last executing test programs: 6m17.018865948s ago: executing program 3 (id=1206): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfdf3) ioctl$auto(0x3, 0x80000541b, 0x38) 6m16.881355481s ago: executing program 3 (id=1207): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4001, @loopback}, 0x6b) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @remote}, 0x54) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) 6m16.666517571s ago: executing program 3 (id=1209): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x1d, 0x2, 0x6) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x6, 0x0) socket(0x2, 0x6, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) 6m16.414761744s ago: executing program 3 (id=1211): socket$nl_generic(0x11, 0x3, 0x10) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0xf000, 0x8, 0x1000000003, 0x9b72, 0x2, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1d, 0x2, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x118) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x6, 0x17, 0x0, 0xfb3) 6m16.067061213s ago: executing program 3 (id=1213): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 6m15.683680678s ago: executing program 3 (id=1215): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x28242, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000280)=0x4) read$auto(r0, &(0x7f0000000040)='-^@)\\\x00', 0x4) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) unshare$auto(0x40000080) pivot_root$auto(0x0, &(0x7f0000000140)='/dev/audio1\x00') mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x80) 6m0.448242208s ago: executing program 32 (id=1215): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x28242, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000280)=0x4) read$auto(r0, &(0x7f0000000040)='-^@)\\\x00', 0x4) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) unshare$auto(0x40000080) pivot_root$auto(0x0, &(0x7f0000000140)='/dev/audio1\x00') mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x80) 4m45.127103606s ago: executing program 4 (id=1864): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) sysfs$auto(0x2, 0x4, 0x4) mincore$auto(0x1000, 0x8001, 0x0) r0 = io_uring_setup$auto(0x877, 0x0) io_uring_enter$auto(r0, 0xcd00, 0xcd00, 0x7, 0x0, 0xffffffffffffffff) recvmmsg$auto(0x4, 0x0, 0xffffffff, 0x0, 0x0) poll$auto(&(0x7f0000000080)={r0, 0x8, 0x9}, 0xb, 0x101) 4m44.513614725s ago: executing program 4 (id=1866): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/devices.allow\x00', 0x100, 0x0) madvise$auto(0x0, 0x2000000080000001, 0x3) ioctl$auto(0xffffffffffffffff, 0xc0045103, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x44100, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x84, 0x7d, 0x0, 0x0) r0 = syz_open_procfs$namespace(0x0, 0x0) setns(r0, 0x0) r1 = openat$auto_nsim_dev_trap_fa_cookie_fops_dev(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim3/trap_flow_action_cookie\x00', 0x2202, 0x0) write$auto(r1, 0x0, 0x8) 4m44.368219245s ago: executing program 4 (id=1869): sendmsg$auto_NFSD_CMD_VERSION_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48080}, 0x20000840) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x23, 0x80805, 0x0) socket(0xa, 0x801, 0x84) memfd_secret$auto(0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) getsockopt$auto(0x6, 0x84, 0x1d, 0x0, &(0x7f00000000c0)=0x10000) 4m44.250493249s ago: executing program 4 (id=1870): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) rseq$auto(&(0x7f0000000300)={0xb, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x25, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x2240, 0x154) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) 4m44.032733937s ago: executing program 4 (id=1871): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) open(&(0x7f0000000080)='.\x00', 0x0, 0x1f2) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) open(0x0, 0x22240, 0x155) 4m43.67528043s ago: executing program 4 (id=1875): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x82000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) writev$auto(0x9, &(0x7f0000000300)={0x0, 0x3}, 0x2) 4m28.509838271s ago: executing program 33 (id=1875): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x82000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cuse\x00', 0x1c1041, 0x0) writev$auto(0x9, &(0x7f0000000300)={0x0, 0x3}, 0x2) 3m24.483781925s ago: executing program 1 (id=2213): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) prctl$auto(0x1d, 0xfffffffffffffffb, 0x8, 0x10000005, 0xfffffffffffffff9) clock_nanosleep$auto(0x7, 0x7fff, 0x0, 0x0) clock_nanosleep$auto(0xb, 0x8000, 0x0, 0x0) settimeofday$auto(0x0, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x4000804) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x7) mmap$auto(0x0, 0x6, 0x1000000003, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x10000000000002d, 0x0) 3m24.204588192s ago: executing program 1 (id=2214): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) eventfd$auto(0x3) r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x8, @old_map_fd}, 0xa3) 3m23.248102285s ago: executing program 1 (id=2217): unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r0, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000f00)={0x14, r1, 0x705, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x880) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r2, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f00000034c0)={0xa4, r3, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x8c, 0x1, 0x0, 0x1, [@nested={0x85, 0x2f, 0x0, 0x1, [@generic="8ac0eb3e572204a44edfe808d83c1f3ca60d0aaf0498e468d0359e24ad6369ac0fddce3df9fe6eb2a7e077bba8be9eed10fbfdbb3b85af6259249822e87f54ec3c1fe23fafe6936508203f5c297f1dc4a2a11fcb5743f2dbe3ccad76d627f720d762", @generic="2b4d02edce816134154a0f50376a72eb39", @nested={0x4, 0xf7}, @generic="2bb6aff7fd45", @typed={0x4, 0x119, 0x0, 0x0, @binary}]}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40c4}, 0xc000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0xd5, 0x8, 0x4) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) 3m22.539820835s ago: executing program 1 (id=2219): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xff, 0x400000000000401, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0xc) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) mprotect$auto(0x1ffff000, 0x8800000000000001, 0xd) bind$auto(0x3, &(0x7f0000000080), 0x68) 3m22.227035777s ago: executing program 1 (id=2221): openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x4100, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000280)='/dev/usbmon29\x00', 0x5f9000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0xa}, 0x5, 0x20000000) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x7}, 0x10) socket(0x11, 0x800, 0xfb11) mount$auto(&(0x7f0000000180)='xfrm0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='\x00', 0x6, &(0x7f0000000240)="e496433eeb34df08522bc6754c216c084e58d9ad5ebea1b0ec74fee049eb2494f7c7cbc32ce409a26374e4549474ea2edb417c4c501cef41fb17b0c3") memfd_create$auto(0x0, 0x4) seccomp$auto(0x2, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) tkill$auto(0x1, 0x7) 3m21.604218718s ago: executing program 1 (id=2223): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x31, 0x65f, 0x1ffde, 0x7, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x4, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, [0x0, 0x0, 0x0, 0x8050100000000000, 0x0, 0x100100001, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x1, 0x3, 0x0, 0xffffffffffff7ffd, 0x2, 0x200000000004, 0x8, 0xffffffffefffffff, 0x200000000000004, 0x0, 0x0, 0x0, 0x0, 0x400000000005b8, 0xc, 0x0, 0x0, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x10006]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0x400000000000003, 0x29, 0x20, 0x0, 0x568) mknod$auto(0x0, 0x1, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 3m21.06411791s ago: executing program 34 (id=2223): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x31, 0x65f, 0x1ffde, 0x7, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x4, 0x10003, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, [0x0, 0x0, 0x0, 0x8050100000000000, 0x0, 0x100100001, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x1, 0x3, 0x0, 0xffffffffffff7ffd, 0x2, 0x200000000004, 0x8, 0xffffffffefffffff, 0x200000000000004, 0x0, 0x0, 0x0, 0x0, 0x400000000005b8, 0xc, 0x0, 0x0, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x10006]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) setsockopt$auto(0x400000000000003, 0x29, 0x20, 0x0, 0x568) mknod$auto(0x0, 0x1, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 48.680470955s ago: executing program 0 (id=2949): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setgroups$auto(0xe32, &(0x7f0000000040)=0x9) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x9, 0x4, 0x4, 0x7, 0xcb2a, 0x9]}, &(0x7f0000000100)={[0xffff, 0x3, 0xfffffffffffff31a, 0x7, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0x7, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000180)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x6, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x4, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200)) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) ppoll$auto(&(0x7f0000000280)={0xffffffffffffffff, 0x6, 0x9}, 0x9, 0x0, &(0x7f0000000300)={0x7ff}, 0x8) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) fallocate$auto(0x3, 0x0, 0xe, 0x8ec8) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040800}, 0x40850) mremap$auto(0x6, 0xad, 0x6, 0x7, 0x4) 46.851673364s ago: executing program 0 (id=2962): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop9/queue/rotational\x00', 0x103400, 0x0) socket(0x10, 0x2, 0x14) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x100) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ptmx\x00', 0x189000, 0x0) openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x240c02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_options\x00', 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 46.593907593s ago: executing program 0 (id=2963): read$auto(0xffffffffffffffff, 0x0, 0x7ffc) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) ioctl$auto(r0, 0x4008af03, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/lockdep\x00', 0x60200, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmsg$auto_MACSEC_CMD_ADD_RXSC(0xffffffffffffffff, 0x0, 0x4000) socket(0x10, 0x2, 0x4) 45.836360124s ago: executing program 0 (id=2970): bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket(0x2a, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x0) socket(0xa, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3) 45.583585074s ago: executing program 0 (id=2972): prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) socket(0x2b, 0x1, 0x1) socket(0xa, 0x4, 0x4073) socket(0xa, 0x2, 0x3a) r0 = socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) io_uring_setup$auto(0x6, 0x0) listen$auto(0x3, 0x83) setsockopt$auto(0x3, 0x1, 0x1d, 0x0, 0x9) bpf$auto(0x3da, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x1801, @old_map_fd=0x3ff}, 0xa3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x3, 0x4, 0x4000000000dc, 0x40eb2, 0xa1c, 0x8) madvise$auto(0x0, 0xffffffffffff7ea8, 0x19) madvise$auto(0x0, 0x1000000000053, 0x9) 44.489265026s ago: executing program 0 (id=2977): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r6, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f00000025c0)={0x1c, r7, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x480, 0x0) ioctl$auto(0x3, 0x541b, 0x38) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000500)={'gretap0\x00', 0x0}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r9}, @OVS_DP_ATTR_NAME={0xb, 0x1, '.\x02:\xb6-$\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024) 29.369795211s ago: executing program 35 (id=2977): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000002500), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) r4 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002580), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r6, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f00000025c0)={0x1c, r7, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2c}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000180), 0x480, 0x0) ioctl$auto(0x3, 0x541b, 0x38) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000500)={'gretap0\x00', 0x0}) socket(0xa, 0x23af690fef30229, 0x9) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r1, 0x5, 0x70bd29, 0x25dfdbfc, {}, [@OVS_DP_ATTR_IFINDEX={0x8, 0x9, r9}, @OVS_DP_ATTR_NAME={0xb, 0x1, '.\x02:\xb6-$\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0x4000024) 6.755635514s ago: executing program 5 (id=3126): socket(0x1d, 0x2, 0x6) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x4601, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4, 0x1, 0x20000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x80047456, 0x0) ioctl$auto_TIOCSTI2(r2, 0x5412, 0x0) 6.183039126s ago: executing program 5 (id=3128): mmap$auto(0x0, 0xe986, 0x100df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(r0, 0x1, 0x21, 0x0, 0x9) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x06\x00\x06\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfdef, 0x3) mincore$auto(0x1000, 0x8001, 0x0) io_uring_setup$auto(0x877, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto(0xffffffffffffffff, 0xc0205647, 0x38) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x40000000000d, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 5.77944037s ago: executing program 5 (id=3132): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x604c837}, 0x4010) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video3\x00', 0x80000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101000, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0x81) prctl$auto(0x25, 0x8000, 0x5, 0x7, 0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xf6f6, 0x8000) sendmsg$auto_TIPC_NL_NET_GET(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x20000000) acct$auto(&(0x7f0000000000)='/dev/video3\x00') r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380), 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 5.394164831s ago: executing program 2 (id=3134): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) ioctl$auto(0x3, 0x4b4b, 0x3) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2b, 0x1, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) io_uring_setup$auto(0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) setsockopt$auto(r0, 0x29, 0x2, &(0x7f0000000880)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,\xb0\x9fA3\xc2\xa2\x1cM\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x18000110) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 5.280402453s ago: executing program 7 (id=3135): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop9/queue/rotational\x00', 0x103400, 0x0) socket(0x10, 0x2, 0x14) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x100) openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x240c02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_options\x00', 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x1d, 0x2, 0x2) socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x5412, 0x0) 5.147624614s ago: executing program 7 (id=3136): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) userfaultfd$auto(0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x3, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0xb, 0x5}, 0x7) 4.867760506s ago: executing program 2 (id=3137): socket(0x11, 0x3, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x0, 0x0) r0 = syz_clone(0x21242011, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r0, 0x1002, 0x0, 0x0, 0x0, 0x2) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x7) mmap$auto(0x0, 0x4, 0xffd, 0x8000000008012, 0x3, 0x0) ioperm$auto(0x7, 0x6, 0xffffffffffff4064) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0x8800, 0x0) mmap$auto(0x0, 0x8, 0x6, 0x9b72, 0x2, 0x8000) readv$auto(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x9}, 0x8bb) open(0x0, 0xa240, 0x15e) unshare$auto(0x40000080) ioctl$auto(0x20000000000003, 0x8946, 0x2) 4.855793796s ago: executing program 7 (id=3145): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000002, 0x5) madvise$auto(0x0, 0xffffffffffff0001, 0x15) msync$auto(0x0, 0x2000000005, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_thermal(0x0, r0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) r2 = socket(0xa, 0x3, 0x3c) mmap$auto(0x0, 0x101, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = socket(0x15, 0x5, 0x0) bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) ustat$auto(0x801, 0x0) sendmsg$auto(r3, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r4, 0x4b70, r2) 4.855406648s ago: executing program 6 (id=3138): write$auto_set_tracer_fops_trace(0xffffffffffffffff, &(0x7f0000000040)="afe80ebb637441536d511f829c1522e41ecf6c9bf85c702cd7b2604f28de382640c9d58f7965a153c3bfe6fd361fddb892a48308187dce0ba45df9414e4be6cb98475b17407bbd6f34eff83e5716c256ea2bb4f5b48619c7828e05f457be3d5f97ad3fcb90a0dd2346132ec8d9961f1c9624a61fccb14d5d98db4feaff954f086ca96b47e4f70507753fd466e27e41650b350404175125d06dcd1f1633ddb1edfb746e065a84e3faa4c5d2c94ef5c047ff800a31f52db80e6eda576cd24199f5521685f78e88d6278f9274f8b7a1", 0xce) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) prlimit64$auto(0x0, 0x8, 0x0, &(0x7f0000002780)={0x80, 0x9}) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) r0 = open$auto(&(0x7f0000000180)='./file0\x00', 0x0, 0xff93) ioctl$auto_PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f00000001c0)=0x81) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r1, &(0x7f0000000100)="0a1b9a3c3e3e006e163bb154d7886d8ea5c2574c58e9867ecec3371cadb848770dc8f745d1c76eedba12b9f694dabdbcf3401910bb713aca465c9bbc23b5d40a", 0x40) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000140)={0x0, 0x9}, 0x100000007) pidfd_open$auto(0x1, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r2, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f343c7cb602083aa5e1", 0x300) close_range$auto(0x0, 0xfffffffffffff000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 4.691508211s ago: executing program 5 (id=3139): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x2600, 0x0) connect$auto(0x3, &(0x7f00000000c0), 0x55) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x6, 0x0) futex$auto(0x0, 0x3, 0xf, 0x0, 0x0, 0x8) setsockopt$auto(0x3, 0x10f, 0x7f, 0x0, 0x14) settimeofday$auto(&(0x7f0000000180)={0x1ed5d7403, 0x1}, 0x0) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20800000000d, 0x203, 0x4, 0xc, 0x5, 0x3, 0x5, 0x0, 0x9, 0x8, 0xff, 0xa, 0x4, 0xaab, 0x5, 0x4002]}, 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x144, 0x9) keyctl$auto(0x2000000000000016, 0x1000, 0xfffffffffffffffb, 0x103, 0x7ffffffd) getpriority$auto(0x1, 0x1) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8000, 0x0) lseek$auto(0x3, 0x7ffffffffffffffd, 0x0) 4.176633746s ago: executing program 2 (id=3140): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r0) socket(0x2, 0x3, 0xa) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20000, 0x0) mprotect$auto(0x100000000, 0x3, 0x7) ioctl$auto_SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000004900)=0x40000) sendmsg$auto_NL80211_CMD_STOP_AP(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) ioctl$auto(0xffffffffffffffff, 0x8, 0x7) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x6d3c, 0x5, 0x2]}, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) 3.827748988s ago: executing program 7 (id=3141): unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x2) socket(0x1d, 0x2, 0x2) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x4, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x2, 0x3, 0x5, 0x7}, 0x3, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r3, 0x29, 0x49, &(0x7f0000000040)='!\x00', 0x1ff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000040)={0x1c, r2, 0x13ebbac2338983f3, 0x70b927, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x4008000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = syz_clone3(&(0x7f00000001c0)={0x8000000, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), {0x15}, &(0x7f0000000140)=""/7, 0x7, &(0x7f00000009c0)=""/4096, &(0x7f0000000180)=[0xffffffffffffffff, 0x0], 0x2}, 0x58) syz_open_procfs$namespace(r5, &(0x7f0000000240)='ns/mnt\x00') 3.827312886s ago: executing program 6 (id=3142): msgsnd$auto(0x8, 0x0, 0x3, 0x8) mmap$auto(0x5, 0x8000000000000000, 0x3, 0xfe3b, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setregid$auto(0xffffffffffffffff, 0xfffe) ioperm$auto(0x7, 0x6, 0x2) semop$auto(0x6, &(0x7f0000000040)={0x0, 0x8e, 0x8}, 0x6730) setresuid$auto(0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8008}, 0x4000040) sched_setaffinity$auto(0x1, 0x1, &(0x7f0000000000)=0x1200000000008a) 3.659961531s ago: executing program 5 (id=3143): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) ioctl$auto(0x3, 0x4b4b, 0x3) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2b, 0x1, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) io_uring_setup$auto(0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) setsockopt$auto(r0, 0x29, 0x2, &(0x7f0000000880)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,\xb0\x9fA3\xc2\xa2\x1cM\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x18000110) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 3.100414049s ago: executing program 7 (id=3144): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) connect$auto(0x3, 0x0, 0x55) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={0x0}, 0x1, 0x0, 0x0, 0x4004084}, 0x82) read$auto(r0, 0x0, 0x2184689f) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8002, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x53, 0x9) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f00000000c0)={0x7feb, "01882c581b7e36a0856007abcfb11edc39bbe079dc943100", @inferred=r1}) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0x5}, 0x5, 0x80000000) madvise$auto(0xffffffffffff8001, 0x401, 0x1) close_range$auto(0x2, 0x8000, 0x0) 2.642613637s ago: executing program 6 (id=3146): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) ioctl$auto(0x3, 0x4b4b, 0x3) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2b, 0x1, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) io_uring_setup$auto(0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) setsockopt$auto(r0, 0x29, 0x2, &(0x7f0000000880)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,\xb0\x9fA3\xc2\xa2\x1cM\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x18000110) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2.260941204s ago: executing program 2 (id=3147): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setgroups$auto(0xe32, &(0x7f0000000040)=0x9) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x9, 0x4, 0x4, 0x7, 0xcb2a, 0x9]}, &(0x7f0000000100)={[0xffff, 0x3, 0xfffffffffffff31a, 0x7, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0x7, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000180)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x6, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x4, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200)) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) ppoll$auto(&(0x7f0000000280)={0xffffffffffffffff, 0x6, 0x9}, 0x9, &(0x7f00000002c0)={0x8000000000000001, 0x8001}, &(0x7f0000000300)={0x7ff}, 0x8) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00T\x00'/40, 0x9) fallocate$auto(0x3, 0x0, 0xe, 0x8ec8) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040800}, 0x40850) mremap$auto(0x6, 0xad, 0x6, 0x7, 0x4) 1.486601111s ago: executing program 7 (id=3148): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000007180)='/sys/devices/virtual/block/zram0/debug_stat\x00', 0x80, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f00000071c0)=""/118, 0x76) r2 = fsopen$auto(&(0x7f0000000000)='\x00', 0x400) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r2) sendmsg$auto_NL80211_CMD_SET_CHANNEL(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r3, 0x200, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x0) read$auto_snd_ctl_f_ops_control(0xffffffffffffffff, &(0x7f0000000100)=""/4096, 0x1000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x5f9a, 0x8) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, 0x0) sendmsg$auto_NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000001480)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001440)={&(0x7f0000001140)=ANY=[@ANYBLOB="1c000000", @ANYRES64=r1, @ANYRESOCT=r2], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmmsg$auto(r2, 0x0, 0x6, 0x2) socket(0x28, 0x5, 0x0) settimeofday$auto(0x0, 0x0) connect$auto(0x3, 0x0, 0x54) write$auto(0x3, 0x0, 0x10001) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/veth1_virt_wifi/proxy_arp\x00', 0x141201, 0x0) write$auto(0x3, 0x0, 0x100082) 814.7488ms ago: executing program 2 (id=3149): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r0 = socket(0x10, 0x2, 0x0) recvmmsg$auto(r0, 0x0, 0xc1c, 0x42, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = getpgid(0x0) kcmp$auto(r2, r1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) setsockopt$auto(r0, 0x7a, 0x0, &(0x7f0000000280)='\x00', 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8000, 0x0) ioctl$auto(0xffffffffffffffff, 0x802c550a, 0x1) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0) bpf$auto(0x0, 0x0, 0xa3) ioctl$auto_PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r3, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x3, 0xf1, 0xb0, @raw=0x7}}) sendmsg$auto_NL80211_CMD_VENDOR(r0, 0x0, 0x20048000) keyctl$auto(0xb, 0xfffffffffffffffd, 0xffffffeffffffffb, 0x2, 0x0) 554.262707ms ago: executing program 2 (id=3150): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) pwrite64$auto(0xc8, 0x0, 0xfdef, 0x3) ioctl$auto(0x3, 0x227d, 0x3b) close_range$auto(0x2, 0x8, 0x0) r0 = memfd_create$auto(0x0, 0xe) r1 = socket(0x2, 0x1, 0x106) setsockopt$auto(r1, 0x1, 0x21, 0x0, 0x9) write$auto_msr_fops_msr(r0, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x7}, 0x6}, 0x5, 0x20000000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, 0x0, 0x5, 0x2) write$auto(0x3, 0x0, 0xfffffdef) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000001580)='/dev/dsp1\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f00000015c0)=0x4) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 476.611992ms ago: executing program 6 (id=3151): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop9/queue/rotational\x00', 0x103400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x100) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ptmx\x00', 0x189000, 0x0) openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x240c02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_options\x00', 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x1d, 0x2, 0x2) socket(0x10, 0x3, 0x6) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 394.148149ms ago: executing program 6 (id=3152): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) ioctl$auto(0x3, 0x4b4b, 0x3) socket(0x18, 0x5, 0x2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2b, 0x1, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) io_uring_setup$auto(0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x806, 0x0) setsockopt$auto(r0, 0x29, 0x2, &(0x7f0000000880)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\xff\x1b\x01\x1e\xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\xf2Vw\xbe\x1c$\xddm\x8a\x9d\x91_\vBj\x0eQ\xce\x16\'C\x8c\x01\x80\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\x00\x00\x00\x00\xe4\xa5\xfe\xb5h\xae\xec%\xf9\x94>\xd6,\xf3\x98\'\xb0\t~~\xb4\x98\xbb3=A\x9c\x17\xaa\xce\fh-M\xdb-\x15VX\xfe\xca+\xb5\x95\xb3JL\x0fl\xe84\xbd\xa3nO\x9f\xfa\xb1\x06$\b$i3\x83\xd7\x06\xd6\x1e\xdbB\x9bb\x1cXC\x8c\x8b\xd9\xff\xf2Bf\x99!Z\x13\xff\xca\xf3e\x015\x9b\x86\xd6$\x1a\r3\x91\xb7\x942\xeb\xadVA\xfc\x1f\xbf1\xb7T\xc1\xbf\xc0\xc2\xfc\xe8w\xd33\xb2,\xb0\x9fA3\xc2\xa2\x1cM\x825\x94U\xbbNeb\xd2\xa9\x0f\xed\x8b\xea\xfa\x8a\x04.\xffMIw\x0f\xd6\xae^\xd2\xf1j\xcb\r\xa4\x1d0d\xca\x81\x9c\x80GL\x0e\xe6\x19\x8au\x1a7\xc5|\xf6\x1e\xe00\xc6\"\x83\x1c\xa2\x9e\a\x1c\xea\xa3\x9c\xe1BF\x05b\xf6\xdcf\x04\xd9B\xb9\x98\x9cq\xbd\xfb\xb5~\xf2\x8d\x9f`\xec\xd0\xafY\xcf\x84', 0x18000110) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 64.249806ms ago: executing program 6 (id=3153): r0 = pipe$auto(&(0x7f0000000200)) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), r0) r1 = socket(0xa, 0x801, 0x100) getsockopt$auto(r1, 0x40000000029, 0x3c, 0xfffffffffffffffe, 0x0) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000580)={0x121c, r2, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_HMACINFO={0x11d6, 0x7, 0x0, 0x1, [@typed={0x8, 0xd6, 0x0, 0x0, @u32=0x370}, @nested={0xd1, 0xe5, 0x0, 0x1, [@nested={0x4, 0x144}, @nested={0x4, 0x11b}, @nested={0x4, 0x57}, @generic="fa601a952696e16b79cb0409f51c1fd2e0e8fc542a7d1e59be0f7e25afde8f30cc4bfdf2bd2a46508e6d23bb011a49309352bfa7b203652a0c648fe63f27714dd9ae7aabcaa5d3fbc65d82ea34c9095b3fb255079902a6c874cfd6fa56ff78bbe8c3b013c897919d0d17be82b27fc809c3b041b99d59fdac612f6cede70a0b6b7c631b8edd16a979864b9a24724ef616b655fe52807409217a6567af79cb168aff1314247cc920fecc83694e81e881da328ea9bf96a069c2adfa1461656857657c"]}, @nested={0x101c, 0x12b, 0x0, 0x1, [@generic="d29c730e82e08555ad4505fb8723377d6621ff5945d1a8dde8300ae9fb96fedc61f38249cccf7d6615d99caf066130b076ea35b5f47294c8d38e46594a37bf7cd5dff43886275e86f41d0f18ce40f200b4dcfb56092875d87aac23881bde80382bec03bd598dffa915a0df34fe9bf80a7d8ffc7647e1cd9ac9399cca24a554b459da15dbf9a93e5e047b34c718585cb943cb200965da168d9ca647c62c3033dba3741ebd063e1523de4d72e27dcc720b543d19503c604e21b3c318e2639f5b2fa5b1b8033e5d5562702da2cd32729340e9a416f01b77356399d286864060d7e430a3c62c87e97f14cc86237556783c444a1f3f0d200b2b4b55a70a6c58a18e5962cfaef70ad898730dfb99ca1d36feda7c24abf6a74bb3e08306b6e68394900cef3805c409c19a7277d3286af0471e48067ce7b43e3427d83dd01b4aa84baea6e7fb6545a15b49c38d2b371348fdd4070c332fa829b01046b931e3977d6db7b53719d13d6693234d8ff7edda9f5c77c856f96c9917f7216977a033a73862e05f49a53e47a7e6c40d2eeb5c5ec584c0eadbf0bb8154c4ad4753209a06a70154b0e4c1e97ac875583c3c7b367792772d2698cebb6e4b7461d024f896a275cf8b19bd57a3435da1f03460da3465bb121a06f94b84b4ca9bdf40963a37fe0de4c79bdaec4bdf65ea4d30ba994a426f0310ebadc834643a9fa702c74c4e2d3806b9f6e2a41deb6f507818325fb276e9bcbd1c377979277d5672bde55bf2b0807234505bf02dcc710cb263594f1d40e696a8b588b95804908c2be9f35f55039c7ff0dedfa6e6aa623849883da62880c659553ed0dd7bc9effe69d9264bf316b28414a7a48042b289af06bd8bbf2c6abbb4eb1dd63672160e0e700c7e9ae0e9719e39d8bbd9433969945d3643134f3a08681357497e5a33ba3bae979b7544a695850195c9cf2841a9b24ba264623868469901098ddf17f3a33e4dd3e85f04525613af59129c8b14fc4b1e7771042c953e6ed909a9b9cdea252a3bba6dfda5580b0fc673e00e267d5d09fae3bbca014f57699e0b67fbf5b0b97c78ead6015f7672a3dfb45fcb863ba24fc28550392ecbfaaa120d33fbf55a4cbd712bdc4b41161544eb63ceef7db784d2b8e2ea8828242214b31ef571e14944a66f4c35e0d65da0be7ad9594fe5e0ed10a0f86f17d4ab7bd9c43bfd1eb407b68d849e2f4812802254b2b80e7fd486a2887176d5bf15104db15e91cc4f76e9fd3c8f8ac441a6afff4cc1da55dcfa7cd8a981e7dfa604d1308fe74055a38d816e906d9b075f5df886b70ffb52afc3fc8e03fe3cc3d3888ca36a8c0ec8f97752f2b9f905d348fab6d6fd4f39235e1c7e87c78bddcbd63aa4afcddb06537f35a30b1db59517a5ab65f71fcd23afe70175d0e9386aa5c95b6addcbfaa1639b907b420b504d0455d1a951ac1982cc5075bd2512b8b5660d78f2eea0c977831b39d2b00420e77ee6dba49b85c3cf65d63f52fb3df2d20510b1fc282f4ae4ae52a4485364124f1c22863608eab08d0a4051463492d629e580224661b1a928a28db31f7f95136744be440cb234cfa7e01b0a24572ea5b7fde2befb3ddf71ea3287a652dc154557d2c86f96838202b981fa1be7f5b0a0e8d9e1828c45a7014994aee18b080392744734a9a151216ec6e73c4eefbab718ab412fe02352dbf5e0d8ce79b3faf8dc2487b6e93b11b812308e0aab0001f87784c4ffb2b66ac11b256f95742b8cf7d30977abbfab42e8a696e096b89f386954f9a967e0b4ce0b7617a10a1abbb07f81d4dfea6ff1efde60c3718bdd392e8eadb5b03dbe184353b6a661e44419fb73e5a1156b5fcf059efadc140f2f361ece7c92ebab7b1912758f6d8933c1657d36f75fd0aa69bc0cefa32af3d4cf02514d47ce1a1e72dd9fa6f61789fff10ac2ac7dad2b45f795e9406509f328c9566f421b63a1728a3fb7c44202a3d57557e1c85981023ef8d43f28433fdaaf3f2b2595f730dffbec92aa36a0f72b6243608e65fdd5c9b03f224ac0815a99798fcf9ba9fb028b1ce0247a155d6ce49b43047c3e5648f454b002780594045fad541b3b6c6fb2e49dc737ec7049de7f05f4a83d90823bc56aaeb1022b9c71026a114cd40ddfb3af7c7df03b2928fb3a6d18262fa6055b580760666bde06c8c76506a9bfafbc45a76777135b7bec29bce9decff2279380fdabf39415928cd9057e62cbe08750b0774f0f0e9ce1a44d5b4ab23b53d364933896117338e0983e558ba8924fb5a19d292b144687069106c68350120ea19b4b23ecc8c389b928c368febd161d7b61e3bba438e535b2b8e8242dfb795b8f29994a7c1725c57b94a7d9e2287094d49b5f92b33b21048a0cf1917ef7928f38e514526631f57d5ac4aa387ca977f2648fe256ecf6a1d4f4e824e84c990f64af113fc0d029925949bd3d87efbf9a3222f6532ab34fede2e9efc68b0600313080c3417a54334ab9ee2acad89bede959dd795c1d48f7f4590475301fe3f51a4f678226e8591dce12a9ef0f37885dd3de4851468b382bb24261bedf96401801a19bd443fc90a388cc6eac7b3367eadfc769ab5780b0615d5531b8fb6e79a9efc3b490c75c37fb51f7427784e414e9eaa5a7cc0dfb184adf7faff7394870475811d18a8087991d0425e8ca0292a3bc7ea0bb574c89e1040b163f608aa7ac18b989031c774f1a733e842f8fccf754631948d7211445c696299a54e81dda9a48a5a78c346b0afc6f4810a8b5ffc6618149e0d7060033c543d19b73714daa29876b236f12ba284e81dfe139fddc4db2a308517f12b2b24a10e0579b4c6013fc47a1638ba4f89223888f162529c976cb3225c728b1a33c66e7de8159e6552d1bfb7b4f56b3430d5d6a41b5db5f0eaaafb291c44b690e43c87d98e46f15d4ab7a8cd9113490469b3c3aa3b7d7651e8ceb5c536d104eb8e1c4c88ff9154c2b80271027704aa571c22f626489f2a2bb6680c57dfca2674044da28377b1f3db1f2fc3a1890aa0324155b7fb6bd8677bf9f4f190607ce1631e8ffad797f111186eb7173aea5333c54f87c75199ea21865080a78f940d9b494c65e290f1f297deb16aa8fb6edac6b5aab5639cf0a32933da8832c975b482a5d971f42f74fa2af7b8316748feb7c2329ecfb88cd8bc437d94c6740a5e78553cd5e6133b7929a222209482bff987b195c2fc970d55beb4326433b6cdb76feeb37acce448c1a2217bb486e5dc25dad3d04096e5b653945041fd2d693eee0de390a2f03fe3e359eff475b43bf1640d58b2adf6c5bd7e2a1ad9dc46b14befc0788bbf9ea2a1d8da69ef1258c1d8cd43152c80d140e817e23e025c76d116905eaa6c2b9b923bc68fe23c29e5b9a15e47ec9509961a83ae16a2f753a4fd01861e2f18f5c400dc1177c650effb751bba2dc1213c28b8779e72b8d45eed5513a18508bbc055ad9cb4a579e87dfb1f93badd0a110cbc2b0205297ae61ffff95345eb9ba6672f635b97e026cdcadf0db3e68e6c9b1f7b52367e019a4411f3f94144b42c9ac0bf0079e0dec4edf866520c9a803fca2e7d29fb8e622661a766d6174d7ba905e22c6f30a2943091dc08be11468aa6af5331c165534cf22dd1cc9b73e9963ad71c94d3ff7d9ab93ae485a42b75ef2996258b1e3e078337b4cf9ff4b119653883d75ef4cb3732e01c0990b0d784aa1001adf817a4042b66f15bc57b2e5b585d48e2ff4f390db64780d41c3e960c0b92db31f24fbd997c70dcd7151ed5e614e8c0c1917f98da9f73fdaefc629e24df2298ccc97e4c4997c9bf2fa5b0bbeccf094f3d78a1b818e33570d6dfefdc284bdc24eeb67be63beed120407a52ff6de1510e5ebf4f92b409049a05e3a1826df62ded0c2f2acf33ff6c10b2bc7f6e30c7f17b1b0a42ea379f29f90b392ee3a488897c128800aa641265257e9ff5e60a35c98c30111e2bfe1640d7dc506244f2142143bb45c96fd3dbc81b2a1ed223d5d92070214751366f7e44ba6f49059a3bbbc8d9a6c511acbbc1085df1689ff293cb1bff8c38c68767a9b55859525fee38cafafb806e5c4a89eb65445fb06e6837635d8ace9230e94635971b7831a190f92f38addfd8b592cd5e0834be4d4b1c93ff9c35db71e633078970f681030682e34ec796b7875eedb2e56940346048526e9d5ae2276f6b4716b376dc07f17e8e0f01eb9a108e60c99a46f591f7b7f6802ac2b807b080f232761e1afb160a2bb1474a866aa47932edb966f0583f02e537a09d0f13b10cfb3c370a405c0c37c8298bf1e93d93c381d15ce06378e6504cd078ad4449c1b024c55fddfad3109e23b0c31446d6486b13234568fc60c7d5a3b8208dca98631ea151500a9982ea27c2b8b232644ffb737ddf47f9c266be589a5a4e58469988b74f028b70aef0c443753a82d3954a7ca63444f98e1b6cbf2f799d59d1c0ed27efaf0edeca8d415d0dd1a4f2de12b0bc80079436486378e813b58b3734064532a3d8332d8698ecca6268b0fbbd85c1b0e9bffdb63f3e409675c42fe81bd29ee5bc528610a30172d0e537dcfc7eaf08da4f136f728da4c2a1831fd9d66c4ade996fb76e7fd1d7c9ae265e029bbdade9f9f03e8bbee6eae20024d011c6301b47fc14020d8d2d54af5491a10a06c325cbdd3f4944d400b97ff1cce3b4e8954116a6358b9ac492614a58d62c652c44c233003d9650a4210e3b5d738d81a22422a58587fdd72c49f2f244696811ae4e7ac6b79dede550cc1b5c4f59860380a3ad7f5a3e5da57e61f2cd9fed4c3ee2c7c459119951b314e0962d80ba398f605c5fd55b8ac2225b3a55f7bd11646bb18b258c22f15f82daa6d5a7502f31a77e235e33f81dc667027b02c2c1fdade136f01dbd1a545083f425d49a555a650c8c17bd01fa776117a77b878792f6640ceae317530d41f6dc7175f751334f5d6f3059f96d9b0b2869a519a92d04431418f91f0a1aa74f0284cc88068616f942e1f227f3796be02346153fed7bf516a7c3609dc6d2df4af1c4f2f66d990face40fa751a54d3b38866ff84aecc161604af2b6d42f61a5170f15e1ba2458f24f565737d44c82b3f2701c7ebf2c14358924d4dc288ec71ec865a73e2ca22205399108aead622bc3b2da24ef911827841783120569e14142ec1fba95d1dad91ddcbdb4ec37118619466eb1910fc3b6bbb46afc93b72298307ebe078b579b2dcd60d984e97c1398aad452af8d7439cfcf22e7e3e9e26349b775fd0e50c4d1c12b6c57ec498d99a6646966dbf4a32698edca84e7d0215229b82ecc6aa5b2e846a70c93bddebbc04f32bc40c5a6fec7545f04e4503d530ab5fd92af6eb208929130b9de5b5d0f544cce7f82200b5574d0f87fba4eaf87e9a4631bede985437073e1b9369fdf332cbc8f31c11277f4693e8e3779e08e565a7f9c4ea7f8fdad1d8e44814a215ef1a2b8c15c758ee7b983d28f4041e204d5ce4682f28e3ef369a12c4915aafb04f7708adb20d5f2d492dc06c3a643a7dbc4693f5b1cf7ae35a91109e477cc7ba746809786ce86d44d072c33af4a41d9f9be6a11c3bfa712e29f4b212a49460d20c66cb8103e45da517e59ef97257277d36432db2688b9a36ba8c07919552668979751bd78052b6b60438261ae679b4ab40dd6ab4fc61c7bcc9ac0a7531749f5343ff6bdb47a5127950baa95681b6845490437f330923f1b7c7c96177390bc62739b9702c3b3f9b1d9c4cb548edeab055b6acc7e911ef37655efefca2b5d7c36666c99e42bd42385651ccb036a45b62182f68639fe761e42987f55ac7", @typed={0x12, 0x25, 0x0, 0x0, @str='/dev/ubi_ctrl\x00'}, @nested={0x4, 0xcd}]}, @generic="adbd2324419f85f2a36b638936ee0d59642f0d90b88dbda5fc5dce5c8e9323bdba3a7b5faf97111a477d17cffe9127a727a2f6a834fd6b825ae85d4689e71602e83059179be46412e1443cc15c20eb370aa5f1e2235af8d7b7085e58406f3a05f29382e11253580068df0bda94483c05480ac673bc278d8a4a987bfc13d4b2ca04e6c1c8771c593eff1ae77ad8b80418c6bbe13edbc66d8272c7281dc7f3029780631a051b16c9ce2d78331bc9fa63c553a6b84a644d6d54e88b0c25a76bb85e6b0e6cae492e50120d7f7faf8297c78cd94b0355c67b8964212e"]}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe0}]}, 0x121c}, 0x1, 0x0, 0x0, 0x20000080}, 0x40) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/demote_size\x00', 0x123902, 0x0) r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x109402, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop6/queue/nr_requests\x00', 0x1a3a42, 0x0) read$auto(r3, &(0x7f0000000140)='\x00', 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x1f3c) write$auto(0x3, 0x0, 0xfdef) 0s ago: executing program 5 (id=3154): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0x80, 0x11, 0x2, 0x8000) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) ioctl$auto_MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000100)={0x0, 0x404, 0x7}) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/032/001\x00', 0x80002, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="24051c27c100dedbdf250307cc0008000200", @ANYRES32=0x0, @ANYBLOB="060007000080000006000700050000000a00050000000000000000000a00010000000000000000000a0001000000000000000000060006000d00000006000600070000000a000100aa"], 0x6c}}, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044040}, 0x24008890) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x68140, 0x0) ioctl$auto(r1, 0x5457, 0xd8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): red BSSID 50:50:50:50:50:50 [ 75.974548][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.050840][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.060164][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.132482][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.158755][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.196957][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.215084][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.260985][ T5900] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3'. [ 76.324965][ T5904] netlink: 'syz.0.8': attribute type 29 has an invalid length. [ 76.334854][ T5904] netlink: 334 bytes leftover after parsing attributes in process `syz.0.8'. [ 76.611150][ T5909] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 76.631012][ T5909] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 77.057618][ T54] Bluetooth: hci0: command tx timeout [ 77.191687][ T54] Bluetooth: hci2: command tx timeout [ 77.197711][ T54] Bluetooth: hci3: command tx timeout [ 77.203457][ T54] Bluetooth: hci1: command tx timeout [ 78.093543][ T5949] netlink: 28 bytes leftover after parsing attributes in process `syz.2.23'. [ 78.217900][ T5952] netlink: 'syz.3.24': attribute type 4 has an invalid length. [ 78.276492][ T5950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.22'. [ 79.170076][ T5838] Bluetooth: hci0: command tx timeout [ 79.217841][ T5838] Bluetooth: hci1: command tx timeout [ 79.223412][ T5838] Bluetooth: hci3: command tx timeout [ 79.229420][ T54] Bluetooth: hci2: command tx timeout [ 80.760491][ T6027] netlink: 342 bytes leftover after parsing attributes in process `syz.1.49'. [ 81.158922][ T6039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.53'. [ 81.189266][ T6039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.53'. [ 81.692400][ T6058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.57'. [ 81.743858][ T6058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.57'. [ 81.843119][ T6063] netlink: 334 bytes leftover after parsing attributes in process `syz.2.59'. [ 82.015323][ T6069] netlink: 326 bytes leftover after parsing attributes in process `syz.1.61'. [ 82.411627][ T6078] netlink: 'syz.3.66': attribute type 27 has an invalid length. [ 82.424890][ T6078] netlink: 334 bytes leftover after parsing attributes in process `syz.3.66'. [ 82.886817][ T6090] netlink: 330 bytes leftover after parsing attributes in process `syz.0.69'. [ 83.123194][ T6091] sctp: [Deprecated]: syz.1.70 (pid 6091) Use of int in max_burst socket option. [ 83.123194][ T6091] Use struct sctp_assoc_value instead [ 83.266462][ T6097] netlink: 322 bytes leftover after parsing attributes in process `syz.0.72'. [ 83.553372][ T6105] netlink: 'syz.0.74': attribute type 4 has an invalid length. [ 84.268556][ T6116] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 84.508717][ T6126] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 84.528801][ T6126] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.688967][ T6126] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 84.755858][ T6126] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 84.827271][ T6126] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.841988][ T6126] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 84.873343][ T6126] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 84.880984][ T6126] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.918792][ T6126] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 84.960314][ T6126] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 84.972942][ T6126] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 84.998302][ T6126] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 86.574419][ T6173] __nla_validate_parse: 2 callbacks suppressed [ 86.574441][ T6173] netlink: 25 bytes leftover after parsing attributes in process `syz.2.99'. [ 86.580803][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 86.816332][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 86.912127][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 86.976356][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 87.086683][ T46] cfg80211: failed to load regulatory.db [ 87.301974][ T6189] openvswitch: netlink: VXLAN extension 13870 out of range max 1 [ 87.902777][ T6193] FAULT_INJECTION: forcing a failure. [ 87.902777][ T6193] name failslab, interval 1, probability 0, space 0, times 1 [ 87.963424][ T6193] CPU: 1 UID: 0 PID: 6193 Comm: syz.3.106 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 87.974095][ T6193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 87.984201][ T6193] Call Trace: [ 87.987504][ T6193] [ 87.990463][ T6193] dump_stack_lvl+0x16c/0x1f0 [ 87.995185][ T6193] should_fail_ex+0x497/0x5b0 [ 87.999902][ T6193] ? fs_reclaim_acquire+0xae/0x150 [ 88.005050][ T6193] should_failslab+0xc2/0x120 [ 88.009785][ T6193] kmem_cache_alloc_noprof+0x6e/0x3b0 [ 88.015198][ T6193] ? vm_area_dup+0x21/0x300 [ 88.019743][ T6193] vm_area_dup+0x21/0x300 [ 88.024113][ T6193] copy_mm+0xd89/0x25b0 [ 88.028332][ T6193] ? __pfx_copy_mm+0x10/0x10 [ 88.032962][ T6193] ? copy_process+0x3ca7/0x6f20 [ 88.037859][ T6193] ? __raw_spin_lock_init+0x3a/0x110 [ 88.043184][ T6193] copy_process+0x3e6d/0x6f20 [ 88.047918][ T6193] ? __pfx_copy_process+0x10/0x10 [ 88.052987][ T6193] ? futex_wait+0x121/0x380 [ 88.057535][ T6193] kernel_clone+0xfd/0x960 [ 88.061994][ T6193] ? __pfx_kernel_clone+0x10/0x10 [ 88.067076][ T6193] ? do_futex+0x123/0x350 [ 88.071449][ T6193] ? __pfx_do_futex+0x10/0x10 [ 88.076170][ T6193] ? 0xffffffff81000000 [ 88.080360][ T6193] __do_sys_clone+0xba/0x100 [ 88.084989][ T6193] ? __pfx___do_sys_clone+0x10/0x10 [ 88.090233][ T6193] ? 0xffffffff81000000 [ 88.094437][ T6193] do_syscall_64+0xcd/0x250 [ 88.098982][ T6193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.105007][ T6193] RIP: 0033:0x7f9f0fd85d29 [ 88.109454][ T6193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.129213][ T6193] RSP: 002b:00007f9f10c61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 88.137676][ T6193] RAX: ffffffffffffffda RBX: 00007f9f0ff75fa0 RCX: 00007f9f0fd85d29 [ 88.145681][ T6193] RDX: 9999999999999999 RSI: 0000000000000009 RDI: 0000000000000021 [ 88.153698][ T6193] RBP: 00007f9f0fe01b08 R08: 0000000000000006 R09: 0000000000000000 [ 88.161710][ T6193] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.169725][ T6193] R13: 0000000000000000 R14: 00007f9f0ff75fa0 R15: 00007ffdd7bce708 [ 88.177763][ T6193] ? 0xffffffff81000000 [ 88.181965][ T6193] [ 88.224160][ T6207] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 88.429602][ T6213] ======================================================= [ 88.429602][ T6213] WARNING: The mand mount option has been deprecated and [ 88.429602][ T6213] and is ignored by this kernel. Remove the mand [ 88.429602][ T6213] option from the mount to silence this warning. [ 88.429602][ T6213] ======================================================= [ 88.656348][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 88.896520][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 88.979984][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 89.066547][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 89.372831][ T6234] netlink: 8 bytes leftover after parsing attributes in process `syz.0.122'. [ 90.026333][ T6247] misc userio: No port type given on /dev/userio [ 90.340919][ T6254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.130'. [ 90.354487][ T6254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.130'. [ 90.397438][ T6256] [U] [ 90.400397][ T6256] [U] [ 90.403124][ T6256] [U] [ 90.405850][ T6256] [U] [ 90.445554][ T6256] [U] [ 90.448330][ T6256] [U] [ 90.451060][ T6256] [U] [ 90.453873][ T6256] [U] [ 90.486645][ T6256] [U] [ 90.489427][ T6256] [U] [ 90.492160][ T6256] [U] [ 90.494895][ T6256] [U] [ 90.524048][ T6256] [U] [ 90.526817][ T6256] [U] [ 90.529540][ T6256] [U] [ 90.532256][ T6256] [U] [ 90.643215][ T6256] [U] [ 90.645954][ T6256] [U] t¡Æ>ã¸òl¶+Ã]MQ [ 90.650235][ T6256] [U] n.¹ ,Ü.äÜ [ 90.653810][ T6256] [U] ÛǶEÐùj"’ádˆJ†YBõj†Zfè¤U:/2h§©àþ÷HdiW\ü [ 90.660177][ T6256] [U] ¥ÉYŒàÂNR½£±Lþlæ¹.ìm Ôî Ï0ïàÂqpsÑïõ€â˜ñHUï<,oݽðƒõÁƒ°YDêÄÎ= UtÓO,™P”?|ÜÖû}ÁÅl´£Y‚A¯ {‡LÇœáÑ•-€÷8ÿ|“‹‘-¿”² [ 90.673158][ T6256] [U] 'i>Ücí…¤¬­núÏ&óPvQŽâ·Ä.€JIð +¤—‡ä+Ž¦J§œ†1YjŒ [ 90.679874][ T6256] [U] tXtNOÝý·v`¥Ú:)GY\‹¹ôUgmÉÃÄrté›eJ¦¨Â­MbßxñQIþ3 °Çû³jC/c8ð2¶…4#ZÑ&ðÖ̪‚t—N=»m.p鼿bw²(à$íï ¹wU(ã#ß [ 90.692140][ T6256] [U] ©žër²”ƒ•Mõ«¡ß>±"2E¬f†Igœ —c«¾ƒPÀ‚XәȄ(J ¾Û [ 90.699314][ T6256] [U] –ñ:<) ÀÉæ­Ž{ yW5áý³¿Ì<ñ9fÒ¤8@Ù¥,tª’Dëµ|ZxŒÂw¢Læ`ˆÃš’õŠ…¤¶ú›š¹9-lÄÆ•}5¾Äƒbòs™]¦A9á½ãw”]œ­ÍNƒäÀû‰ÝÈŒJñhÝò¶ÒÄJ#gh]Ý›^nñ¤Ù}Ј<¢ÁãñT9Qó5u-á ö [ 90.715665][ T6256] [U] a+nrƒ¡ÑÎcß$­sšÎí ‰yUœ’+²•b÷_HÓr8ÚD [ 90.722038][ T6256] [U] Zß• {Áÿ67²C¿ÈAYK²zïî j”’t å¦º9Ù0aAjïä¬ øGr™q¢w™Ä®ÒòH ]aŸk0ÆT’« ¯Ç °3sš’wé ³!÷!§øLeÓÕD‹ÃÓi”þ›‘ݽœ× d:ž´¬èxˆ\ qš±¦@‰"­ÖiÛ@ãõ(0Øû¥¥¨µì1æ%Hü#PÀÇ?=ÔÝó!áC‰ƒf†y¨í:'Yeã+”[“µ¤wÃñ¼2Z e°“+²ÅéÒn;à³:Ž¾Ûlþ6²eO1Kâ.Ué [ 90.746570][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 90.759724][ T6256] [U] yóö€—ùUf« [ 90.759769][ T6256] [U] âD Æõ’i÷’ÒHŒ+ð:äì9Cš Ä·ï[£Û£¶à=ÒöEƒZ!™™Q&õ•Ø£ ôþÈ­“W?0ÐØ—KYNœ±ñóDTxà.N ¾/SPñpþÆvóa4Jå©Ëèb\Væ’õ½Øz´E]s [ 90.759787][ T6256] [U] ñŠÂY\0®òè{Ï`Ö.Éu [ 90.759812][ T6256] [U] wDLªN£[ÜVo\QL[æcä†ý´Ù{ÂvCÎÈáøuE› Ç)æ‘z¾aJ7Ò$v/@Ñ-zz;Gye¼W§ÔŽ†–÷&÷¡aN÷|iÜIÏ ³ú%¿ƒi³]2{46fMäÈLu+žl‡×i?­ún3SM$ÙmÇLjÊò• ­BÌË”fÃèÑà´ºÚ@VØѪߑ^Šðê2é§2á÷:a£Ò1ÀfïW/¡1T×`Ã~U§û–ºA=Ù×XMB,5Û&)Ó„Ëþo]#°3?ê‘k—! M.Ë•–»›“çA?Dpm,N éZ¥ ƒ˜eè«‚©u:NÈ¡9ηÁ*K¬ènF [ 90.759839][ T6256] [U] h•1¦å£ [ 90.770662][ T6256] [U] 8å.;~fC·‹À9£>¶ºeŸ‚¾¥Û žî¤“ØÜF‘Ösemü7EÑo¶'”®_½Ð붣7_sY"YJS ¢¢ïk„­¾i:glA¸t"ǾŸNÄí¨— ~6F–;gPü‹ º4ü¯X‘ñÑ…•—pî+ScWG¬ù±b—¥ðÂsìmœgôÄÞO×v)îsœÓUÂÊ€l1IzUgOb+$/MÁ1˜Ö1¢èŽC°%Á¤æ:T˜”WLG|J}qÁ3vÕ¯ðæÖýÒ£œÔ¼v|£Ö"Ë>c¡{õø³LUcm/|Þò¦N­T»UŽý4«ogÅSÚw"Ÿ¼ì÷‚ªÑ%c2&¾aJ'×›-*q½ÄeˆF^Ÿ7 ð§å›^Û"[¿cVu‚üã§Èk¨©¸„aÑ]â÷…ËëÏç6]c[$% ‹? Æô!Ëg‡oݨ‡;#⪢wH@ÄN×j?ÅnÖ?6¹Sh.sC5¨úsÖ,CøÁÎ [ 90.919936][ T6256] [U] Î.ùª"<«v@®/ÆBþÞªÕå9Q¡Ÿ4Hýp{ÓBàÇ¡êã6’¹ìž½ê‡þÕ4¸ôÊ™ÚÝ'Î?”[bÊÉæ™Ý¹ÌnBG³¯½6âà2îß_öï¼Ølîêýv2í×r)ÊÓ€ýˆSS²T [ 90.932564][ T6256] [U] ßóQDiâ–£ŠDr,;§¶Ù§Ö¥rEG9‡þb+>=ŸºÚ+Õ]dæ¦]AÏ xAR«ïLáñu€ÙLQ‰l±À2<[^€yKç½K¸'‰m¨(й¶ÿBøæn_î‚iúsÊÀ©ê¬ààK§F1SñQÒò«6->^ÛèöÌ™ [ 90.946749][ T6256] [U] Ñ•HúûJÒhIpßG˜µÏ:Ê ì³1þˆ–kûŠ~\V,1pCf/8YaJÐëe™t#Ã[-,q/0kY¥\ :!„/­<°ÑÓˆhþì~Ë_@u)¡.8D]–t‘nï1([!èÒ8ƒe©—U¯¥zmœôEzËûØ–ñº‘¡Õ#FƒùÉwýaš [ 90.970802][ T6256] [U] Å÷©ƒ„-<þ 4L¹`¬äÄÝ \S¶j˺ë]ˆƒBhT±Êú?L¥tò´ÏdLmïOǬ [ 90.977981][ T6256] [U] ¹hhÕ³¥öáO¶Á [ 90.981898][ T6256] [U] e“Ïìa‰œ¢D©{ ·“T»®€Ï¸üdkó©ŒnùèæøQ#¼Tʬ‰Ë.•ìÅM¬ÀG»¥éÇ]ÙõiÌ:6lÁ£ò›„Ú}¿8¨ŠQ-ÓLÉ·D—ýq¹Ì!jˆ,é›ÀÞÍo)±0ÿ›âq49,b±!xÿÑ·Ç7šO*ÁöšZ [ 90.996678][ T6256] [U] v·jyÕö¯Óâe¦íñ2b’ [ 91.001052][ T6256] [U] 'Â~ížÚÕéa”h(¢ÄT6QÍkž‡“Té„4Á’(¯Q!^ÄšªÍ;”*@°ò¯,»x9̳ÅCí`YÓ~îArCþ¬×½¦Žóu¯J¸¡­[ÿôT±YïÜPTYgäpÓäÏy\ž`o¢¦ŠÈúA™PÖ»Îkn,7¶¬@¤mÅÞ5çòÑœ›E(,Ôxu(XQ!^£x:'<õ¬åó·¡û•LƸÉìöy@‘ÄSáÅëæ.¬ë;8PËfQA€¤úT@»:Ø,Þ>±ù3:_9%ê›=Æ#ÖÅMxÑ]ç/gR§×syà6â´jimU©DEÌAË'„k&q¹rHg&\r&YHé3”»¶<ù‰¢K–Ñ™ šÉ/Æ-­3à…`V¬Œ‰ÒËE•p2“2€ Ïü^ÖcíU¥¾¥ÉU¸Õ*jSªó¨˜¦Š¯÷ö fÿ%±õÇì÷ÃÕµj.S–ÃÔ5î:¸ƒ9¨Y"¤tÖwY•R•´Ëñ#a.êœË»5-›“Êöh•@ [ 91.048790][ T6256] [U] j‰¶ wœŸwÀ—fæß&|è¢V[“r9Häþ¼€›5¦@ÕtG§»JE-ðžJƒÜO%?½­ËÆœ É)ggÕæöcôå‘ׇäÖ’8DOÔlùâõŠå‹Ü{0Ó!hïY!Õ¿/¸ÒÚÔ‚âÚ—lùÜ9B™vŒù¨$3aËæ7äîã ð’w¡·òŸ‘Uã–*ßW\¦[¦$€­_ÐÆçó…³J~‚625Vö¬²‹pb#õ [ 91.067059][ T6256] [U] œ¦Œ½4o­(¬Jë|¿Þò~ö¸Añ=‡C5þ]< D2AÊô¥©4ÓôÜÀ„ÂÁ¾M§Òmòdbß'Åå‰ÑMÏìÖ*|Y*À~§}0¬I„ÇHXçë»ÁŠœübþµÝ [ 91.077875][ T6256] [U] ²ÅV7¼¯›oÙôiiþ]rR:‘žG [ 91.082341][ T6256] [U] §T;Ä'¡fƒÅ‚NùZ6ÊœKãf)'„ G™c°ˆD Æ5qÙ‹c}’C)UÖ —g^iâ›ô[ÿáë#?˜Û¢ÎGþž£ÉŸþæ‰ [ 91.092596][ T6256] [U] űÞâ9õÆ£Ç°Ñ [ 91.105999][ T6256] [U] Þæð«‘õ~'ãÇÜÅù ˆÕŸ¼fZxÅòù [ 91.111350][ T6256] [U] œË£P¦'çÝÎ2rŽñ-/Âw$÷! [ 91.116058][ T6256] [U] åö0ö|½7ªvƈèÇtD‚"–lî¹8|LÊÀU–¹<ÌÕ·&L#E$y³%¾Ñ•<¢Ûa©„×[€Æø>FÞdS]lòÊuwá [ 91.120952][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 91.125776][ T6256] [U] ¡ª½Åªˆj8òiÇüã{ CÕàèÊß<"¿H6òB–8ˆ [ 91.131817][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 91.137357][ T6256] [U] ªÚ­®ëß½£–&º;ÓœbžTˆM¹ßDGÊ«íÐÀá<ØMª·H+u+ñ’N×>­ÚœÝ§ [ 91.137380][ T6256] [U] ±÷`ª°y:ðO"§µ2 zOù4˜öžoKèz’bXòŸÉÊÙ¨ÐÚ`Y[ÔðJM(8/ÌëÅñ›Ք׫¨C¬ ¼Ç~µ [ 91.137394][ T6256] [U] 8ç [ 91.146490][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 91.151046][ T6256] [U] Ù>ÖÈÃYä§8ëƒxy=8(÷MŸ'RìsCS‘ [ 91.151068][ T6256] [U] šï-Ι´HYfŒRÇå|åÄ­ó8¤A8èrþ ºV]I|亲„Y}Îå¹3CLxp’HŒ<8NÌ|ñPìÅ®IšÑÁNÁåŠ{“{dÒ¢V´ßc 2âõÿÇ¥pDCgë^ËØ‚œ¬˜y›~g¼@ÏÅ:Ý]w$¿]G-€ ml¯Ñz~ùÄíÛåÆa¿€‘+cnì. [ 91.151087][ T6256] [U] =IËÞç4Ú\}jË+gxd?&‚ [ 91.194858][ T6256] [U] ¸qMy‰”¸áVš°‘FËnd )𦕆P×3&bòÜ17èVs 3ÄŽö~èû®–ï—œ†Ux-Je3‡Ïàmö6©%d⻀ì¿r3ÿã’;^e£óÁË9šèÐàäQhþ!9=SÅMÀ¦˜šmä¡6‹Ã§°/1Ç;ú?G”ìV6‚bñ‡¹Âu?üåv·c%(‘;c\ïÁô~iò{¥£¿ÀŽú@J¬ÔŠÃ›²ë%%€»ØŒþŠ2Þü^€„1nœ1HƒþÇÔ=¬•zMyôp [ 91.217545][ T6256] [U] ÜvRÌ_¼ô 1˜zãÍm‡û¤TC [ 91.222178][ T6256] [U] „ðS„Õò•xiM4p&| Êf]k~¹#P™j\Ý1s-ô @2 D» [ 91.228894][ T6256] [U] ¶í.S^ÕÂFŸìTÅ [ 91.232720][ T6256] [U] ÿ¨fDð2&­òǧ«˜x [ 91.236803][ T6256] [U] §­pE«µXyjöýwçL?ôXé»Ñd é [ 91.242024][ T6256] [U] —r”¥ íü|‰5ÙÑF¤ìÉ‚w8cÍÍÜpHL’Ø©Tò‡è;ú…nä±w™eÖ¡B½½g*tsļòûʨ¹[x šsÔ%m'§*’¦ZÕ¼I1¸Ù‰gßÁkä2ùV¼q¨qŒ#õÜKð¸_׊w|[…´üŸpx¡½³tXå$§Én&`òh˜ [ 91.269842][ T6256] [U] Ћþ¼*DPÜ34©Híº¿Þß»®¤|̤zQˆŽB_¶c]ÜmvÑ‘pDz"$¿n»ŽxG:>°}T4{›¸XªõÊÜ5–ùÎ’Y¾ð‰>WXù¬Õ2‚ [ 91.908287][ T6291] nvme_fcloop: unknown parameter or missing value '/' [ 91.985515][ T6283] sctp: [Deprecated]: syz.0.139 (pid 6283) Use of int in maxseg socket option. [ 91.985515][ T6283] Use struct sctp_assoc_value instead [ 92.093935][ T6294] netlink: 342 bytes leftover after parsing attributes in process `syz.2.143'. [ 92.460231][ T6305] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.596678][ T6310] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.876435][ T6348] netlink: 306 bytes leftover after parsing attributes in process `syz.1.163'. [ 95.552200][ T6361] kafs: addr_prefs: Invalid Command [ 95.820303][ T6370] netlink: 330 bytes leftover after parsing attributes in process `syz.0.172'. [ 96.085693][ T6377] mkiss: ax0: crc mode is auto. [ 96.115176][ T6380] syz.3.176 uses obsolete (PF_INET,SOCK_PACKET) [ 96.543473][ T6388] netlink: 4 bytes leftover after parsing attributes in process `syz.0.180'. [ 97.406059][ T6418] netlink: 334 bytes leftover after parsing attributes in process `syz.2.192'. [ 97.518830][ T6416] sctp: [Deprecated]: syz.1.189 (pid 6416) Use of int in maxseg socket option. [ 97.518830][ T6416] Use struct sctp_assoc_value instead [ 98.317222][ T6435] kafs: addr_prefs: Invalid Command [ 98.567196][ T6445] netlink: 326 bytes leftover after parsing attributes in process `syz.0.202'. [ 98.671449][ T6450] netlink: 4 bytes leftover after parsing attributes in process `syz.2.203'. [ 100.494210][ T6497] netlink: 342 bytes leftover after parsing attributes in process `syz.0.221'. [ 100.844861][ T6504] netlink: 'syz.0.225': attribute type 1 has an invalid length. [ 100.984308][ T6512] netlink: 146 bytes leftover after parsing attributes in process `syz.2.229'. [ 101.167206][ T6518] netlink: 334 bytes leftover after parsing attributes in process `syz.2.231'. [ 101.438494][ T6531] bond0: mtu greater than device maximum [ 102.513826][ T6538] sctp: [Deprecated]: syz.2.237 (pid 6538) Use of int in maxseg socket option. [ 102.513826][ T6538] Use struct sctp_assoc_value instead [ 103.418469][ T6566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.258'. [ 103.912863][ T6578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.254'. [ 105.000968][ T6612] netlink: 'syz.2.269': attribute type 14 has an invalid length. [ 105.008989][ T6612] netlink: 330 bytes leftover after parsing attributes in process `syz.2.269'. [ 106.155415][ T6643] sctp: [Deprecated]: syz.3.280 (pid 6643) Use of int in maxseg socket option. [ 106.155415][ T6643] Use struct sctp_assoc_value instead [ 106.395288][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.3.282'. [ 106.409907][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.3.282'. [ 107.709120][ T6685] netlink: 74 bytes leftover after parsing attributes in process `syz.2.296'. [ 108.357722][ T6712] ptrace attach of "./syz-executor exec"[5832] was attempted by "./syz-executor exec"[6712] [ 108.897349][ T6725] netlink: 306 bytes leftover after parsing attributes in process `syz.2.310'. [ 109.179034][ T6731] netlink: 338 bytes leftover after parsing attributes in process `syz.3.312'. [ 109.179063][ T6731] IPv6: NLM_F_CREATE should be specified when creating new route [ 112.448556][ T6838] netlink: 338 bytes leftover after parsing attributes in process `syz.0.342'. [ 112.496288][ T6837] erspan0: entered allmulticast mode [ 113.521476][ T6869] vivid-009: ================= START STATUS ================= [ 113.529594][ T6869] vivid-009: Enable Output Cropping: true grabbed [ 113.536607][ T6869] vivid-009: Enable Output Composing: true grabbed [ 113.543250][ T6869] vivid-009: Enable Output Scaler: true grabbed [ 113.549651][ T6869] vivid-009: Tx RGB Quantization Range: Automatic grabbed [ 113.557986][ T6869] vivid-009: Transmit Mode: HDMI grabbed [ 113.564746][ T6869] vivid-009: Hotplug Present: 0x00000000 [ 113.570585][ T6869] vivid-009: RxSense Present: 0x00000000 [ 113.576317][ T6869] vivid-009: EDID Present: 0x00000000 [ 113.584163][ T6869] vivid-009: ================== END STATUS ================== [ 114.236972][ T6890] netlink: 74 bytes leftover after parsing attributes in process `syz.3.360'. [ 114.582599][ T6901] netlink: 36 bytes leftover after parsing attributes in process `syz.3.365'. [ 115.283374][ T6913] netlink: 74 bytes leftover after parsing attributes in process `syz.1.368'. [ 115.333766][ T6917] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 115.359326][ T6920] netlink: 342 bytes leftover after parsing attributes in process `syz.3.371'. [ 115.996626][ T6937] netlink: 74 bytes leftover after parsing attributes in process `syz.3.379'. [ 116.353890][ T6946] ALSA: mixer_oss: invalid OSS volume '' [ 117.333402][ T6984] netlink: 338 bytes leftover after parsing attributes in process `syz.0.392'. [ 117.346157][ T6984] netlink: 338 bytes leftover after parsing attributes in process `syz.0.392'. [ 119.206913][ T7033] erspan0: entered allmulticast mode [ 119.362916][ T7042] netlink: 36 bytes leftover after parsing attributes in process `syz.2.415'. [ 121.124733][ T7092] process 'syz.0.444' launched ':,' with NULL argv: empty string added [ 121.373669][ T7103] netlink: 'syz.2.438': attribute type 4 has an invalid length. [ 121.373694][ T7103] netlink: 314 bytes leftover after parsing attributes in process `syz.2.438'. [ 121.588347][ T7108] netlink: 342 bytes leftover after parsing attributes in process `syz.1.440'. [ 121.861704][ T7119] netlink: 28 bytes leftover after parsing attributes in process `syz.0.445'. [ 121.879208][ T7112] netlink: 326 bytes leftover after parsing attributes in process `syz.1.443'. [ 122.315671][ T7131] netlink: 28 bytes leftover after parsing attributes in process `syz.2.449'. [ 122.330167][ T7131] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.346431][ T7131] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 122.367669][ T7131] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.375213][ T7131] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 122.878701][ T7146] erspan0: entered allmulticast mode [ 122.995196][ T1083] erspan0 (unregistering): left allmulticast mode [ 123.022253][ T7152] netlink: 330 bytes leftover after parsing attributes in process `syz.3.457'. syzkaller syzkaller login: [ 124.051207][ T7183] UHID_CREATE from different security context by process 238 (syz.1.471), this is not allowed. [ 127.279708][ T7212] netlink: 326 bytes leftover after parsing attributes in process `syz.0.489'. [ 128.597991][ T7230] netlink: 138 bytes leftover after parsing attributes in process `syz.2.487'. [ 129.700618][ T7255] netlink: 342 bytes leftover after parsing attributes in process `syz.2.501'. [ 129.728112][ T7255] netlink: 342 bytes leftover after parsing attributes in process `syz.2.501'. [ 130.294503][ T7265] netlink: 314 bytes leftover after parsing attributes in process `syz.1.503'. [ 130.511040][ T7275] netlink: 342 bytes leftover after parsing attributes in process `syz.3.507'. [ 131.709176][ T7303] netlink: 330 bytes leftover after parsing attributes in process `syz.2.518'. [ 131.736585][ T7303] IPv6: NLM_F_CREATE should be specified when creating new route [ 132.629561][ T62] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.844827][ T62] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.988710][ T62] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.082084][ T62] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.146598][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.152935][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.396494][ T62] bridge_slave_1: left allmulticast mode [ 133.402245][ T62] bridge_slave_1: left promiscuous mode [ 133.439414][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.480668][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 133.491724][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 133.502478][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 133.507713][ T62] bridge_slave_0: left allmulticast mode [ 133.522940][ T62] bridge_slave_0: left promiscuous mode [ 133.533085][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 133.533188][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.550770][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 133.558505][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 134.200263][ T62] erspan0 (unregistering): left allmulticast mode [ 134.654024][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 134.681560][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 134.700729][ T62] bond0 (unregistering): Released all slaves [ 134.721001][ T7357] netlink: 306 bytes leftover after parsing attributes in process `syz.0.534'. [ 134.794176][ T7365] netlink: 334 bytes leftover after parsing attributes in process `syz.3.537'. [ 135.611067][ T7332] chnl_net:caif_netlink_parms(): no params data found [ 135.618323][ T5834] Bluetooth: hci0: command tx timeout [ 135.891019][ T62] hsr_slave_0: left promiscuous mode [ 135.952597][ T62] hsr_slave_1: left promiscuous mode [ 136.051568][ T62] veth1_macvtap: left promiscuous mode [ 136.077336][ T7408] netlink: 'syz.3.547': attribute type 17 has an invalid length. [ 136.085100][ T7408] netlink: 326 bytes leftover after parsing attributes in process `syz.3.547'. [ 136.086531][ T62] veth0_macvtap: left promiscuous mode [ 136.122434][ T62] veth1_vlan: left promiscuous mode [ 136.138025][ T62] veth0_vlan: left promiscuous mode [ 136.259090][ T7414] netlink: 330 bytes leftover after parsing attributes in process `syz.0.549'. [ 136.871306][ T62] team0 (unregistering): Port device team_slave_1 removed [ 136.921244][ T62] team0 (unregistering): Port device team_slave_0 removed [ 137.696692][ T5834] Bluetooth: hci0: command tx timeout [ 137.813120][ T7332] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.848149][ T7426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.553'. [ 137.873402][ T7332] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.891775][ T7332] bridge_slave_0: entered allmulticast mode [ 137.920207][ T7332] bridge_slave_0: entered promiscuous mode [ 137.938587][ T7332] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.948459][ T7332] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.976902][ T7332] bridge_slave_1: entered allmulticast mode [ 138.007360][ T7332] bridge_slave_1: entered promiscuous mode [ 138.104262][ T7332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.110401][ T7428] netlink: 12 bytes leftover after parsing attributes in process `syz.0.554'. [ 138.175434][ T7332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.458116][ T7332] team0: Port device team_slave_0 added [ 138.500209][ T7332] team0: Port device team_slave_1 added [ 138.638404][ T7456] netlink: 20 bytes leftover after parsing attributes in process `syz.3.560'. [ 138.843932][ T7332] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 138.853375][ T7332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.906375][ T7332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 138.913573][ T7463] netlink: 330 bytes leftover after parsing attributes in process `syz.3.563'. [ 138.928280][ T7332] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 138.935255][ T7332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.974365][ T7332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.224418][ T7332] hsr_slave_0: entered promiscuous mode [ 139.266703][ T7332] hsr_slave_1: entered promiscuous mode [ 139.480230][ T7480] netlink: 334 bytes leftover after parsing attributes in process `syz.3.568'. [ 139.534146][ T7483] netlink: 28 bytes leftover after parsing attributes in process `syz.0.569'. [ 139.673553][ T7489] netlink: 'syz.3.571': attribute type 19 has an invalid length. [ 139.776491][ T5834] Bluetooth: hci0: command tx timeout [ 139.931149][ T7496] netlink: 'syz.3.572': attribute type 39 has an invalid length. [ 139.949462][ T7496] netlink: 'syz.3.572': attribute type 40 has an invalid length. [ 139.970856][ T7496] netlink: 'syz.3.572': attribute type 41 has an invalid length. [ 139.991120][ T7496] netlink: 'syz.3.572': attribute type 44 has an invalid length. [ 140.011414][ T7496] netlink: 'syz.3.572': attribute type 46 has an invalid length. [ 140.030391][ T7496] netlink: 'syz.3.572': attribute type 47 has an invalid length. [ 140.046706][ T7496] netlink: 'syz.3.572': attribute type 48 has an invalid length. [ 140.064744][ T7496] netlink: 'syz.3.572': attribute type 49 has an invalid length. [ 140.081381][ T7496] __nla_validate_parse: 1 callbacks suppressed [ 140.081400][ T7496] netlink: 6 bytes leftover after parsing attributes in process `syz.3.572'. [ 141.287421][ T7332] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 141.321423][ T7332] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 141.326606][ T7541] netlink: 326 bytes leftover after parsing attributes in process `syz.1.584'. [ 141.345649][ T7332] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 141.357107][ T7332] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 141.534285][ T7332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.602617][ T7332] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.644110][ T7545] netlink: 330 bytes leftover after parsing attributes in process `syz.0.585'. [ 141.860037][ T5834] Bluetooth: hci0: command tx timeout [ 141.885325][ T1083] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.893014][ T1083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.905419][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.912621][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.520532][ T7566] validate_nla: 1 callbacks suppressed [ 142.520550][ T7566] netlink: 'syz.1.589': attribute type 20 has an invalid length. [ 142.566435][ T7566] netlink: 330 bytes leftover after parsing attributes in process `syz.1.589'. [ 142.610776][ T7566] IPv6: NLM_F_CREATE should be specified when creating new route [ 142.760407][ T7332] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.768460][ T7576] netlink: 'syz.3.590': attribute type 4 has an invalid length. [ 142.790181][ T7576] netlink: 314 bytes leftover after parsing attributes in process `syz.3.590'. [ 142.903522][ T7332] veth0_vlan: entered promiscuous mode [ 142.961250][ T7332] veth1_vlan: entered promiscuous mode [ 143.035172][ T7332] veth0_macvtap: entered promiscuous mode [ 143.052259][ T7332] veth1_macvtap: entered promiscuous mode [ 143.098578][ T7332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.116294][ T7332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.151052][ T7332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.196288][ T7332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.206151][ T7332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.244822][ T7332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.268063][ T7332] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.281897][ T7584] netlink: 146 bytes leftover after parsing attributes in process `syz.3.594'. [ 143.314891][ T7332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.342280][ T7587] netlink: 146 bytes leftover after parsing attributes in process `syz.0.593'. [ 143.346249][ T7332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.396779][ T7332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.426364][ T7332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.457594][ T7332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.496511][ T7332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.517255][ T7332] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.539023][ T7332] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.556261][ T7332] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.565018][ T7332] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.571887][ T7591] netlink: 326 bytes leftover after parsing attributes in process `syz.3.595'. [ 143.586251][ T7332] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.179320][ T1126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.187205][ T1126] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.341375][ T3570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.349559][ T3570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.847265][ T7620] netlink: 24 bytes leftover after parsing attributes in process `syz.0.598'. [ 144.908614][ T7620] netlink: 24 bytes leftover after parsing attributes in process `syz.0.598'. [ 145.386939][ T7647] netlink: 326 bytes leftover after parsing attributes in process `syz.0.606'. [ 146.735078][ T7695] netlink: 146 bytes leftover after parsing attributes in process `syz.1.619'. [ 147.001584][ T7691] netlink: 146 bytes leftover after parsing attributes in process `syz.2.620'. [ 147.288994][ T7714] netlink: 334 bytes leftover after parsing attributes in process `syz.2.623'. [ 147.760900][ T7721] netlink: zone id is out of range [ 147.881634][ T7721] netlink: zone id is out of range [ 147.927566][ T7721] netlink: set zone limit has 8 unknown bytes [ 148.171607][ T7747] netlink: 330 bytes leftover after parsing attributes in process `syz.2.629'. [ 148.181268][ T7745] netlink: 330 bytes leftover after parsing attributes in process `syz.0.628'. [ 148.497464][ T7755] netlink: 'syz.3.632': attribute type 3 has an invalid length. [ 148.887369][ T7770] netlink: 330 bytes leftover after parsing attributes in process `syz.1.635'. [ 149.964584][ T7802] netlink: 326 bytes leftover after parsing attributes in process `syz.1.643'. [ 150.327095][ T7808] netlink: 20 bytes leftover after parsing attributes in process `syz.3.647'. [ 150.541068][ T7806] netlink: 146 bytes leftover after parsing attributes in process `syz.0.646'. [ 150.728488][ T7819] netlink: 266 bytes leftover after parsing attributes in process `syz.3.650'. [ 151.314983][ T7838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.657'. [ 151.355181][ T7838] netlink: 4 bytes leftover after parsing attributes in process `syz.2.657'. [ 151.530873][ T7843] netlink: 342 bytes leftover after parsing attributes in process `syz.3.659'. [ 151.938361][ T7853] netlink: 306 bytes leftover after parsing attributes in process `syz.3.663'. [ 152.686795][ T7872] netlink: 146 bytes leftover after parsing attributes in process `syz.2.671'. [ 153.322106][ T7890] netlink: 330 bytes leftover after parsing attributes in process `syz.1.678'. [ 153.332578][ T7891] netlink: 342 bytes leftover after parsing attributes in process `syz.2.677'. [ 154.094279][ T7905] raw_sendmsg: syz.2.685 forgot to set AF_INET. Fix it! [ 155.406284][ T7936] mkiss: ax0: crc mode is auto. [ 156.335874][ T7957] netlink: 'syz.2.702': attribute type 27 has an invalid length. [ 156.344054][ T7957] netlink: 334 bytes leftover after parsing attributes in process `syz.2.702'. [ 156.739139][ T7968] netlink: 'syz.0.707': attribute type 21 has an invalid length. [ 156.748318][ T7968] netlink: 326 bytes leftover after parsing attributes in process `syz.0.707'. [ 156.951291][ T7970] netlink: 330 bytes leftover after parsing attributes in process `syz.3.709'. [ 157.143173][ T7979] netlink: 306 bytes leftover after parsing attributes in process `syz.2.712'. [ 157.666513][ T7999] netlink: 'syz.2.718': attribute type 28 has an invalid length. [ 157.674354][ T7999] netlink: 'syz.2.718': attribute type 29 has an invalid length. [ 157.724101][ T7999] netlink: 'syz.2.718': attribute type 30 has an invalid length. [ 157.752495][ T7999] netlink: 'syz.2.718': attribute type 31 has an invalid length. [ 157.765326][ T7999] netlink: 'syz.2.718': attribute type 32 has an invalid length. [ 157.774794][ T7999] netlink: 'syz.2.718': attribute type 33 has an invalid length. [ 157.786305][ T7999] netlink: 'syz.2.718': attribute type 35 has an invalid length. [ 157.795495][ T7999] netlink: 'syz.2.718': attribute type 37 has an invalid length. [ 157.808588][ T7999] netlink: 18 bytes leftover after parsing attributes in process `syz.2.718'. [ 158.311832][ T8012] netlink: 114 bytes leftover after parsing attributes in process `syz.0.723'. [ 158.641844][ T8026] netlink: 334 bytes leftover after parsing attributes in process `syz.0.725'. [ 161.057380][ T8068] netlink: 342 bytes leftover after parsing attributes in process `syz.0.742'. [ 161.076393][ T8068] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 161.084054][ T8068] IPv6: NLM_F_CREATE should be set when creating new route [ 161.091340][ T8068] IPv6: NLM_F_CREATE should be set when creating new route [ 162.343377][ T8097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.752'. [ 162.374625][ T8097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.752'. [ 162.589599][ T8101] netlink: 350 bytes leftover after parsing attributes in process `syz.2.754'. [ 162.805562][ T8104] netlink: 146 bytes leftover after parsing attributes in process `syz.2.755'. [ 163.191864][ T8113] netlink: 326 bytes leftover after parsing attributes in process `syz.3.758'. [ 164.723788][ T8130] netlink: 330 bytes leftover after parsing attributes in process `syz.0.765'. [ 165.157549][ T8134] netlink: 20 bytes leftover after parsing attributes in process `syz.2.768'. [ 165.646053][ T8141] netlink: 146 bytes leftover after parsing attributes in process `syz.1.771'. [ 167.504593][ T8190] validate_nla: 6 callbacks suppressed [ 167.504612][ T8190] netlink: 'syz.3.792': attribute type 1 has an invalid length. [ 170.332005][ T8244] mkiss: ax0: crc mode is auto. [ 170.337362][ T8243] netlink: 342 bytes leftover after parsing attributes in process `syz.0.815'. [ 170.383225][ T8243] IPv6: Can't replace route, no match found [ 171.186989][ T8260] netlink: 330 bytes leftover after parsing attributes in process `syz.3.812'. [ 172.131186][ T8285] netlink: 28 bytes leftover after parsing attributes in process `syz.3.830'. [ 172.313718][ T8284] mkiss: ax0: crc mode is auto. [ 174.437834][ T8321] netlink: 28 bytes leftover after parsing attributes in process `syz.1.832'. [ 177.767643][ T8382] netlink: 342 bytes leftover after parsing attributes in process `syz.0.858'. [ 177.810144][ T8382] netlink: 110 bytes leftover after parsing attributes in process `syz.0.858'. [ 178.929132][ T8402] netlink: 28 bytes leftover after parsing attributes in process `syz.3.857'. [ 178.953064][ T8402] veth1_macvtap: left promiscuous mode [ 179.026342][ T8404] netlink: 342 bytes leftover after parsing attributes in process `syz.1.859'. [ 179.269387][ T8412] netlink: 326 bytes leftover after parsing attributes in process `syz.1.862'. [ 179.322327][ T8415] : renamed from lo [ 179.928879][ T8421] netlink: 146 bytes leftover after parsing attributes in process `syz.2.866'. [ 180.947436][ T8439] netlink: 244 bytes leftover after parsing attributes in process `syz.2.871'. [ 181.179945][ T8454] netlink: 'syz.0.877': attribute type 4 has an invalid length. [ 181.226931][ T8456] netlink: 330 bytes leftover after parsing attributes in process `syz.1.879'. [ 181.231288][ T8454] netlink: 314 bytes leftover after parsing attributes in process `syz.0.877'. [ 181.395815][ T8461] netlink: 290 bytes leftover after parsing attributes in process `syz.1.881'. [ 182.403606][ T8479] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 182.436414][ T8479] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 185.286810][ T8547] __nla_validate_parse: 3 callbacks suppressed [ 185.286834][ T8547] netlink: 334 bytes leftover after parsing attributes in process `syz.2.911'. [ 186.793683][ T8586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.928'. [ 186.858778][ T8586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.928'. [ 187.735946][ T8608] netlink: 266 bytes leftover after parsing attributes in process `syz.3.936'. [ 188.435851][ T8626] mkiss: ax0: crc mode is auto. [ 189.686641][ T8647] netlink: 266 bytes leftover after parsing attributes in process `syz.2.951'. [ 189.927966][ T8653] netlink: 338 bytes leftover after parsing attributes in process `syz.1.953'. [ 189.954810][ T8657] netlink: 338 bytes leftover after parsing attributes in process `syz.1.953'. [ 190.113977][ T8653] netlink: 98 bytes leftover after parsing attributes in process `syz.1.953'. [ 190.128356][ T8653] veth0_macvtap: left promiscuous mode [ 190.140622][ T8659] netlink: 342 bytes leftover after parsing attributes in process `syz.2.955'. [ 191.005121][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.2.965'. [ 191.071000][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.2.965'. [ 193.070672][ T8744] Invalid ELF header magic: != ELF [ 193.760628][ T8764] netlink: 326 bytes leftover after parsing attributes in process `syz.0.984'. [ 193.905155][ T8768] netlink: 342 bytes leftover after parsing attributes in process `syz.1.986'. [ 194.358092][ T8784] netlink: 2 bytes leftover after parsing attributes in process `syz.1.992'. [ 194.586556][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.592893][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.032109][ T8800] netlink: 330 bytes leftover after parsing attributes in process `syz.3.997'. [ 195.867951][ T8809] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1001'. [ 196.136747][ T8815] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1003'. [ 196.576543][ T8825] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1006'. [ 196.632019][ T8830] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1006'. [ 197.352463][ T8850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1013'. [ 197.468676][ T8850] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1013'. [ 197.779056][ T8860] netlink: 'syz.0.1015': attribute type 21 has an invalid length. [ 197.823856][ T8860] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1015'. [ 197.917214][ T8864] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1018'. [ 197.959277][ T29] audit: type=1326 audit(1736891488.645:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8866 comm="syz.1.1020" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f715a385d29 code=0x0 [ 198.302084][ T29] audit: type=1326 audit(1736891488.995:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8875 comm="syz.3.1023" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9f0fd85d29 code=0x0 [ 198.492404][ T8880] kAFS: Invalid Command on /proc/fs/afs/cells file [ 198.627697][ T8884] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1025'. [ 199.144228][ T8878] Process accounting resumed [ 199.442688][ T8898] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1030'. [ 200.071411][ T8917] netlink: 'syz.2.1036': attribute type 21 has an invalid length. [ 200.096415][ T8917] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1036'. [ 201.598010][ T8957] __nla_validate_parse: 3 callbacks suppressed [ 201.598029][ T8957] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1051'. [ 202.039312][ T8973] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1057'. [ 202.090001][ T8973] : renamed from gre0 (while UP) [ 202.128901][ T8973] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1057'. [ 202.824518][ T9001] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1068'. [ 203.196523][ T9012] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1071'. [ 205.823824][ T9073] sock: sock_set_timeout: `syz.1.1095' (pid 9073) tries to set negative timeout [ 206.512045][ T9088] could not allocate digest TFM handle [ 206.665725][ T9091] could not allocate digest TFM handle [ 206.852310][ T9100] netlink: 'syz.0.1102': attribute type 4 has an invalid length. [ 206.864708][ T9100] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1102'. [ 206.883580][ T9100] netlink: 'syz.0.1102': attribute type 4 has an invalid length. [ 206.907744][ T9100] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1102'. [ 208.561569][ T9144] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1119'. [ 208.608251][ T9148] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1119'. [ 208.711194][ T9144] netlink: 170 bytes leftover after parsing attributes in process `syz.0.1119'. [ 211.157168][ T9194] netlink: 322 bytes leftover after parsing attributes in process `syz.0.1139'. [ 212.378416][ T9213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1145'. [ 212.421429][ T9213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1145'. [ 214.019097][ T9238] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1154'. [ 218.105264][ T9305] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1178'. [ 220.268669][ T9348] mmap: syz.2.1192 (9348) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 220.828469][ T9361] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1198'. [ 221.154624][ T9369] netlink: 'syz.1.1200': attribute type 64 has an invalid length. [ 221.174050][ T9369] netlink: 74 bytes leftover after parsing attributes in process `syz.1.1200'. [ 222.577346][ T9396] hugetlbfs: syz.1.1210 (9396): Using mlock ulimits for SHM_HUGETLB is obsolete [ 224.800641][ T9435] netlink: 122 bytes leftover after parsing attributes in process `syz.2.1226'. [ 226.004240][ T9462] netlink: 'syz.2.1235': attribute type 4 has an invalid length. [ 226.013513][ T9462] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1235'. [ 226.029143][ T9462] IPv6: NLM_F_CREATE should be specified when creating new route [ 226.051341][ T9462] IPv6: NLM_F_REPLACE set, but no existing node found! [ 226.975583][ T9476] netlink: 'syz.2.1240': attribute type 33 has an invalid length. [ 226.993414][ T9476] netlink: 322 bytes leftover after parsing attributes in process `syz.2.1240'. [ 228.150841][ T9497] mkiss: ax0: crc mode is auto. [ 229.366756][ T9516] netlink: 'syz.0.1258': attribute type 5 has an invalid length. [ 229.386561][ T9516] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1258'. [ 229.531831][ T9519] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1257'. syzkaller syzkaller login: [ 230.602347][ T9534] sp0: Synchronizing with TNC [ 230.888819][ T9541] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1266'. [ 230.987030][ T9541] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.996042][ T9541] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.923032][ T9556] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1273'. [ 231.953898][ T9556] hsr0: entered allmulticast mode [ 231.975263][ T9556] hsr_slave_0: entered allmulticast mode [ 232.001637][ T9556] hsr_slave_1: entered allmulticast mode [ 232.713752][ T9571] netlink: 'syz.2.1277': attribute type 39 has an invalid length. [ 232.750223][ T9571] netlink: 'syz.2.1277': attribute type 40 has an invalid length. [ 232.772586][ T9571] netlink: 'syz.2.1277': attribute type 41 has an invalid length. [ 232.794868][ T9571] netlink: 'syz.2.1277': attribute type 44 has an invalid length. [ 232.823242][ T9571] netlink: 'syz.2.1277': attribute type 46 has an invalid length. [ 232.843418][ T9571] netlink: 'syz.2.1277': attribute type 47 has an invalid length. [ 232.865265][ T9571] netlink: 'syz.2.1277': attribute type 48 has an invalid length. [ 232.891120][ T9571] netlink: 'syz.2.1277': attribute type 49 has an invalid length. [ 232.916151][ T9571] netlink: 'syz.2.1277': attribute type 50 has an invalid length. [ 232.941749][ T9571] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1277'. [ 233.170346][ T9573] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1278'. [ 233.204939][ T9573] veth0_macvtap: left promiscuous mode [ 234.090125][ T9583] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1281'. [ 234.202306][ T9586] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1285'. [ 234.428466][ T9594] mkiss: ax0: crc mode is auto. [ 236.001405][ T9626] netlink: 50 bytes leftover after parsing attributes in process `syz.2.1296'. [ 236.881907][ T9641] bridge0: port 3(team0) entered blocking state [ 236.896481][ T9641] bridge0: port 3(team0) entered disabled state [ 236.903005][ T9641] team0: entered allmulticast mode [ 236.929071][ T9641] team_slave_0: entered allmulticast mode [ 236.929125][ T9641] team_slave_1: entered allmulticast mode [ 236.930745][ T9641] team0: entered promiscuous mode [ 236.930768][ T9641] team_slave_0: entered promiscuous mode [ 236.930979][ T9641] team_slave_1: entered promiscuous mode [ 237.912087][ T9658] netlink: 'syz.1.1309': attribute type 10 has an invalid length. [ 237.948701][ T9658] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1309'. [ 238.463655][ T5832] Process accounting paused [ 239.128591][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 239.172549][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 239.181691][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 239.191045][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 239.204787][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 239.224521][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 239.387950][ T9690] netlink: 222 bytes leftover after parsing attributes in process `syz.2.1321'. [ 239.413987][ T9690] netlink: 222 bytes leftover after parsing attributes in process `syz.2.1321'. [ 239.525559][ T9682] chnl_net:caif_netlink_parms(): no params data found [ 239.683135][ T9682] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.714300][ T9682] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.734732][ T9682] bridge_slave_0: entered allmulticast mode [ 239.766480][ T9682] bridge_slave_0: entered promiscuous mode [ 239.780424][ T9682] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.790884][ T9682] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.801741][ T9682] bridge_slave_1: entered allmulticast mode [ 239.812694][ T9682] bridge_slave_1: entered promiscuous mode [ 239.928613][ T9682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.948840][ T9682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.085032][ T9682] team0: Port device team_slave_0 added [ 240.115382][ T9682] team0: Port device team_slave_1 added [ 240.276404][ T9682] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.283391][ T9682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.360669][ T9682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 240.393877][ T9682] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 240.423544][ T9682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.463799][ T9682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.600751][ T9682] hsr_slave_0: entered promiscuous mode [ 240.622565][ T9682] hsr_slave_1: entered promiscuous mode [ 240.669322][ T9682] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.686569][ T9682] Cannot create hsr debugfs directory [ 241.014311][ T9682] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 241.032565][ T9682] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 241.049352][ T9682] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 241.074875][ T9682] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 241.234419][ T9682] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.281368][ T9682] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.317501][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.324682][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.367783][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.374925][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.383084][ T5834] Bluetooth: hci3: command tx timeout [ 241.489710][ T9745] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1340'. [ 241.930081][ T9682] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.704921][ T9682] veth0_vlan: entered promiscuous mode [ 242.883676][ T9682] veth1_vlan: entered promiscuous mode [ 243.203688][ T9682] veth0_macvtap: entered promiscuous mode [ 243.244810][ T9682] veth1_macvtap: entered promiscuous mode [ 243.325316][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 243.357571][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.377933][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 243.407619][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.426311][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 243.453655][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.463749][ T5834] Bluetooth: hci3: command tx timeout [ 243.491909][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 243.539821][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.590273][ T9682] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.637605][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.659106][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.676285][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.708561][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.735845][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.767165][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.786310][ T9682] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.805101][ T9682] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.839600][ T9682] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.933309][ T9682] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.953136][ T9682] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.972686][ T9682] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.991970][ T9682] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.167462][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.194655][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.254152][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.263576][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.571279][ T9808] scsi_strcpy_devinfo: vendor string 'íÙ/&cžÀ~n] ò | [ 244.571279][ T9808] MÅ' is too long [ 244.605252][ T9808] scsi_strcpy_devinfo: model string '’Dd5‚ ÕK€2bÛ [ 244.605252][ T9808] ††½WÏõ›ú «ú' is too long [ 244.761329][ T9815] capability: warning: `syz.1.1360' uses 32-bit capabilities (legacy support in use) [ 245.076569][ T9819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1362'. [ 245.134875][ T9821] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1363'. [ 245.536394][ T5838] Bluetooth: hci3: command tx timeout [ 245.547459][ T9837] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1369'. [ 246.543609][ T9862] sp0: Synchronizing with TNC [ 247.616558][ T5838] Bluetooth: hci3: command tx timeout [ 249.304903][ T9936] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1402'. [ 249.753550][ T9947] netlink: 'syz.1.1408': attribute type 33 has an invalid length. [ 249.795700][ T9947] netlink: 322 bytes leftover after parsing attributes in process `syz.1.1408'. [ 250.450879][ T9969] netlink: 'syz.2.1417': attribute type 27 has an invalid length. [ 250.476797][ T9969] netlink: 'syz.2.1417': attribute type 28 has an invalid length. [ 250.496465][ T9969] netlink: 'syz.2.1417': attribute type 29 has an invalid length. [ 250.504327][ T9969] netlink: 'syz.2.1417': attribute type 30 has an invalid length. [ 250.546942][ T9969] netlink: 'syz.2.1417': attribute type 31 has an invalid length. [ 250.554820][ T9969] netlink: 'syz.2.1417': attribute type 32 has an invalid length. [ 250.584464][ T9969] netlink: 'syz.2.1417': attribute type 33 has an invalid length. [ 250.615464][ T9969] netlink: 'syz.2.1417': attribute type 35 has an invalid length. [ 250.645225][ T9969] netlink: 'syz.2.1417': attribute type 37 has an invalid length. [ 250.672805][ T9969] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1417'. [ 251.057870][ T9979] Invalid ELF header magic: != ELF [ 251.630474][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1424'. [ 251.687183][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1424'. [ 255.666529][T10056] netlink: 93 bytes leftover after parsing attributes in process `syz.0.1448'. [ 255.875057][T10070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1453'. [ 256.025908][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.032456][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.143616][T10089] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1460'. [ 257.158348][T10089] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1460'. [ 257.171097][T10089] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1460'. [ 258.126249][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 258.607290][T10124] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1473'. [ 258.656590][T10124] ›: renamed from hsr0 (while UP) [ 260.171957][T10126] kexec: Could not allocate control_code_buffer [ 260.851850][ T5838] Bluetooth: hci2: Malformed HCI Event [ 261.137703][T10178] netlink: 50 bytes leftover after parsing attributes in process `syz.0.1493'. [ 264.191579][T10254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1517'. [ 264.589143][T10263] netlink: 22 bytes leftover after parsing attributes in process `syz.1.1520'. [ 266.347557][T10300] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1533'. [ 266.930966][T10296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1531'. [ 267.402169][T10312] validate_nla: 4 callbacks suppressed [ 267.402189][T10312] netlink: 'syz.1.1537': attribute type 64 has an invalid length. [ 267.446539][T10312] netlink: 74 bytes leftover after parsing attributes in process `syz.1.1537'. [ 268.409262][T10329] nbd: illegal input index 50331648 [ 269.840017][T10348] netlink: 'syz.1.1551': attribute type 19 has an invalid length. [ 269.884837][T10348] netlink: 'syz.1.1551': attribute type 27 has an invalid length. [ 269.894843][T10348] netlink: 'syz.1.1551': attribute type 28 has an invalid length. [ 269.916653][T10348] netlink: 'syz.1.1551': attribute type 29 has an invalid length. [ 269.938094][T10348] netlink: 38 bytes leftover after parsing attributes in process `syz.1.1551'. [ 272.479229][T10404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1573'. [ 272.490543][T10404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1573'. [ 275.512399][T10452] netlink: 'syz.0.1587': attribute type 4 has an invalid length. [ 275.532761][T10452] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1587'. [ 277.482841][T10483] tipc: Started in network mode [ 277.500358][T10483] tipc: Node identity ee00, cluster identity 4711 [ 277.556349][T10483] tipc: Node number set to 60928 [ 277.746781][T10491] Process accounting resumed [ 280.041727][T10522] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1608'. [ 280.083693][T10522] netlink: 302 bytes leftover after parsing attributes in process `syz.0.1608'. [ 280.525902][T10534] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1613'. [ 280.625659][T10534] netlink: 274 bytes leftover after parsing attributes in process `syz.1.1613'. [ 281.401472][T10549] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1618'. [ 281.475837][T10551] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1618'. [ 282.816905][T10567] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1625'. [ 282.872715][T10567] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1625'. [ 282.984686][T10567] netlink: 210 bytes leftover after parsing attributes in process `syz.2.1625'. [ 283.653855][T10592] netlink: 4368 bytes leftover after parsing attributes in process `syz.1.1634'. [ 284.060183][T10600] HfR: entered promiscuous mode [ 285.295400][T10631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1648'. [ 285.337009][T10631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1648'. [ 286.809537][T10658] Process accounting resumed [ 288.602637][T10692] openvswitch: netlink: IP tunnel dst address not specified [ 288.697179][T10696] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1669'. [ 288.871241][T10696] hsr_slave_1 (unregistering): left promiscuous mode [ 289.234336][T10702] netlink: 'syz.1.1673': attribute type 10 has an invalid length. [ 289.314046][T10702] netlink: 230 bytes leftover after parsing attributes in process `syz.1.1673'. [ 290.270421][T10725] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1680'. [ 290.804016][T10735] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1686'. [ 290.815608][T10735] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1686'. [ 290.878572][T10736] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1684'. [ 290.919325][T10736] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1684'. [ 291.076616][T10736] netlink: 134 bytes leftover after parsing attributes in process `syz.1.1684'. [ 291.305169][T10750] Process accounting resumed [ 293.281936][T10789] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1705'. [ 295.377836][T10842] Process accounting resumed [ 296.272370][T10870] netlink: 504 bytes leftover after parsing attributes in process `syz.4.1733'. [ 296.307701][T10870] netlink: 504 bytes leftover after parsing attributes in process `syz.4.1733'. [ 296.514052][T10876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1735'. [ 296.530434][T10876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1735'. [ 297.970190][T10903] netlink: 18 bytes leftover after parsing attributes in process `syz.1.1743'. [ 299.424049][T10938] netlink: 246 bytes leftover after parsing attributes in process `syz.2.1755'. [ 299.850249][T10949] netlink: 306 bytes leftover after parsing attributes in process `syz.2.1758'. [ 299.877237][T10949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1758'. [ 299.911577][T10949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1758'. [ 302.289873][T11003] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1778'. [ 302.331194][T11003] hsr_slave_1 (unregistering): left promiscuous mode [ 306.965823][T11127] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1822'. [ 307.766758][T11141] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1829'. [ 307.806436][T11141] netlink: 'syz.2.1829': attribute type 1 has an invalid length. [ 307.830747][T11141] netlink: 274 bytes leftover after parsing attributes in process `syz.2.1829'. [ 308.235450][T11125] kexec: Could not allocate control_code_buffer [ 309.482050][T11171] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1840'. [ 309.502897][T11171] netlink: 274 bytes leftover after parsing attributes in process `syz.0.1840'. [ 310.585604][ T5838] Bluetooth: hci3: unexpected event 0x02 length: 0 < 1 [ 312.508223][T11221] netlink: 'syz.0.1858': attribute type 27 has an invalid length. [ 312.526333][T11221] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1858'. [ 317.042935][T11302] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1884'. [ 317.431160][T11281] kexec: Could not allocate control_code_buffer [ 317.476901][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.483327][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.413739][T11316] FAULT_INJECTION: forcing a failure. [ 318.413739][T11316] name failslab, interval 1, probability 0, space 0, times 0 [ 318.449831][T11316] CPU: 1 UID: 0 PID: 11316 Comm: syz.0.1890 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 318.460664][T11316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 318.470763][T11316] Call Trace: [ 318.474068][T11316] [ 318.477021][T11316] dump_stack_lvl+0x16c/0x1f0 [ 318.481749][T11316] should_fail_ex+0x497/0x5b0 [ 318.486472][T11316] ? fs_reclaim_acquire+0xae/0x150 [ 318.491622][T11316] should_failslab+0xc2/0x120 [ 318.496372][T11316] __kmalloc_noprof+0xce/0x4f0 [ 318.501182][T11316] ? xfrm_hash_alloc+0xd1/0x100 [ 318.506069][T11316] xfrm_hash_alloc+0xd1/0x100 [ 318.510779][T11316] xfrm_state_init+0x160/0x630 [ 318.515585][T11316] ? __pfx_xfrm_net_init+0x10/0x10 [ 318.520729][T11316] xfrm_net_init+0x211/0xcb0 [ 318.525359][T11316] ? __pfx_xfrm_net_init+0x10/0x10 [ 318.530504][T11316] ops_init+0x1df/0x5f0 [ 318.534707][T11316] setup_net+0x21f/0x860 [ 318.538993][T11316] ? __pfx_setup_net+0x10/0x10 [ 318.543793][T11316] ? down_read_killable+0xcc/0x380 [ 318.548945][T11316] ? __pfx_down_read_killable+0x10/0x10 [ 318.554534][T11316] ? debug_mutex_init+0x37/0x70 [ 318.559426][T11316] copy_net_ns+0x2b4/0x6c0 [ 318.563876][T11316] create_new_namespaces+0x3ea/0xad0 [ 318.569207][T11316] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 318.574876][T11316] ksys_unshare+0x45d/0xa40 [ 318.579418][T11316] ? __pfx_ksys_unshare+0x10/0x10 [ 318.584480][T11316] ? xfd_validate_state+0x5d/0x180 [ 318.589635][T11316] __x64_sys_unshare+0x31/0x40 [ 318.594445][T11316] do_syscall_64+0xcd/0x250 [ 318.598995][T11316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.604924][T11316] RIP: 0033:0x7f7d22b85d29 [ 318.609375][T11316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.629016][T11316] RSP: 002b:00007f7d23a86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 318.637463][T11316] RAX: ffffffffffffffda RBX: 00007f7d22d75fa0 RCX: 00007f7d22b85d29 [ 318.645464][T11316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 318.653460][T11316] RBP: 00007f7d22c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 318.661459][T11316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 318.669455][T11316] R13: 0000000000000000 R14: 00007f7d22d75fa0 R15: 00007ffdd3ce8768 [ 318.677472][T11316] [ 322.259467][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 322.268310][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 322.706651][T11359] netlink: 246 bytes leftover after parsing attributes in process `syz.1.1904'. [ 323.531796][ T5838] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 323.589717][T11371] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1906'. [ 323.610039][T11371] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1906'. [ 323.631035][T11371] netlink: 210 bytes leftover after parsing attributes in process `syz.2.1906'. [ 323.651177][T11371] netlink: 210 bytes leftover after parsing attributes in process `syz.2.1906'. [ 323.983031][T11373] netlink: 222 bytes leftover after parsing attributes in process `syz.0.1908'. [ 324.035262][T11373] netlink: 222 bytes leftover after parsing attributes in process `syz.0.1908'. [ 326.390810][T11397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1915'. [ 326.461255][T11397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1915'. [ 326.796897][T11406] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1919'. [ 331.348959][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 331.368958][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 331.386533][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 331.398805][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 331.407128][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 331.416670][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 331.706016][T11464] __nla_validate_parse: 1 callbacks suppressed [ 331.706038][T11464] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1936'. [ 331.751615][ T1083] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.771155][T11464] netlink: 306 bytes leftover after parsing attributes in process `syz.1.1936'. [ 332.380569][ T1083] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.383007][T11479] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1940'. [ 332.480987][T11455] chnl_net:caif_netlink_parms(): no params data found [ 332.697869][ T1083] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.959327][ T1083] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.158407][T11455] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.176363][T11455] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.183566][T11455] bridge_slave_0: entered allmulticast mode [ 333.211929][T11455] bridge_slave_0: entered promiscuous mode [ 333.224903][T11455] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.256351][T11455] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.265704][T11455] bridge_slave_1: entered allmulticast mode [ 333.307376][T11455] bridge_slave_1: entered promiscuous mode [ 333.368316][T11492] could not allocate digest TFM handle [ 333.423888][T11455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 333.456525][ T5838] Bluetooth: hci3: command tx timeout [ 333.477650][T11455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 333.529791][T11455] team0: Port device team_slave_0 added [ 333.701361][ T1083] bridge_slave_1: left allmulticast mode [ 333.716336][ T1083] bridge_slave_1: left promiscuous mode [ 333.722364][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.807439][ T1083] bridge_slave_0: left allmulticast mode [ 333.813134][ T1083] bridge_slave_0: left promiscuous mode [ 333.822407][T11505] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1947'. [ 333.836158][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.838597][T11505] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1947'. [ 335.376977][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 335.427704][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.470878][ T1083] bond0 (unregistering): Released all slaves [ 335.524583][T11455] team0: Port device team_slave_1 added [ 335.538628][ T5838] Bluetooth: hci3: command tx timeout [ 335.648890][T11526] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 335.797193][T11455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 335.807557][T11455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 335.843268][T11455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 335.864425][T11455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 335.878655][T11455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 335.921861][T11455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 336.249352][ T1083] hsr_slave_0: left promiscuous mode [ 336.290380][ T1083] hsr_slave_1: left promiscuous mode [ 336.332185][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 336.339868][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 336.369004][ T1083] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 336.381008][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 336.480010][ T1083] veth1_macvtap: left promiscuous mode [ 336.485593][ T1083] veth0_macvtap: left promiscuous mode [ 336.526559][ T1083] veth1_vlan: left promiscuous mode [ 336.531966][ T1083] veth0_vlan: left promiscuous mode [ 337.616651][ T5838] Bluetooth: hci3: command tx timeout [ 338.165596][ T1083] team0 (unregistering): Port device team_slave_1 removed [ 338.268032][ T1083] team0 (unregistering): Port device team_slave_0 removed [ 338.843131][T11455] hsr_slave_0: entered promiscuous mode [ 338.850527][T11455] hsr_slave_1: entered promiscuous mode [ 338.871413][T11455] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 338.900992][T11455] Cannot create hsr debugfs directory [ 339.416330][T11455] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 339.446956][T11455] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 339.489204][T11455] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 339.546474][T11455] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 339.698333][ T5838] Bluetooth: hci3: command tx timeout [ 339.774414][T11455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 339.824836][T11455] 8021q: adding VLAN 0 to HW filter on device team0 [ 339.863586][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.870762][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.898506][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.905667][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 340.380901][T11455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 340.991425][T11455] veth0_vlan: entered promiscuous mode [ 341.038016][T11455] veth1_vlan: entered promiscuous mode [ 341.103950][T11455] veth0_macvtap: entered promiscuous mode [ 341.125323][T11455] veth1_macvtap: entered promiscuous mode [ 341.151225][T11455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.174973][T11455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.206256][T11455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.236331][T11455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.247184][T11455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.264728][T11455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.291857][T11455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 341.316755][T11455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.345575][T11455] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 341.393037][T11455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.408452][T11455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.420608][T11455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.432886][T11455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.443404][T11455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.475604][T11455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.496316][T11455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 341.510228][T11455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 341.537405][T11455] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 341.581030][T11455] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.603796][T11455] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.626254][T11455] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.635366][T11455] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 341.838968][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.876344][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 341.949865][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 341.961708][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 348.369790][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2015'. [ 348.426433][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2015'. [ 348.456585][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2015'. [ 348.465645][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2015'. [ 348.513515][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2015'. [ 348.530369][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2015'. [ 348.557596][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2015'. [ 348.596518][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2015'. [ 353.981496][T11935] syz.5.2039: vmalloc error: size 4503599627371522, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 354.016356][T11935] CPU: 1 UID: 0 PID: 11935 Comm: syz.5.2039 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 354.027194][T11935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 354.037277][T11935] Call Trace: [ 354.040584][T11935] [ 354.043534][T11935] dump_stack_lvl+0x16c/0x1f0 [ 354.048262][T11935] warn_alloc+0x24d/0x3a0 [ 354.052638][T11935] ? __pfx_warn_alloc+0x10/0x10 [ 354.057527][T11935] ? __pfx_mark_lock+0x10/0x10 [ 354.062371][T11935] ? lock_acquire.part.0+0x11b/0x380 [ 354.067701][T11935] __vmalloc_node_range_noprof+0x10df/0x1530 [ 354.073703][T11935] ? rcu_is_watching+0x12/0xc0 [ 354.078479][T11935] ? trace_contention_end+0xee/0x140 [ 354.083774][T11935] ? dvb_demux_do_ioctl+0x54d/0x1340 [ 354.089073][T11935] ? dvb_demux_do_ioctl+0x496/0x1340 [ 354.094374][T11935] ? __pfx___mutex_lock+0x10/0x10 [ 354.099419][T11935] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 354.105763][T11935] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 354.111662][T11935] ? dvb_demux_do_ioctl+0x54d/0x1340 [ 354.116962][T11935] vmalloc_noprof+0x6b/0x90 [ 354.121474][T11935] ? dvb_demux_do_ioctl+0x54d/0x1340 [ 354.126774][T11935] dvb_demux_do_ioctl+0x54d/0x1340 [ 354.131905][T11935] dvb_usercopy+0x165/0x320 [ 354.136423][T11935] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 354.141979][T11935] ? __pfx_dvb_usercopy+0x10/0x10 [ 354.147009][T11935] ? __pfx_lock_release+0x10/0x10 [ 354.152044][T11935] ? __fget_files+0x206/0x3a0 [ 354.156736][T11935] dvb_demux_ioctl+0x29/0x40 [ 354.161336][T11935] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 354.166632][T11935] __x64_sys_ioctl+0x190/0x200 [ 354.171414][T11935] do_syscall_64+0xcd/0x250 [ 354.175930][T11935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.181837][T11935] RIP: 0033:0x7f3916b85d29 [ 354.186266][T11935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 354.205881][T11935] RSP: 002b:00007f39178e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 354.214301][T11935] RAX: ffffffffffffffda RBX: 00007f3916d75fa0 RCX: 00007f3916b85d29 [ 354.222274][T11935] RDX: 0010000000000402 RSI: 0000000000006f2d RDI: 0000000000000003 [ 354.230246][T11935] RBP: 00007f3916c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 354.238217][T11935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.246188][T11935] R13: 0000000000000000 R14: 00007f3916d75fa0 R15: 00007ffcec6305b8 [ 354.254183][T11935] [ 354.296332][T11935] Mem-Info: [ 354.299628][T11935] active_anon:71234 inactive_anon:1 isolated_anon:0 [ 354.299628][T11935] active_file:3221 inactive_file:55562 isolated_file:0 [ 354.299628][T11935] unevictable:768 dirty:193 writeback:0 [ 354.299628][T11935] slab_reclaimable:10314 slab_unreclaimable:99539 [ 354.299628][T11935] mapped:29210 shmem:61668 pagetables:938 [ 354.299628][T11935] sec_pagetables:0 bounce:0 [ 354.299628][T11935] kernel_misc_reclaimable:0 [ 354.299628][T11935] free:1263442 free_pcp:1658 free_cma:0 [ 354.514709][T11935] Node 0 active_anon:282636kB inactive_anon:4kB active_file:12884kB inactive_file:222244kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:114040kB dirty:772kB writeback:0kB shmem:242636kB shmem_thp:6144kB shmem_pmdmapped:4096kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11304kB pagetables:3652kB sec_pagetables:0kB all_unreclaimable? no [ 354.603762][T11935] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 354.716299][T11935] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 354.886287][T11935] lowmem_reserve[]: 0 2465 2466 0 0 [ 354.891638][T11935] Node 0 DMA32 free:1134152kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:268700kB inactive_anon:4kB active_file:12884kB inactive_file:221424kB unevictable:1536kB writepending:872kB present:3129332kB managed:2551336kB mlocked:0kB bounce:0kB free_pcp:21020kB local_pcp:2240kB free_cma:0kB [ 354.991292][T11935] lowmem_reserve[]: 0 0 0 0 0 [ 354.996101][T11935] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:52kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 355.094914][T11935] lowmem_reserve[]: 0 0 0 0 0 [ 355.100610][T11935] Node 1 Normal free:3906032kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 355.220448][T11935] lowmem_reserve[]: 0 0 0 0 0 [ 355.225256][T11935] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 355.256304][T11935] Node 0 DMA32: 4238*4kB (UME) 1328*8kB (UME) 773*16kB (UM) 200*32kB (UME) 208*64kB (UME) 175*128kB (UME) 86*256kB (UE) 59*512kB (UE) 32*1024kB (UM) 8*2048kB (UE) 234*4096kB (UM) = 1141896kB [ 355.318575][T11935] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 355.366974][T11935] Node 1 Normal: 212*4kB (UME) 44*8kB (UME) 42*16kB (UME) 205*32kB (UME) 90*64kB (UME) 27*128kB (UME) 15*256kB (UM) 9*512kB (UME) 3*1024kB (UM) 7*2048kB (UME) 943*4096kB (M) = 3906032kB [ 355.432252][T11935] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 355.459535][T11935] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 355.498526][T11935] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 355.535212][T11935] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 355.571317][T11935] 110849 total pagecache pages [ 355.603389][T11935] 29 pages in swap cache [ 355.626265][T11935] Free swap = 124408kB [ 355.656755][T11935] Total swap = 124996kB [ 355.661167][T11935] 2097051 pages RAM [ 355.664998][T11935] 0 pages HighMem/MovableOnly [ 355.686907][T11935] 427367 pages reserved [ 355.691098][T11935] 0 pages cma reserved [ 356.945886][T11986] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2049'. [ 357.073891][T11986] veth1_macvtap: left promiscuous mode [ 357.424650][T11991] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2050'. [ 357.448899][T11991] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2050'. syzkaller syzkaller login: [ 357.662346][T11994] HfR: entered promiscuous mode [ 357.722247][T11994] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2051'. [ 357.774682][T11994] HfR: left promiscuous mode [ 358.505898][T12014] netlink: 226 bytes leftover after parsing attributes in process `syz.5.2054'. [ 358.543436][T12014] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2054'. [ 358.563955][T12014] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 362.128475][T12120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2070'. [ 362.177353][T12120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2070'. [ 362.437634][T12127] netlink: 246 bytes leftover after parsing attributes in process `syz.0.2072'. [ 366.201850][T12197] Invalid ELF header magic: != ELF [ 369.852949][T12220] netlink: 306 bytes leftover after parsing attributes in process `syz.2.2088'. [ 370.138362][T12226] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2090'. [ 371.465662][T12248] Process accounting resumed [ 371.838886][T12247] netlink: 306 bytes leftover after parsing attributes in process `syz.1.2095'. [ 372.491938][T12270] Process accounting resumed [ 375.706138][T12319] device-mapper: ioctl: only supply one of name or uuid, cmd(7) [ 378.911323][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.923262][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.464790][T12386] Invalid ELF header magic: != ELF [ 381.892512][T12407] usb usb28: usbfs: process 12407 (syz.1.2151) did not claim interface 0 before use [ 385.683498][T12462] binder: 12461:12462 ioctl 80081270 38 returned -22 [ 385.724732][T12462] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2169'. [ 385.778332][T12463] binder: 12461:12463 ioctl c0105512 1 returned -22 [ 385.892611][T12452] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2166'. [ 385.932629][T12452] ipvlan1: entered allmulticast mode [ 385.951321][T12452] veth0_vlan: entered allmulticast mode [ 386.821606][T12482] netlink: 'syz.0.2176': attribute type 29 has an invalid length. [ 386.829528][T12482] netlink: 'syz.0.2176': attribute type 30 has an invalid length. [ 386.854815][T12482] netlink: 'syz.0.2176': attribute type 31 has an invalid length. [ 386.866280][T12482] netlink: 'syz.0.2176': attribute type 32 has an invalid length. [ 386.907005][T12482] netlink: 'syz.0.2176': attribute type 33 has an invalid length. [ 386.925436][T12482] netlink: 'syz.0.2176': attribute type 35 has an invalid length. [ 386.946322][T12482] netlink: 'syz.0.2176': attribute type 37 has an invalid length. [ 386.954295][T12482] netlink: 18 bytes leftover after parsing attributes in process `syz.0.2176'. [ 389.220139][T12528] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2192'. [ 389.230415][T12528] netlink: 252 bytes leftover after parsing attributes in process `syz.1.2192'. [ 389.394288][T12532] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2191'. [ 390.383761][T12548] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2197'. [ 391.023439][T12562] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2200'. [ 391.052095][T12562] : renamed from bond0 (while UP) [ 395.774434][T12612] netlink: zone id is out of range [ 395.794014][T12612] netlink: zone id is out of range [ 395.836054][T12612] netlink: zone id is out of range [ 395.896365][T12612] netlink: zone id is out of range [ 395.908511][T12612] netlink: zone id is out of range [ 395.934294][T12612] netlink: zone id is out of range [ 395.944387][T12612] netlink: zone id is out of range [ 395.963036][T12612] netlink: zone id is out of range [ 395.983270][T12612] netlink: zone id is out of range [ 395.993690][T12612] netlink: zone id is out of range [ 398.405633][T12643] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2227'. [ 398.414835][T12643] ip_vti0: entered promiscuous mode [ 398.524864][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 398.535949][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 398.544245][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 398.554091][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 398.563756][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 398.571428][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 398.979435][T12647] chnl_net:caif_netlink_parms(): no params data found [ 399.244201][T12647] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.296671][T12647] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.326700][T12647] bridge_slave_0: entered allmulticast mode [ 399.333702][T12647] bridge_slave_0: entered promiscuous mode [ 399.369680][T12647] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.393993][T12647] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.406436][T12647] bridge_slave_1: entered allmulticast mode [ 399.413472][T12647] bridge_slave_1: entered promiscuous mode [ 399.610423][T12647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 399.638713][T12647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 399.829843][T12647] team0: Port device team_slave_0 added [ 399.840624][T12647] team0: Port device team_slave_1 added [ 399.902703][T12647] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 399.910279][T12647] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.946325][T12647] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 399.960173][T12667] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2233'. [ 399.979142][T12647] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 399.986347][T12647] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 400.035097][T12647] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 400.091399][T12667] ipvlan1: entered allmulticast mode [ 400.101330][T12667] veth0_vlan: entered allmulticast mode [ 400.184014][T12676] erspan0: entered allmulticast mode [ 400.271414][T12647] hsr_slave_0: entered promiscuous mode [ 400.293049][T12647] hsr_slave_1: entered promiscuous mode [ 400.307124][T12647] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 400.319460][T12647] Cannot create hsr debugfs directory [ 400.658026][ T54] Bluetooth: hci1: command tx timeout [ 400.875585][T12685] binder: 12684:12685 ioctl 541b 38 returned -22 [ 400.961956][T12647] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 400.972301][T12647] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 400.994446][T12647] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 401.019995][T12647] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 401.165982][T12647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.190249][T12647] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.202694][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.209855][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.234230][T11476] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.241398][T11476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 401.428072][T12704] QAT: Stopping all acceleration devices. [ 401.477518][T12689] Process accounting paused [ 401.505107][T12647] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 401.907019][T12647] veth0_vlan: entered promiscuous mode [ 401.940109][T12647] veth1_vlan: entered promiscuous mode [ 402.010956][T12647] veth0_macvtap: entered promiscuous mode [ 402.041835][T12647] veth1_macvtap: entered promiscuous mode [ 402.091854][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.118584][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.156478][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.177131][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.206251][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.226275][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.244953][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.276470][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.296699][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.314593][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.357673][T12647] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.390109][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.410958][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.445026][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.470042][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.486356][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.506271][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.516754][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.531908][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.545197][T12735] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2251'. [ 402.571845][T12647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.593269][T12647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.613677][T12647] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 402.630287][T12733] lo: entered allmulticast mode [ 402.741485][ T5838] Bluetooth: hci1: command tx timeout [ 402.789535][T12647] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.800088][T12647] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.834734][T12647] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.856359][T12647] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.879713][T12732] lo: left allmulticast mode [ 403.013858][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.034050][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.095448][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.121170][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.819769][T12752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2256'. [ 404.458447][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2260'. [ 404.485029][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2260'. [ 404.822484][ T5838] Bluetooth: hci1: command tx timeout [ 405.685155][T12799] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2266'. [ 405.714533][T12799] ip_vti0: entered promiscuous mode [ 405.930046][T12791] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 405.967189][T12791] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 405.992248][T12791] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 406.050005][T12791] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 406.056043][T12791] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 406.150443][T12791] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 406.218422][T12791] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 406.224942][T12791] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 406.293487][T12791] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 407.456623][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 408.018058][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 408.096758][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 408.237175][T12855] netlink: 252 bytes leftover after parsing attributes in process `syz.6.2284'. [ 408.257114][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 408.278663][T12855] netlink: 252 bytes leftover after parsing attributes in process `syz.6.2284'. [ 410.110637][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 410.216335][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 410.295222][T12886] netlink: 'syz.0.2292': attribute type 4 has an invalid length. [ 410.306261][T12886] netlink: 'syz.0.2292': attribute type 32 has an invalid length. [ 410.314124][T12886] netlink: 46 bytes leftover after parsing attributes in process `syz.0.2292'. [ 410.376570][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 411.383473][T12905] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2297'. [ 411.430917][T12905] ip_vti0: entered promiscuous mode [ 412.256391][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 412.416545][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 412.612778][T12933] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2305'. [ 414.312138][T12965] sp0: Synchronizing with TNC [ 414.799169][T12980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2317'. [ 415.054550][T12983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2318'. [ 417.149290][T13011] net_ratelimit: 2 callbacks suppressed [ 417.149310][T13011] netlink: zone id is out of range [ 417.256303][T13011] netlink: zone id is out of range [ 417.336405][T13011] netlink: zone id is out of range [ 417.364912][T13011] netlink: zone id is out of range [ 417.383718][T13011] netlink: zone id is out of range [ 417.404233][T13011] netlink: zone id is out of range [ 417.479743][T13011] netlink: zone id is out of range [ 417.542721][T13011] netlink: zone id is out of range [ 417.591581][T13011] netlink: zone id is out of range [ 417.701293][T13011] netlink: zone id is out of range [ 418.217732][T13036] FAULT_INJECTION: forcing a failure. [ 418.217732][T13036] name failslab, interval 1, probability 0, space 0, times 0 [ 418.269733][T13036] CPU: 0 UID: 0 PID: 13036 Comm: syz.0.2336 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 418.280561][T13036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 418.290651][T13036] Call Trace: [ 418.293955][T13036] [ 418.296932][T13036] dump_stack_lvl+0x16c/0x1f0 [ 418.301662][T13036] should_fail_ex+0x497/0x5b0 [ 418.306380][T13036] ? fs_reclaim_acquire+0xae/0x150 [ 418.311532][T13036] should_failslab+0xc2/0x120 [ 418.316253][T13036] __kmalloc_noprof+0xce/0x4f0 [ 418.321068][T13036] ? __register_sysctl_table+0xb4/0x18c0 [ 418.326763][T13036] __register_sysctl_table+0xb4/0x18c0 [ 418.332260][T13036] ? __pfx_snprintf+0x10/0x10 [ 418.336979][T13036] ? __pfx___register_sysctl_table+0x10/0x10 [ 418.342997][T13036] ? is_module_address+0x2a/0x50 [ 418.347969][T13036] ? register_net_sysctl_sz+0x228/0x3e0 [ 418.353562][T13036] __devinet_sysctl_register+0x1b5/0x360 [ 418.359251][T13036] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 418.365445][T13036] ? trace_kmalloc+0x2d/0xd0 [ 418.370076][T13036] ? devinet_init_net+0xeb/0x8f0 [ 418.375086][T13036] ? __pfx_devinet_init_net+0x10/0x10 [ 418.380522][T13036] ? __pfx_devinet_init_net+0x10/0x10 [ 418.385989][T13036] devinet_init_net+0x33d/0x8f0 [ 418.390897][T13036] ? __pfx_devinet_init_net+0x10/0x10 [ 418.396326][T13036] ops_init+0x1df/0x5f0 [ 418.400552][T13036] setup_net+0x21f/0x860 [ 418.404854][T13036] ? __pfx_setup_net+0x10/0x10 [ 418.409662][T13036] ? down_read_killable+0xcc/0x380 [ 418.414826][T13036] ? __pfx_down_read_killable+0x10/0x10 [ 418.420443][T13036] ? debug_mutex_init+0x37/0x70 [ 418.425343][T13036] copy_net_ns+0x2b4/0x6c0 [ 418.429799][T13036] create_new_namespaces+0x3ea/0xad0 [ 418.435130][T13036] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 418.440816][T13036] ksys_unshare+0x45d/0xa40 [ 418.445363][T13036] ? __pfx_ksys_unshare+0x10/0x10 [ 418.450436][T13036] ? xfd_validate_state+0x5d/0x180 [ 418.455592][T13036] __x64_sys_unshare+0x31/0x40 [ 418.460404][T13036] do_syscall_64+0xcd/0x250 [ 418.464954][T13036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.470889][T13036] RIP: 0033:0x7f7d22b85d29 [ 418.475332][T13036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.494995][T13036] RSP: 002b:00007f7d23a86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 418.503884][T13036] RAX: ffffffffffffffda RBX: 00007f7d22d75fa0 RCX: 00007f7d22b85d29 [ 418.511907][T13036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 418.519910][T13036] RBP: 00007f7d22c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 418.527913][T13036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.535911][T13036] R13: 0000000000000000 R14: 00007f7d22d75fa0 R15: 00007ffdd3ce8768 [ 418.543925][T13036] [ 418.773704][T13053] Invalid ELF header magic: != ELF [ 418.793937][T13041] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 418.873381][T13041] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 423.677899][T13110] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2359'. [ 424.733203][T13117] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 424.756384][T13117] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 424.778579][T13117] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 424.793843][T13117] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 426.024626][T13139] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2368'. [ 426.396396][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 426.844806][T13139]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 426.846493][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 426.859110][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 426.859437][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 427.076758][T13139]  (unregistering): (slave bond_slave_1): Releasing backup interface [ 427.134126][T13152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2371'. [ 427.144594][T13139]  (unregistering): Released all slaves [ 427.300875][T13152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2371'. [ 427.874421][T13157] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2373'. [ 428.280448][T13167] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2378'. [ 429.049184][T13183] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2383'. [ 429.102609][T13183] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2383'. [ 429.569824][T13190] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2385'. [ 429.600821][T13190] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2385'. [ 430.032612][T13178] binder: 13175:13178 ioctl c0306201 9 returned -14 [ 431.541795][T13221] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2393'. [ 431.615033][T13223] Process accounting resumed [ 431.662851][T13221] geneve1: entered allmulticast mode [ 432.197631][T13227] sp0: Synchronizing with TNC [ 432.296290][T13226] [U] è [ 433.492519][T13258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2405'. [ 433.506490][T13258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2405'. [ 434.359698][T13266] Process accounting resumed                                                                                                                                                                                                                                                                                                                                                                   syzkaller syzkaller login: [ 501.778793][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.785383][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.925622][T14335] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2729'. [ 501.987281][T14335] geneve1: entered allmulticast mode syzkaller syzkaller login: [ 506.965655][T14439] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2757'. [ 507.909855][T14450] vhci_hcd: default hub control req: 2205 v2008 i0000 l0 [ 508.317820][T14458] mtrr: base(0x288534a8000) is not aligned on a size(0x43593c2c000) boundary [ 508.827409][T14465] futex_wake_op: syz.5.2764 tries to shift op by 64; fix this program [ 508.879210][T14465] loop6: detected capacity change from 0 to 8192                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          syzkaller syzkaller login: [ 592.343604][T15695] sp0: Synchronizing with TNC [ 592.490259][T15688] sp0: Synchronizing with TNC [ 593.199355][T15709] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3131'. [ 593.474168][T15711] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3132'. [ 595.281643][T15756] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3141'. [ 597.662874][T15770] Invalid ELF header magic: != ELF [ 598.959308][T15795] [ 598.961667][T15795] ====================================================== [ 598.968673][T15795] WARNING: possible circular locking dependency detected [ 598.975678][T15795] 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 Not tainted [ 598.982769][T15795] ------------------------------------------------------ [ 598.989769][T15795] syz.6.3153/15795 is trying to acquire lock: [ 598.995821][T15795] ffff888025165de0 (&q->sysfs_lock){+.+.}-{4:4}, at: queue_attr_store+0xe2/0x170 [ 599.004951][T15795] [ 599.004951][T15795] but task is already holding lock: [ 599.012296][T15795] ffff8880251658b0 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: queue_attr_store+0xd8/0x170 [ 599.022467][T15795] [ 599.022467][T15795] which lock already depends on the new lock. [ 599.022467][T15795] [ 599.032853][T15795] [ 599.032853][T15795] the existing dependency chain (in reverse order) is: [ 599.041849][T15795] [ 599.041849][T15795] -> #4 (&q->q_usage_counter(io)#23){++++}-{0:0}: [ 599.050442][T15795] blk_mq_submit_bio+0x1fb6/0x24c0 [ 599.056075][T15795] __submit_bio+0x384/0x540 [ 599.061110][T15795] submit_bio_noacct_nocheck+0x698/0xd70 [ 599.067278][T15795] submit_bio_noacct+0x93a/0x1e20 [ 599.072857][T15795] mpage_readahead+0x41d/0x590 [ 599.078166][T15795] read_pages+0x1a8/0xdc0 [ 599.083016][T15795] page_cache_ra_unbounded+0x3dc/0x750 [ 599.088996][T15795] force_page_cache_ra+0x24b/0x340 [ 599.094629][T15795] page_cache_sync_ra+0x110/0x9c0 [ 599.100174][T15795] filemap_get_pages+0xd7b/0x1be0 [ 599.105725][T15795] filemap_read+0x3ca/0xd70 [ 599.110751][T15795] blkdev_read_iter+0x187/0x480 [ 599.116123][T15795] vfs_read+0x87f/0xbe0 [ 599.120799][T15795] ksys_read+0x12b/0x250 [ 599.125567][T15795] do_syscall_64+0xcd/0x250 [ 599.130593][T15795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.137018][T15795] [ 599.137018][T15795] -> #3 (mapping.invalidate_lock#2){++++}-{4:4}: [ 599.145540][T15795] down_read+0x9a/0x330 [ 599.150223][T15795] filemap_fault+0x2e0/0x2820 [ 599.155425][T15795] __do_fault+0x10a/0x490 [ 599.160279][T15795] do_pte_missing+0xebd/0x3e00 [ 599.165570][T15795] __handle_mm_fault+0x103c/0x2a40 [ 599.171210][T15795] handle_mm_fault+0x3fa/0xaa0 [ 599.176501][T15795] __get_user_pages+0x8d9/0x3b50 [ 599.181959][T15795] populate_vma_page_range+0x27f/0x3a0 [ 599.187942][T15795] __mm_populate+0x1d6/0x380 [ 599.193053][T15795] vm_mmap_pgoff+0x293/0x360 [ 599.198163][T15795] ksys_mmap_pgoff+0x32c/0x5c0 [ 599.203456][T15795] __x64_sys_mmap+0x125/0x190 [ 599.208652][T15795] do_syscall_64+0xcd/0x250 [ 599.213681][T15795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.220103][T15795] [ 599.220103][T15795] -> #2 (&mm->mmap_lock){++++}-{4:4}: [ 599.227662][T15795] __might_fault+0x11b/0x190 [ 599.232780][T15795] _copy_from_user+0x29/0xd0 [ 599.237891][T15795] __blk_trace_setup+0xa8/0x180 [ 599.243261][T15795] blk_trace_setup+0x47/0x70 [ 599.248369][T15795] sg_ioctl+0x7a3/0x26b0 [ 599.253135][T15795] __x64_sys_ioctl+0x190/0x200 [ 599.258418][T15795] do_syscall_64+0xcd/0x250 [ 599.263456][T15795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.269875][T15795] [ 599.269875][T15795] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}: [ 599.277694][T15795] __mutex_lock+0x19b/0xa60 [ 599.282723][T15795] blk_register_queue+0x13c/0x4f0 [ 599.288277][T15795] add_disk_fwnode+0x785/0x1300 [ 599.293661][T15795] brd_alloc.isra.0+0x50a/0x7c0 [ 599.299047][T15795] brd_init+0x12b/0x1d0 [ 599.303723][T15795] do_one_initcall+0x128/0x630 [ 599.309017][T15795] kernel_init_freeable+0x58f/0x8b0 [ 599.314745][T15795] kernel_init+0x1c/0x2b0 [ 599.319604][T15795] ret_from_fork+0x45/0x80 [ 599.324537][T15795] ret_from_fork_asm+0x1a/0x30 [ 599.329832][T15795] [ 599.329832][T15795] -> #0 (&q->sysfs_lock){+.+.}-{4:4}: [ 599.337388][T15795] __lock_acquire+0x249e/0x3c40 [ 599.342754][T15795] lock_acquire.part.0+0x11b/0x380 [ 599.348378][T15795] __mutex_lock+0x19b/0xa60 [ 599.353401][T15795] queue_attr_store+0xe2/0x170 [ 599.358691][T15795] sysfs_kf_write+0x117/0x170 [ 599.363894][T15795] kernfs_fop_write_iter+0x33d/0x500 [ 599.369709][T15795] vfs_write+0x5ae/0x1150 [ 599.374557][T15795] ksys_write+0x12b/0x250 [ 599.379403][T15795] do_syscall_64+0xcd/0x250 [ 599.384429][T15795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.390847][T15795] [ 599.390847][T15795] other info that might help us debug this: [ 599.390847][T15795] [ 599.401059][T15795] Chain exists of: [ 599.401059][T15795] &q->sysfs_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#23 [ 599.401059][T15795] [ 599.415936][T15795] Possible unsafe locking scenario: [ 599.415936][T15795] [ 599.423372][T15795] CPU0 CPU1 [ 599.428727][T15795] ---- ---- [ 599.434080][T15795] lock(&q->q_usage_counter(io)#23); [ 599.439453][T15795] lock(mapping.invalidate_lock#2); [ 599.447255][T15795] lock(&q->q_usage_counter(io)#23); [ 599.455143][T15795] lock(&q->sysfs_lock); [ 599.459464][T15795] [ 599.459464][T15795] *** DEADLOCK *** [ 599.459464][T15795] [ 599.467598][T15795] 6 locks held by syz.6.3153/15795: [ 599.472788][T15795] #0: ffff88807a1907f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x267/0x390 [ 599.481858][T15795] #1: ffff888023de4420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250 [ 599.490846][T15795] #2: ffff88814da74888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500 [ 599.500604][T15795] #3: ffff8880247420f8 (kn->active#139){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500 [ 599.510716][T15795] #4: ffff8880251658b0 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: queue_attr_store+0xd8/0x170 [ 599.521350][T15795] #5: ffff8880251658e8 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: queue_attr_store+0xd8/0x170 [ 599.532156][T15795] [ 599.532156][T15795] stack backtrace: [ 599.538035][T15795] CPU: 1 UID: 0 PID: 15795 Comm: syz.6.3153 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 599.548791][T15795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 599.558839][T15795] Call Trace: [ 599.562113][T15795] [ 599.565036][T15795] dump_stack_lvl+0x116/0x1f0 [ 599.569721][T15795] print_circular_bug+0x41c/0x610 [ 599.574761][T15795] check_noncircular+0x31a/0x400 [ 599.579709][T15795] ? __pfx_check_noncircular+0x10/0x10 [ 599.585176][T15795] ? save_trace+0x290/0xa10 [ 599.589681][T15795] ? add_lock_to_list+0x17d/0x390 [ 599.594711][T15795] __lock_acquire+0x249e/0x3c40 [ 599.599558][T15795] ? __pfx___lock_acquire+0x10/0x10 [ 599.604751][T15795] ? __pfx___lock_acquire+0x10/0x10 [ 599.609944][T15795] lock_acquire.part.0+0x11b/0x380 [ 599.615050][T15795] ? queue_attr_store+0xe2/0x170 [ 599.619985][T15795] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 599.625612][T15795] ? rcu_is_watching+0x12/0xc0 [ 599.630374][T15795] ? trace_lock_acquire+0x14e/0x1f0 [ 599.635572][T15795] ? find_held_lock+0x2d/0x110 [ 599.640332][T15795] ? queue_attr_store+0xe2/0x170 [ 599.645265][T15795] ? lock_acquire+0x2f/0xb0 [ 599.649760][T15795] ? queue_attr_store+0xe2/0x170 [ 599.654697][T15795] __mutex_lock+0x19b/0xa60 [ 599.659201][T15795] ? queue_attr_store+0xe2/0x170 [ 599.664135][T15795] ? mark_held_locks+0x9f/0xe0 [ 599.668903][T15795] ? queue_attr_store+0xe2/0x170 [ 599.673841][T15795] ? __pfx___mutex_lock+0x10/0x10 [ 599.678870][T15795] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 599.684680][T15795] ? blk_mq_freeze_queue_wait+0xaf/0x190 [ 599.690313][T15795] ? __pfx_autoremove_wake_function+0x10/0x10 [ 599.696385][T15795] ? queue_attr_store+0xd8/0x170 [ 599.701322][T15795] ? queue_attr_store+0xe2/0x170 [ 599.706256][T15795] queue_attr_store+0xe2/0x170 [ 599.711277][T15795] ? __pfx_queue_attr_store+0x10/0x10 [ 599.716648][T15795] sysfs_kf_write+0x117/0x170 [ 599.721336][T15795] kernfs_fop_write_iter+0x33d/0x500 [ 599.726624][T15795] ? __pfx_sysfs_kf_write+0x10/0x10 [ 599.731830][T15795] vfs_write+0x5ae/0x1150 [ 599.736164][T15795] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 599.741979][T15795] ? __pfx___mutex_lock+0x10/0x10 [ 599.747007][T15795] ? __pfx_vfs_write+0x10/0x10 [ 599.751776][T15795] ksys_write+0x12b/0x250 [ 599.756104][T15795] ? __pfx_ksys_write+0x10/0x10 [ 599.760955][T15795] do_syscall_64+0xcd/0x250 [ 599.765459][T15795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.771356][T15795] RIP: 0033:0x7f2a10785d29 [ 599.775765][T15795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 599.795370][T15795] RSP: 002b:00007f2a0e5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 599.803782][T15795] RAX: ffffffffffffffda RBX: 00007f2a10975fa0 RCX: 00007f2a10785d29 [ 599.811756][T15795] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 599.819721][T15795] RBP: 00007f2a10801b08 R08: 0000000000000000 R09: 0000000000000000 [ 599.827689][T15795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 599.835650][T15795] R13: 0000000000000000 R14: 00007f2a10975fa0 R15: 00007ffd90abbbc8 [ 599.843625][T15795] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 600.091014][T15797] netlink: 326 bytes leftover after parsing attributes in process `syz.5.3154'. [ 600.117790][T15797] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.125155][T15797] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.524213][ T62] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.570366][ T62] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.640831][ T62] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.689625][ T62] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.765010][ T62] bridge_slave_1: left allmulticast mode [ 600.772270][ T62] bridge_slave_1: left promiscuous mode [ 600.778505][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.786819][ T62] bridge_slave_0: left allmulticast mode [ 600.792469][ T62] bridge_slave_0: left promiscuous mode [ 600.799418][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.877699][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 600.888941][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 600.902178][ T62] bond0 (unregistering): Released all slaves [ 601.131608][ T62] hsr_slave_0: left promiscuous mode [ 601.139580][ T62] hsr_slave_1: left promiscuous mode [ 601.145697][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 601.154021][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 601.162056][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 601.169981][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 601.184748][ T62] veth1_vlan: left promiscuous mode [ 601.192863][ T62] veth0_vlan: left promiscuous mode [ 601.386918][ T62] team0 (unregistering): Port device team_slave_1 removed [ 601.420825][ T62] team0 (unregistering): Port device team_slave_0 removed