c411497d7c982037375a0e677050cdd090e5d28d1c767ec6f1bceb88f2551596ddfcdc4e41ec614db6c1b405e509b468bcad74337bbd7fcd0c324cdd96ef8287e86a53d8bc1ee83ffdc95d6492b61faacce926f9335281be05b848ebcc92338a954bcc23b745a67436b9ca5d5b142f3064212e97adb5847f00d9b66cd5151617a9effd6ba788b189d58e19df28ea7274fffb5c4d75617015d02f8c82c4acbbee71b3c423ab33becb56b87c73b5d0f6137c7afe6fd93ca69618f", 0x1) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/netlink\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x8, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioprio_set$auto(0x2, 0x800000000, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x400015) mlockall$auto(0x2) r1 = semctl$auto(0x1ff, 0x2, 0x3c50, 0x1) r2 = socket(0x2a, 0x80b, 0x0) connect$auto(r2, &(0x7f0000000040)=@can, 0x8) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(r0, 0x104, r1) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x4) socket(0x21, 0x2, 0x3d) setsockopt$auto(r3, 0x29, 0xcc, 0x0, 0xf5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/queues/tx-3/tx_timeout\x00', 0x4c9a42, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.5/power/runtime_status\x00', 0x20000, 0x0) write$auto(0x3, 0x0, 0x4) madvise$auto(0x4, 0x766, 0x2) mremap$auto(0x4000, 0xfee0, 0x7, 0x3, 0xfffff003) socket(0xa, 0x5, 0x0) pipe2$auto(0x0, 0x80) 1m24.563140186s ago: executing program 7 (id=2860): read$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000540)=""/234, 0xea) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/tty/ttyd9/dev\x00', 0x80000, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/self/net/sockstat6\x00', 0x5a800, 0x0) write$auto(r1, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_TP_METER(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYRESHEX=r0, @ANYRES16=0x0, @ANYRESOCT=r1], 0x24}, 0x1, 0x0, 0x0, 0x404c8cd}, 0x20000844) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYBLOB=' \x00#'], 0x1ac}}, 0x40000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x44010) fcntl$auto(0x2, 0x11, 0xfeffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_1\x00'}) getsid$auto(0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7020f8dbdf250100000008000200", @ANYRES32=0x4, @ANYBLOB="08000200", @ANYRES8, @ANYBLOB="0800e18217d889e353b96607d2", @ANYRES32=r3, @ANYBLOB="6df2ab235845502daf0d728639ee3c01b574d852a5a924b3311285674c66949f0d47ac0b85aa98d1ba2f7c7d991058139375053f1dfab7517bc83f3c34eb5a3c26d436cea5ae17412ad8328198e4ac38ebca7076e80c34b852e27917e01b4f13719b50"], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x1) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) sendmsg$auto_NL80211_CMD_ABORT_SCAN(r6, &(0x7f00000002c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYRES16=r4, @ANYRES16=0x0, @ANYBLOB="100026bd7000ffdbdf257200000030002100ffed20faf9fa0a66bfdcd918790e622eb52790d09319be2b7a2cffbcd6b649ec6ec5dc9fb36ff22d879a7cc31d001300df41ca917be034a81d472fb674a4e4fd01ff60c32ff90518c70000000400b800"], 0x68}}, 0x4000040) recvfrom$auto(r6, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r6, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="000426bd7000ffdbdf25050000000800070001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x6865f3214aaac8d0}, 0x4000004) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) 1m16.980581427s ago: executing program 7 (id=2868): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.1/usb2/power/wakeup_total_time_ms\x00', 0x80, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) msync$auto(0x100, 0x5, 0x4) mount$auto(&(0x7f00000000c0)='bond0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='\x00', 0x8001, &(0x7f0000000340)="881abc9b937450274f7cbb480e7275bbde68e6fffb38827ba6f73d56246bc665c8f7a7c4c52db7c1c2ee19ac50b4e542fd8f297add35bf9598574e939b7461519804a4a6b04edf236d8618147fc298f3feb32c893ffb0e1afa73cca39c2a8d1317a9233cd62f0cd863561a5c54a847bead689ba144503247951d70fc2913962c3cc09205e84a3088f567db5c0e78444f8889937edf5d39f4daf2bd02fce9d4697f76823e57a4234e77cbb3acc818a7664427bf03ff47ecf12bb2577b9703d35c4a1f84bc90dc6d999301d8cddddf9a40fed5150e92e2fa8cc70990162dafab") socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) process_madvise$auto(0x3, 0x0, 0x7, 0xc15, 0x8000000000000000) 1m11.67018566s ago: executing program 7 (id=2875): mmap$auto(0x20000000000, 0x20008, 0xdf, 0xeb1, 0x401, 0x7) socketpair$auto(0x201, 0x80000003, 0xd, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) mmap$auto(0x0, 0x400008, 0x6, 0x9b72, 0x3, 0x8000) ioctl$auto(0x3, 0xc00c5512, 0x38) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x2, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x2, 0x0) r1 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/debug/usb/usbmon/32u\x00', 0x82000, 0x0) read$auto_mon_fops_text_t_mon_text(r1, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x5, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) futex$auto(0x0, 0x5, 0x0, 0x0, 0x0, 0xa0000001) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/pagemap\x00', 0x80000, 0x0) openat$auto_clk_summary_fops_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/clk/clk_summary\x00', 0xe0400, 0x0) 1m5.729585642s ago: executing program 7 (id=2881): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', 0x0}) sendmsg$auto_NL80211_CMD_CHANGE_NAN_CONFIG(r0, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x540a3080}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="d680d589c93fd0ad3e1077175def168fc52eca3405e5783263f88ff26a01dbcab8b41c226f3c1830d4ff59fbbf537883e126a31855cd7845f377a6c225afa95a147d8ae1efcb2e46ec28ad83f6b7d3cb4ff663f3a7d79497ec28f26f8bea593e8f51f3c4f4aa8e6c3109e44ef26becc9951ccb8d0386dedbc487bd3771b8e45c8157814137638b62b524b28d7a5f1066acfa5805ae7a1790250dfbbadffe97b58823c57c478431753688ce70f1e7875961a5f20f298d", @ANYRES16=0x0, @ANYBLOB="00082bbd7000fedbdf257700000004008c00"], 0x18}, 0x1, 0x0, 0x0, 0x20000880}, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000008000300000200000600070000000000080002008d98c8f1e52d86c0168b9820fb6fe6f3f5ce05bcb1ca587b3418383d0a156e59b1a5a748fc730271650260d10fb4f45fad8be928363419d5467dfc3a08fbcd7a84ad03db", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32=r1, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030009000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a000100aaaaaaaaaabb00000a000500aaaaaaaaaa370000080004001000000008000200", @ANYRES32=0x0, @ANYBLOB="08001b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4880}, 0x4004) capset$auto(0x0, 0x0) syz_clone3(&(0x7f0000000400)={0x180102000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0xf4, 0x0, &(0x7f0000000140)=[0x0], 0x1}, 0x58) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) ioctl$auto_VHOST_SET_FEATURES2(r2, 0x4008af00, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x40090}, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x4001e}, 0x40000) 55.961181874s ago: executing program 7 (id=2898): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) sched_getattr$auto(0x0, &(0x7f0000000100)={0x80000001, 0x8, 0x2, 0x7, 0x4e22, 0xd340, 0x200, 0x2, 0x8}, 0x101, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000007180)='/sys/devices/virtual/block/zram0/debug_stat\x00', 0x80, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000071c0)=""/118, 0x76) cachestat$auto(r2, &(0x7f0000000040)={0x8, 0xab9}, &(0x7f0000000080)={0x7, 0x80000001, 0x3, 0xde3}, 0x7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) close_range$auto(r0, 0x8, 0x0) socket(0xa, 0x2, 0x73) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) 54.540732385s ago: executing program 7 (id=2895): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x3f, 0x100000001, 0xffffffff, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0xc53d, 0x5, 0xffffffff80000000, 0x1, 0x61, 0x103}) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1942, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x8925, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) unshare$auto(0x40000080) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES8, @ANYRESDEC], 0x14}, 0x1, 0x0, 0x0, 0x20048890}, 0x2000c041) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r1) r4 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) newfstatat$auto(r4, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x3, 0x1, 0x5, 0x75, 0xee00, 0xee01, 0x0, 0x5, 0x8, 0x0, 0x5, 0xb, 0x8000000000000000, 0x40, 0x100, 0x4, 0x9}, 0x1a8) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f00000002c0)={0x274, r3, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0xd}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffff7}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "82c171268df55ab7c5cff15f728671edbaa073a11866e619e339"}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r4}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1}, @NL80211_ATTR_STA_WME={0x34, 0x81, 0x0, 0x1, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xf}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x7f}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x69}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x3a}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x81}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x1}]}, @NL80211_ATTR_NAN_FUNC={0x66, 0xf0, 0x0, 0x1, [@generic="e0ea9d8925e67b9784548f7b573e55297f8a95518a1863efb4e6c100f82fe86523aa0c188b29a5993d5485a315e77e33ba68b2b50d4238f8ce99ef8ab1c3865679553cd9bc6f412e7d91382097d29a2bb452808421d6cda7120e", @typed={0x8, 0x92, 0x0, 0x0, @ipv4=@local}]}, @NL80211_ATTR_MLO_SUPPORT={0x4}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x3}, @NL80211_ATTR_SAR_SPEC={0x178, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x304}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x93f4}, @NL80211_SAR_ATTR_SPECS={0xe8, 0x2, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}, @NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2a6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7137}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7f}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x10001}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5b}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1000}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xd}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7ff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x10}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xbf1c}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x118}]}]}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS={0x74, 0x2, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xc87d}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3a38}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xa}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x8e}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x800}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xd3b}]}]}]}]}, 0x274}, 0x1, 0x0, 0x0, 0x20008001}, 0x4) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) socket(0x15, 0x5, 0x0) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r2, 0x800008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) 39.034603251s ago: executing program 38 (id=2895): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x3f, 0x100000001, 0xffffffff, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0xc53d, 0x5, 0xffffffff80000000, 0x1, 0x61, 0x103}) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1942, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x8925, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) unshare$auto(0x40000080) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES8, @ANYRESDEC], 0x14}, 0x1, 0x0, 0x0, 0x20048890}, 0x2000c041) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r1) r4 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) newfstatat$auto(r4, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x3, 0x1, 0x5, 0x75, 0xee00, 0xee01, 0x0, 0x5, 0x8, 0x0, 0x5, 0xb, 0x8000000000000000, 0x40, 0x100, 0x4, 0x9}, 0x1a8) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f00000002c0)={0x274, r3, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0xd}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffff7}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, "82c171268df55ab7c5cff15f728671edbaa073a11866e619e339"}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r4}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1}, @NL80211_ATTR_STA_WME={0x34, 0x81, 0x0, 0x1, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xf}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x7f}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x69}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x3a}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x81}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x1}]}, @NL80211_ATTR_NAN_FUNC={0x66, 0xf0, 0x0, 0x1, [@generic="e0ea9d8925e67b9784548f7b573e55297f8a95518a1863efb4e6c100f82fe86523aa0c188b29a5993d5485a315e77e33ba68b2b50d4238f8ce99ef8ab1c3865679553cd9bc6f412e7d91382097d29a2bb452808421d6cda7120e", @typed={0x8, 0x92, 0x0, 0x0, @ipv4=@local}]}, @NL80211_ATTR_MLO_SUPPORT={0x4}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x3}, @NL80211_ATTR_SAR_SPEC={0x178, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x304}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x93f4}, @NL80211_SAR_ATTR_SPECS={0xe8, 0x2, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}, @NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x1}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2a6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7137}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7f}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x10001}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5b}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x8}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1000}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xd}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7ff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x10}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xbf1c}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x118}]}]}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS={0x74, 0x2, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xc87d}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3a38}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xff}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xa}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x8e}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x800}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xd3b}]}]}]}]}, 0x274}, 0x1, 0x0, 0x0, 0x20008001}, 0x4) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) socket(0x15, 0x5, 0x0) openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f00000000c0), 0x642, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r2, 0x800008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) 15.116588807s ago: executing program 9 (id=2955): mmap$auto(0x0, 0x20009, 0x10000000000df, 0x400000000000eb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x2, 0x88) recvmmsg$auto(r1, 0x0, 0x0, 0x9, &(0x7f0000000200)={0x6, 0x2}) socket(0x2, 0x6, 0x0) pipe$auto(0x0) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0x4040, 0x75) socket(0xa, 0x2, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000340)={0x80, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0x61, 0x2, "d985676638e0dfd36e2094dc1619653f003c46a07abfa3909c5c03852f4f6506304f7964d9eb47b08e35922533315871b53819dcdb8269bc08b18b603c59346b3f9598cf04531958ce6cf4297a9a5e92efb2c5858c3e51c11f064f641f"}, @HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x6}]}, 0x80}, 0x1, 0x0, 0x0, 0x4040014}, 0x4010) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) ioctl$auto(r2, 0x4004510f, 0x3) r3 = socket(0x2, 0x2, 0x88) setsockopt$auto(r3, 0x88, 0xa, &(0x7f0000000000)='\xba\xba\xd3\xc8[&P\x9c\xe7AJz\'\x91\xce=B}v+7n\xa2r0\x92\xc3\x0eE\x96\xf63\xec\xe0\xb2\f\xa86v\xeb\xf1\xcb\xd4\xa9\v\xe1\xcc\x18', 0x80000e) connect$auto(0x3, &(0x7f00000000c0), 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) acct$auto(&(0x7f0000000000)='/dev/sequencer\x00') (fail_nth: 2) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x40001, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0) 12.657609004s ago: executing program 9 (id=2963): r0 = openat$auto_cachefiles_daemon_fops_internal(0xffffffffffffff9c, &(0x7f0000002140), 0xa002, 0x0) write$auto(r0, &(0x7f0000002840)='/dev/cachefiles\x00', 0x5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, 0x55) sendmsg$auto_OVS_DP_CMD_GET(r1, 0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000700)='/dev/binderfs/binder0\x00', 0x0, 0x0) mmap$auto_binder_fops_binder_internal(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x12, r3, 0x100000000) sendfile$auto(0x1, r2, 0x0, 0x10) 10.177777865s ago: executing program 9 (id=2968): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x40084) mmap$auto(0xfffffffffffffffc, 0x400008, 0xdb, 0x9b72, 0x2, 0x5) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x1, 0x106) madvise$auto(0x0, 0xffffffffffff0005, 0x19) signalfd$auto(0xffffffff, 0x0, 0x8) fremovexattr$auto(0x3, &(0x7f0000000080)='\\-\x00') recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) read$auto(0x3, 0x0, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) writev$auto(0xe, &(0x7f0000000140)={&(0x7f0000000040), 0x8}, 0xe) madvise$auto(0x0, 0x7ffffffffffffffc, 0xc) mremap$auto(0x4000, 0x7ff, 0x3fd6, 0x3, 0xfffff000) close_range$auto(0x2, 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) keyctl$auto(0x1f, 0x1, 0x0, 0x3, 0x400110000000001) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000980)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2f212cbd7000fc39ad872c00000008000300", @ANYRES32=r2], 0x40}}, 0x4000000) 9.264623625s ago: executing program 6 (id=2970): readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) 8.897889354s ago: executing program 6 (id=2971): mmap$auto(0x0, 0x20009, 0x10000000000df, 0x400000000000eb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x2, 0x88) recvmmsg$auto(r1, 0x0, 0x0, 0x9, &(0x7f0000000200)={0x6, 0x2}) socket(0x2, 0x6, 0x0) pipe$auto(0x0) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0x4040, 0x75) socket(0xa, 0x2, 0x3a) pwritev2$auto(0x40, 0x0, 0x7, 0x8000000000000001, 0x9, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000340)={0x80, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0x61, 0x2, "d985676638e0dfd36e2094dc1619653f003c46a07abfa3909c5c03852f4f6506304f7964d9eb47b08e35922533315871b53819dcdb8269bc08b18b603c59346b3f9598cf04531958ce6cf4297a9a5e92efb2c5858c3e51c11f064f641f"}, @HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x6}]}, 0x80}, 0x1, 0x0, 0x0, 0x4040014}, 0x4010) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) ioctl$auto(r2, 0x4004510f, 0x3) r3 = socket(0x2, 0x2, 0x88) setsockopt$auto(r3, 0x88, 0xa, &(0x7f0000000000)='\xba\xba\xd3\xc8[&P\x9c\xe7AJz\'\x91\xce=B}v+7n\xa2r0\x92\xc3\x0eE\x96\xf63\xec\xe0\xb2\f\xa86v\xeb\xf1\xcb\xd4\xa9\v\xe1\xcc\x18', 0x80000e) connect$auto(0x3, &(0x7f00000000c0), 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) acct$auto(&(0x7f0000000000)='/dev/sequencer\x00') r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x40001, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0) 8.562321636s ago: executing program 6 (id=2972): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) (async) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x157203, 0x0) (async) r0 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) (async) getsockopt$auto(0x3, 0x10e, 0xc, 0x0, 0x0) (async) read$auto(r0, 0x0, 0x210000001) (async) write$auto(0x4, 0x0, 0x100082) 7.682635896s ago: executing program 6 (id=2973): r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) sendfile$auto(0x1, r0, 0x0, 0x10) 7.19815833s ago: executing program 6 (id=2976): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x52204b}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x4c, r0, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@OVS_METER_ATTR_ID={0x8, 0x1, 0x828e}, @OVS_METER_ATTR_ID={0x8, 0x1, 0xfffffff0}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x8}, @OVS_METER_ATTR_CLEAR={0x4}, @OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_USED={0xc, 0x5, 0x4}, @OVS_METER_ATTR_MAX_METERS={0x8, 0x7, 0x7f}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x880) madvise$auto(0x100000, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) open(&(0x7f0000000300)='./file0\x00', 0x7ffd, 0x12) write$auto(0x3, 0x0, 0x100082) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0xa0202, 0x0) sendfile$auto(r1, r1, 0x0, 0x7fffe000) openat$auto_short_retry_limit_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/short_retry_limit\x00', 0x0, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) madvise$auto(0x0, 0x200007, 0x19) bpf$auto(0x5, &(0x7f0000001080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) 6.072430753s ago: executing program 8 (id=2978): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) lstat$auto(0x0, &(0x7f0000000000)={0x4, 0x3f, 0x200, 0xffffffff, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0xc53d, 0x1000000000000005, 0xffffffff80000000, 0x1, 0x64, 0x103}) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_memtype_fops_memtype(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) pread64$auto(r0, 0x0, 0x5, 0x6) unshare$auto(0x9) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="f4120000", @ANYRES16=r1, @ANYBLOB="1b0026bd7000fedbdf2503000000040008001400028008000d00", @ANYRES32=0x0, @ANYBLOB="00000093", @ANYRES32, @ANYBLOB="12000100898771f1c19f1779048590822ad900000400028012000100af74c3afdac5ea5c4544b067fa4200005d1203800b00170029"], 0x12f4}, 0x1, 0x0, 0x0, 0x4004040}, 0x4800) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 5.206684972s ago: executing program 2 (id=2979): readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) 4.746954036s ago: executing program 9 (id=2980): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) r1 = socket(0x1, 0x1, 0x1) bind$auto(r1, &(0x7f0000000040), 0x3) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0x3, 0x400c4d07, 0x1) r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x180000, 0x0) setsockopt$auto(r2, 0xfffffffd, 0x3, &(0x7f0000000140)='*(-}\x00', 0xfffffffc) r3 = open(&(0x7f0000000200)='./cgroup\x00', 0x400, 0x23) fchdir$auto(r3) read$auto_tracing_buffers_fops_trace(r3, &(0x7f0000000040)=""/136, 0x88) mmap$auto(0xa, 0x0, 0x9, 0x3677, r2, 0x7) read$auto(r2, &(0x7f0000000000)='\'^(}[}^-\'[*(:&\x00', 0xfffffffffffffffe) sendfile$auto(0x1, r2, 0x0, 0x10) 4.689679812s ago: executing program 2 (id=2981): r0 = socket(0x2, 0x801, 0x106) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1d, 0x2, 0x2) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/set_event\x00', 0x20001, 0x0) write$auto(r0, &(0x7f0000000100)=']/\\,^-\xd3\x93\x8f\xa2\x00', 0x81a) connect$auto(0x5, 0x0, 0x9) r2 = openat$auto_proc_pid_attr_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/attr/current\x00', 0x1, 0x0) write$auto_proc_pid_attr_operations_base(r2, 0x0, 0x57) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYRESHEX, @ANYBLOB="a7e808bef07700000000a389e4567fb77cf5bcc0ca40a17d3217fe617e97"], 0x38}, 0x1, 0x0, 0x0, 0x2c050811}, 0x10) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x800, 0x10a) setsockopt$auto(0x3, 0x6, 0x17, 0x0, 0xfb3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000140), r0) sendmsg$auto_ETHTOOL_MSG_PRIVFLAGS_SET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000480)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010025bd7000fedbdf250e00000018140002006d616b766c616e300000000000000000000000cb0c62b8cc1affe8dc7bd8a6aa687451567c901b7d76c79bb4d5166f1fc0a704e272b369a5cd21d0aa5c39dab15472e91b9878349b0c8c31d40eb16e1e52033f37aa4369d3adca583de03b64f2b5933306430e1036d2991ff5d3fce601c1019e92d7c7403b99e8ab0e39c6922fd690bd84f1c5389110f5484612f65c4ed9829e25f16af6039701f2e112ce693db416fd0385cb5ab49fde142ae20ae006062c537504daf9db2103c9c231161a1ccd4c4d7c0d4f12c0611ab75b0d9e19eaf787bf2e5a7204781bf98ff763f6a869529ac06d3141a894ac5de1337520bae98f5307ce651d43e670ace7d4ab772df9434f6199397f7588c3c20ed28a17f8dc70e0fe20a513563b471c2321029ead60c150c6fe4f7304efb55fb8c5df21"], 0x2c}}, 0x40) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) stat$auto(&(0x7f0000000280)='./file0\x00', 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty35\x00', 0x28001, 0x0) r5 = socket(0x10, 0x2, 0x0) r6 = socket(0xa, 0x3, 0x2f) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b61", @ANYRES32, @ANYRES32=r6, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40004) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x1) r7 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r7, 0x6, 0x12, 0x0, 0x3) sendmsg$auto_NL80211_CMD_REMOVE_LINK(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f0000000940)={0x1cc, 0x0, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_SAR_SPEC={0xfc, 0x12c, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS={0xec, 0x2, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x44e6689a}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xc}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x7fff}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x3}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xe2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xffff06f4}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x1}, @NL80211_SAR_ATTR_SPECS_POWER={0x8}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xd59e}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x5}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x4}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3d1c}, @NL80211_SAR_ATTR_SPECS_POWER={0x8, 0x1, 0xc}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x3}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x7}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x6}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x2}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0x9}, @NL80211_SAR_ATTR_SPECS_RANGE_INDEX={0x8, 0x2, 0xb8b}]}]}, @NL80211_SAR_ATTR_TYPE={0x8, 0x1, 0x80}, @NL80211_SAR_ATTR_SPECS={0x4}]}, @NL80211_ATTR_HE_6GHZ_CAPABILITY={0xbc, 0x125, "3a6bc96d2633e0d7fc47a0222377dedf3b89cf540f6cf5ac463fccd45640f5b0d2bddb9592fd16b00c0cac2906cd0c15f5ccf518ccb94a9659aac196342bbf00222dce23a485e842c22eb52f325174580ffbc0cf1fc81ea5bc1c61f1f8da288fe641e601fd23f1da872dd3dee20d0b87ff504daf5a6eca9b39b5f2c3cd9e19b2a2a0b51cc7df29e29657d6d2b70f3b635524aa4e3db5cc85c5938652882ce52feb37468972685bf9706d3949503308176f2e1e13018c8dd5"}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x24040851}, 0x2400c884) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c004}, 0x40080c0) 4.686725591s ago: executing program 8 (id=2982): close_range$auto(0x0, 0x5, 0x0) inotify_init1$auto(0x3000000000000) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2404c004}, 0x8808) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1942, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000e00), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_TDLS_OPER(r0, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000e40)={0x3c, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, "e59954082586bc3ad68380a90659c016443901a24cd21d8a4e5e9deb34bdf7318e8589eb"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40008c5}, 0x40000c4) socket(0x2, 0x5, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x8924, 0x0) r3 = openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) read$auto_dvb_dvr_fops_dmxdev(r3, &(0x7f0000000240)=""/84, 0x54) 3.239466144s ago: executing program 8 (id=2983): mmap$auto(0x0, 0x20009, 0x10000000000df, 0x400000000000eb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x2, 0x88) recvmmsg$auto(r1, 0x0, 0x0, 0x9, &(0x7f0000000200)={0x6, 0x2}) socket(0x2, 0x6, 0x0) pipe$auto(0x0) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0x4040, 0x75) socket(0xa, 0x2, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000340)={0x80, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0x61, 0x2, "d985676638e0dfd36e2094dc1619653f003c46a07abfa3909c5c03852f4f6506304f7964d9eb47b08e35922533315871b53819dcdb8269bc08b18b603c59346b3f9598cf04531958ce6cf4297a9a5e92efb2c5858c3e51c11f064f641f"}, @HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x6}]}, 0x80}, 0x1, 0x0, 0x0, 0x4040014}, 0x4010) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1c8300, 0x0) ioctl$auto(r2, 0x4004510f, 0x3) r3 = socket(0x2, 0x2, 0x88) setsockopt$auto(r3, 0x88, 0xa, &(0x7f0000000000)='\xba\xba\xd3\xc8[&P\x9c\xe7AJz\'\x91\xce=B}v+7n\xa2r0\x92\xc3\x0eE\x96\xf63\xec\xe0\xb2\f\xa86v\xeb\xf1\xcb\xd4\xa9\v\xe1\xcc\x18', 0x80000e) connect$auto(0x3, &(0x7f00000000c0), 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) acct$auto(&(0x7f0000000000)='/dev/sequencer\xbf') r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/compaction_proactiveness\x00', 0x40001, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r4, 0x0, 0x0) 2.658203866s ago: executing program 9 (id=2984): sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008810}, 0x20008000) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000000), 0x55) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000000), 0x1) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3, 0x940, 0x1ffde, 0x3, 0x6, 0x2000002, 0x9, 0x8, 0x2, 0x4, 0xb0, 0x9, 0x2, 0x3, 0x5, 0x14}, 0x1fe, 0x83) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYRES16=r0], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) ioctl$auto(0x3, 0xc0585605, 0x38) prctl$auto(0x1d, 0x8000000000000001, 0x8, 0x5, 0x1) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, &(0x7f00000000c0)={0x225c17d03}, 0x0, 0x5) futex$auto(&(0x7f0000000000)=0xf0fe, 0x5, 0x4, 0x0, &(0x7f0000000080)=0x9, 0x4000000) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) sendmsg$auto_IEEE802154_LLSEC_LIST_KEY(0xffffffffffffffff, 0x0, 0x24000000) socket(0x11, 0xa, 0x300) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008910}, 0x20008000) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) 2.601889014s ago: executing program 8 (id=2985): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x70b, 0x70bd2a, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4008040}, 0x20000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r2, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001680)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="230027bd7000fcdbdf2508ffe9000c000380050001800300000004000280080001"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x44044) 2.336366248s ago: executing program 2 (id=2986): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2, 0xdf, 0x201ff, 0x2, 0x8000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC0\x00', 0x220a00, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptywa\x00', 0x400, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r1) r3 = getpid() r4 = fcntl$getown(r1, 0x9) r5 = openat$auto_mon_fops_stat_usb_mon(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/33s\x00', 0x400100, 0x0) r6 = wait4$auto(0xffffffffffffffff, &(0x7f0000000180)=0x4, 0x9, &(0x7f00000001c0)={{0x2, 0x7}, {0xffff, 0x8001}, 0xfffffffffffffffd, 0x0, 0x5, 0x2, 0x4, 0x66ef, 0x1c, 0x5, 0x4000000, 0x9ae, 0x0, 0xb46, 0x1, 0x8}) sendmsg$auto_NL80211_CMD_SET_PMK(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f0000001f40)=ANY=[@ANYBLOB="e0130000", @ANYRES16=r2, @ANYBLOB="000407000000ffdbdf257b000000cc13b98008008f00", @ANYRES32=r3, @ANYBLOB="ed103b8004004380606a08009d00", @ANYRES32=r4, @ANYBLOB="9ca88b16dd2ec6212d7c6262941fa71c4796e3b4c896e196be462b558c9b7cc60e66e6e2be99f42f5f8dddda25f3ba7686ea95258181b39e3ac8342bedb89b681d91ebc20bc6d458bf48e8b38a5cc8d26566c60d1d1caaad41eb669ba2a19a6513349fd5739afb5fb1c6380033aef295531e4d0ce9e0ed5c6ef549b911a6b2aeecf071e496b84071468646b51998575788831d8d9e46caee1d70b8f100804610c88f5825f6f7011b5a48018954ba128492d8d2fd53acbc3aca1b4bbed232422c57fe7553419bcba322fbbc6a281286cafaa8a6ad350a9ac11dcdb16921a11a94d2e7b958d785d76237cdd6906776088c5e947099832a0b3e8e620ba260ba20411c62b7b1fac7bc80bb7d69303e2e58bfacbfa9c91e87d518b36c4e6d50fdec7e3553dde610255ca6a3abc02399257e69f6401a5a707f56a84b40c8dd4cea43304fc808c18c3b6ed953c7c8b356bdc7c8cf5f4783cbd439eb20df282dc4c36a066f26c368779aa2de87265cb3de65b3734ce34050b3d7262ff0c9cfb4e277d15d9398180b1279f5dc1c0c8e48c63625c3ccd0c96c84d6f30057519d2c54dde7f2e17f5a636965aaa1508c2615f87aab8df257f7f8e8e3243a6f19d3719a682a057b111da8a7f7eeb6302a27cd31afb945b7105ca2fb991374fbf0bfe9363c95590ec9f3855c691a2331e34805c0ccd1d2446ff10c04e1e257e131599146b945d83a1844dd3709eb3c09061688ef1997d0f360e98dbfba932c03277ae1cf0955dd6bd14478ba9f85887baae0edfe598b78ff0319d656864dc4d04760a15e3a681b17ca9d93e972e0c03d7f4453583b2765c1a94048b9efb5e413e5bdb7b0348764705b7524b291f667688342bc4c6cdfb29c53da8bfe58316125b27be84e5b2cc2d933c6feeaa80786bccea4f5a79dee584829be998dc5182fa450377b00619e4354b893d433582fb2493f0527881caf4c58a88c78801412eb8db628c9b792e0bec2922c6a93e342d501a819071f8cfe7e24c91d068995535dab7ae43873e45ea53628f4f35a3c0a5afb42a6d9828d941edc2b5692cb27583794ead5498607dd9a619d95e70306fc3da0e2baae4c583dd8b00c16978af344b65754c5e9bb3246eece68b42a298a5db527bf91a3f455d44f85127e79835560a3552d14018e18ee5d5fb95bf05b2ee98492a7d8c81867c6c6b0886420bdf5b16e224922a50e797d43c8785b3a10767070617d16fbe508f434231a2594ab87aaa9d4b6f192b939eb15057a3aebb15bffd40de6d6150ecdc42302f38d367d405052c784acf0e0eacd3e2050ea4bd5fc9f6bf66d038e39c82a6ea29b3c5fa96d445091716dc9ebf2231f731b10031322f39a11e96a062f6a052da202e3e042ba12339fd05cfb7ef1ea91173cd430807e726f6939c2ab6f99a72b76ff9579ca4d3c61ab986efab6697f759e378fc0f876c9a8c3bb00cdc33195d0f259967dcb28416b5773535416765db9eacdb5be8f78a975e17e22f6997477fdfe2b0bafc43cff59a6e7a9c7e089afe2187997dbe39d7891869e32d5ce60eb33cd50c560d23e85cab5eb381e815e3f00dff5659c29a931ba7539d112bea54a70a3b1051af5a3a27397dc5fe6053ae55f056793df3331102654b4a4efec45b1eb181e509172fe20cf1c6d87344f76e8dcee9f8777a95d018ed20bd7052c07508ee76199a43a8ae0b251b424b4c3c12c9ac918c0eef19fd4add4d32eba35cba4bf734ea60f5c4484194c8dd1b9625c2ddf606901cd884940cf0143c603986d4932bad5d662f698ad16c0a1b5c30c0ddcfbe30ad4c8d2fa0085a1b0c0f61766b6d81d2aaf0fd40b62565fec84b760a4f057621ec329600efd4214707a73e114f5828307d43e53e2d655efc5b796daf719ad26f31f65ebce97fa9c4cc02c5474a88c0e6f0c62033bd40c7c5ce8b9dcabfa4dd06238c967ce7c25ad6f9a8576bf36f00df58def8f6e60890f3a228c44059419d957dc2fa55359ca332980533cd98a6b7184e1173494d4665369b63208dba211a4740facbf5b82b276f4359f9b163d996452c0446d5acc23d8f4b0e57eaa4a1906439ba91baafb413068b00abcb7f650b5efad6c769c49a963c566e7f321e0a93aae3a586b5b1991ff23a3e086267f2fd2eea07f0ed89b0753ad33a6ee66ab6a82a520ab5e9504a484c430ef8b377b7f971f6a7d35164a92f70e7aabe93a862af32e2ec332c8a5743fc9f3b32266d1935946ff06e473419d12706cf864cba60cbf583854bcc552408fb170262f822290acbb6ceab3282f42920a477796d4e946c39d2f04d9cce498c77c2aaceb717beca667df04f1a83ad49801c4b0fcd47920bec2b31c6839e341083131bb01bb039345e407a06ca4adffb1ddf060ddecbca2e50860c5b4ad265b05863e8492f30e6f626ad5e1eb4426379eaf12b7fddb171c8ec9efe9ee9f14415daa066f8bc81beeca0c5d914dbe1e921e8f4fb545a217fbb848cee19e86c29d5e08b4532ca50cf9c88a3fac568b2b35ff8658f2566f036dcf5a6649dd10676d132bb260ad3ff493cb1c4a5b363e485658a978f3b1b8d14597570e5b1c0ac41e6625c8b0768efafa789a3d8b07b6e1f2011182550f4f4532fd5b14874f244242e0d9740565aefd61e295ba2eed69dc12e245757d340c7d069a80843fe4b3add1f353015fde4cac077173ac04103b2243854c338a50dbc9de0b6a904012efea4e441274a5c5f157fd28920007fe3e8fd206bfc80cb31b692986644af26e039f494c720945d48579ca12f16b630089b9a2b7ed3f1a308d40dfd29b333db06869d3a73835897734cb24121bb97e584e28247c7f374a751fe1f545a73b03e4a68851bb9fe28c8fcf0d8980995f037573ec1606143abc2ecfb6b06dd737fe07d83da22a3526f309930867c08f9fd3a3a9333f62c311300af858fbd667c66605317f78be08b435aba708863445c484f765b428e3cc0dbcd1563834a8b2f2a9e62148e016a4f1087c8f7f18209dda2360ea2c96f01480626b11188007024118c3f20d61d7123400b4b08b152604feba552f46a5df6efeea9a6577a0369f36decdb5af620c780055f1226f23250b7075b4538cfdbfb10bd9706bfd165561e7bccd517f1e8477e6f78ed6ab15e5f34ffd1a9e46325394e99f1abecc3d6841f64430e522811ee1992b8cac7ae646b29f25e5ea3d01d46ce9315ef15589e7c53722b83b8f3056ad3b380678b326da4c48a8a891a63a2facffc0784b72f392e15e14b19bcef29c4499cdb03d3f191b43b823422e10db523ded24cf20b09631af798d73b8eb90e968339cf926e6230734f8132423c49e080ebefad7c2a3c0cf0326620aba031230981f3a61dd5000bfe75f4834125748676e9748777ffc4f7287e6b733c7583fc1a2742da15fa4e39c515e78560b48660a4f06e6b886f6236d34601ac51a4daccaa81e7579945ff03a742a3e95aea8b1738ece10a537546c7e3992bf9af7966dd733b671876dcddfac0f8fd526a9646163f9f41a030cdd4696693233b1c86f398554f3c7ecc6c63eb0144606805328a7ce516cea06558a8650d7f2b214d03981144912ae22b5ee7e1ce7cc3661470e96f01eb9ef536fa2398b243fb7ab47daf2ac38f2d446f11684e4fe445f9e6b3e86dfdc5fc95bf01c11b44e80688cac01b81487c665589a45c2b2eb2ed2dc9bdd671020b3a8bcdb1b2ccb4337ddbaac75803deb9a4ec9e54c235a2f079cd5f7d109276a544e09188ebed7f7e6672172b4817d8d62a1db7fe7bcdf115b8a616707ba03d2d37f26fa5a7b4a62b763a9d684076fbe85b18dc10d2a6831b8588079423179d865f0ccb1c908a32d1d1160dd8fbe5665974a9f244f750a585cf2aac68d8681579621829fedd4e2ed2753c7340a3b7498f9a8cb8f21034a94238862f76e4fa7833f8d2c6467fcdee7f314bc2fb53520cea75d0c7678af91c04ca705a1cef9331f23821a20cc43df03a49987e066920dd61647c5ff85872dda225a56f1792e8695d80c93122e7ec6db427545c0ec5c687807ec75d5d663c354746653c9add624fdb82556ae242c87e90de60d6ccc33144c59ba206f01f57813ebdf6f60e6a42c3dab13993cd8de05b943b838a4e96e4ec038048b4931a901901b2995324e06be6bb131c18c16186b599fce434cf8f023366fcca60d1d62af4376dc876e748c152eb95d743081dc2e8f94c313848b72c99912c7cd1cb189f002765123b725f72ceead0fca9b74c2fcf1108fba02064e28f685378127838a2540657e5f0f9a158b7a7eb22ec1b28e37abafe9a2b0a438f8c6f9b8228c54a170092688c264e029c4eede4c9460e2f7e92380e69e9c0ea52ce990aaf0e70078536fd8ca43eb42c98b01f11954a3451cf15f0dd323c62bff827a5dc4d35a51df920de2c2c86d68bbaed5620e42005b273ab60689378d4bc12037acdada452c401354206e2e1c02bc52ce3bac29c3a98d1ab8ca9727495392dd1f11f105b0c1bddc4a19e123762bc94aae8a93f5a75ae6f882f9a8d597ea628e85d00acb064ec803992b7b6920b40811d7df2ca7c139e8a5e7203088fdeeb177af7c8342c054dc0b352b69bbe48eb2dd1ee71cdf5cda8880d66997c4d838a3858e8f898fb15753d4587b71f6c1bd0921fb75ab32dba2ceecdda40f54e31609d4102b0c733bec1bc0f0033062e4e11e115db6c56aec94f7cf8e1a86665223378e5b397d71e4d5ed4f45162bad2b228ffdc20b124adebce2657ac29ffe4e27b66285aabda976a690b115e870cb9115d383c2088a283a562fc786219ef27da3888956336f85bbb0ede8875d0b2a05867fe143b9c7fba6890c43b8eea74f94ae0f93681501acaf4ad6673c122188a177d928b52ba504342e87991fbf5ea210d39442529bff68cc0b1e3a6ce84c72836e0f6046aa27b8f033d6b2118039e73653c8546a91009ba9b7b1fb91c78f916fa11bef22c316bf1b9e59954fee630ea452dd73152372651105dc199cffffc912dff70f36bf5115a5cac3ac7326bfbdeeb2e04090c81cb84f3d511163b92c7dc86f2c378d6ea03cf5181aab54b316b4ee56aab7232484e11b7585fa46df3e3e8b4950253c6a0319e5a7d2de5fd5d12eb37a4b8682fa8c39ce68e223cbf821af9964b230e137d87e5b04dd3c60fe8b2070c90e997c7b2b167ddcc738ee0fe403d3a7677768a3c8cf67b29911696efba739abb36871eeaaaffb1fdc7b1c823293915e391184816aa4f1cb3b36750f35e7b4a0fa54857afeff5514c1947be287cc0bcb8169a561dd00c4f345d540f51fdabe458f460d21856de530462ad380ae55eaf2a6969017bbc34536d169c628eed9e4027f3a0014c8c680d97ba3ae3012da396e9d8bfda8181ac0f7fe5e1244d596b4746d7ce0418b58636ece5cd7ef90df72f7c3b820bc70def137e339319342296c7ae7dcb410b06091d12350d6be6ffb43a033c99f3f04e0bca4f65b64dda317772fcedfb4c5f9b571397b2a5ad1cc92ebbd9b47fb2e2c68dc9c55bfc8db4c05c6a238c35cedab146a77c5ce3f91606f028eda6b5041e517ab75ab5553757536270a35c2b0e614ada55501de27941b27cac9a876738439886bde84563ebc8180ba47c0bebc422be04a827c511fe6dbc6fd8723bd5c0fa3385684db47b61ad4056f9355d89c14e698b0b2dccd334b2025613d26d200d41c2cf6f173ff197acf4203fa850eac91c36a0d1c9e0e7ce8b19051bd2a3565a518fdf408729a620dd322adcdb0f027fd11e425df316a475eb75805c3d5b32708fa7b8b3921d6c6333a4c2e4920581995a3337400c187690a9fcad0ccffea67733f3acc144d201449ec12a515e598bd935b63a7b6f66e3e059e05da9f7f34e5ef51198fba45ccfe2c0f18e77ca52eadb879f4581575f2dac531fc2aa12d8522198256464ec6ad46fe90d423008d306ff13592b30080772f712db3fffa54783361b3f8c2cfa1154f2a71ffbe07f14d01504f606b1be46d78a2f695c086e528bedd4faa074c900b21a038872620151ebdca569a1da7acd60abd7b65e34e4a49c3453b2ff35ad014a597c1aa83184bd26d90824b0e61a03d0b0a901636b4364952140000000800fd00050000000c00de000900000000000000ba02488008006200", @ANYRES32=r5, @ANYBLOB="04000f800400d48064eb1e472a5d3e0e4d91bddee1f801b209841ee97ff6d8b48967df4cbc1dc5905cce8ed6e25cbb7350d65189effa76e53e94b4dfa5848cd3cfd9a9b9632a243852768ff6cdac602b304f56e33727687033d0a28d32808bae8d3d5c4b599e679aa3460dc92b9c6532bd1d31d48fa1a92bfeaaf6fe6faf1909da6b7671e11e9fd295c073103fccd144b2e199bba39012894f54454f1d2e3e834c03ccc9a961fbc74cbbf68037b39a72faf977ccec55096ec0539dfbf2edfe530751ef49724307d369389dad88b439e8bd818c9ab2c3670ab6f1d86cd11fd17e6f2fcd69bb3ee77e6e0870f1baef7589e34d7fecc6df7f2710366585581714f1237774c2d332dad30e03e952453e4e3d2e8f88ff200018122641a6e878302d6eceb5a737ce3f42998b7ce8fe67a0716ee84cfa676d58a6af5ca6dac41533a4059eaa034363f7e4aa9a776217e737778fa09a6e55f5e911c7e8a519bff3a7c13ad17a8b6a6c63401a0dc850fe87be84b2db2498e363d0b942d6b120c47854b5fee0b620690745041f2d0305b2a9a3f3cc51bbe153c76ea38a6601d7aedce49b27f8d373a4fc19da01243cf820790bb81eb0372103f15d0d42dca9f591e91c014508d70ef542f6e773b219afb754ed25f99b1f7d0183384c87e8f74bfa7518b1db5daf585b28b53a0a243f3eb053c97d916ea6c7497794a4bda63b0d03933bb2b3b038d98f2f8cb5a3763cf50591dbfd5562f20a872cd80cd9c2befab0afa567042608003800"/561, @ANYRES32=r6, @ANYBLOB="0400338075a56a49c24b1571eadccd68f5929306384086a0f30099350b20734e7fd66096b909728dc0f621be6aab7db938a4134bd52b351f36d3cc6f6fffd73a717722e82900f468e9fc5795473acfa28f95338b25f45ad57ffe8db27fa0054247508229b095633a490ce2cb46c7a5faddf06476ba6177f7e36e303102b6e9fb3598df97070000"], 0x13e0}, 0x1, 0x0, 0x0, 0xc0}, 0x800) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4, 0x4}, 0x77, 0xfffffffd, 0x0, 0x62c1) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) close_range$auto(0x2, 0x8, 0x0) mknod$auto(&(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0xa240, 0x15e) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) fcntl$auto(0x3, 0x4, 0xa553) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) io_uring_setup$auto(0x6, 0x0) read$auto(0x3, 0x0, 0x80) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa240, 0x15e) 2.043347391s ago: executing program 6 (id=2987): r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000080), 0x2140, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000040), 0x121000, 0x0) pread64$auto(r0, &(0x7f0000000140)=']}\x00', 0x101, 0x8) setgroups$auto(0xe32, &(0x7f0000000040)=0x9) openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy17/airtime_flags\x00', 0x81, 0x0) socket(0xa, 0x801, 0x106) set_mempolicy$auto(0x2, &(0x7f0000000200)=0x7e, 0x1fe) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone3(&(0x7f0000000340)={0x412a0500, 0x0, 0x0, 0x0, {0x2f}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) socket(0x840000000002, 0x3, 0xff) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x24004141) connect$auto(0x3, &(0x7f00000000c0), 0x55) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003540), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000035c0)={'macvlan0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PLCA_SET_CFG(r2, &(0x7f00000036c0)={0x0, 0x0, &(0x7f0000003680)={&(0x7f0000003600)={0x28, r3, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_PLCA_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x28}}, 0x40880) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x3f00) 1.697321257s ago: executing program 8 (id=2988): socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x0, 0x5, 0x0, 0x28) setsockopt$auto(0x3, 0x0, 0x5, 0x0, 0x28) rt_sigqueueinfo$auto(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={@_si_pad}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy0/aql_txq_limit\x00', 0x121c01, 0x0) write$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r0, &(0x7f0000006200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001680)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="230027bd7000fcdbdf2508ffe9000c000380050001800300000004000280080001"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x44044) 1.59990955s ago: executing program 2 (id=2989): io_uring_register$auto(0xffffffffffffffff, 0x4, &(0x7f0000000000)="ae9618aa4766cf971499e49e2f9c49b1b37394e68b555a4f2cddbac1b94f8ae990ac62fc", 0xd74) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) sched_getattr$auto(0x0, &(0x7f0000000100)={0x80000001, 0x8, 0x2, 0x7, 0x4e22, 0xd340, 0x200, 0x2, 0x8}, 0x101, 0x2) close_range$auto(r1, 0x8, 0x0) socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r3 = socket(0x2, 0x1, 0x106) connect$auto(0x3, &(0x7f00000000c0), 0x55) setsockopt$auto(r3, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfdf3) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYRES16=r4, @ANYBLOB="810b25bd7000ffdbdf2532000000080003", @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$auto_NL80211_CMD_GET_FTM_RESPONDER_STATS(r2, &(0x7f0000001f40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001f00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="081b", @ANYBLOB, @ANYRES32], 0x1b08}, 0x1, 0x0, 0x0, 0x800}, 0x40080) shutdown$auto(0x200000003, 0x2) io_uring_setup$auto(0x6, 0x0) bpf$auto(0x0, 0x0, 0x6f4) mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) 949.969241ms ago: executing program 2 (id=2990): mmap$auto(0x0, 0x20009, 0x10000000000df, 0x400000000000eb2, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f0000001480)='/proc/thread-self/gid_map\x00', 0x0, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0xa, 0x2, 0x88) recvmmsg$auto(r1, 0x0, 0x0, 0x9, &(0x7f0000000200)={0x6, 0x2}) socket(0x2, 0x6, 0x0) pipe$auto(0x0) poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7, 0x8}, 0x80, 0x400400) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0x4040, 0x75) socket(0x29c0e3696a8042c3, 0x2, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) ioperm$auto(0x3, 0x2, 0x149) mmap$auto(0x1, 0x2000b, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140), 0x55) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x24004141) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000080)=ANY=[], 0x80}}, 0x4800) move_pages$auto(0x0, 0x91, 0x0, 0x0, 0x0, 0x0) 717.667382ms ago: executing program 9 (id=2991): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) r1 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000280), 0x1e9282, 0x0) write$auto(r1, 0x0, 0x7) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7) sched_getattr$auto(0x0, &(0x7f0000000100)={0x80000001, 0x8, 0x2, 0x7, 0x4e22, 0xd340, 0x200, 0x2, 0x8}, 0x101, 0x0) close_range$auto(r0, 0x8, 0x0) socket(0xa, 0x2, 0x73) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) 277.978877ms ago: executing program 2 (id=2992): r0 = socket(0x18, 0x5, 0x2) r1 = openat$auto_binder_features_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/features/extended_error\x00', 0x400, 0x0) read$auto_binder_features_fops_(r1, &(0x7f00000000c0)=""/116, 0x74) r2 = openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x28240, 0x0) r3 = syz_genetlink_get_family_id$auto_nlbl_unlbl(&(0x7f0000000080), r2) sendmsg$auto_NLBL_UNLABEL_C_ACCEPT(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x14c, r3, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @NLBL_UNLABEL_A_SECCTX={0xbf, 0x7, "28825bcf319cee2ef4e18e5cf63c69c134cccab297cf2ccb6f7768d0157cdf5a92d8b821e1eee7ce3c3f024eb8f843aa65c9f1d3ba6e708941270215dd5d4d519ef4876d82f779eded0cb82afb1e0f4c6d5229ce08ad1296c01ac1ec69484defffdae0c181c0dfc89589a7db841e8b99c11aee78bd503e576f171b9e95561352f8d167a723b7d202801d2173648e577f6fe36077f71d26a13412f149998200dca3a565cfc7cb811cb4b1b3b82559b8bc65904ece8e7a7ca8200519"}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}]}, 0x14c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$auto_NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x60, r3, 0x2, 0x70bd2a, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'syzkaller0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x7}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_macvtap\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x38}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4044800}, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x2, 0x13, r4, 0x8000) io_uring_register$auto(0x100000001, 0x14, 0x0, 0x5) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) io_uring_setup$auto(0xfffffffb, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x8002, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x101080, 0x0) read$auto(r5, 0x0, 0x48) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 8 (id=2993): r0 = openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000000), 0x20682, 0x0) write$auto_lockdown_ops_lockdown(r0, &(0x7f0000000040)="3e928e", 0x3) mmap$auto(0x0, 0x400008, 0xe59, 0x10, 0x2, 0x8000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/exception_policy\x00', 0x40802, 0x0) write$auto_tomoyo_operations_securityfs_if(r2, &(0x7f00000001c0)="0a1b9a3ce8040000cd1aec49ec53c2efa0149258607deb6e163bb15497886d8ea5c2574c58e9867ecec3371cadb848770dc8f745b2c76eedba12b9bdbcf3401910e7733aca465c9bd40a", 0x4a) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r3 = socket(0xa, 0x2, 0x73) sendto$auto(r3, 0x0, 0xf, 0x800e, &(0x7f00000004c0), 0x19) ioctl$auto_PPPIOCGDEBUG(r1, 0x80047441, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vivid.0/video4linux/video34/dev_debug\x00', 0xc0202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x1f40) write$auto(0x3, 0x0, 0xfdef) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r4, 0x0, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x10a, 0x8, 0x0) socket(0x2, 0x3, 0xff) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0xa, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) write$auto(r5, 0x0, 0x0) ioprio_set$auto(0x2, 0x800000000, 0x8) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x0, 0x9, 0x11, 0x401, 0x7ffe) open(&(0x7f00000000c0)='./cgroup\x00', 0x3c1001, 0x27) kernel console output (not intermixed with test programs): process `syz.0.1985'. [ 750.333858][T13788] kernel write not supported for file /clear_warn_once (pid: 13788 comm: syz.0.1980) [ 751.079978][T13834] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1992'. [ 751.321564][T13815] delete_channel: no stack [ 752.311739][T13833] delete_channel: no stack [ 752.396217][T13818] kernel write not supported for file /clear_warn_once (pid: 13818 comm: syz.0.1985) [ 752.639962][T13849] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1996'. [ 752.643675][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.655353][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.150367][T13853] kernel write not supported for file /clear_warn_once (pid: 13853 comm: syz.0.1997) [ 753.468175][T13848] delete_channel: no stack [ 757.668757][T13899] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2008'. [ 757.775783][T13904] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2008'. [ 758.074447][T13860] kernel write not supported for file /clear_warn_once (pid: 13860 comm: syz.0.1999) [ 758.600330][T13796] kernel write not supported for file /clear_warn_once (pid: 13796 comm: syz.0.1980) [ 759.501177][T13914] Process accounting paused [ 761.363941][T13949] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 761.392408][T13949] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 762.156140][T13954] Invalid ELF header magic: != ELF [ 764.798825][T13973] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2025'. [ 767.199195][T14000] erspan0: entered allmulticast mode [ 771.400863][T14025] ip_vti0: entered allmulticast mode [ 771.616306][T14035] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2040'. [ 771.637832][T14035] lo: entered promiscuous mode [ 771.642676][T14035] lo: entered allmulticast mode [ 775.345881][T14058] netlink: 'syz.3.2043': attribute type 21 has an invalid length. [ 775.353787][T14058] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2043'. [ 777.276128][T14084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2047'. [ 778.207354][T14080] delete_channel: no stack [ 783.325609][T14127] futex_wake_op: syz.0.2068 tries to shift op by 64; fix this program [ 783.420290][T14127] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 786.368988][ T29] audit: type=1804 audit(8277292044.180:41): pid=14170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2072" name="#)-\&[}" dev="mqueue" ino=26606 res=1 errno=0 [ 786.390288][T14170] kernel read not supported for file /#)-\&[} (pid: 14170 comm: syz.5.2072) [ 786.465660][ T29] audit: type=1804 audit(8277292044.210:42): pid=14170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2072" name="#)-\&[}" dev="mqueue" ino=26606 res=1 errno=0 [ 786.567529][ T29] audit: type=1800 audit(8277292044.320:43): pid=14170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2072" name="#)-\&[}" dev="mqueue" ino=26606 res=0 errno=0 [ 790.168094][T14199] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2077'. [ 790.930982][T14202] mkiss: ax0: crc mode is auto. [ 791.116213][T14195] snd_aloop snd_aloop.0: control 4365:65536:1:é'x?F¢é/èìzFË·fCªáª:0 is already present [ 793.104687][T14209] Process accounting resumed [ 793.115422][T14209] kernel write not supported for file /clear_warn_once (pid: 14209 comm: syz.0.2085) [ 794.284237][T14199] delete_channel: no stack [ 795.571345][T14218] kernel write not supported for file /clear_warn_once (pid: 14218 comm: syz.0.2079) [ 796.302993][T14240] kernel write not supported for file /clear_warn_once (pid: 14240 comm: syz.0.2086) [ 796.959085][T14252] kernel write not supported for file /clear_warn_once (pid: 14252 comm: syz.0.2089) [ 798.056064][T14265] kernel read not supported for file /#)-\&[} (pid: 14265 comm: syz.3.2091) [ 798.085660][ T29] audit: type=1804 audit(8277292055.870:44): pid=14265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2091" name="#)-\&[}" dev="mqueue" ino=18238 res=1 errno=0 [ 798.261127][ T29] audit: type=1800 audit(8277292056.070:45): pid=14265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2091" name="#)-\&[}" dev="mqueue" ino=18238 res=0 errno=0 [ 798.896784][T14258] kernel write not supported for file /clear_warn_once (pid: 14258 comm: syz.0.2092) [ 799.742906][T14281] kernel write not supported for file /clear_warn_once (pid: 14281 comm: syz.0.2094) [ 800.130375][ T29] audit: type=1800 audit(8277292057.930:46): pid=14279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2100" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 800.368299][T14277] kernel write not supported for file /clear_warn_once (pid: 14277 comm: syz.0.2094) [ 801.861753][T14296] kernel write not supported for file /clear_warn_once (pid: 14296 comm: syz.0.2096) [ 801.909862][T14301] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2098'. [ 805.447017][T14300] delete_channel: no stack [ 806.006105][T14313] kernel write not supported for file /clear_warn_once (pid: 14313 comm: syz.0.2109) [ 807.030077][T14320] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2102'. [ 807.051606][T14327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2101'. [ 807.124553][T14327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2101'. [ 807.477402][T14330] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2103'. [ 808.102048][T14323] kernel write not supported for file /clear_warn_once (pid: 14323 comm: syz.0.2113) [ 812.177554][T14341] kernel write not supported for file /clear_warn_once (pid: 14341 comm: syz.0.2116) [ 812.230385][T14297] kernel write not supported for file /clear_warn_once (pid: 14297 comm: syz.0.2096) [ 814.106297][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.112653][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.351703][T14355] kernel write not supported for file /clear_warn_once (pid: 14355 comm: syz.0.2111) [ 815.408409][T14361] kernel write not supported for file /clear_warn_once (pid: 14361 comm: syz.0.2115) [ 816.073459][T14368] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2118'. [ 816.085790][T14368] lo: entered promiscuous mode [ 816.090642][T14368] lo: entered allmulticast mode [ 816.133164][T14364] kernel write not supported for file /clear_warn_once (pid: 14364 comm: syz.0.2117) [ 816.393631][T14374] kernel write not supported for file /clear_warn_once (pid: 14374 comm: syz.0.2120) [ 816.918260][T14380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2122'. [ 817.065418][T14383] kernel write not supported for file /clear_warn_once (pid: 14383 comm: syz.0.2130) [ 818.396694][T14392] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2133'. [ 820.838993][T14389] kernel write not supported for file /clear_warn_once (pid: 14389 comm: syz.0.2133) [ 821.261656][T14419] nfs: Unknown parameter 'nl80211' [ 821.394147][T14419] kernel write not supported for file /clear_warn_once (pid: 14419 comm: syz.0.2139) [ 821.651318][T14424] QAT: failed to copy from user cfg_data. [ 821.998272][T14423] kernel write not supported for file /clear_warn_once (pid: 14423 comm: syz.0.2131) [ 823.895528][T14444] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2138'. [ 824.045413][T14429] Process accounting paused [ 824.062234][T14444] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 824.165706][T14444] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 824.469633][T14444] bridge0: port 3(batadv0) entered disabled state [ 825.147039][T14444] batadv0 (unregistering): left allmulticast mode [ 825.153565][T14444] batadv0 (unregistering): left promiscuous mode [ 825.195920][T14444] bridge0: port 3(batadv0) entered disabled state [ 825.721364][T14460] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2143'. [ 830.056299][T14498] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2156'. [ 830.157834][T14498] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 830.224048][T14498] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 835.153433][T14535] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2166'. [ 837.524376][T14532] delete_channel: no stack [ 843.874206][T14595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2182'. [ 844.967620][T14594] delete_channel: no stack [ 848.529568][T14612] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2195'. [ 854.089594][T14658] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2204'. [ 854.112068][T14667] Process accounting resumed [ 854.141855][T14667] kernel write not supported for file /clear_warn_once (pid: 14667 comm: syz.0.2208) [ 854.692786][T14672] kernel write not supported for file /clear_warn_once (pid: 14672 comm: syz.0.2217) [ 854.938339][T14656] delete_channel: no stack [ 855.708146][T14677] kernel write not supported for file /clear_warn_once (pid: 14677 comm: syz.0.2210) [ 857.844643][T14684] kernel write not supported for file /clear_warn_once (pid: 14684 comm: syz.0.2211) [ 859.316225][T14675] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 859.415602][T14675] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 859.545753][T14675] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 859.589651][T14675] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 861.000524][T14698] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2216'. [ 861.108394][T14688] kernel write not supported for file /clear_warn_once (pid: 14688 comm: syz.0.2212) [ 861.401551][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 861.407805][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 861.515582][T12476] Bluetooth: hci0: command 0x0406 tx timeout [ 861.600341][T12476] Bluetooth: hci4: command 0x0406 tx timeout [ 861.986904][T14701] kernel write not supported for file /clear_warn_once (pid: 14701 comm: syz.0.2219) [ 863.767086][T14681] kernel write not supported for file /clear_warn_once (pid: 14681 comm: syz.0.2210) [ 865.152950][T14698] delete_channel: no stack [ 865.565753][T14710] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2229'. [ 866.548759][T14706] kernel write not supported for file /clear_warn_once (pid: 14706 comm: syz.0.2229) [ 867.028779][T14719] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2222'. [ 867.734804][T14717] kernel write not supported for file /clear_warn_once (pid: 14717 comm: syz.0.2222) [ 869.303557][T14724] kernel write not supported for file /clear_warn_once (pid: 14724 comm: syz.0.2224) [ 873.505357][T14737] kernel write not supported for file /clear_warn_once (pid: 14737 comm: syz.0.2225) [ 874.480908][T14773] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2236'. [ 874.492756][T14773] lo: entered promiscuous mode [ 874.499855][T14773] lo: entered allmulticast mode [ 875.526003][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.532402][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.672590][T14768] kernel write not supported for file /clear_warn_once (pid: 14768 comm: syz.0.2235) [ 876.016855][T14783] kernel write not supported for file /clear_warn_once (pid: 14783 comm: syz.0.2239) [ 877.258277][T14788] kernel write not supported for file /clear_warn_once (pid: 14788 comm: syz.0.2242) [ 877.705167][T14787] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2240'. [ 878.148124][T14801] kernel write not supported for file /clear_warn_once (pid: 14801 comm: syz.0.2246) [ 878.689479][T14787] lo: entered promiscuous mode [ 878.814197][T14809] kernel write not supported for file /clear_warn_once (pid: 14809 comm: syz.0.2247) [ 879.007066][T14787] lo: entered allmulticast mode [ 880.418053][T14814] kernel write not supported for file /clear_warn_once (pid: 14814 comm: syz.0.2249) [ 880.881338][T14825] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2250'. [ 881.045806][T14824] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 881.273762][T14821] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2252'. [ 881.319495][T14821] kernel write not supported for file /clear_warn_once (pid: 14821 comm: syz.0.2252) [ 881.469325][T14827] kernel write not supported for file /clear_warn_once (pid: 14827 comm: syz.0.2252) [ 881.914359][T14829] kernel write not supported for file /clear_warn_once (pid: 14829 comm: syz.0.2253) [ 882.468830][T14833] kernel write not supported for file /clear_warn_once (pid: 14833 comm: syz.0.2255) [ 884.035644][T14840] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2258'. [ 884.107810][T14840] lo: entered promiscuous mode [ 884.112653][T14840] lo: entered allmulticast mode [ 885.674491][T14825] delete_channel: no stack [ 888.689548][T14837] Process accounting paused [ 889.326477][T14853] netlink: 'syz.5.2261': attribute type 1 has an invalid length. [ 890.257061][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 890.270273][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 890.311679][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 890.344098][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 890.353451][ T5832] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 890.361131][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 891.140697][T14885] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2267'. [ 891.671415][T14885] lo: entered promiscuous mode [ 891.698453][T14885] lo: entered allmulticast mode [ 891.708208][T14876] chnl_net:caif_netlink_parms(): no params data found [ 892.395934][T12476] Bluetooth: hci3: command tx timeout [ 892.836572][T14876] bridge0: port 1(bridge_slave_0) entered blocking state [ 892.853243][T14876] bridge0: port 1(bridge_slave_0) entered disabled state [ 892.895212][T14876] bridge_slave_0: entered allmulticast mode [ 892.957063][T14876] bridge_slave_0: entered promiscuous mode [ 893.086257][T14894] QAT: failed to copy from user cfg_data. [ 893.392773][T14876] bridge0: port 2(bridge_slave_1) entered blocking state [ 893.458756][T14876] bridge0: port 2(bridge_slave_1) entered disabled state [ 893.514017][T14876] bridge_slave_1: entered allmulticast mode [ 893.577327][T14876] bridge_slave_1: entered promiscuous mode [ 894.108141][T14876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 894.231894][T14876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 894.475702][T12476] Bluetooth: hci3: command tx timeout [ 894.594534][T14876] team0: Port device team_slave_0 added [ 894.686826][T14876] team0: Port device team_slave_1 added [ 895.040129][T14876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 895.095763][T14876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 895.238987][T14876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 895.319104][T14876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 895.367655][T14876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 895.516915][T14876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 896.160232][T14876] hsr_slave_0: entered promiscuous mode [ 896.312361][T14876] hsr_slave_1: entered promiscuous mode [ 896.386061][T14901] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2272'. [ 896.558822][T12476] Bluetooth: hci3: command tx timeout [ 896.595795][T14876] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 896.603431][T14876] Cannot create hsr debugfs directory [ 897.848099][T14876] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 898.376393][T14909] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2276'. [ 898.450494][T14876] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 898.635606][T12476] Bluetooth: hci3: command tx timeout [ 898.787859][T14876] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 899.809949][T14917] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2278'. [ 900.294746][T14876] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.849193][T14876] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 900.985736][T14876] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 901.255689][T14876] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 901.310775][T14876] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 901.542537][T14924] program syz.0.2279 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 901.913978][T14876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 902.065024][T14876] 8021q: adding VLAN 0 to HW filter on device team0 [ 902.307779][ T9855] bridge0: port 1(bridge_slave_0) entered blocking state [ 902.314939][ T9855] bridge0: port 1(bridge_slave_0) entered forwarding state [ 902.439071][ T9855] bridge0: port 2(bridge_slave_1) entered blocking state [ 902.446272][ T9855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 902.661000][T14876] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 903.784761][T14876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 904.104027][T14876] veth0_vlan: entered promiscuous mode [ 904.171775][T14876] veth1_vlan: entered promiscuous mode [ 904.369922][T14876] veth0_macvtap: entered promiscuous mode [ 904.414571][T14876] veth1_macvtap: entered promiscuous mode [ 904.508218][T14876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 904.551730][T14876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 904.605760][T14876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 904.645961][T14876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 904.701052][T14876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 904.732260][T14876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 904.790796][T14876] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 904.830651][T14876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 904.894324][T14876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 904.933385][T14876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 905.003083][T14876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 905.065553][T14876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 905.111522][T14876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 905.161849][T14876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 905.186539][T14876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 905.228831][T14876] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 905.275692][T14876] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 905.326615][T14876] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 905.391435][T14876] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.423157][T14876] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.432248][T14876] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.452011][T14876] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 906.085636][T14951] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 906.091944][T14951] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 906.126143][T14951] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 906.132278][T14951] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 906.247006][T14951] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 906.257938][T14951] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 906.522671][ T213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 906.557025][ T213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 906.759924][ T213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 906.778984][ T213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 906.859239][T14955] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 906.966156][T14955] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 907.145813][T14955] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 907.298855][T14955] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 908.493549][T14972] FAULT_INJECTION: forcing a failure. [ 908.493549][T14972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 908.506862][T14972] CPU: 1 UID: 0 PID: 14972 Comm: syz.5.2291 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 908.517693][T14972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 908.527798][T14972] Call Trace: [ 908.531104][T14972] [ 908.534081][T14972] dump_stack_lvl+0x16c/0x1f0 [ 908.538829][T14972] should_fail_ex+0x497/0x5b0 [ 908.543586][T14972] _copy_from_user+0x2e/0xd0 [ 908.548239][T14972] adf_ctl_alloc_resources+0x88/0x120 [ 908.553698][T14972] adf_ctl_ioctl+0x712/0xfe0 [ 908.558336][T14972] ? __pfx_lock_release+0x10/0x10 [ 908.563483][T14972] ? __pfx_adf_ctl_ioctl+0x10/0x10 [ 908.568647][T14972] ? __fget_files+0x206/0x3a0 [ 908.573365][T14972] ? __pfx_adf_ctl_ioctl+0x10/0x10 [ 908.578523][T14972] __x64_sys_ioctl+0x190/0x200 [ 908.583341][T14972] do_syscall_64+0xcd/0x250 [ 908.587888][T14972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.593824][T14972] RIP: 0033:0x7fa476b85d29 [ 908.598281][T14972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 908.617928][T14972] RSP: 002b:00007fa477990038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 908.626380][T14972] RAX: ffffffffffffffda RBX: 00007fa476d75fa0 RCX: 00007fa476b85d29 [ 908.634383][T14972] RDX: 0000000000000000 RSI: 0000000040096101 RDI: 0000000000000003 [ 908.642389][T14972] RBP: 00007fa477990090 R08: 0000000000000000 R09: 0000000000000000 [ 908.650395][T14972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 908.658394][T14972] R13: 0000000000000000 R14: 00007fa476d75fa0 R15: 00007ffd1f034378 [ 908.666412][T14972] [ 908.748944][T14972] QAT: failed to copy from user cfg_data. [ 908.875625][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 908.965371][T14968] Unable to find swap-space signature [ 909.037662][ T5832] Bluetooth: hci0: command 0x0406 tx timeout [ 909.195736][ T5832] Bluetooth: hci4: command 0x0406 tx timeout [ 909.395694][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 910.341232][T14989] FAULT_INJECTION: forcing a failure. [ 910.341232][T14989] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 910.485768][T14989] CPU: 1 UID: 0 PID: 14989 Comm: syz.0.2295 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 910.496621][T14989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 910.506738][T14989] Call Trace: [ 910.510098][T14989] [ 910.513053][T14989] dump_stack_lvl+0x16c/0x1f0 [ 910.517778][T14989] should_fail_ex+0x497/0x5b0 [ 910.522506][T14989] _copy_from_iter+0x29b/0x1400 [ 910.527407][T14989] ? trace_lock_acquire+0x14e/0x1f0 [ 910.532655][T14989] ? __alloc_skb+0x200/0x380 [ 910.537298][T14989] ? __pfx__copy_from_iter+0x10/0x10 [ 910.542630][T14989] ? __virt_addr_valid+0x1a4/0x590 [ 910.547790][T14989] ? __virt_addr_valid+0x5e/0x590 [ 910.552853][T14989] ? __phys_addr_symbol+0x30/0x80 [ 910.557920][T14989] ? __check_object_size+0x488/0x710 [ 910.563258][T14989] netlink_sendmsg+0x813/0xd70 [ 910.568068][T14989] ? __pfx_netlink_sendmsg+0x10/0x10 [ 910.573405][T14989] ____sys_sendmsg+0x9ae/0xb40 [ 910.578212][T14989] ? copy_msghdr_from_user+0x10b/0x160 [ 910.583719][T14989] ? __pfx_____sys_sendmsg+0x10/0x10 [ 910.589055][T14989] ___sys_sendmsg+0x135/0x1e0 [ 910.593784][T14989] ? __pfx____sys_sendmsg+0x10/0x10 [ 910.599045][T14989] ? __pfx_lock_release+0x10/0x10 [ 910.604099][T14989] ? trace_lock_acquire+0x14e/0x1f0 [ 910.609352][T14989] ? __fget_files+0x206/0x3a0 [ 910.614072][T14989] __sys_sendmsg+0x16e/0x220 [ 910.618715][T14989] ? __pfx___sys_sendmsg+0x10/0x10 [ 910.623891][T14989] do_syscall_64+0xcd/0x250 [ 910.628467][T14989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 910.634403][T14989] RIP: 0033:0x7ff4f9985d29 [ 910.638848][T14989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 910.658494][T14989] RSP: 002b:00007ff4fa7cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 910.666943][T14989] RAX: ffffffffffffffda RBX: 00007ff4f9b75fa0 RCX: 00007ff4f9985d29 [ 910.674949][T14989] RDX: 0000000000004000 RSI: 0000000020000100 RDI: 0000000000000003 [ 910.682961][T14989] RBP: 00007ff4fa7cd090 R08: 0000000000000000 R09: 0000000000000000 [ 910.690972][T14989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 910.698997][T14989] R13: 0000000000000000 R14: 00007ff4f9b75fa0 R15: 00007fff1c8142d8 [ 910.707022][T14989] [ 910.922216][T14947] syz.1.2283 (14947) used greatest stack depth: 19376 bytes left [ 911.270205][T14993] can0: slcan on ptm0. [ 911.285208][T14994] QAT: Device 0 not found [ 911.435631][T12476] Bluetooth: hci3: command 0x0c1a tx timeout [ 911.984888][T14992] can0 (unregistered): slcan off ptm0. [ 913.515731][T12476] Bluetooth: hci3: command 0x0c1a tx timeout [ 919.066378][T15047] : Can't lookup blockdev [ 922.006190][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 922.018104][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 922.026507][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 922.035633][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 922.045852][ T5832] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 922.055234][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 923.020391][T15072] chnl_net:caif_netlink_parms(): no params data found [ 924.165638][ T5832] Bluetooth: hci2: command tx timeout [ 925.636713][T15072] bridge0: port 1(bridge_slave_0) entered blocking state [ 925.680011][T15072] bridge0: port 1(bridge_slave_0) entered disabled state [ 925.736176][T15072] bridge_slave_0: entered allmulticast mode [ 925.825773][T15072] bridge_slave_0: entered promiscuous mode [ 925.856718][T15072] bridge0: port 2(bridge_slave_1) entered blocking state [ 925.911074][T15072] bridge0: port 2(bridge_slave_1) entered disabled state [ 925.955843][T15072] bridge_slave_1: entered allmulticast mode [ 926.039847][T15072] bridge_slave_1: entered promiscuous mode [ 926.238872][ T5832] Bluetooth: hci2: command tx timeout [ 927.068090][T15072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 927.108602][T15072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 928.003033][T15072] team0: Port device team_slave_0 added [ 928.047468][T15072] team0: Port device team_slave_1 added [ 928.315591][ T5832] Bluetooth: hci2: command tx timeout [ 928.321773][T15104] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2316'. [ 928.685685][T15100] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 928.935596][T15100] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 928.950511][T15100] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 928.956835][T15100] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 928.962859][T15100] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 929.647848][T15072] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 929.654857][T15072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 929.698125][T15100] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 930.015675][T15072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 930.052562][T15072] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 930.105564][T15072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 930.223134][T15072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 930.715672][T12476] Bluetooth: hci0: command 0x0406 tx timeout [ 930.906682][T15107] FAULT_INJECTION: forcing a failure. [ 930.906682][T15107] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 930.956138][T12476] Bluetooth: hci4: command 0x0406 tx timeout [ 931.315619][T15107] CPU: 1 UID: 0 PID: 15107 Comm: syz.5.2317 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 931.326479][T15107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 931.336580][T15107] Call Trace: [ 931.339888][T15107] [ 931.342853][T15107] dump_stack_lvl+0x16c/0x1f0 [ 931.347605][T15107] should_fail_ex+0x497/0x5b0 [ 931.352339][T15107] _copy_to_user+0x32/0xd0 [ 931.356820][T15107] simple_read_from_buffer+0xd0/0x160 [ 931.362266][T15107] proc_fail_nth_read+0x198/0x270 [ 931.367358][T15107] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 931.373006][T15107] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 931.378624][T15107] vfs_read+0x1df/0xbe0 [ 931.382863][T15107] ? __fget_files+0x1fc/0x3a0 [ 931.387592][T15107] ? __pfx___mutex_lock+0x10/0x10 [ 931.392673][T15107] ? __pfx_vfs_read+0x10/0x10 [ 931.397412][T15107] ? __fget_files+0x206/0x3a0 [ 931.402155][T15107] ksys_read+0x12b/0x250 [ 931.406450][T15107] ? __pfx_ksys_read+0x10/0x10 [ 931.411270][T15107] do_syscall_64+0xcd/0x250 [ 931.415830][T15107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 931.421776][T15107] RIP: 0033:0x7fa476b8473c [ 931.426239][T15107] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 931.445904][T15107] RSP: 002b:00007fa477990030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 931.454366][T15107] RAX: ffffffffffffffda RBX: 00007fa476d75fa0 RCX: 00007fa476b8473c [ 931.462378][T15107] RDX: 000000000000000f RSI: 00007fa4779900a0 RDI: 0000000000000004 [ 931.470394][T15107] RBP: 00007fa477990090 R08: 0000000000000000 R09: 0000000000000000 [ 931.478404][T15107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 931.486416][T15107] R13: 0000000000000000 R14: 00007fa476d75fa0 R15: 00007ffd1f034378 [ 931.494460][T15107] [ 931.515595][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 931.521713][T12476] Bluetooth: hci3: command 0x0c1a tx timeout [ 931.919485][T14502] syz.1.2164 (14502) used greatest stack depth: 19152 bytes left [ 932.602840][T15072] hsr_slave_0: entered promiscuous mode [ 932.707910][T15072] hsr_slave_1: entered promiscuous mode [ 932.825985][T15072] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 932.833618][T15072] Cannot create hsr debugfs directory [ 933.456298][T14510] syz.1.2158 (14510) used greatest stack depth: 18560 bytes left [ 933.604293][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 935.229245][T15072] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 935.329975][T15072] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 935.479552][T12476] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 935.495473][T12476] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 935.504502][T12476] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 935.514022][T12476] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 935.695542][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 935.759539][T12476] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 935.767172][T12476] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 935.856551][T15072] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 936.037637][T15072] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 936.541107][T15072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 936.558913][T15072] 8021q: adding VLAN 0 to HW filter on device team0 [ 936.599552][T15072] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 936.610014][T15072] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 936.849056][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 936.856320][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 936.867876][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 936.875007][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 936.958282][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.964649][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.842188][ T5832] Bluetooth: hci1: command tx timeout [ 938.195587][T15117] chnl_net:caif_netlink_parms(): no params data found [ 938.227478][T15126] netlink: 330 bytes leftover after parsing attributes in process `syz.5.2321'. [ 938.383545][T15072] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 939.927063][ T5832] Bluetooth: hci1: command tx timeout [ 940.234326][T15117] bridge0: port 1(bridge_slave_0) entered blocking state [ 940.248527][T15117] bridge0: port 1(bridge_slave_0) entered disabled state [ 940.314950][T15117] bridge_slave_0: entered allmulticast mode [ 940.334259][T15117] bridge_slave_0: entered promiscuous mode [ 940.374707][T15117] bridge0: port 2(bridge_slave_1) entered blocking state [ 940.425569][T15117] bridge0: port 2(bridge_slave_1) entered disabled state [ 940.432908][T15117] bridge_slave_1: entered allmulticast mode [ 940.497000][T15117] bridge_slave_1: entered promiscuous mode [ 940.638540][T15145] ICMPv6: process `syz.3.2324' is using deprecated sysctl (syscall) net.ipv6.neigh.virt_wifi0.retrans_time - use net.ipv6.neigh.virt_wifi0.retrans_time_ms instead [ 941.088554][T15117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 941.121243][T15117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 941.577823][T15117] team0: Port device team_slave_0 added [ 941.588684][T15072] veth0_vlan: entered promiscuous mode [ 941.631423][T15117] team0: Port device team_slave_1 added [ 941.996551][ T5832] Bluetooth: hci1: command tx timeout [ 942.081539][T15072] veth1_vlan: entered promiscuous mode [ 942.106749][T15117] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 942.113755][T15117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 942.225502][T15117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 942.297041][T15117] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 942.304042][T15117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 942.432666][T15117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 942.641007][T15072] veth0_macvtap: entered promiscuous mode [ 942.721255][T15117] hsr_slave_0: entered promiscuous mode [ 942.741250][T15117] hsr_slave_1: entered promiscuous mode [ 942.766630][T15117] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 942.790053][T15117] Cannot create hsr debugfs directory [ 942.812595][T15072] veth1_macvtap: entered promiscuous mode [ 943.086525][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 943.115952][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.131628][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 943.147924][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.178674][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 943.204229][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.229188][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 943.254072][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.283395][T15163] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 943.290157][T15163] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 943.306739][T15163] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 943.307986][T15072] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 943.312838][T15163] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 943.337850][T15163] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 943.360788][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 943.400563][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.435534][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 943.478880][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.515620][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 943.555488][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.575508][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 943.597970][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.615532][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 943.635490][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.655744][T15072] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 943.679100][T15072] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 943.698611][T15072] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 943.778264][T15163] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 944.210475][T15072] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 944.225499][T15072] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 944.234284][T15072] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 944.296248][T15072] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 944.616011][T15117] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 944.657599][T15117] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 944.839163][T15117] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 944.917437][T12476] Bluetooth: hci4: command 0x0406 tx timeout [ 945.357327][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 945.363437][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 945.369716][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout [ 945.443592][T15117] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 945.791087][ T213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 945.806476][ T213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 946.079523][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 946.115564][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 946.450989][T15117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 946.527049][T15117] 8021q: adding VLAN 0 to HW filter on device team0 [ 946.568340][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 946.575552][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 946.618783][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 946.625968][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 947.454406][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 948.198358][T15117] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 949.176678][T15117] veth0_vlan: entered promiscuous mode [ 949.242413][T15117] veth1_vlan: entered promiscuous mode [ 949.356567][T15117] veth0_macvtap: entered promiscuous mode [ 949.389675][T15117] veth1_macvtap: entered promiscuous mode [ 949.458503][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 949.480403][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 949.519140][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 949.530938][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 949.619213][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 949.640005][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 949.665955][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 949.696795][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 949.737277][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 949.779479][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 949.817765][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 949.847993][T15117] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 949.900267][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 949.941065][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 949.970471][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 950.008004][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 950.053052][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 950.085643][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 950.124165][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 950.155371][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 950.165328][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 950.226709][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 950.265488][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 950.299219][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 950.337317][T15117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 950.382187][T15117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 950.424047][T15117] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 950.481698][T15117] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.524409][T15117] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.557428][T15117] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.588374][T15117] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.974986][ T9855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.070277][ T9855] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 951.349027][ T8374] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 951.405781][ T8374] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 952.811292][T15227] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 952.840637][T15227] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 953.055478][T15227] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 953.086509][T15227] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 953.592175][T15235] netlink: 334 bytes leftover after parsing attributes in process `syz.7.2343'. [ 954.237614][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 954.886882][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 955.126300][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 955.134576][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 956.418436][T15261] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 956.445815][T15261] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 956.467209][T15261] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 956.537911][T15261] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 956.826146][T15269] FAULT_INJECTION: forcing a failure. [ 956.826146][T15269] name failslab, interval 1, probability 0, space 0, times 0 [ 956.839062][T15269] CPU: 1 UID: 0 PID: 15269 Comm: syz.5.2342 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 956.849879][T15269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 956.860009][T15269] Call Trace: [ 956.863320][T15269] [ 956.866282][T15269] dump_stack_lvl+0x16c/0x1f0 [ 956.871029][T15269] should_fail_ex+0x497/0x5b0 [ 956.875773][T15269] ? fs_reclaim_acquire+0xae/0x150 [ 956.880939][T15269] should_failslab+0xc2/0x120 [ 956.885674][T15269] kmem_cache_alloc_node_noprof+0x72/0x3b0 [ 956.891542][T15269] ? __alloc_skb+0x2b3/0x380 [ 956.896190][T15269] ? genl_start+0x1e7/0x960 [ 956.900747][T15269] __alloc_skb+0x2b3/0x380 [ 956.905229][T15269] ? __pfx___alloc_skb+0x10/0x10 [ 956.910220][T15269] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 956.916359][T15269] netlink_dump+0x699/0xd00 [ 956.920915][T15269] ? __pfx_netlink_dump+0x10/0x10 [ 956.926004][T15269] ? kasan_save_track+0x14/0x30 [ 956.930906][T15269] ? __kasan_kmalloc+0xaa/0xb0 [ 956.935726][T15269] ? genl_start+0x67d/0x960 [ 956.940295][T15269] __netlink_dump_start+0x6d9/0x980 [ 956.945547][T15269] genl_family_rcv_msg_dumpit+0x1e1/0x2e0 [ 956.951327][T15269] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 956.957622][T15269] ? genl_op_from_small+0x25/0x440 [ 956.962802][T15269] ? __pfx_genl_get_cmd+0x10/0x10 [ 956.967879][T15269] ? __pfx_genl_start+0x10/0x10 [ 956.972792][T15269] ? __pfx_genl_dumpit+0x10/0x10 [ 956.977793][T15269] ? __pfx_genl_done+0x10/0x10 [ 956.982618][T15269] ? __radix_tree_lookup+0x21f/0x2c0 [ 956.987962][T15269] genl_rcv_msg+0x470/0x800 [ 956.992531][T15269] ? __pfx_genl_rcv_msg+0x10/0x10 [ 956.997632][T15269] ? __pfx_nl80211_get_reg_dump+0x10/0x10 [ 957.003457][T15269] netlink_rcv_skb+0x165/0x410 [ 957.008270][T15269] ? __pfx_genl_rcv_msg+0x10/0x10 [ 957.013352][T15269] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 957.018704][T15269] ? down_read+0xc9/0x330 [ 957.023128][T15269] ? __pfx_down_read+0x10/0x10 [ 957.027950][T15269] ? netlink_deliver_tap+0x1ae/0xca0 [ 957.033303][T15269] genl_rcv+0x28/0x40 [ 957.037357][T15269] netlink_unicast+0x53c/0x7f0 [ 957.042188][T15269] ? __pfx_netlink_unicast+0x10/0x10 [ 957.047534][T15269] ? __phys_addr_symbol+0x30/0x80 [ 957.052632][T15269] ? __check_object_size+0x488/0x710 [ 957.058001][T15269] netlink_sendmsg+0x8b8/0xd70 [ 957.062833][T15269] ? __pfx_netlink_sendmsg+0x10/0x10 [ 957.068192][T15269] ____sys_sendmsg+0x9ae/0xb40 [ 957.073011][T15269] ? copy_msghdr_from_user+0x10b/0x160 [ 957.078533][T15269] ? __pfx_____sys_sendmsg+0x10/0x10 [ 957.083887][T15269] ___sys_sendmsg+0x135/0x1e0 [ 957.088633][T15269] ? __pfx____sys_sendmsg+0x10/0x10 [ 957.093912][T15269] ? __pfx_lock_release+0x10/0x10 [ 957.098983][T15269] ? trace_lock_acquire+0x14e/0x1f0 [ 957.104258][T15269] ? __fget_files+0x206/0x3a0 [ 957.109000][T15269] __sys_sendmsg+0x16e/0x220 [ 957.114130][T15269] ? __pfx___sys_sendmsg+0x10/0x10 [ 957.119329][T15269] do_syscall_64+0xcd/0x250 [ 957.123897][T15269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 957.129846][T15269] RIP: 0033:0x7fa476b85d29 [ 957.134301][T15269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 957.153957][T15269] RSP: 002b:00007fa477990038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 957.162417][T15269] RAX: ffffffffffffffda RBX: 00007fa476d75fa0 RCX: 00007fa476b85d29 [ 957.170435][T15269] RDX: 0000000000004000 RSI: 0000000020000100 RDI: 0000000000000003 [ 957.178448][T15269] RBP: 00007fa477990090 R08: 0000000000000000 R09: 0000000000000000 [ 957.186460][T15269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 957.194474][T15269] R13: 0000000000000000 R14: 00007fa476d75fa0 R15: 00007ffd1f034378 [ 957.202506][T15269] [ 957.711731][T15276] FAULT_INJECTION: forcing a failure. [ 957.711731][T15276] name failslab, interval 1, probability 0, space 0, times 0 [ 957.816603][T15276] CPU: 1 UID: 0 PID: 15276 Comm: syz.7.2355 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 957.827450][T15276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 957.837548][T15276] Call Trace: [ 957.840859][T15276] [ 957.843825][T15276] dump_stack_lvl+0x16c/0x1f0 [ 957.848587][T15276] should_fail_ex+0x497/0x5b0 [ 957.853321][T15276] ? fs_reclaim_acquire+0xae/0x150 [ 957.858485][T15276] should_failslab+0xc2/0x120 [ 957.863219][T15276] __kmalloc_noprof+0xce/0x4f0 [ 957.868038][T15276] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 957.873715][T15276] ? tomoyo_realpath_from_path+0xbf/0x710 [ 957.879491][T15276] ? rcu_is_watching+0x12/0xc0 [ 957.884319][T15276] tomoyo_realpath_from_path+0xbf/0x710 [ 957.889934][T15276] tomoyo_check_open_permission+0x2ad/0x3c0 [ 957.895903][T15276] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 957.902427][T15276] ? __pfx_hook_file_open+0x10/0x10 [ 957.907694][T15276] ? lock_acquire+0x2f/0xb0 [ 957.912242][T15276] ? mnt_get_write_access+0x6a/0x300 [ 957.917598][T15276] tomoyo_file_open+0x6b/0x90 [ 957.922334][T15276] security_file_open+0x84/0x1e0 [ 957.927324][T15276] do_dentry_open+0x57e/0x1ea0 [ 957.932144][T15276] ? inode_permission+0xdd/0x5f0 [ 957.937147][T15276] vfs_open+0x82/0x3f0 [ 957.941277][T15276] ? may_open+0x1f2/0x400 [ 957.945678][T15276] path_openat+0x1e6a/0x2d60 [ 957.950337][T15276] ? __pfx_path_openat+0x10/0x10 [ 957.955343][T15276] ? __pfx___lock_acquire+0x10/0x10 [ 957.960607][T15276] ? lock_acquire.part.0+0x11b/0x380 [ 957.965951][T15276] ? find_held_lock+0x2d/0x110 [ 957.970778][T15276] do_filp_open+0x20c/0x470 [ 957.975338][T15276] ? __pfx_do_filp_open+0x10/0x10 [ 957.980415][T15276] ? find_held_lock+0x2d/0x110 [ 957.985264][T15276] ? alloc_fd+0x41f/0x760 [ 957.989664][T15276] do_sys_openat2+0x17a/0x1e0 [ 957.994406][T15276] ? __pfx_do_sys_openat2+0x10/0x10 [ 957.999680][T15276] ? __fget_files+0x206/0x3a0 [ 958.004423][T15276] __x64_sys_openat+0x175/0x210 [ 958.009339][T15276] ? __pfx___x64_sys_openat+0x10/0x10 [ 958.014773][T15276] ? ksys_write+0x1ba/0x250 [ 958.019341][T15276] do_syscall_64+0xcd/0x250 [ 958.023903][T15276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 958.029860][T15276] RIP: 0033:0x7fdbb3185d29 [ 958.034320][T15276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 958.053980][T15276] RSP: 002b:00007fdbb0ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 958.062449][T15276] RAX: ffffffffffffffda RBX: 00007fdbb3375fa0 RCX: 00007fdbb3185d29 [ 958.070460][T15276] RDX: 0000000000004001 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 958.078476][T15276] RBP: 00007fdbb0ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 958.086492][T15276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 958.094501][T15276] R13: 0000000000000001 R14: 00007fdbb3375fa0 R15: 00007ffde8eb2338 [ 958.102535][T15276] [ 958.951550][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 958.957718][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 958.963833][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 958.970185][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout [ 959.109649][T15276] ERROR: Out of memory at tomoyo_realpath_from_path. [ 959.689396][T15278] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2358'. [ 959.730844][T15278] lo: entered promiscuous mode [ 959.767134][T15278] lo: entered allmulticast mode [ 962.065072][T15294] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 962.075186][T15294] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 962.083552][T15294] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 962.090345][T15294] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 963.119869][T15302] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2364'. [ 963.174552][T15302] lo: entered promiscuous mode [ 963.192716][T15302] lo: entered allmulticast mode [ 963.368182][T15305] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 963.634288][T15305] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 963.663931][T15305] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 963.875896][T15305] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 965.254823][T15327] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2369'. [ 965.435580][T12476] Bluetooth: hci4: command 0x0406 tx timeout [ 965.675913][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 965.684091][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 965.925525][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 966.237101][T15327] lo: entered promiscuous mode [ 966.321227][T15327] lo: entered allmulticast mode [ 975.643645][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 975.654959][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 975.664465][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 975.673879][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 975.682982][ T5841] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 975.692287][ T5841] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 977.305757][T15369] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 977.590103][T15358] chnl_net:caif_netlink_parms(): no params data found [ 977.705081][T15369] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 977.755698][ T5841] Bluetooth: hci0: command tx timeout [ 977.935681][T15369] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 977.977533][T15369] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 978.055881][T15369] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 978.105800][T15369] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 978.595318][T15369] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 978.890561][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 979.355784][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout [ 979.918794][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 979.990419][T15358] bridge0: port 1(bridge_slave_0) entered blocking state [ 979.998249][ T5841] Bluetooth: hci0: command 0x040f tx timeout [ 980.007227][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 980.545664][T15358] bridge0: port 1(bridge_slave_0) entered disabled state [ 980.553131][T15358] bridge_slave_0: entered allmulticast mode [ 980.560774][T15358] bridge_slave_0: entered promiscuous mode [ 981.256495][T15391] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2383'. [ 981.826725][T15358] bridge0: port 2(bridge_slave_1) entered blocking state [ 981.875791][T15358] bridge0: port 2(bridge_slave_1) entered disabled state [ 981.883134][T15358] bridge_slave_1: entered allmulticast mode [ 981.936998][T15358] bridge_slave_1: entered promiscuous mode [ 982.075900][ T5841] Bluetooth: hci0: command 0x040f tx timeout [ 982.799795][T15391] lo: entered promiscuous mode [ 982.804645][T15391] lo: entered allmulticast mode [ 983.981638][T15358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 984.156061][ T5841] Bluetooth: hci0: command 0x040f tx timeout [ 985.517728][T15358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 986.069217][T15358] team0: Port device team_slave_0 added [ 986.235885][ T5841] Bluetooth: hci0: command 0x040f tx timeout [ 986.260677][T15358] team0: Port device team_slave_1 added [ 986.888469][T15358] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 987.985527][T15358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 988.095467][T15358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 988.615517][ T5832] Bluetooth: hci0: command 0x040f tx timeout [ 988.922377][T15358] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 988.935854][T15358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 988.995638][T15358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 989.570348][T15358] hsr_slave_0: entered promiscuous mode [ 989.636136][T15358] hsr_slave_1: entered promiscuous mode [ 989.665744][T15358] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 989.673375][T15358] Cannot create hsr debugfs directory [ 991.132793][T15358] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 991.198390][T15358] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 991.236057][T15358] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 991.266838][T15358] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 991.571619][T15358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 991.650935][T15358] 8021q: adding VLAN 0 to HW filter on device team0 [ 991.737521][ T2997] bridge0: port 1(bridge_slave_0) entered blocking state [ 991.744679][ T2997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 991.798523][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 991.805721][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 992.564783][T15358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 993.717334][T15358] veth0_vlan: entered promiscuous mode [ 993.727161][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 993.730141][T15358] veth1_vlan: entered promiscuous mode [ 993.741761][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 993.751139][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 993.765885][T15358] veth0_macvtap: entered promiscuous mode [ 993.768419][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 993.775865][T15358] veth1_macvtap: entered promiscuous mode [ 993.779731][ T5841] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 993.792054][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 993.795671][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.809644][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.819582][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.830716][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.841091][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.852573][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.863202][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.873735][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.883737][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.894280][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.905092][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 993.916637][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.930228][T15358] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 993.941514][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.952112][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.962046][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.972565][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 993.982494][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 993.992977][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.003041][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.013674][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.023557][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.034632][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.045517][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.056432][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.066347][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.076911][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.086773][T15358] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 994.097293][T15358] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 994.108268][T15358] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 994.119015][T15358] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.127856][T15358] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.137143][T15358] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.147020][T15358] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.534866][T15412] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2385'. [ 994.585045][T15412] lo: entered promiscuous mode [ 994.590227][T15412] lo: entered allmulticast mode [ 994.870900][T15373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 994.885462][T15373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 995.448538][T15421] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2387'. [ 995.710134][ T8374] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 995.733032][ T8374] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 995.916013][ T5841] Bluetooth: hci4: command tx timeout [ 996.224907][T15407] chnl_net:caif_netlink_parms(): no params data found [ 997.148773][T15407] bridge0: port 1(bridge_slave_0) entered blocking state [ 997.162452][T15407] bridge0: port 1(bridge_slave_0) entered disabled state [ 997.185078][T15407] bridge_slave_0: entered allmulticast mode [ 997.193503][T15407] bridge_slave_0: entered promiscuous mode [ 997.202124][T15407] bridge0: port 2(bridge_slave_1) entered blocking state [ 997.210380][T15407] bridge0: port 2(bridge_slave_1) entered disabled state [ 997.218834][T15407] bridge_slave_1: entered allmulticast mode [ 997.226170][T15407] bridge_slave_1: entered promiscuous mode [ 997.287528][T15428] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 997.293801][T15428] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 997.300182][T15428] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 997.315731][T15428] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 997.333618][T15428] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 997.371153][T15428] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 997.479014][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 997.683056][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 997.860568][T15407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 997.873082][T15407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 998.015884][T15441] FAULT_INJECTION: forcing a failure. [ 998.015884][T15441] name failslab, interval 1, probability 0, space 0, times 0 [ 998.018574][T15434] sp0: Synchronizing with TNC [ 998.085579][T15441] CPU: 0 UID: 0 PID: 15441 Comm: syz.7.2390 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 998.096450][T15441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 998.106570][T15441] Call Trace: [ 998.109890][T15441] [ 998.112866][T15441] dump_stack_lvl+0x16c/0x1f0 [ 998.117611][T15441] should_fail_ex+0x497/0x5b0 [ 998.122358][T15441] ? fs_reclaim_acquire+0xae/0x150 [ 998.127541][T15441] should_failslab+0xc2/0x120 [ 998.132294][T15441] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 998.137744][T15441] ? ioctx_alloc+0x19b/0x1f70 [ 998.142488][T15441] ioctx_alloc+0x19b/0x1f70 [ 998.147053][T15441] ? __might_fault+0x13b/0x190 [ 998.151893][T15441] ? __pfx_lock_release+0x10/0x10 [ 998.156975][T15441] ? trace_lock_acquire+0x14e/0x1f0 [ 998.162251][T15441] ? __pfx_ioctx_alloc+0x10/0x10 [ 998.167246][T15441] ? lock_acquire+0x2f/0xb0 [ 998.171800][T15441] ? __might_fault+0xe3/0x190 [ 998.176557][T15441] ? __might_fault+0xe3/0x190 [ 998.181315][T15441] __x64_sys_io_setup+0xc9/0x210 [ 998.186314][T15441] do_syscall_64+0xcd/0x250 [ 998.190884][T15441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 998.196844][T15441] RIP: 0033:0x7fdbb3185d29 [ 998.201307][T15441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 998.220979][T15441] RSP: 002b:00007fdbb0fd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 998.229468][T15441] RAX: ffffffffffffffda RBX: 00007fdbb3376080 RCX: 00007fdbb3185d29 [ 998.237504][T15441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 998.245529][T15441] RBP: 00007fdbb0fd5090 R08: 0000000000000000 R09: 0000000000000000 [ 998.253547][T15441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 998.261567][T15441] R13: 0000000000000000 R14: 00007fdbb3376080 R15: 00007ffde8eb2338 [ 998.269612][T15441] [ 998.418851][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.425206][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.476302][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.607142][T15407] team0: Port device team_slave_0 added [ 998.627107][T15407] team0: Port device team_slave_1 added [ 998.708852][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 998.895799][T15407] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 998.916244][T15407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 998.958667][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout [ 998.974451][T15407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 999.112157][T15407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 999.122442][T15407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 999.198546][T15407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 999.349641][T15407] hsr_slave_0: entered promiscuous mode [ 999.356619][ T5841] Bluetooth: hci4: command 0x040f tx timeout [ 999.364335][ T5832] Bluetooth: hci0: command 0x040f tx timeout [ 999.371556][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 999.393471][T15407] hsr_slave_1: entered promiscuous mode [ 999.417734][T15407] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 999.437536][T15407] Cannot create hsr debugfs directory [ 1000.558698][ T11] bridge_slave_1: left allmulticast mode [ 1000.594530][ T11] bridge_slave_1: left promiscuous mode [ 1000.648044][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1000.796457][ T11] bridge_slave_0: left allmulticast mode [ 1000.823609][ T11] bridge_slave_0: left promiscuous mode [ 1000.860144][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1001.435623][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1002.947789][T15456] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2395'. [ 1003.496321][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1003.515801][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1003.541859][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1003.580511][ T11] bond0 (unregistering): Released all slaves [ 1004.853543][T15407] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1005.359238][ T11] hsr_slave_0: left promiscuous mode [ 1005.463810][ T11] hsr_slave_1: left promiscuous mode [ 1005.605543][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1006.210931][T15512] Invalid ELF header magic: != ELF [ 1006.276347][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1006.283925][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1006.350107][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1006.379158][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1006.551904][ T11] veth1_macvtap: left promiscuous mode [ 1006.606552][ T11] veth0_macvtap: left promiscuous mode [ 1006.647649][ T11] veth1_vlan: left promiscuous mode [ 1006.653332][ T11] veth0_vlan: left promiscuous mode [ 1007.684689][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1010.652808][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1010.931211][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1011.242194][T15524] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2407'. [ 1013.479504][T15407] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1013.521247][T15407] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1013.805743][T15524] lo: entered promiscuous mode [ 1013.810593][T15524] lo: entered allmulticast mode [ 1013.888921][T15407] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1013.957207][T15530] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1013.995971][T15530] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1014.003106][T15530] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1014.142883][T15530] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1014.746156][T15538] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2410'. [ 1015.390451][T15407] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1015.493241][T15407] 8021q: adding VLAN 0 to HW filter on device team0 [ 1015.613309][ T9855] bridge0: port 1(bridge_slave_0) entered blocking state [ 1015.620543][ T9855] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1015.696206][ T9855] bridge0: port 2(bridge_slave_1) entered blocking state [ 1015.703364][ T9855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1016.001951][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 1016.075661][T12476] Bluetooth: hci0: command 0x040f tx timeout [ 1016.081749][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 1016.187855][ T5832] Bluetooth: hci4: command 0x040f tx timeout [ 1017.043202][T15407] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1017.655976][T15407] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1019.924691][T15407] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1021.450183][T15407] veth0_vlan: entered promiscuous mode [ 1021.512507][T15407] veth1_vlan: entered promiscuous mode [ 1021.665051][T15407] veth0_macvtap: entered promiscuous mode [ 1021.757889][T15407] veth1_macvtap: entered promiscuous mode [ 1021.870795][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1021.977129][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.039547][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1022.089606][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.141803][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1022.203223][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.262798][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1022.318090][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.355506][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1022.425446][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.476169][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1022.490760][T15616] Invalid ELF header magic: != ELF [ 1022.532622][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.584232][T15407] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1022.652207][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1022.705710][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.775696][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1022.825488][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.865509][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1022.935454][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1022.975589][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.034123][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.105666][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.165629][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.206027][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.259839][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.310371][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.365700][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.431980][T15407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.475448][T15407] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.536415][T15407] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1023.989376][T15407] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.047761][T15407] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.066540][T15407] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.085518][T15407] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1025.503267][ T9855] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1025.525492][ T9855] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1025.534970][ T9855] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1025.565421][ T9855] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1027.846330][T15640] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2424'. [ 1031.237740][T15654] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2426'. [ 1031.882181][T15676] netlink: 'syz.9.2430': attribute type 10 has an invalid length. [ 1031.905545][T15676] netlink: 230 bytes leftover after parsing attributes in process `syz.9.2430'. [ 1031.984096][T15676] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 1033.099099][T15694] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1033.186345][T15694] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1033.425641][T15694] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1033.431798][T15694] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1034.002219][T15681] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2431'. [ 1035.116739][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 1035.199386][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 1035.445504][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1035.451678][ T5832] Bluetooth: hci0: command 0x040f tx timeout [ 1039.261221][T15771] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1039.275855][T15771] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1039.496963][T15771] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1039.522241][T15771] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1041.286780][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 1041.356013][ T5832] Bluetooth: hci0: command 0x040f tx timeout [ 1041.362111][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 1041.605887][ T5832] Bluetooth: hci4: command 0x040f tx timeout [ 1042.541040][T15818] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2455'. [ 1044.817205][T15811] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2451'. [ 1049.655885][T15897] netlink: 60 bytes leftover after parsing attributes in process `syz.9.2467'. [ 1049.664980][T15897] openvswitch: netlink: Message has 7 unknown bytes. [ 1050.763340][T15917] sd 0:0:1:0: PR command failed: 1026 [ 1050.813338][T15917] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1050.895660][T15917] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1051.410735][T15933] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2475'. [ 1052.168707][T15945] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2480'. [ 1053.483640][T15958] netlink: 330 bytes leftover after parsing attributes in process `syz.7.2481'. [ 1058.380302][T15945] delete_channel: no stack [ 1059.840041][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.846558][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1065.707852][T16068] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2500'. [ 1066.467142][T16069] devtmpfs: Bad value for 'gid' [ 1066.472075][T16069] devtmpfs: Bad value for 'gid' [ 1071.126853][T16120] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2511'. [ 1074.627567][T16135] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1074.722454][T16135] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1074.865713][T16135] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1074.931191][T16135] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1076.555897][T16120] delete_channel: no stack [ 1076.677355][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 1076.805592][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 1076.875668][ T5832] Bluetooth: hci0: command 0x040f tx timeout [ 1076.956268][ T5832] Bluetooth: hci4: command 0x040f tx timeout [ 1078.066794][T16191] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2525'. [ 1079.466087][T16200] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1079.546591][T16200] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1079.611711][T16200] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1079.695746][T16200] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1080.623109][T16190] delete_channel: no stack [ 1081.505438][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 1081.515781][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout [ 1081.615520][ T5832] Bluetooth: hci0: command 0x040f tx timeout [ 1081.775978][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1093.391366][T16294] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1093.447631][T16294] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1093.454138][T16294] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1093.495995][T16294] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1095.275827][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 1095.515616][T12476] Bluetooth: hci0: command 0x040f tx timeout [ 1095.523934][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 1095.534163][ T5832] Bluetooth: hci4: command 0x040f tx timeout [ 1098.085219][T16387] FAULT_INJECTION: forcing a failure. [ 1098.085219][T16387] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1098.173122][T16387] CPU: 1 UID: 0 PID: 16387 Comm: syz.9.2570 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1098.183968][T16387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1098.194065][T16387] Call Trace: [ 1098.197379][T16387] [ 1098.200345][T16387] dump_stack_lvl+0x16c/0x1f0 [ 1098.205080][T16387] should_fail_ex+0x497/0x5b0 [ 1098.209815][T16387] _copy_from_user+0x2e/0xd0 [ 1098.214466][T16387] airtime_flags_write+0xd3/0x280 [ 1098.219555][T16387] ? __pfx_airtime_flags_write+0x10/0x10 [ 1098.225263][T16387] ? trace_lock_acquire+0x14e/0x1f0 [ 1098.230527][T16387] full_proxy_write+0xfb/0x1b0 [ 1098.235354][T16387] ? __pfx_full_proxy_write+0x10/0x10 [ 1098.240782][T16387] vfs_writev+0x6da/0xdd0 [ 1098.245164][T16387] ? fdget_pos+0x267/0x390 [ 1098.249642][T16387] ? __pfx_vfs_writev+0x10/0x10 [ 1098.254535][T16387] ? __mutex_lock+0x1cc/0xa60 [ 1098.259266][T16387] ? find_held_lock+0x2d/0x110 [ 1098.264090][T16387] ? __pfx___mutex_lock+0x10/0x10 [ 1098.269168][T16387] ? trace_lock_acquire+0x14e/0x1f0 [ 1098.274443][T16387] ? __fget_files+0x206/0x3a0 [ 1098.279187][T16387] ? do_writev+0x133/0x340 [ 1098.283649][T16387] do_writev+0x133/0x340 [ 1098.287940][T16387] ? __pfx_do_writev+0x10/0x10 [ 1098.292777][T16387] do_syscall_64+0xcd/0x250 [ 1098.297340][T16387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.303290][T16387] RIP: 0033:0x7f7ebc385d29 [ 1098.307747][T16387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1098.327404][T16387] RSP: 002b:00007f7ebd177038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1098.335874][T16387] RAX: ffffffffffffffda RBX: 00007f7ebc575fa0 RCX: 00007f7ebc385d29 [ 1098.343883][T16387] RDX: 0000000000000008 RSI: 00000000200001c0 RDI: 0000000000000003 [ 1098.351895][T16387] RBP: 00007f7ebd177090 R08: 0000000000000000 R09: 0000000000000000 [ 1098.359910][T16387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1098.367920][T16387] R13: 0000000000000000 R14: 00007f7ebc575fa0 R15: 00007ffc6d52d798 [ 1098.375952][T16387] [ 1103.216213][T16426] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1103.222415][T16426] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1103.356347][T16426] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1103.362478][T16426] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1104.556595][T16435] proc: Bad value for 'gid' [ 1104.925453][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 1105.200087][T16441] devtmpfs: Bad value for 'gid' [ 1105.205026][T16441] devtmpfs: Bad value for 'gid' [ 1105.275841][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 1105.440662][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1105.446881][ T5832] Bluetooth: hci0: command 0x040f tx timeout [ 1106.735070][T16453] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2588'. [ 1107.925873][T16458] binder: 16445:16458 ioctl c0046209 800000000000003 returned -22 [ 1110.777089][T16476] proc: Bad value for 'gid' [ 1111.356788][T16481] FAULT_INJECTION: forcing a failure. [ 1111.356788][T16481] name failslab, interval 1, probability 0, space 0, times 0 [ 1111.423972][T16481] CPU: 1 UID: 0 PID: 16481 Comm: syz.6.2596 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1111.434813][T16481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1111.444902][T16481] Call Trace: [ 1111.448211][T16481] [ 1111.451175][T16481] dump_stack_lvl+0x16c/0x1f0 [ 1111.455905][T16481] should_fail_ex+0x497/0x5b0 [ 1111.460641][T16481] ? fs_reclaim_acquire+0xae/0x150 [ 1111.465806][T16481] should_failslab+0xc2/0x120 [ 1111.470546][T16481] __kmalloc_noprof+0xce/0x4f0 [ 1111.475377][T16481] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1111.481067][T16481] ? tomoyo_realpath_from_path+0xbf/0x710 [ 1111.486853][T16481] tomoyo_realpath_from_path+0xbf/0x710 [ 1111.492457][T16481] ? tomoyo_path_number_perm+0x235/0x5b0 [ 1111.498161][T16481] tomoyo_path_number_perm+0x248/0x5b0 [ 1111.503687][T16481] ? tomoyo_path_number_perm+0x235/0x5b0 [ 1111.509409][T16481] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1111.515506][T16481] ? __pfx_lock_release+0x10/0x10 [ 1111.520577][T16481] ? trace_lock_acquire+0x14e/0x1f0 [ 1111.525847][T16481] ? lock_acquire+0x2f/0xb0 [ 1111.530397][T16481] ? __fget_files+0x40/0x3a0 [ 1111.535051][T16481] ? __fget_files+0x206/0x3a0 [ 1111.539782][T16481] security_file_ioctl+0x9b/0x240 [ 1111.544855][T16481] __x64_sys_ioctl+0xb7/0x200 [ 1111.549583][T16481] do_syscall_64+0xcd/0x250 [ 1111.554142][T16481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1111.560090][T16481] RIP: 0033:0x7fdd98585d29 [ 1111.564559][T16481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1111.584217][T16481] RSP: 002b:00007fdd99371038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1111.592677][T16481] RAX: ffffffffffffffda RBX: 00007fdd98775fa0 RCX: 00007fdd98585d29 [ 1111.600690][T16481] RDX: 0000000000000003 RSI: 0000000080dc5521 RDI: 0000000000000004 [ 1111.608699][T16481] RBP: 00007fdd99371090 R08: 0000000000000000 R09: 0000000000000000 [ 1111.616709][T16481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1111.624718][T16481] R13: 0000000000000000 R14: 00007fdd98775fa0 R15: 00007ffc02490648 [ 1111.632813][T16481] [ 1111.945430][T16481] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1114.498691][T16499] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2601'. [ 1114.945470][T16507] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1115.028553][T16507] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1115.034664][T16507] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1115.066820][T16507] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1115.627101][T16517] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2607'. [ 1115.663440][T16518] proc: Bad value for 'gid' [ 1115.802388][T16517] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 1116.475753][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 1117.115943][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1117.122102][ T5832] Bluetooth: hci0: command 0x040f tx timeout [ 1117.130092][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 1120.263961][T16550] devtmpfs: Bad value for 'gid' [ 1120.274533][T16550] devtmpfs: Bad value for 'gid' [ 1121.280792][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.306290][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1122.649790][T16580] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1122.670083][T16580] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1122.826751][T16580] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1122.879280][T16580] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1123.400566][T16585] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2629'. [ 1124.715584][T16358] Bluetooth: hci1: command 0x0c1a tx timeout [ 1124.721721][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 1124.878682][T16358] Bluetooth: hci0: command 0x040f tx timeout [ 1124.955897][T16358] Bluetooth: hci4: command 0x040f tx timeout [ 1125.483240][T16583] delete_channel: no stack [ 1127.958025][T16616] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1128.010301][T16616] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1128.347433][T16616] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1128.370812][T16616] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1129.927212][T16639] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1129.998330][T16639] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1130.075868][T16639] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1130.093133][T16639] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1131.455498][T16358] Bluetooth: hci2: command 0x0c1a tx timeout [ 1132.075734][T16358] Bluetooth: hci1: command 0x0c1a tx timeout [ 1132.155884][T12476] Bluetooth: hci0: command 0x040f tx timeout [ 1132.161998][T16358] Bluetooth: hci4: command 0x040f tx timeout [ 1135.587580][T16677] bridge0: port 3(syz_tun) entered blocking state [ 1135.677815][T16677] bridge0: port 3(syz_tun) entered disabled state [ 1135.775642][T16677] syz_tun: entered allmulticast mode [ 1135.953722][T16677] syz_tun: entered promiscuous mode [ 1136.098306][T16677] bridge0: port 3(syz_tun) entered blocking state [ 1136.104891][T16677] bridge0: port 3(syz_tun) entered forwarding state [ 1137.061233][T16705] netlink: 206 bytes leftover after parsing attributes in process `syz.9.2659'. [ 1140.036017][T16731] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1140.045692][T16731] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1140.066073][T16731] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1140.072957][T16731] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1141.976814][T16745] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1141.984715][T16745] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1142.025862][T16745] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1142.092322][T16358] Bluetooth: hci4: command 0x040f tx timeout [ 1142.205619][T16745] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1142.705996][T16751] netlink: 338 bytes leftover after parsing attributes in process `syz.8.2670'. [ 1143.755529][T16755] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1143.765801][T16755] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1143.831649][T16755] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1143.838405][T16755] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1143.977995][T16760] FAULT_INJECTION: forcing a failure. [ 1143.977995][T16760] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1144.240825][T16760] CPU: 1 UID: 0 PID: 16760 Comm: syz.7.2674 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1144.251678][T16760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1144.261774][T16760] Call Trace: [ 1144.265107][T16760] [ 1144.268075][T16760] dump_stack_lvl+0x16c/0x1f0 [ 1144.272900][T16760] should_fail_ex+0x497/0x5b0 [ 1144.277637][T16760] _copy_from_user+0x2e/0xd0 [ 1144.282305][T16760] kstrtobool_from_user+0x9a/0x160 [ 1144.287470][T16760] ? __pfx_kstrtobool_from_user+0x10/0x10 [ 1144.293254][T16760] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1144.298944][T16760] debugfs_write_file_bool+0xc4/0x1b0 [ 1144.304460][T16760] ? __pfx_debugfs_write_file_bool+0x10/0x10 [ 1144.310507][T16760] ? ksys_write+0xd0/0x250 [ 1144.314987][T16760] ? __pfx_debugfs_write_file_bool+0x10/0x10 [ 1144.321028][T16760] vfs_write+0x24c/0x1150 [ 1144.325415][T16760] ? __fget_files+0x1fc/0x3a0 [ 1144.330157][T16760] ? __pfx___mutex_lock+0x10/0x10 [ 1144.335243][T16760] ? __pfx_vfs_write+0x10/0x10 [ 1144.340073][T16760] ? __fget_files+0x206/0x3a0 [ 1144.344826][T16760] ksys_write+0x12b/0x250 [ 1144.349207][T16760] ? __pfx_ksys_write+0x10/0x10 [ 1144.354121][T16760] do_syscall_64+0xcd/0x250 [ 1144.358684][T16760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1144.364634][T16760] RIP: 0033:0x7fdbb3185d29 [ 1144.369095][T16760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1144.388758][T16760] RSP: 002b:00007fdbb0ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1144.397227][T16760] RAX: ffffffffffffffda RBX: 00007fdbb3375fa0 RCX: 00007fdbb3185d29 [ 1144.405236][T16760] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 1144.413243][T16760] RBP: 00007fdbb0ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1144.421252][T16760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1144.429261][T16760] R13: 0000000000000000 R14: 00007fdbb3375fa0 R15: 00007ffde8eb2338 [ 1144.437296][T16760] [ 1144.934646][T16768] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2677'. [ 1145.056159][T16770] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2677'. [ 1145.613885][T16779] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1145.674184][T16779] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1145.783941][T16779] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1145.903654][T16779] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1147.675927][T16358] Bluetooth: hci1: command 0x0c1a tx timeout [ 1147.682042][T12476] Bluetooth: hci2: command 0x0c1a tx timeout [ 1147.835415][T16358] Bluetooth: hci0: command 0x040f tx timeout [ 1147.925643][T16358] Bluetooth: hci4: command 0x040f tx timeout [ 1150.236423][T16818] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2687'. [ 1152.756746][T16833] FAULT_INJECTION: forcing a failure. [ 1152.756746][T16833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1152.825623][T16833] CPU: 1 UID: 0 PID: 16833 Comm: syz.9.2690 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1152.836465][T16833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1152.846561][T16833] Call Trace: [ 1152.849876][T16833] [ 1152.852848][T16833] dump_stack_lvl+0x16c/0x1f0 [ 1152.857604][T16833] should_fail_ex+0x497/0x5b0 [ 1152.862359][T16833] _copy_to_user+0x32/0xd0 [ 1152.866856][T16833] simple_read_from_buffer+0xd0/0x160 [ 1152.872305][T16833] proc_fail_nth_read+0x198/0x270 [ 1152.877403][T16833] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1152.883020][T16833] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1152.888629][T16833] vfs_read+0x1df/0xbe0 [ 1152.892923][T16833] ? __fget_files+0x1fc/0x3a0 [ 1152.897651][T16833] ? __pfx___mutex_lock+0x10/0x10 [ 1152.902729][T16833] ? __pfx_vfs_read+0x10/0x10 [ 1152.907466][T16833] ? __fget_files+0x206/0x3a0 [ 1152.912206][T16833] ksys_read+0x12b/0x250 [ 1152.916584][T16833] ? __pfx_ksys_read+0x10/0x10 [ 1152.921406][T16833] do_syscall_64+0xcd/0x250 [ 1152.925978][T16833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1152.931939][T16833] RIP: 0033:0x7f7ebc38473c [ 1152.936395][T16833] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1152.956056][T16833] RSP: 002b:00007f7ebd177030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1152.964522][T16833] RAX: ffffffffffffffda RBX: 00007f7ebc575fa0 RCX: 00007f7ebc38473c [ 1152.972624][T16833] RDX: 000000000000000f RSI: 00007f7ebd1770a0 RDI: 0000000000000004 [ 1152.980728][T16833] RBP: 00007f7ebd177090 R08: 0000000000000000 R09: 0000000000000000 [ 1152.988737][T16833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1152.996766][T16833] R13: 0000000000000000 R14: 00007f7ebc575fa0 R15: 00007ffc6d52d798 [ 1153.004798][T16833] [ 1156.208034][T16863] FAULT_INJECTION: forcing a failure. [ 1156.208034][T16863] name failslab, interval 1, probability 0, space 0, times 0 [ 1156.305642][T16863] CPU: 1 UID: 0 PID: 16863 Comm: syz.8.2699 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1156.316494][T16863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1156.326587][T16863] Call Trace: [ 1156.329907][T16863] [ 1156.332929][T16863] dump_stack_lvl+0x16c/0x1f0 [ 1156.337670][T16863] should_fail_ex+0x497/0x5b0 [ 1156.342404][T16863] ? fs_reclaim_acquire+0xae/0x150 [ 1156.347575][T16863] should_failslab+0xc2/0x120 [ 1156.352317][T16863] __kmalloc_noprof+0xce/0x4f0 [ 1156.357137][T16863] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1156.362811][T16863] ? tomoyo_realpath_from_path+0xbf/0x710 [ 1156.368585][T16863] ? rcu_is_watching+0x12/0xc0 [ 1156.373409][T16863] tomoyo_realpath_from_path+0xbf/0x710 [ 1156.379015][T16863] tomoyo_check_open_permission+0x2ad/0x3c0 [ 1156.384978][T16863] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1156.391477][T16863] ? __pfx___lock_acquire+0x10/0x10 [ 1156.396769][T16863] ? __pfx_hook_file_open+0x10/0x10 [ 1156.402067][T16863] ? lock_acquire+0x2f/0xb0 [ 1156.406615][T16863] tomoyo_file_open+0x6b/0x90 [ 1156.411353][T16863] security_file_open+0x84/0x1e0 [ 1156.416341][T16863] do_dentry_open+0x57e/0x1ea0 [ 1156.421156][T16863] ? inode_permission+0xdd/0x5f0 [ 1156.426163][T16863] vfs_open+0x82/0x3f0 [ 1156.430288][T16863] ? may_open+0x1f2/0x400 [ 1156.434684][T16863] path_openat+0x1e6a/0x2d60 [ 1156.439341][T16863] ? __pfx_path_openat+0x10/0x10 [ 1156.444336][T16863] ? __pfx___lock_acquire+0x10/0x10 [ 1156.449598][T16863] ? lock_acquire.part.0+0x11b/0x380 [ 1156.454928][T16863] ? find_held_lock+0x2d/0x110 [ 1156.459752][T16863] do_filp_open+0x20c/0x470 [ 1156.464307][T16863] ? __pfx_do_filp_open+0x10/0x10 [ 1156.469407][T16863] ? find_held_lock+0x2d/0x110 [ 1156.474251][T16863] ? alloc_fd+0x41f/0x760 [ 1156.478642][T16863] do_sys_openat2+0x17a/0x1e0 [ 1156.483382][T16863] ? __pfx_do_sys_openat2+0x10/0x10 [ 1156.488644][T16863] ? __fget_files+0x206/0x3a0 [ 1156.493381][T16863] __x64_sys_openat+0x175/0x210 [ 1156.498312][T16863] ? __pfx___x64_sys_openat+0x10/0x10 [ 1156.503781][T16863] ? ksys_write+0x1ba/0x250 [ 1156.508375][T16863] do_syscall_64+0xcd/0x250 [ 1156.512948][T16863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1156.518901][T16863] RIP: 0033:0x7f67bd585d29 [ 1156.523359][T16863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1156.543023][T16863] RSP: 002b:00007f67be3c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1156.551490][T16863] RAX: ffffffffffffffda RBX: 00007f67bd776080 RCX: 00007f67bd585d29 [ 1156.559600][T16863] RDX: 0000000000000400 RSI: 0000000020000200 RDI: ffffffffffffff9c [ 1156.567620][T16863] RBP: 00007f67be3c6090 R08: 0000000000000000 R09: 0000000000000000 [ 1156.575631][T16863] R10: 0000000000000500 R11: 0000000000000246 R12: 0000000000000001 [ 1156.583653][T16863] R13: 0000000000000000 R14: 00007f67bd776080 R15: 00007ffe6151f3d8 [ 1156.591687][T16863] [ 1156.849421][T16863] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1157.157761][T16863] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1157.163874][T16863] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1157.289084][T16863] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1157.328939][T16863] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1157.358881][T16864] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2698'. [ 1159.205909][T12476] Bluetooth: hci1: command 0x0c1a tx timeout [ 1159.212038][T16358] Bluetooth: hci2: command 0x0c1a tx timeout [ 1159.375422][T12476] Bluetooth: hci4: command 0x040f tx timeout [ 1159.381514][T12476] Bluetooth: hci0: command 0x040f tx timeout [ 1161.278738][T16909] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2703'. [ 1166.126930][T16933] lo: entered allmulticast mode [ 1166.226904][T16932] lo: left allmulticast mode [ 1166.987740][T16946] FAULT_INJECTION: forcing a failure. [ 1166.987740][T16946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1167.029666][T16941] devtmpfs: Bad value for 'gid' [ 1167.034601][T16941] devtmpfs: Bad value for 'gid' [ 1167.465772][T16946] CPU: 1 UID: 0 PID: 16946 Comm: syz.9.2718 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1167.476616][T16946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1167.486713][T16946] Call Trace: [ 1167.490024][T16946] [ 1167.492994][T16946] dump_stack_lvl+0x16c/0x1f0 [ 1167.497745][T16946] should_fail_ex+0x497/0x5b0 [ 1167.502492][T16946] _copy_from_user+0x2e/0xd0 [ 1167.507171][T16946] kstrtobool_from_user+0x9a/0x160 [ 1167.512340][T16946] ? __pfx_kstrtobool_from_user+0x10/0x10 [ 1167.518207][T16946] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1167.523891][T16946] debugfs_write_file_bool+0xc4/0x1b0 [ 1167.529319][T16946] ? __pfx_debugfs_write_file_bool+0x10/0x10 [ 1167.535446][T16946] ? ksys_write+0xd0/0x250 [ 1167.539925][T16946] ? __pfx_debugfs_write_file_bool+0x10/0x10 [ 1167.545962][T16946] vfs_write+0x24c/0x1150 [ 1167.550345][T16946] ? __fget_files+0x1fc/0x3a0 [ 1167.555073][T16946] ? __pfx___mutex_lock+0x10/0x10 [ 1167.560155][T16946] ? __pfx_vfs_write+0x10/0x10 [ 1167.564981][T16946] ? __fget_files+0x206/0x3a0 [ 1167.569734][T16946] ksys_write+0x12b/0x250 [ 1167.574202][T16946] ? __pfx_ksys_write+0x10/0x10 [ 1167.579115][T16946] do_syscall_64+0xcd/0x250 [ 1167.583680][T16946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1167.589640][T16946] RIP: 0033:0x7f7ebc385d29 [ 1167.594097][T16946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1167.613792][T16946] RSP: 002b:00007f7ebd177038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1167.622256][T16946] RAX: ffffffffffffffda RBX: 00007f7ebc575fa0 RCX: 00007f7ebc385d29 [ 1167.630285][T16946] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 1167.638309][T16946] RBP: 00007f7ebd177090 R08: 0000000000000000 R09: 0000000000000000 [ 1167.646330][T16946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1167.654348][T16946] R13: 0000000000000000 R14: 00007f7ebc575fa0 R15: 00007ffc6d52d798 [ 1167.662384][T16946] [ 1174.436350][T16997] devtmpfs: Bad value for 'gid' [ 1174.441282][T16997] devtmpfs: Bad value for 'gid' [ 1175.456948][T17000] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2731'. [ 1176.949860][T17000] netdevsim netdevsim9 netdevsim2: entered allmulticast mode [ 1177.339103][T17016] ima: policy update failed [ 1177.685543][ T29] audit: type=1807 audit(8277292322.740:47): UNKNOWN=$ res=0 [ 1177.693113][ T29] audit: type=1802 audit(8277292322.740:48): pid=17017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.6.2732" res=0 errno=0 [ 1177.776850][ T29] audit: type=1802 audit(8277292322.820:49): pid=17016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.6.2732" res=0 errno=0 [ 1179.437317][T17032] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2740'. [ 1180.856365][T17043] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2744'. [ 1180.987688][T17043] hsr_slave_0: left promiscuous mode [ 1181.421611][T17043] hsr_slave_1: left promiscuous mode [ 1182.718216][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.724767][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1183.475986][ T29] audit: type=1807 audit(8277292328.950:50): UNKNOWN=$ res=0 [ 1183.531030][ T29] audit: type=1802 audit(8277292328.970:51): pid=17060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.8.2749" res=0 errno=0 [ 1183.549398][T17059] ima: policy update failed [ 1183.605505][ T29] audit: type=1802 audit(8277292329.040:52): pid=17059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.8.2749" res=0 errno=0 [ 1188.302960][T17086] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2757'. [ 1188.856629][T17090] ACPI: EC: Assuming SCI_EVT clearing on QR_EC writes [ 1189.956039][T17103] binder: 17099:17103 ioctl 40046210 800000000000003 returned -14 [ 1190.245240][T17107] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2760'. [ 1191.443014][T17120] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2763'. [ 1191.500466][T17121] netlink: 'syz.8.2765': attribute type 1 has an invalid length. [ 1191.973060][T17118] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2764'. [ 1192.364238][T17118] lo: entered promiscuous mode [ 1192.384785][T17118] lo: entered allmulticast mode [ 1196.818561][T17145] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2771'. [ 1196.975791][T17145] lo: entered promiscuous mode [ 1196.992193][T17145] lo: entered allmulticast mode [ 1199.607466][T17170] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2785'. [ 1201.950636][T17195] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2781'. [ 1202.365437][T17199] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2783'. [ 1204.518468][T17209] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2787'. [ 1205.045039][T17221] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2790'. [ 1207.186351][T17199] delete_channel: no stack [ 1207.764919][T17220] delete_channel: no stack [ 1208.882716][T17232] program syz.9.2794 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1211.267800][T17254] netlink: 330 bytes leftover after parsing attributes in process `syz.8.2800'. [ 1211.406655][T17254] mac80211_hwsim hwsim93 ›: renamed from wlan0 (while UP) [ 1214.651039][T17273] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2806'. [ 1215.240887][T17277] devtmpfs: Bad value for 'gid' [ 1215.267984][T17277] devtmpfs: Bad value for 'gid' [ 1215.546474][T17272] delete_channel: no stack [ 1217.817406][T17301] kernel read not supported for file /#)-\&[} (pid: 17301 comm: syz.6.2814) [ 1217.835636][ T29] audit: type=1804 audit(4294967302.200:53): pid=17301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2814" name="#)-\&[}" dev="mqueue" ino=54152 res=1 errno=0 [ 1217.944301][ T29] audit: type=1800 audit(4294967302.290:54): pid=17301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2814" name="#)-\&[}" dev="mqueue" ino=54152 res=0 errno=0 [ 1218.154996][T17301] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2814'. [ 1218.705486][ T29] audit: type=1804 audit(4294967302.380:55): pid=17301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.2814" name="#)-\&[}" dev="mqueue" ino=54152 res=1 errno=0 [ 1218.765545][ T29] audit: type=1804 audit(4294967302.390:56): pid=17301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.2814" name="#)-\&[}" dev="mqueue" ino=54152 res=1 errno=0 [ 1232.896047][T17375] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2833'. [ 1232.956894][T17375] lo: entered promiscuous mode [ 1233.013411][T17375] lo: entered allmulticast mode [ 1240.608681][T17407] netlink: 504 bytes leftover after parsing attributes in process `syz.8.2840'. [ 1243.116822][T17415] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2843'. [ 1243.556380][T17421] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2842'. [ 1244.215816][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1244.222181][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1246.049170][T17421] hsr_slave_1 (unregistering): left promiscuous mode [ 1247.944013][T17415] delete_channel: no stack [ 1248.398268][T17442] netlink: 330 bytes leftover after parsing attributes in process `syz.9.2850'. [ 1251.281996][T17451] netlink: 504 bytes leftover after parsing attributes in process `syz.9.2852'. [ 1256.341453][T17468] erspan0: entered allmulticast mode [ 1259.984901][T17491] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2861'. [ 1261.367566][T17500] devtmpfs: Bad value for 'gid' [ 1261.372496][T17500] devtmpfs: Bad value for 'gid' [ 1263.021266][T17513] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2865'. [ 1263.099495][T17514] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2865'. [ 1263.180407][T17513] openvswitch: netlink: Message has 7 unknown bytes. [ 1267.234722][T17524] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2869'. [ 1269.838892][T17534] devtmpfs: Bad value for 'gid' [ 1269.843842][T17534] devtmpfs: Bad value for 'gid' [ 1270.072836][T17529] Invalid ELF header magic: != ELF [ 1270.712216][T17541] erspan0: entered allmulticast mode [ 1272.156746][T17560] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2877'. [ 1276.073414][T17560] delete_channel: no stack [ 1278.564825][T17588] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2881'. [ 1285.957650][T17588] team0 (unregistering): Port device team_slave_0 removed [ 1286.186841][T17588] team0 (unregistering): Port device team_slave_1 removed [ 1289.354543][T17640] sp0: Synchronizing with TNC [ 1289.712311][T17640] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2895'. [ 1293.994328][T17677] Process accounting resumed [ 1294.342613][T17682] netlink: 'syz.6.2906': attribute type 1 has an invalid length. [ 1294.381458][T17682] netlink: 'syz.6.2906': attribute type 1 has an invalid length. [ 1294.767784][T17678] vivid-007: kernel_thread() failed [ 1300.855360][T17680] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2906'. [ 1305.582837][T17705] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1305.675809][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 1305.695429][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 1305.716312][T12476] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1305.735809][T12476] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1305.744224][T12476] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1305.753547][T12476] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1305.761343][T12476] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1305.771448][T12476] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1306.621678][T17721] netlink: 36 bytes leftover after parsing attributes in process `syz.8.2916'. [ 1307.395051][T17709] chnl_net:caif_netlink_parms(): no params data found [ 1308.077152][T12476] Bluetooth: hci3: command tx timeout [ 1308.595524][T17709] bridge0: port 1(bridge_slave_0) entered blocking state [ 1308.627004][T17709] bridge0: port 1(bridge_slave_0) entered disabled state [ 1308.664887][T17709] bridge_slave_0: entered allmulticast mode [ 1308.686622][T17709] bridge_slave_0: entered promiscuous mode [ 1308.747002][T17709] bridge0: port 2(bridge_slave_1) entered blocking state [ 1308.784808][T17709] bridge0: port 2(bridge_slave_1) entered disabled state [ 1308.815762][T17709] bridge_slave_1: entered allmulticast mode [ 1308.824018][T17709] bridge_slave_1: entered promiscuous mode [ 1309.000748][T17007] syz.7.2726 (17007) used greatest stack depth: 18016 bytes left [ 1309.092303][T17709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1309.147292][T17709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1309.424178][T17709] team0: Port device team_slave_0 added [ 1309.470152][T17709] team0: Port device team_slave_1 added [ 1309.756086][T17709] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1309.763096][T17709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1309.907136][T17709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1309.985767][T17709] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1309.992774][T17709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1310.139241][T17709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1310.165338][T12476] Bluetooth: hci3: command tx timeout [ 1310.780707][T17709] hsr_slave_0: entered promiscuous mode [ 1310.819425][T17709] hsr_slave_1: entered promiscuous mode [ 1310.865712][T17709] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1310.886636][T17709] Cannot create hsr debugfs directory [ 1312.068391][T17709] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1312.235989][T12476] Bluetooth: hci3: command tx timeout [ 1312.245769][T17756] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2921'. [ 1312.254850][T17756] openvswitch: netlink: Message has 7 unknown bytes. [ 1312.433585][T17709] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1312.574570][T17653] bridge0: port 3(syz_tun) entered disabled state [ 1312.657711][T17653] syz_tun (unregistering): left allmulticast mode [ 1312.686583][T17653] syz_tun (unregistering): left promiscuous mode [ 1312.693073][T17653] bridge0: port 3(syz_tun) entered disabled state [ 1312.862926][T17709] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1312.930984][T17764] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2922'. [ 1313.136565][T17709] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1313.698087][T17709] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1313.713576][T17709] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1313.756676][T17709] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1313.852553][T17709] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1314.130827][T17782] netlink: 60 bytes leftover after parsing attributes in process `syz.9.2926'. [ 1314.166553][T17782] openvswitch: netlink: Message has 7 unknown bytes. [ 1314.315643][T12476] Bluetooth: hci3: command tx timeout [ 1316.931086][T17709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1316.971374][T17788] erspan0: entered allmulticast mode [ 1316.990770][T17709] 8021q: adding VLAN 0 to HW filter on device team0 [ 1317.042415][T17709] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1317.053093][T17709] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1317.291928][ T9863] bridge0: port 1(bridge_slave_0) entered blocking state [ 1317.299160][ T9863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1317.332875][ T9863] bridge0: port 2(bridge_slave_1) entered blocking state [ 1317.340098][ T9863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1317.868585][T17807] netlink: 60 bytes leftover after parsing attributes in process `syz.9.2930'. [ 1317.928473][T17807] openvswitch: netlink: Message has 7 unknown bytes. [ 1318.073988][T17709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1318.204077][T17709] veth0_vlan: entered promiscuous mode [ 1318.221756][T17709] veth1_vlan: entered promiscuous mode [ 1318.246455][T17709] veth0_macvtap: entered promiscuous mode [ 1318.255738][T17709] veth1_macvtap: entered promiscuous mode [ 1318.272344][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1318.282922][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.292831][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1318.303345][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.313231][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1318.323979][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.333989][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1318.345142][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.355529][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1318.366045][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.375948][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1318.386474][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.396482][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1318.406995][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.418373][T17709] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1318.428306][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.439012][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.449652][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.460616][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.470518][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.481169][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.491105][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.501608][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.511535][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.522028][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.531962][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.542633][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.553244][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.564796][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.574763][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.585335][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.595174][T17709] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1318.605832][T17709] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1318.617014][T17709] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1318.627685][T17709] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.637060][T17709] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.645833][T17709] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1318.655710][T17709] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1319.479346][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1319.509849][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1319.645464][ T9853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1319.665378][ T9853] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1320.700531][T17833] netlink: 60 bytes leftover after parsing attributes in process `syz.8.2936'. [ 1320.730931][T17833] openvswitch: netlink: Message has 7 unknown bytes. [ 1322.524934][T17851] mkiss: ax0: crc mode is auto. [ 1322.817078][T17858] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2942'. [ 1322.866083][T17858] openvswitch: netlink: Message has 7 unknown bytes. [ 1322.874214][T17823] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2934'. [ 1325.623208][T17877] FAULT_INJECTION: forcing a failure. [ 1325.623208][T17877] name failslab, interval 1, probability 0, space 0, times 0 [ 1325.730488][T17877] CPU: 1 UID: 0 PID: 17877 Comm: syz.8.2949 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1325.741423][T17877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1325.751512][T17877] Call Trace: [ 1325.754826][T17877] [ 1325.757795][T17877] dump_stack_lvl+0x16c/0x1f0 [ 1325.762551][T17877] should_fail_ex+0x497/0x5b0 [ 1325.767313][T17877] should_failslab+0xc2/0x120 [ 1325.772073][T17877] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 1325.777508][T17877] ? skb_clone+0x190/0x3f0 [ 1325.782000][T17877] skb_clone+0x190/0x3f0 [ 1325.786310][T17877] netlink_deliver_tap+0xafd/0xca0 [ 1325.791484][T17877] netlink_unicast+0x5e1/0x7f0 [ 1325.796306][T17877] ? __pfx_netlink_unicast+0x10/0x10 [ 1325.801645][T17877] ? __phys_addr_symbol+0x30/0x80 [ 1325.806726][T17877] ? __check_object_size+0x488/0x710 [ 1325.812075][T17877] netlink_sendmsg+0x8b8/0xd70 [ 1325.816898][T17877] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1325.822252][T17877] ____sys_sendmsg+0x9ae/0xb40 [ 1325.827071][T17877] ? copy_msghdr_from_user+0x10b/0x160 [ 1325.832598][T17877] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1325.837948][T17877] ___sys_sendmsg+0x135/0x1e0 [ 1325.842694][T17877] ? __pfx____sys_sendmsg+0x10/0x10 [ 1325.847968][T17877] ? __pfx_lock_release+0x10/0x10 [ 1325.853033][T17877] ? trace_lock_acquire+0x14e/0x1f0 [ 1325.858306][T17877] ? __fget_files+0x206/0x3a0 [ 1325.863045][T17877] __sys_sendmsg+0x16e/0x220 [ 1325.867698][T17877] ? __pfx___sys_sendmsg+0x10/0x10 [ 1325.872894][T17877] do_syscall_64+0xcd/0x250 [ 1325.877451][T17877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1325.883399][T17877] RIP: 0033:0x7f67bd585d29 [ 1325.887855][T17877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1325.907607][T17877] RSP: 002b:00007f67be3e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1325.916068][T17877] RAX: ffffffffffffffda RBX: 00007f67bd775fa0 RCX: 00007f67bd585d29 [ 1325.924083][T17877] RDX: 0000000000044044 RSI: 0000000020006200 RDI: 0000000000000003 [ 1325.932095][T17877] RBP: 00007f67be3e7090 R08: 0000000000000000 R09: 0000000000000000 [ 1325.940100][T17877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1325.948106][T17877] R13: 0000000000000000 R14: 00007f67bd775fa0 R15: 00007ffe6151f3d8 [ 1325.956132][T17877] [ 1328.632521][T17897] FAULT_INJECTION: forcing a failure. [ 1328.632521][T17897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1328.683020][T17905] netlink: 330 bytes leftover after parsing attributes in process `syz.8.2958'. [ 1329.009190][T17897] CPU: 1 UID: 0 PID: 17897 Comm: syz.9.2955 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1329.020032][T17897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1329.030130][T17897] Call Trace: [ 1329.033442][T17897] [ 1329.036403][T17897] dump_stack_lvl+0x16c/0x1f0 [ 1329.041137][T17897] should_fail_ex+0x497/0x5b0 [ 1329.045870][T17897] strncpy_from_user+0x3b/0x2d0 [ 1329.050788][T17897] getname_flags.part.0+0x8f/0x550 [ 1329.055957][T17897] ? bpf_lsm_capable+0x9/0x10 [ 1329.060693][T17897] getname+0x8d/0xe0 [ 1329.064628][T17897] __x64_sys_acct+0x73/0x220 [ 1329.069263][T17897] ? lockdep_hardirqs_on+0x7c/0x110 [ 1329.074520][T17897] do_syscall_64+0xcd/0x250 [ 1329.079081][T17897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1329.085036][T17897] RIP: 0033:0x7f7ebc385d29 [ 1329.089486][T17897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1329.109149][T17897] RSP: 002b:00007f7ebd177038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 1329.117612][T17897] RAX: ffffffffffffffda RBX: 00007f7ebc575fa0 RCX: 00007f7ebc385d29 [ 1329.125620][T17897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 1329.133625][T17897] RBP: 00007f7ebd177090 R08: 0000000000000000 R09: 0000000000000000 [ 1329.141631][T17897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1329.149635][T17897] R13: 0000000000000000 R14: 00007f7ebc575fa0 R15: 00007ffc6d52d798 [ 1329.157659][T17897] [ 1335.559384][T17956] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2974'. [ 1337.496375][T17976] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2978'. [ 1338.712187][T17984] mkiss: ax0: crc mode is auto. [ 1343.354045][ T29] audit: type=1806 audit(4294967436.727:57): xattr=01010101010101 res=-22 [ 1343.576769][T18022] ------------[ cut here ]------------ [ 1343.582643][T18022] WARNING: CPU: 0 PID: 18022 at mm/page_alloc.c:4727 __alloc_pages_noprof+0xeff/0x25b0 [ 1343.592571][T18022] Modules linked in: [ 1343.596648][T18022] CPU: 0 UID: 0 PID: 18022 Comm: syz.8.2993 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1343.607572][T18022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1343.617895][T18022] RIP: 0010:__alloc_pages_noprof+0xeff/0x25b0 [ 1343.624419][T18022] Code: 24 2c 00 00 00 00 89 cd 0f 84 8b f9 ff ff 8b 34 24 48 89 da 8b 7c 24 08 e8 0e b3 fe ff e9 69 f9 ff ff c6 05 03 71 16 0e 01 90 <0f> 0b 90 31 db e9 9f f3 ff ff 89 14 24 e8 9f a3 0c 00 8b 14 24 e9 [ 1343.645452][T18022] RSP: 0018:ffffc900127bf9c8 EFLAGS: 00010246 [ 1343.651590][T18022] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1343.660263][T18022] RDX: 0000000000000000 RSI: 0000000000000013 RDI: 0000000000040cc0 [ 1343.668366][T18022] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 1343.676580][T18022] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000013 [ 1343.684601][T18022] R13: 0000000000040cc0 R14: 1ffff920024f7f4d R15: 00000000ffffffff [ 1343.692669][T18022] FS: 00007f67be3e76c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1343.701745][T18022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1343.708453][T18022] CR2: 0000001b33405ff8 CR3: 000000007be6e000 CR4: 00000000003526f0 [ 1343.716512][T18022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1343.724861][T18022] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1343.733214][T18022] Call Trace: [ 1343.736566][T18022] [ 1343.740219][T18022] ? __warn+0xea/0x3c0 [ 1343.744462][T18022] ? __alloc_pages_noprof+0xeff/0x25b0 [ 1343.750539][T18022] ? report_bug+0x3c0/0x580 [ 1343.755115][T18022] ? handle_bug+0x54/0xa0 [ 1343.759725][T18022] ? exc_invalid_op+0x17/0x50 [ 1343.764474][T18022] ? asm_exc_invalid_op+0x1a/0x20 [ 1343.769644][T18022] ? __alloc_pages_noprof+0xeff/0x25b0 [ 1343.775180][T18022] ? __pfx_mark_lock+0x10/0x10 [ 1343.780070][T18022] ? find_held_lock+0x2d/0x110 [ 1343.784906][T18022] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1343.790777][T18022] ? __pfx___lock_acquire+0x10/0x10 [ 1343.796109][T18022] ? __pfx___lock_acquire+0x10/0x10 [ 1343.801396][T18022] ___kmalloc_large_node+0x84/0x1b0 [ 1343.806694][T18022] __kmalloc_large_node_noprof+0x1c/0x70 [ 1343.812387][T18022] __kmalloc_node_track_caller_noprof.cold+0x5/0x5f [ 1343.819153][T18022] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1343.825179][T18022] ? lockdown_write+0x2d/0x290 [ 1343.830571][T18022] memdup_user_nul+0x2b/0x110 [ 1343.835443][T18022] lockdown_write+0x2d/0x290 [ 1343.840759][T18022] ? __pfx_lockdown_write+0x10/0x10 [ 1343.846531][T18022] vfs_write+0x24c/0x1150 [ 1343.850922][T18022] ? __fget_files+0x1fc/0x3a0 [ 1343.855707][T18022] ? __pfx___mutex_lock+0x10/0x10 [ 1343.860792][T18022] ? __pfx_vfs_write+0x10/0x10 [ 1343.865706][T18022] ? __fget_files+0x206/0x3a0 [ 1343.870452][T18022] ksys_write+0x12b/0x250 [ 1343.874833][T18022] ? __pfx_ksys_write+0x10/0x10 [ 1343.879836][T18022] do_syscall_64+0xcd/0x250 [ 1343.884409][T18022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.890393][T18022] RIP: 0033:0x7f67bd585d29 [ 1343.894849][T18022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1343.914576][T18022] RSP: 002b:00007f67be3e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1343.923184][T18022] RAX: ffffffffffffffda RBX: 00007f67bd775fa0 RCX: 00007f67bd585d29 [ 1343.931623][T18022] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1343.939961][T18022] RBP: 00007f67bd601aa8 R08: 0000000000000000 R09: 0000000000000000 [ 1343.948677][T18022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1343.957196][T18022] R13: 0000000000000000 R14: 00007f67bd775fa0 R15: 00007ffe6151f3d8 [ 1343.965294][T18022] [ 1343.968355][T18022] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1343.975673][T18022] CPU: 0 UID: 0 PID: 18022 Comm: syz.8.2993 Not tainted 6.13.0-rc3-syzkaller-00209-g499551201b5f #0 [ 1343.986476][T18022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1343.996564][T18022] Call Trace: [ 1343.999873][T18022] [ 1344.002833][T18022] dump_stack_lvl+0x3d/0x1f0 [ 1344.007490][T18022] panic+0x71d/0x800 [ 1344.011437][T18022] ? __pfx_panic+0x10/0x10 [ 1344.015933][T18022] ? show_trace_log_lvl+0x29d/0x3d0 [ 1344.021194][T18022] ? __alloc_pages_noprof+0xeff/0x25b0 [ 1344.026708][T18022] check_panic_on_warn+0xab/0xb0 [ 1344.031705][T18022] __warn+0xf6/0x3c0 [ 1344.035666][T18022] ? __alloc_pages_noprof+0xeff/0x25b0 [ 1344.041190][T18022] report_bug+0x3c0/0x580 [ 1344.045578][T18022] handle_bug+0x54/0xa0 [ 1344.049791][T18022] exc_invalid_op+0x17/0x50 [ 1344.054351][T18022] asm_exc_invalid_op+0x1a/0x20 [ 1344.059255][T18022] RIP: 0010:__alloc_pages_noprof+0xeff/0x25b0 [ 1344.065379][T18022] Code: 24 2c 00 00 00 00 89 cd 0f 84 8b f9 ff ff 8b 34 24 48 89 da 8b 7c 24 08 e8 0e b3 fe ff e9 69 f9 ff ff c6 05 03 71 16 0e 01 90 <0f> 0b 90 31 db e9 9f f3 ff ff 89 14 24 e8 9f a3 0c 00 8b 14 24 e9 [ 1344.085035][T18022] RSP: 0018:ffffc900127bf9c8 EFLAGS: 00010246 [ 1344.091153][T18022] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1344.099161][T18022] RDX: 0000000000000000 RSI: 0000000000000013 RDI: 0000000000040cc0 [ 1344.107174][T18022] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 1344.115182][T18022] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000013 [ 1344.123187][T18022] R13: 0000000000040cc0 R14: 1ffff920024f7f4d R15: 00000000ffffffff [ 1344.131218][T18022] ? __pfx_mark_lock+0x10/0x10 [ 1344.136057][T18022] ? find_held_lock+0x2d/0x110 [ 1344.140885][T18022] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1344.146690][T18022] ? __pfx___lock_acquire+0x10/0x10 [ 1344.151957][T18022] ? __pfx___lock_acquire+0x10/0x10 [ 1344.157223][T18022] ___kmalloc_large_node+0x84/0x1b0 [ 1344.162470][T18022] __kmalloc_large_node_noprof+0x1c/0x70 [ 1344.168156][T18022] __kmalloc_node_track_caller_noprof.cold+0x5/0x5f [ 1344.174805][T18022] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 1344.180482][T18022] ? lockdown_write+0x2d/0x290 [ 1344.185300][T18022] memdup_user_nul+0x2b/0x110 [ 1344.190049][T18022] lockdown_write+0x2d/0x290 [ 1344.194686][T18022] ? __pfx_lockdown_write+0x10/0x10 [ 1344.199932][T18022] vfs_write+0x24c/0x1150 [ 1344.204311][T18022] ? __fget_files+0x1fc/0x3a0 [ 1344.209037][T18022] ? __pfx___mutex_lock+0x10/0x10 [ 1344.214110][T18022] ? __pfx_vfs_write+0x10/0x10 [ 1344.218933][T18022] ? __fget_files+0x206/0x3a0 [ 1344.223671][T18022] ksys_write+0x12b/0x250 [ 1344.228051][T18022] ? __pfx_ksys_write+0x10/0x10 [ 1344.232957][T18022] do_syscall_64+0xcd/0x250 [ 1344.237519][T18022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1344.243480][T18022] RIP: 0033:0x7f67bd585d29 [ 1344.247933][T18022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1344.267588][T18022] RSP: 002b:00007f67be3e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1344.276047][T18022] RAX: ffffffffffffffda RBX: 00007f67bd775fa0 RCX: 00007f67bd585d29 [ 1344.284078][T18022] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1344.292125][T18022] RBP: 00007f67bd601aa8 R08: 0000000000000000 R09: 0000000000000000 [ 1344.300142][T18022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1344.308163][T18022] R13: 0000000000000000 R14: 00007f67bd775fa0 R15: 00007ffe6151f3d8 [ 1344.316190][T18022] [ 1344.319545][T18022] Kernel Offset: disabled [ 1344.323943][T18022] Rebooting in 86400 seconds..