last executing test programs:

8.021524032s ago: executing program 0 (id=334):
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027617c36720add70ab0343990f7d0bbc96dc0b"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
read$auto(r0, &(0x7f0000000040)='\x00', 0x10001)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0)
ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000840)="12915fb9d5")
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/usb/drivers/usbtouchscreen/new_id\x00', 0xbce02, 0x0)
write$auto(r4, 0x0, 0x81)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), r1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r5)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, r6, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x44004811}, 0x40000c0)
r7 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f00000001c0), r2)
sendmsg$auto_TCP_METRICS_CMD_GET(r5, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r7, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@TCP_METRICS_ATTR_ADDR_IPV6={0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, @TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @remote}]}, 0x30}, 0x1, 0x0, 0x0, 0x50}, 0x4000004)
r8 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/nfsd.fh/flush\x00', 0x8a402, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r8, 0x0, 0x0)
acct$auto(&(0x7f00000000c0)='/proc/thread-self/net/rpc/nfsd.fh/flush\x00')
r9 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0)
write$auto_console_fops_tty_io(r9, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)

6.641604531s ago: executing program 2 (id=330):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff)
sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x14, 0x3, 0x0, 0x1, [@nested={0x10, 0x3, 0x0, 0x1, [@typed={0xc, 0xa, 0x0, 0x0, @u64=0x7}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800)
ftruncate$auto(r0, 0xc579)

6.598668995s ago: executing program 0 (id=331):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
umount2$auto(&(0x7f0000000440)='/dev/kvm\x00', 0x0)
r0 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r1 = prctl$auto_PR_SET_IO_FLUSHER(0x39, 0x9, 0xffffffffffffffff, 0x5, 0x9)
ioctl$auto_dma_heap_fops_dma_heap(r1, 0xccd9, &(0x7f0000000380)="e8d453b8fb2ed41290c522ca24eee9c134a9e668de986560e77a6f9f56e6d494b1927a9cb1c7ec3bff26cdd23d634739371b3218e3b1a04537dbd0c7909c2db2bfbfc82e6a30787254826d")
socket(0x2, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/smbd_max_fragmented_recv_size\x00', 0xe0002, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0)
sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000002340)=ANY=[@ANYBLOB="04110000", @ANYRES16=r2, @ANYBLOB="040029bd7000ffdbdf2579000000ed102d809f77a28002d9b7e0b1ec3ac97c6ce40719b644303e34a0ea405ff9e527cf7d5da9f4900efa1bf7844640d8b0ffb286ac35c55a45771e110cd9e27c98225bca9d8efb25747caddbc680b61a3f02c24445462577d1dd605fcac76bdc5b243db53dec0946c54d44ea59fae294b6cfaa5c92b717004b00bf91ead7b5ec5c052668d9788a4e7631333a9300239c5e54f3b45c3e603dcf10f8c2d44cdf400a5b12ec3c4e3c37007e8cd02c1be2d78c6f5bd040bab814bca1ed50ecd2224e67c751843b482b9672c4c1903bd3d1e28a7254ab8dde65d505a78089bcfa585b96fc758aa3f90eaf633746625bbf22189279e0fa0f3dc2f1ab6683789b223dcbc2802d3391b412a063bdc42cbf86b47766e09e340de82646ddcec7fb327f0efa6fa85d0fc26fbc7dae45a2b3e2f4870e69238e49cabece4d989dc25fbeda5178231801877d487e44cab318309343fff282570475ee632c020e35254dea3daae6897bb570c04d726e4f993fd42e4efe8aaef11dc95e61e1d5c69870a433f811b879d058ff07180774490eb59454213a6b260f8ada2f66d07a13fac67663870caa8b7886a65e0ba9c8e04737ac075a6d764d424d4f0829dda3b05c74dd3b5fb1bd6bb7823a1c298e0cccb8cfc1627d9845188cb53a4670f112ff515d27f0124e4081e05828403e71e071b76f6cc5bc21252ed460bdc3da1541c747e8e6a7929af3e022150dadcffd8b201696fbeaefa4abc126ca1d99e22740fa1ef24581924e2c9d1e12131a298dd94a8d4fb8503144911e710abc270157ab89a12a1be25e5519744709f10f743f974bd2c64a5aa06ec24828d292dafee0b8b56a2abbb0961cb6d333433f3f6bcf110a28ec6a7e28714ad1cadaae55e81defcbf88ed0e2286af50ef431f57a5e146881fc5ecbeaaa1623c453b2d5982973d112d70ada08d1ce1632a7c5a41a322914c05a1f3e4740e76b7452e3620283485e05cd507d72559e58cf4724e105d8d43a35685feff6d0d439188b8295f9ad1365c2b914d5e7ca5710cf6602e76e800408dd1600d42014afad957495b567a17c40f0697a43b9a5fc2b8041c09c0b001215c0531715018a6a27623cf356c765e4ba2d0d6683ce0c3e0c7212aa0665c4789905bbae1e195374d99ef2c9a0f180fe9381ca170cb3a88ddb8d94fbadb536b0bbe3d00385da0577e8935442192fd166ebfdce4a626d986b3142755b6346ed9e43757a96e942650d82977168512765b2acffd1241fe98c23e1f32fd99d1d1265cb356eac71c56936d3199d3efcb448abac05445b1ca53c233a3bc5da301d166d3e842b089e1d08c4506d361db4084634384ae6a80a7bf12770e629c2a4af75f197f845a17ecc70df4d49ed118343e7ae9ad2a50d92e807894d09708b8aae00225d74774d69f622367d205a41314e3efb1703a48c635b2cbe3a251b1bf4c010695d872816819d261b4a6ecd90c9c6e9a3c27235315275b247d6dfe576107f5671b172fdcfc90166525698284df17757d777ea62e29f316793f6b9f71b09de6360704af036dcc8d5cdbcb0ed51be88ca787803ccb6ab1875f8580aa961efe82c5d860194c9345211432c570c92f4456e2d986268bf187c9091aba1aa85827bb53ffc3a4f8975502e1e4252fdeb009e75beef6c5f898ed01a83aa1b228f4d71f4e0f67fcc8fb6bc14fe6b620e58b42ffecf23a8afe7b93539bf9784b1765c1fd8583f6037502633ed3cf83ac1d8188ccd64bc90861584a73666ee417be38be1584f30973070f73dfe2a4da0bc4623b422d235357e51563bc4386825e5ff5b637753bc7222e2d4a34298338c097d1e77086f6f2ad8a688d63c7eea9192af96a19a23d82bd125272349ec5f61617b70bd93bb336a86d2b693587722bc9a0fbb727b5fb58dea3703b3e014286a4fac83aa5ba351dac434ef81c4014dfd708a5dbf9ae038cc1ae1b835839c5a94feff2855cce78a9468179741901eb53f0213f8b9be0733541087d86bf069309d6a4a76027a48c1c6515b3d1dde0aabd64daaa0374f31a1bf70e56494470217ff5d3bbe1fd7dfdec5c92efc4e284540e1be719fa1ce41459e3e99291f42bc5709ec029ec2d284571085563ab357ce3027145ef52bf2989a2a3cf8dbeedd0a7f8b807897d38d055574f24d1633603966137aed6439226056613e1d6f5eff15a59f429907a298b09ea21a2d5ec6cbb37f5c4fad2d9368a067b4cc5673f8b689c8d8a316f37d4f35f67e38630d2eac96f6d0eceb2971e0f130abb7f0c8d9c9d5977cfecc5dfa6d9362591a4d9230711b3a4386436c9413b82b79f046d1169c0e6f1b8e395046625d526dfd6d566b7d597b400b0e7f7ec77d5988633118fe93e6b7dd8df38a4f9135f29637b0b840fee62327b97429da63ea93b1fd2d2412eb9aba99270c336bafc7346d761bfed98ca00dc0604d23eb7d5de1728efe810e91559c4d74b3b70dcf66a3ae5d5715bab0ed5e018e6f7e5302cfbfa69afaa768d199202d1315fd6be9e105fab4cbc8f5718825a11acee98cb484842103a90a2b32cc9b756c2f1c620845080648f752a91d979a57159eb9dffad711d5f341604b02c4ee4135683afaf82530eeca51fdaa5ea4cb44bb2ef84bcc7fcc26ef2fa10c59fa37b2170f9f4b431626affc0d2b8d1232fa7d7b5930d54d2a05853ceef1d5c8a5a843c0a5ba750382e2031f791d0e9587a002ca24dbeb6a3b88249224909f57ddbbddbb7bcc123afbe8e05a1ac47075b5a351ed496605af46c3dccd3a649855275172d43c1f847eb4c558e5edafe91339982b2385cbcd4ce7934f4f2f518176e7350cbf89a2f0d208f2498a253f112c47959e606c6c751503bbb43536c20524e08bc84b0572f89cc3951002d71885737d6f6ed8b34c4c9d8ba175df185f10f8898883ddd8eec06c92494d5000f7327073eaa34de3479f7216946574a08759b3608c6452e8962b2df4b81a32ec02a02a942c9293506ce6a53fdbb4de304cbd5202865021f4bf7405630245c00db2a07b49c1ac9a7765cc6b6c2ba3b8d13d1783fcc986eccc20b39ab4bd884801f7f1ed3822166b37af5a9272d3975d5f4318bea12a2061b9c088a0533d364dada7c8e4ecad046ba6a0d023f48e460d32a11e4b43d398119fde2a606ad6b4906ad8b640d0333caa2eb69eb7044cf88254266474cc2e2b9f5591bca59acedbf227401b3e076a6e2c90557aa324d3f8e4252292ebbcfdab0799f264ed77c1ec4808443d75dfd5e32f74933e26ea03202d16977a0b1ffb14d1f91891def2ebb00649e8d000c46b1e4d05d84cd10e89880dc0220d9e19a15147fb419eb42cc782c4762ef6d707625b23f88291d395c5513a60ff179d967e0e988d0438ae9bb164da7f4a1aa6deb60ad543f7687e3095cee13579e2bcdd5207b4a0c05c1e148ac33e0fe6dbd162f6a197c1bf6113e6b681778936602be7314846590200583dd17863a21b7211096eaaed88a8f029acad376e00c5b768302fc32b1aa2aefcb106c0418badfb4f2091fe9e97dccc1c35337b5cd32b7d70b6d3b61fad4d2fbbc599d499841f4a405f3669b3c3e8b54c45f1ab96cfe3bbe7514265560cea703f149a899c36126bf8f06c446fe4662cc986cde83dbadc815cf95d8aa8875a81ed0ffd3cb8583a1c46d96ce3a8214847e25f68d3e512087173f19774109790fd8be33bd01dac218f79132ea40dfb317861ba51a80e8cc23369d0a326f134fb5aa9590942c0a938b364ea3309af0d6d1d97be943aec5d5c2309674a49542293f860b0a1087c3b1c85b3a7819feafc3f3273b37aff63c5699a3c5dc749892eedec56cc00e96d792961f5577ac498b340a83f33f1afa8af5f6d74975a909eacfcae532bf16e4520a040002adcc93a90e60e1a2854be927ea231f718a77dcabf4a7680d9be7b7d54c518b593cc3eedce08e0a28f5df734dc9dddec6a7f9822734b8809897b3e593d98c8a89455ad0bf7dd0d64ce5ba7bb3d545daecc897de44d0ec6979f3a5d5316711d518f3607b85f2612853a087f91debdaee874040b3839ddeee1b13a5bfa252e4779dd60c304661133225fdc1ff6403e0c4b77be363dff601eef23a699b153c937133eb4d39a84722244ac793659572344d25ffe0503c89e4b0f836f9a83d52e5de77586984f2c6f6506ea39aec99e48ba9f54f8c89b2c9bf45e3b363e7592bc41a29fb8eb410cbfc0821c1d3b496c91c7f8736512519cebee43f198cb2ff2ca064c2ba12fd496157adfe9f9d2a3be025c1e5331916afaec0522a5eb92cd795a7394eeba3e3e8a205e5d375a3505b4b4f000e7db1398f0ce601d7307c1994f4faee75b156c20cb647534b6c1e93f1ef500f8d85881c7aea5dabe6a8f9c336939a47e40ca2715c0192bfcca1a96317e93e1d3254555b5068ee1d81e0fa104b029fd0d1fdeb8ce20ef2a33d35cd02adee11599bc42b6cfeed65147bce8785508ab37fdb7bc2d1aa42c29a5bc0ce4548dd4263171c95c5bf505603242e9328f93736a1e3e42a6264c0f81aa785654ad8c47a24f7fe9972fdf2afa4942bb575aeb2dc2cecef905c3cca4fcaeafe344cb38c6251146c5a91f3d6769198b5fdde4821ff5b12b7d1520beba83add82b85298c16d46e9774f552688e762b80f1760dc044b6049ff21c8eaa2d60b89da44f58371396d15b37436c2c77772a5e21c8af2f15a9487bab73c7d8980e940f23b070f9bdc34541ebb3191c79b7a02625060adf5ff62ad5a29211aebcc0021329211bd69b31bc25bd95e65f379a04ba4697eaf6974975a0643324be92f3e731713616437ea18e15688db7002c1aa8f8b4af12b60ec2a68aaaef694eaeadfc3a1fa264a4b6aa665a048735a07b296ac3c8e01a60fac5aa25b5677981bb81088a9a3ac17a104c425bde23497be0033af032e5d3517adbd4c07faf42edfd41134c592662b19799f879398d04360523eb942055499498946fda64c519602e915fac1693c2b83508c7f255b03180ddbf09c9061d72af5a58e9fe49f52fc322c1cd9560642fbb15567ae30bfd678e48299e8b9befdc1ae11478b636894779502cecfa93479a6b3440f60e1dae8dfd10b3c7dbff2cdb52a33b0009eee771bf4a2f9658a09af8c8c50d3c7d495b670c8dfeb3df65eea6f79a764a2f1f7764fb2007be94d25ff04b4b9fe7983050b4fd23f31e05a479f7b092cd4f75707dfad7cc908fddaf759951d403c39e62037031fc5387bba5ae3f970eef4ee59acfae4b609454668ee2774bde8ea67e4bfbbd2b874a63e0a9aadbc62b394a4f7abcdb189bcf2d6ec38fb5fe2f5cf16e7cc26612dcd4925a08429eb8ba43d1f531f5bb1fdb324c91512c3a9d226cbba04b2d22745634f291eeffc5514ca972e630975757ccec40b4425c71203ca1fa397d338c5fa34cbc17d81bbb89a6431848b104022b5bed254d3b7f33a752a83a89fcfc3366b6b8950686f2257fee5436a8399ac4adbcca3675b32ab205deb90f6ea163ddc328d8a5c2d99210068809c3401c3c78f5b6ba5e6c7d0a3dff2eae0d1b8a57bbd127977ee8f3f4279f7a61493013dcc47bd5bb01b314c72968a9509195b75c3113f445472f03d47ba43033faee74059681dfb9138aceced05b6da9200b0b586495aa972f5921d47a624276d71c1faf2ee2ed6e7bd417bfed5967b94fb2dc32bd073244c7e11ed645c4c0d5e69c5de61114bfd80fb2fd6ce75463209ed57c6795364845f515716b8c3562cd927008c4afdef65ebf8dcbb079d59e8f0551097a13375b07dd739916adecfb10627ae8bf208aa0b698163d3acc53239ebc51d6b63b084e478146a38414cc3cc2829f4f165c61f81664ab9948aa5b87b5468b596b1aa16dc6943d9226da0c5dc8b75863d127ff84f56d0526084d265c03edce3d84cac01e5546f95b59251f14a66443a4d1d10bfd149212308d5f5ce0716f66dea1d9d52f9d9700e0f01acca3aa5a7f7c281c7b438a9ee8cafc9d416000d58004002b8002b9111fc501290f076dd3ac51d50c73204d0e6f8026b72fbf30d6098997c1217757b7271ac88474499fce170400b98008009700e0000001040005800400c18018009900dc49ed7edf3c4ed2fc5f3311a158dcf28796f4940000000000000000"], 0x1104}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSMRRU(r3, 0x4004743b, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x80003, 0x300)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x6, 0x28, 0x1000000000065f, 0x80000000, 0x7, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x2, 0x80, 0x4, 0x0, 0x7, 0x2000, 0xc1d9, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000002, 0x3, 0x2000, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x1, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xfffffffffffffff9, 0x200000000001, 0x30, 0xffffffffefffffff, 0x200000000000004, 0x0, 0x0, 0x0, 0x400000, 0x400000000005b8, 0x101, 0x0, 0x0, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xffffffffffffffff, 0x1000, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x10006, 0x0, 0x5]}, 0x1fe, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xfffffffffffffe31, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x8}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r5, 0x80e85411, &(0x7f00000002c0)={0x7fdf, 0x6, "b908674cfda2f7f351c66f681b0cf4a6f675fcee96065fdca6f219ea386de55077907f016e2805138b62fb97e14dbb38e0462dd9d44d7c6c55e2a5937efe3618", "3b6e33d493a9c79b3387938d612c35b33c720e605cd0842aa149397ff8063b45d44f8ce95fa39df1e5e1fc5e51f00fa2dfcc38c9b1ef6596b9e746f5e48ac07048156ea6be1e1ca5d281c7bb11333d0f", 0x397, 0x3, "d3bc655e384df871894a5771758ff164f2cd8098ac193333046911421bc35da0cf5d03000000000000003fbd1fa7efb0600cc93b5b84125aee00"})
r6 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

6.193352191s ago: executing program 2 (id=332):
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/nfsd.fh/channel\x00', 0x2, 0x0)
write$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000080)="d2e9075df743aa70c45dd80b8ec420049b2ea6337fa7d99dd2f5400bcc5bb1b164cdbd6aaf91bf44d11a6d2e8cfd", 0x2e)
r1 = socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000003ac075f0e504966f4589b3d5a3b19472f3853f9095e101e1768e60e9b8af64fcb9d66715950e2fb50aef7290980a33a8f9cbdaa62867a2014ca2143176705d5f0336fb7fb30dfff7d90ab268ad84e901d5d5a92de213ed4378b1342da0b3bff7aa4d0962b9a42e8dde6f1c577792cc4d76be754b1041007de4ab29224daef15fe72a8f80b0079a982c6b5913a463f13941b0899d3d4c0123c720cc8159b64a2f239a6f78d7c61e42a5d1d8430ec26d2aa0dcf20ed7074d841fe1e1030d93e0fbe2c0b9b4538c7208c4ecec1eed4deca067fe567ece73b5b6", @ANYRESDEC=r1, @ANYRESDEC=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20005045}, 0xc0)
sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0100"/14], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="0000ae3c", @ANYBLOB='Z'], 0x1ac}}, 0x4008094)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r2 = socket(0xa, 0x3, 0x3b)
getsockopt$auto(r2, 0x29, 0x42, 0x0, 0x0)
setgroups$auto(0xe32, &(0x7f0000000040)=0x9)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
socket(0x2, 0x80002, 0x73)
getpeername$auto(0x3, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev5\x00', 0x0, 0x0)
openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
r5 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x0)
read$auto(r5, 0x0, 0x1)
write$auto(0x3, 0x0, 0x10001)
sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000140)=ANY=[@ANYBLOB="120e6b5b99dcd66bd8bef16c733cabbc2f0b2bca90cc0be4e16ce51ec02676ead3cb1c02fe7fef51120a50b87916b91d938322f72e3fdff774f03c3ca88cec629f5f14ee5d12df717d3cda91fc35ef43d4f177ad373c2f", @ANYRES16=r4, @ANYBLOB="01002bbd7008fcdbdf2506000000"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r6 = socketcall$auto_SYS_RECV(0xa, 0x0)
openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_FLUSH(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=ANY=[@ANYBLOB="042b0000", @ANYRES16, @ANYBLOB="000227bd7000fbdbdf250a0000000800100002000000700115806901bc8019535fe2d9b96eca9b3542e751bb7513af45c70eb79549e6621db9d4719a1be79c25d8a5befafcb9da455471a285295c1d48fe8658f957f31839d4f7dc45de7105b8c541accdada32002aba7e2d8e2a79cc88f5fbe0339e2b98002f61b1c93bcc5934cbbd2ebc6ab91944c51e3aceb9a0f4aac244560bfdf5b289225f77f1c154b56e0a4009c2348a2381b30e0c5929de547e132356e56207edc6008912adf6b527a5581afe70ef1dbac0753a0deac37fc4e3e4f5411eca88b3e084fdd36803a1f25337e1db441919c0ca0ed6d78f688ca2b5ad4fa9323428049fab03be0b8f0b2444f3e9aabc7dbf5af8f91f01a213d6da45a0701f50a0cedc857c1e046f817aeb3aaffd0754ff0d930c02f6f00d9ef09ed1389094b31ba09ace7a769b6063c53955a79e447c05ae4a85f35f9ba3edae6e0a666475ca5a3c6215a5c28527cf60ed9d5ac970400128008009000", @ANYRES32, @ANYBLOB="040011800800b20010000000040006800400c58000000028040580af00dc80040056004f51569fdf6032876a3785b1794ce570446bbc540979f9b302debc3d2de2c10c694d41eb5fb432e53daad8608cc6b32de50a266e340ea052675aaba2f1aa4fd70e9424813f9a900dd3da41422675d94abd65c57993bdad7647bc0f6652581bb568112a803ddf4899cdff7dce6050fe5949ee5b08001600", @ANYRES32, @ANYBLOB="0700f4002c280000040033800400978014004f0000000000000000000000ffff640101010800180019e14ecee305d4ea1c626f147287796e21007afc06b590faa3f468721a527b4a4fbad2cc02817994dc3bef52905a6e045b9efabe5f62c435fc214a672406d331622449ee78ee2e1e70a96204ac7fff642f5fef1d7a6b659ee526a02a3b656051e2f4db9ebcc9a994b6a7bf275bee67ff494a358d537e52", @ANYRES32, @ANYBLOB="00d400f280cc000e001f75e24af5f8cf0dc6c45b31c1cc0052e6d853f47cfe16f0c0a35256fb3cf1ae2a0c57cdcbf6640ca2de0a68c388d29f5f5a9db39e0104df66fdf1ed2edfdfd1a696651aac00f8df6826bbbf10e992c0ae6321024f699d7d9db1a277ec405c7e8ed8e061e4c7e9ce657d2827f3e5ff98b8f12c94fcfea0025ef80922e107b24b683a1c936123c04fa94baf952aa74ce9871171386a435f8d2fdaa5d91d9ce861cf98c205b58f73d3a896cf8329efc477f532ff75831f9f1d2feaa2b247c9234a3e82fc3ad71bfdaa040082800800380002000000080041800400c28037012880517f86a2385b23ae0213e6f24115c850255fc427b76455f48a7a80986ecc06464a0c1adbf3376f702c55b476921b7e8b8f5c1402ac9ab03d507a8a580fcbbbd75a37c45432882507ff45bb447dcbf3039d3d1e59d1f45a6cad95f47f11000400b3803600b0002f7379732f646576696365732f7669727475616c2f626c6f636b2f6c6f6f70312f696e746567726974792f666f726d61740000000400d18008005100040000000800e8", @ANYRES32, @ANYBLOB="04005280246b7a"], 0x2b04}, 0x1, 0x0, 0x0, 0x1051}, 0x44844)
utimensat$auto(r6, &(0x7f0000001c80)='\x00', &(0x7f0000001cc0)={0x23, 0x2}, 0x1000)

6.12420921s ago: executing program 3 (id=333):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
close_range$auto(r0, r0, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mbind$auto(0x0, 0x100000004, 0x4, 0x0, 0x20000000000006, 0x2)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000)
copy_file_range$auto(r0, &(0x7f0000000000)=0x8, r0, &(0x7f0000000040)=0x6, 0x3, 0x2)

5.765013363s ago: executing program 2 (id=335):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
close_range$auto(r0, r0, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mbind$auto(0x0, 0x100000004, 0x4, 0x0, 0x20000000000006, 0x2)
copy_file_range$auto(r0, &(0x7f0000000000)=0x8, r0, &(0x7f0000000040)=0x6, 0x3, 0x2)

5.380536499s ago: executing program 0 (id=336):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
mremap$auto(0x0, 0xfee0, 0x3fd6, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_nlbl_calipso(&(0x7f0000001180), r0)
r1 = socket(0x1d, 0x4, 0x20000006)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r3, 0x40046109, &(0x7f0000002c40)=0xd0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', <r6=>0x0})
sendmsg$auto_NET_SHAPER_CMD_GROUP(r4, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB, @ANYRES32=r6, @ANYBLOB="080003"], 0x34}, 0x1, 0x0, 0x0, 0x44000}, 0x14)
r7 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r7, 0x40046109, &(0x7f0000002c40)=0x10)
close_range$auto(r2, r7, 0x0)
io_uring_setup$auto(0x40005, 0x0)
madvise$auto(0x108000, 0x800034, 0x9)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syzkaller1\x00'})
bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x2711, @my=0x0}, 0x69)
unshare$auto(0x40000080)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="010326bd70000ac70e806ca73d7984ebab6120d918ca50f9e5ff307c24c8cb2dbe9f094112d7aeb85d7353cda2aa2dc5e39ea690"], 0x14}, 0x1, 0x0, 0x0, 0x8810}, 0x0)
openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040), 0x404100, 0x0)

4.894764267s ago: executing program 3 (id=338):
close_range$auto(0x2, 0x8, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x200382, 0x0)
r0 = socket(0x28, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/card0/pcm0c/sub4/xrun_injection\x00', 0x400, 0x0)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="2f212abd"], 0x14}}, 0x4000000)
mount$auto(0x0, 0x0, 0x0, 0x3379, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7}, 0x1, 0x9)
mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
socket(0x1f, 0x2, 0x73)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x600b00, 0x0)
futex$auto(&(0x7f00000000c0)=0x3, 0x6, 0x0, &(0x7f0000000140)={0x3, 0x9}, &(0x7f0000000180)=0x8, 0xffffff00)
bind$auto(0x3, 0x0, 0x6a)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
madvise$auto(0x110c230000, 0x8031ca, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0x14, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/tty/drivers\x00', 0x101000, 0x0)
ioctl$auto_SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000000c00))
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x36f227933e955d34)
kexec_load$auto(0x0, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
mq_timedreceive$auto(r0, &(0x7f0000000300)='\x04\x00\x00\x00\xda\x91H{\xbcx\xcf\x03\xb8\xe0\xe0\xb8:f\x00\x00\x00\x00J%\xb2z\xc4A\x9b\x13\xbc\x96u\xa2\x94{\x91\xe2\x105\xe0M\xe0\x99P,\x81\xcb\b\xd9u\f\xdaT\xb0\xb0\xab5\x1b\xcc\xbe_\xd9}\xaeS`\x7fs\xba5L-\xd8\xa3\xf9\xce\x80\x8a\x1e\xc3\x9c\x8b\xc6\x16\xed\x92\x99\xa2.\xb6\xde\x15_t\xac\f', 0x7f3, &(0x7f0000000200), &(0x7f0000000280)={0x8, 0x4})
write$auto_proc_mem_operations_base(r1, &(0x7f0000001680)="a7", 0x80000)

4.118853277s ago: executing program 1 (id=339):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000040), 0x88080, 0x0)
io_uring_setup$auto(0x59, &(0x7f0000000080)={0x1, 0xd, 0x3000, 0x5, 0x4, 0x7fffffff, r0, [], {0x6, 0x6, 0x3b5a, 0x21f, 0x102, 0x7ffffffb, 0x101, 0x8, 0x3}, {0x100, 0x1, 0x52, 0x405, 0x2, 0x60, 0x76c5, 0x8, 0x100000000}})
unshare$auto(0x40000080)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x202002, 0x0)
openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xe, 0x1, 0x4, 0x7, 0x15f4da0a, 0x1, 0x7fff, 0x300000000000000, 0x80000001, 0xdc, 0x6d3c, 0x8, 0x2, 0x2e]}, 0x0)
openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/uprobe_profile\x00', 0x20000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
write$auto(0x3, 0x0, 0xffd8)
syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x80)

3.982466381s ago: executing program 2 (id=340):
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) (async)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
bpf$auto(0xd, 0x0, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
init_module$auto(0x0, 0xffff9, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x8000000000000000, 0x15) (async)
madvise$auto(0x0, 0x8000000000000000, 0x15)
madvise$auto(0x0, 0x2000000080000001, 0x3)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00!\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfded, 0x3) (async)
pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00!\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xfded, 0x3)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
capget$auto(0x0, 0xfffffffffffffffe)
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
socket(0x2, 0x1, 0x0) (async)
socket(0x2, 0x1, 0x0)
socket(0x18, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4)
fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, 0x0, 0x7, 0x4008) (async)
sendmmsg$auto(r0, 0x0, 0x7, 0x4008)
madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4)
mmap$auto(0x0, 0x200003, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)

3.868775528s ago: executing program 3 (id=341):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0)
ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0)
write$auto(r3, 0x0, 0x7fffffff)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r4=>0x0})
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0d0923bd7000fbdbdf250100000008000300", @ANYRES32=r4, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4804c}, 0x4000040)

3.544862411s ago: executing program 1 (id=342):
mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x200005, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/irq/12/hwirq\x00', 0x2000, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)

3.45995662s ago: executing program 0 (id=343):
syslog$auto_SYSLOG_ACTION_READ(0x2, 0x0, 0x4)
r0 = socket(0x2, 0x3, 0xa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
sysfs$auto(0x2, 0x4d, 0x0)
getsockopt$auto(r1, 0x84, 0x7c, 0x0, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x20082, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/kernel/debug/tracing/tracing_on\x00', 0x100, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
readv$auto(0x3, 0x0, 0x5e)
ioctl$auto(r0, 0xae41, r3)
setresuid$auto(0xf5, 0x8000, 0x67)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r4)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r4, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000240)={0x14, r5, 0x2d, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0x4018aee3, 0x0)
mbind$auto(0x0, 0xfa9d, 0x5, 0x0, 0x400, 0x3)

3.441734016s ago: executing program 3 (id=344):
r0 = openat$auto_ctl_device_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x28480, 0x0)
read$auto_ctl_device_fops_user(r0, &(0x7f0000000040)=""/85, 0x55)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NETDEV_CMD_QUEUE_GET(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={0xfffffffffffffffe}, 0x1, 0x0, 0x0, 0x4000}, 0x84)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bond0\x00', <r2=>0x0})
sendmsg$auto_ETHTOOL_MSG_WOL_GET(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_WOL_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x45}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x800}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000814)
clone$auto(0x9, 0x6, &(0x7f0000000300)=0x9747, &(0x7f0000000340)=0x4, 0x0)
r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000003c0), r1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth0_to_bridge\x00', <r4=>0x0})
sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r1, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000540)={&(0x7f0000000440)={0xe8, r3, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_DEBUG_HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x18000000}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x9}]}, @ETHTOOL_A_DEBUG_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xffffff00}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x90}, 0x24044880)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/net/bpq5/power/autosuspend_delay_ms\x00', 0x20040, 0x0)
setitimer$auto_ITIMER_VIRTUAL(0x1, &(0x7f0000000600)={{0x0, 0x9}, {0x64, 0x5}}, &(0x7f0000000640)={{0xdcd, 0x7}, {0x54, 0x40}})
sysfs$auto(0x9, 0x9, 0x3)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000006c0), r1)
r7 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(r5, &(0x7f0000000c80)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000c40)={&(0x7f0000000700)={0x504, r6, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_DEVKEY={0x46c, 0x2f, 0x0, 0x1, [@nested={0x1c, 0x8f, 0x0, 0x1, [@typed={0xb, 0x149, 0x0, 0x0, @str='--$%]*\x00'}, @nested={0x4, 0x8d}, @nested={0x4, 0xdb}, @typed={0x4, 0x2}]}, @typed={0x14, 0x25, 0x0, 0x0, @ipv6=@loopback}, @nested={0x23f, 0x49, 0x0, 0x1, [@generic="1a74e36712951524c04f74697a721e6e997fb0f92771848bc9bdadc1423b3f9cb034fe254612fba0e67582b8d0ecaa15ce81c5d0d5b9c091efc0c8859567d8c091d6974cf92b35a10ebcd85f1f014253d07b5389c7acd34b7e107898490b69a643a2758021d14014481f91c2e73537db4b729731573c6b13524336488253f0d63f92cbc65300934c80c6", @generic="2c6c21a7c97bee1898107c1ec7c4e1d837ceaa72c0786a09ee866050d2c88bb5e6f20f383f91478c67aeb34b2e973c890a78d8806a697b5fd0cc7071ed24be436bd2097dc03a784d48a5bea51b2f32a6f52b773db7c5f7a20774f7280bce357f449d6e7324c98aad80b63e0184", @nested={0x4, 0xed}, @nested={0x4, 0xff}, @generic="e4af70347b5e37a7853aab68cdb72b27a8b3a774c66ebd441a50b3a39060d6aac9cf143b9c7a4da172011ef285a0f6619463a641b4cc81e7b7aa7de0701291744576407060ab629dd1c1ccf14d26ef1a9baf84101cef3802958ee3914fdccd928ed76f4838f285336c5d7706685cea762d64712506b45834752cea34a22a27825b9a83f001b0148e962ac4ef3aeb302661c1005aac1e5615ab3744f3942a26c60b425c87cd24b3e74e95b9983ab432f961a98b5f4eb2e8a9b119eab1fc64090f8a5e", @nested={0x4, 0x21}, @nested={0x4, 0xba}, @generic="99c0de77f31713e1283699c406ad5247f258d9dd26b27de7e13d904f4522f5b37d98adea23ed742c280099d03e0cabfbc58caaf2f93fe9676816a33b84ab35c93303a4cca786fb5fae7f912d3f323ea7533753f97e7668a0d88a82594b6d0a4af53103fbc3ae7c87e492bf4c1dfb92cbfa2c"]}, @nested={0x167, 0x13, 0x0, 0x1, [@nested={0x4, 0x8a}, @typed={0x4, 0x8e}, @nested={0x4, 0x104}, @nested={0x4, 0xab}, @nested={0x4, 0xec}, @generic="d167f54ac6328dbcac7aeb89ac2ef79c668e43814f5c3a6dc93c8b642ec8e26dd378107cefd016ffa5919200c8ca62042be0fa9b3ea2d2a39cdb51b1f5cd4f1f07e30d15164052942d7caf328834f1a00afbf2b96bcd1d0c8156e1fd069a4179096150bb9445562b986a25b21a2b9a2c6b278ccf2c6e8cfd03166682bd409c9aedbe8f81777d05434ce56a47878e260e31d26e2aa0604070ba6ac44a8e6f56d78b5f63be76db16c75b1d832bf61fded90eb37e7f30e76e912e8adf1a016c", @generic="25465d159123bd11b4c9e10435bc2cf1ecbca30af73ce3682272099d6451ecd24663f9617fa79756d1a5efbafd927a4bfdd417b305a7e0bfcfe240eef7687f5ac37adb32639ed801745919f35a88408f9333e798ec21a8585cfefba69b66fa32f471d4d02c2accfca1acd49c204d15d931f016e54bba8c2d0a02b8067c22967a58ca2f3e69c954ff365f41b3a5e1ddb632"]}, @generic="f6ee7c0adfa78a064b4240e54e96f3e417c4b269cb2b4e28c79f1ae8f64877508c41f68401cc1344de85123ecb90779c88620b9f855c81949296a863b364e0050467d58ebb09d15d1f13076c9d39211ee8ae81d82bb7a6ef9b910db6056934efa581d00013d85d6f2954d57333ad801b7c517754462a6c3d", @typed={0x14, 0x66, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @typed={0x4, 0x1e}]}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x8}, @NL802154_ATTR_SEC_LEVEL={0x4c, 0x2d, 0x0, 0x1, [@generic="0e8f938714d3966bdf61a936aadb837d5fc7d28927cb77be0da62c90a430aefd309e78c53b51cacf73f854ad9073ed33f3904e545cab89c590a5bdb92d5eb1bf2e1974f949ccfe5f"]}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r7}, @NL802154_ATTR_ACKREQ_DEFAULT={0x5, 0x1a, 0x1a}, @NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x1c4}, @NL802154_ATTR_CCA_ED_LEVEL={0x8, 0xe, 0x9}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x80000001}]}, 0x504}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000020)
r8 = syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000d00), r5)
sendmsg$auto_SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d40)={0x38, r8, 0x800, 0x70bd25, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x7f}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x7a}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_HMACINFO={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0xe4, 0x0, 0x0, @str=',^(\x00'}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x800)
r9 = openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000e00), 0xc0, 0x0)
write$auto_tomoyo_self_operations_securityfs_if(r9, &(0x7f0000000e40)="3a26a20f82260f4c540fff04a07a2babee4446a01513596f4436f6ac6c3324061e7aff0e504e7fda7a263ac8c1bd69f097f3467893155a51861779f1dd1dc5a0d276e6066494bc6d55005dcd78c4027fc3725391ee015473997627e4d7483a71fb4b98ef0860baa9f33449d81bc8a64eb232bb1f9efbc2147eeffcfebf79064db3f51f99f71b082d9f5d66283377b4c196f74f6bd443ea73ad210e504f36b73ff3e44eaaf3ee93595c33e63d815991167857f0a508050d506322d189a80e8612cd9c9039423d7274cc9664cd4b86ee84afbe005033d658b2a52294e81413188ade96", 0xe2)
syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000f40), r5)
sendmsg$auto_NL80211_CMD_SET_MCAST_RATE(r5, &(0x7f0000001140)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001100)={&(0x7f0000000fc0)={0x130, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xff}, @NL80211_ATTR_COLOR_CHANGE_COLOR={0x5}, @NL80211_ATTR_HE_6GHZ_CAPABILITY={0x6d, 0x125, "07e2f904ace56e6b19fc7d00ab960951759ab3b11cfb9138fbc88f71b2e5b565cb9a62a26c1176e75aad8fc1b30b4402e06f61dc13e6821f0a01f7de388dcdd9813271d07327f8504a3e4884e3293aa30ce9bf008e0964244de337cf6a748d4f32908f40500e9e9a88"}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x1}, @NL80211_ATTR_REG_RULES={0x7f, 0x22, 0x0, 0x1, [@typed={0x8, 0x2a, 0x0, 0x0, @ipv4=@local}, @generic="e86bbb30ef26ae5eac7bf8b81741601056bef31f3401aa4ef12e33ec7fffedc9d340c21d53754b0da0a609f4cb1e988be2a4c86f93a6d53e26738dcd254cb3ffcaec48ec2eede2ccf85387c61a605a819332203eab09d1080a2eda58d960f8e486409f79498814f14d4748", @typed={0x8, 0x39, 0x0, 0x0, @u32=0xe8}]}, @NL80211_ATTR_MLO_LINK_ID={0x5, 0x139, 0x83}, @NL80211_ATTR_SMPS_MODE={0x5, 0xd5, 0x67}]}, 0x130}, 0x1, 0x0, 0x0, 0x44800}, 0x0)
openat$auto_fops_u16_(0xffffffffffffff9c, &(0x7f0000001180)='/sys/kernel/debug/netdevsim/netdevsim0/psample/out_tc\x00', 0x40000, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000001200), r5)
sendmsg$auto_SMC_NETLINK_ENABLE_SEID(r10, &(0x7f0000001380)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001340)={&(0x7f0000001240)={0xfc, r11, 0x200, 0x70bd25, 0x25dfdbfb, {}, "a8b8731899491095d41708c5cfb67d80fcb7ac29c3e53ce1405a10969827c189f55ae396e5efb96f260ec0a679b5a997157d6993880a808916836c7f91dba2e00d8e4f3cff8a80b602a21f3ffc34006528b25b1ae574bb40c7844bdd4334c3f0f0f7d65c0e50ff1589bf27240a6bc8545c7f2ea60782b7d0fdab5904df62e0807a6e490df89fcb7d103325d93b978f34adadfcea3b9d0f494eb5f9fff641765afe5f25503eab0e76e61113f80407bbd68744f1345c997917fa78ba3da6ae6d9e8a68e1ca82a4dafcea1cc0b1ff83d03ec9bb041a41a6e4abefc66bb9097c9b9e28dce222fe067e9e"}, 0xfc}, 0x1, 0x0, 0x0, 0x44000}, 0x800)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001400), r1)
sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r12, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x20, r13, 0x712, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc850}, 0x200400d5)

3.008813272s ago: executing program 1 (id=345):
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
umount2$auto(&(0x7f0000000440)='/dev/kvm\x00', 0x0)
r0 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r1 = prctl$auto_PR_SET_IO_FLUSHER(0x39, 0x9, 0xffffffffffffffff, 0x5, 0x9)
ioctl$auto_dma_heap_fops_dma_heap(r1, 0xccd9, &(0x7f0000000380)="e8d453b8fb2ed41290c522ca24eee9c134a9e668de986560e77a6f9f56e6d494b1927a9cb1c7ec3bff26cdd23d634739371b3218e3b1a04537dbd0c7909c2db2bfbfc82e6a30787254826d")
socket(0x2, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/cifs/smbd_max_fragmented_recv_size\x00', 0xe0002, 0x0)
r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0)
sendmsg$auto_NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000002340)=ANY=[@ANYBLOB="04110000", @ANYRES16=r2, @ANYBLOB="040029bd7000ffdbdf2579000000ed102d809f77a28002d9b7e0b1ec3ac97c6ce40719b644303e34a0ea405ff9e527cf7d5da9f4900efa1bf7844640d8b0ffb286ac35c55a45771e110cd9e27c98225bca9d8efb25747caddbc680b61a3f02c24445462577d1dd605fcac76bdc5b243db53dec0946c54d44ea59fae294b6cfaa5c92b717004b00bf91ead7b5ec5c052668d9788a4e7631333a9300239c5e54f3b45c3e603dcf10f8c2d44cdf400a5b12ec3c4e3c37007e8cd02c1be2d78c6f5bd040bab814bca1ed50ecd2224e67c751843b482b9672c4c1903bd3d1e28a7254ab8dde65d505a78089bcfa585b96fc758aa3f90eaf633746625bbf22189279e0fa0f3dc2f1ab6683789b223dcbc2802d3391b412a063bdc42cbf86b47766e09e340de82646ddcec7fb327f0efa6fa85d0fc26fbc7dae45a2b3e2f4870e69238e49cabece4d989dc25fbeda5178231801877d487e44cab318309343fff282570475ee632c020e35254dea3daae6897bb570c04d726e4f993fd42e4efe8aaef11dc95e61e1d5c69870a433f811b879d058ff07180774490eb59454213a6b260f8ada2f66d07a13fac67663870caa8b7886a65e0ba9c8e04737ac075a6d764d424d4f0829dda3b05c74dd3b5fb1bd6bb7823a1c298e0cccb8cfc1627d9845188cb53a4670f112ff515d27f0124e4081e05828403e71e071b76f6cc5bc21252ed460bdc3da1541c747e8e6a7929af3e022150dadcffd8b201696fbeaefa4abc126ca1d99e22740fa1ef24581924e2c9d1e12131a298dd94a8d4fb8503144911e710abc270157ab89a12a1be25e5519744709f10f743f974bd2c64a5aa06ec24828d292dafee0b8b56a2abbb0961cb6d333433f3f6bcf110a28ec6a7e28714ad1cadaae55e81defcbf88ed0e2286af50ef431f57a5e146881fc5ecbeaaa1623c453b2d5982973d112d70ada08d1ce1632a7c5a41a322914c05a1f3e4740e76b7452e3620283485e05cd507d72559e58cf4724e105d8d43a35685feff6d0d439188b8295f9ad1365c2b914d5e7ca5710cf6602e76e800408dd1600d42014afad957495b567a17c40f0697a43b9a5fc2b8041c09c0b001215c0531715018a6a27623cf356c765e4ba2d0d6683ce0c3e0c7212aa0665c4789905bbae1e195374d99ef2c9a0f180fe9381ca170cb3a88ddb8d94fbadb536b0bbe3d00385da0577e8935442192fd166ebfdce4a626d986b3142755b6346ed9e43757a96e942650d82977168512765b2acffd1241fe98c23e1f32fd99d1d1265cb356eac71c56936d3199d3efcb448abac05445b1ca53c233a3bc5da301d166d3e842b089e1d08c4506d361db4084634384ae6a80a7bf12770e629c2a4af75f197f845a17ecc70df4d49ed118343e7ae9ad2a50d92e807894d09708b8aae00225d74774d69f622367d205a41314e3efb1703a48c635b2cbe3a251b1bf4c010695d872816819d261b4a6ecd90c9c6e9a3c27235315275b247d6dfe576107f5671b172fdcfc90166525698284df17757d777ea62e29f316793f6b9f71b09de6360704af036dcc8d5cdbcb0ed51be88ca787803ccb6ab1875f8580aa961efe82c5d860194c9345211432c570c92f4456e2d986268bf187c9091aba1aa85827bb53ffc3a4f8975502e1e4252fdeb009e75beef6c5f898ed01a83aa1b228f4d71f4e0f67fcc8fb6bc14fe6b620e58b42ffecf23a8afe7b93539bf9784b1765c1fd8583f6037502633ed3cf83ac1d8188ccd64bc90861584a73666ee417be38be1584f30973070f73dfe2a4da0bc4623b422d235357e51563bc4386825e5ff5b637753bc7222e2d4a34298338c097d1e77086f6f2ad8a688d63c7eea9192af96a19a23d82bd125272349ec5f61617b70bd93bb336a86d2b693587722bc9a0fbb727b5fb58dea3703b3e014286a4fac83aa5ba351dac434ef81c4014dfd708a5dbf9ae038cc1ae1b835839c5a94feff2855cce78a9468179741901eb53f0213f8b9be0733541087d86bf069309d6a4a76027a48c1c6515b3d1dde0aabd64daaa0374f31a1bf70e56494470217ff5d3bbe1fd7dfdec5c92efc4e284540e1be719fa1ce41459e3e99291f42bc5709ec029ec2d284571085563ab357ce3027145ef52bf2989a2a3cf8dbeedd0a7f8b807897d38d055574f24d1633603966137aed6439226056613e1d6f5eff15a59f429907a298b09ea21a2d5ec6cbb37f5c4fad2d9368a067b4cc5673f8b689c8d8a316f37d4f35f67e38630d2eac96f6d0eceb2971e0f130abb7f0c8d9c9d5977cfecc5dfa6d9362591a4d9230711b3a4386436c9413b82b79f046d1169c0e6f1b8e395046625d526dfd6d566b7d597b400b0e7f7ec77d5988633118fe93e6b7dd8df38a4f9135f29637b0b840fee62327b97429da63ea93b1fd2d2412eb9aba99270c336bafc7346d761bfed98ca00dc0604d23eb7d5de1728efe810e91559c4d74b3b70dcf66a3ae5d5715bab0ed5e018e6f7e5302cfbfa69afaa768d199202d1315fd6be9e105fab4cbc8f5718825a11acee98cb484842103a90a2b32cc9b756c2f1c620845080648f752a91d979a57159eb9dffad711d5f341604b02c4ee4135683afaf82530eeca51fdaa5ea4cb44bb2ef84bcc7fcc26ef2fa10c59fa37b2170f9f4b431626affc0d2b8d1232fa7d7b5930d54d2a05853ceef1d5c8a5a843c0a5ba750382e2031f791d0e9587a002ca24dbeb6a3b88249224909f57ddbbddbb7bcc123afbe8e05a1ac47075b5a351ed496605af46c3dccd3a649855275172d43c1f847eb4c558e5edafe91339982b2385cbcd4ce7934f4f2f518176e7350cbf89a2f0d208f2498a253f112c47959e606c6c751503bbb43536c20524e08bc84b0572f89cc3951002d71885737d6f6ed8b34c4c9d8ba175df185f10f8898883ddd8eec06c92494d5000f7327073eaa34de3479f7216946574a08759b3608c6452e8962b2df4b81a32ec02a02a942c9293506ce6a53fdbb4de304cbd5202865021f4bf7405630245c00db2a07b49c1ac9a7765cc6b6c2ba3b8d13d1783fcc986eccc20b39ab4bd884801f7f1ed3822166b37af5a9272d3975d5f4318bea12a2061b9c088a0533d364dada7c8e4ecad046ba6a0d023f48e460d32a11e4b43d398119fde2a606ad6b4906ad8b640d0333caa2eb69eb7044cf88254266474cc2e2b9f5591bca59acedbf227401b3e076a6e2c90557aa324d3f8e4252292ebbcfdab0799f264ed77c1ec4808443d75dfd5e32f74933e26ea03202d16977a0b1ffb14d1f91891def2ebb00649e8d000c46b1e4d05d84cd10e89880dc0220d9e19a15147fb419eb42cc782c4762ef6d707625b23f88291d395c5513a60ff179d967e0e988d0438ae9bb164da7f4a1aa6deb60ad543f7687e3095cee13579e2bcdd5207b4a0c05c1e148ac33e0fe6dbd162f6a197c1bf6113e6b681778936602be7314846590200583dd17863a21b7211096eaaed88a8f029acad376e00c5b768302fc32b1aa2aefcb106c0418badfb4f2091fe9e97dccc1c35337b5cd32b7d70b6d3b61fad4d2fbbc599d499841f4a405f3669b3c3e8b54c45f1ab96cfe3bbe7514265560cea703f149a899c36126bf8f06c446fe4662cc986cde83dbadc815cf95d8aa8875a81ed0ffd3cb8583a1c46d96ce3a8214847e25f68d3e512087173f19774109790fd8be33bd01dac218f79132ea40dfb317861ba51a80e8cc23369d0a326f134fb5aa9590942c0a938b364ea3309af0d6d1d97be943aec5d5c2309674a49542293f860b0a1087c3b1c85b3a7819feafc3f3273b37aff63c5699a3c5dc749892eedec56cc00e96d792961f5577ac498b340a83f33f1afa8af5f6d74975a909eacfcae532bf16e4520a040002adcc93a90e60e1a2854be927ea231f718a77dcabf4a7680d9be7b7d54c518b593cc3eedce08e0a28f5df734dc9dddec6a7f9822734b8809897b3e593d98c8a89455ad0bf7dd0d64ce5ba7bb3d545daecc897de44d0ec6979f3a5d5316711d518f3607b85f2612853a087f91debdaee874040b3839ddeee1b13a5bfa252e4779dd60c304661133225fdc1ff6403e0c4b77be363dff601eef23a699b153c937133eb4d39a84722244ac793659572344d25ffe0503c89e4b0f836f9a83d52e5de77586984f2c6f6506ea39aec99e48ba9f54f8c89b2c9bf45e3b363e7592bc41a29fb8eb410cbfc0821c1d3b496c91c7f8736512519cebee43f198cb2ff2ca064c2ba12fd496157adfe9f9d2a3be025c1e5331916afaec0522a5eb92cd795a7394eeba3e3e8a205e5d375a3505b4b4f000e7db1398f0ce601d7307c1994f4faee75b156c20cb647534b6c1e93f1ef500f8d85881c7aea5dabe6a8f9c336939a47e40ca2715c0192bfcca1a96317e93e1d3254555b5068ee1d81e0fa104b029fd0d1fdeb8ce20ef2a33d35cd02adee11599bc42b6cfeed65147bce8785508ab37fdb7bc2d1aa42c29a5bc0ce4548dd4263171c95c5bf505603242e9328f93736a1e3e42a6264c0f81aa785654ad8c47a24f7fe9972fdf2afa4942bb575aeb2dc2cecef905c3cca4fcaeafe344cb38c6251146c5a91f3d6769198b5fdde4821ff5b12b7d1520beba83add82b85298c16d46e9774f552688e762b80f1760dc044b6049ff21c8eaa2d60b89da44f58371396d15b37436c2c77772a5e21c8af2f15a9487bab73c7d8980e940f23b070f9bdc34541ebb3191c79b7a02625060adf5ff62ad5a29211aebcc0021329211bd69b31bc25bd95e65f379a04ba4697eaf6974975a0643324be92f3e731713616437ea18e15688db7002c1aa8f8b4af12b60ec2a68aaaef694eaeadfc3a1fa264a4b6aa665a048735a07b296ac3c8e01a60fac5aa25b5677981bb81088a9a3ac17a104c425bde23497be0033af032e5d3517adbd4c07faf42edfd41134c592662b19799f879398d04360523eb942055499498946fda64c519602e915fac1693c2b83508c7f255b03180ddbf09c9061d72af5a58e9fe49f52fc322c1cd9560642fbb15567ae30bfd678e48299e8b9befdc1ae11478b636894779502cecfa93479a6b3440f60e1dae8dfd10b3c7dbff2cdb52a33b0009eee771bf4a2f9658a09af8c8c50d3c7d495b670c8dfeb3df65eea6f79a764a2f1f7764fb2007be94d25ff04b4b9fe7983050b4fd23f31e05a479f7b092cd4f75707dfad7cc908fddaf759951d403c39e62037031fc5387bba5ae3f970eef4ee59acfae4b609454668ee2774bde8ea67e4bfbbd2b874a63e0a9aadbc62b394a4f7abcdb189bcf2d6ec38fb5fe2f5cf16e7cc26612dcd4925a08429eb8ba43d1f531f5bb1fdb324c91512c3a9d226cbba04b2d22745634f291eeffc5514ca972e630975757ccec40b4425c71203ca1fa397d338c5fa34cbc17d81bbb89a6431848b104022b5bed254d3b7f33a752a83a89fcfc3366b6b8950686f2257fee5436a8399ac4adbcca3675b32ab205deb90f6ea163ddc328d8a5c2d99210068809c3401c3c78f5b6ba5e6c7d0a3dff2eae0d1b8a57bbd127977ee8f3f4279f7a61493013dcc47bd5bb01b314c72968a9509195b75c3113f445472f03d47ba43033faee74059681dfb9138aceced05b6da9200b0b586495aa972f5921d47a624276d71c1faf2ee2ed6e7bd417bfed5967b94fb2dc32bd073244c7e11ed645c4c0d5e69c5de61114bfd80fb2fd6ce75463209ed57c6795364845f515716b8c3562cd927008c4afdef65ebf8dcbb079d59e8f0551097a13375b07dd739916adecfb10627ae8bf208aa0b698163d3acc53239ebc51d6b63b084e478146a38414cc3cc2829f4f165c61f81664ab9948aa5b87b5468b596b1aa16dc6943d9226da0c5dc8b75863d127ff84f56d0526084d265c03edce3d84cac01e5546f95b59251f14a66443a4d1d10bfd149212308d5f5ce0716f66dea1d9d52f9d9700e0f01acca3aa5a7f7c281c7b438a9ee8cafc9d416000d58004002b8002b9111fc501290f076dd3ac51d50c73204d0e6f8026b72fbf30d6098997c1217757b7271ac88474499fce170400b98008009700e0000001040005800400c18018009900dc49ed7edf3c4ed2fc5f3311a158dcf28796f4940000000000000000"], 0x1104}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0)
ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSMRRU(r3, 0x4004743b, 0x0)
r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x11, 0x80003, 0x300)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x6, 0x28, 0x1000000000065f, 0x80000000, 0x7, 0x3, 0x20000002, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x2, 0x80, 0x4, 0x0, 0x7, 0x2000, 0xc1d9, 0x0, 0x84, [0x0, 0x0, 0x0, 0x50100000000002, 0x3, 0x2000, 0x0, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x1, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xfffffffffffffff9, 0x200000000001, 0x30, 0xffffffffefffffff, 0x200000000000004, 0x0, 0x0, 0x0, 0x400000, 0x400000000005b8, 0x101, 0x0, 0x0, 0x4, 0x6, 0xffffffffffffffff, 0x890, 0x8000000000008, 0xffffffffffffffff, 0x1000, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x10006, 0x0, 0x5]}, 0x1fe, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xfffffffffffffe31, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r5 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0)
ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x1, 0x1, 0x8}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"})
ioctl$auto_SNDRV_TIMER_IOCTL_INFO(r5, 0x80e85411, &(0x7f00000002c0)={0x7fdf, 0x6, "b908674cfda2f7f351c66f681b0cf4a6f675fcee96065fdca6f219ea386de55077907f016e2805138b62fb97e14dbb38e0462dd9d44d7c6c55e2a5937efe3618", "3b6e33d493a9c79b3387938d612c35b33c720e605cd0842aa149397ff8063b45d44f8ce95fa39df1e5e1fc5e51f00fa2dfcc38c9b1ef6596b9e746f5e48ac07048156ea6be1e1ca5d281c7bb11333d0f", 0x397, 0x3, "d3bc655e384df871894a5771758ff164f2cd8098ac193333046911421bc35da0cf5d03000000000000003fbd1fa7efb0600cc93b5b84125aee00"})
r6 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r6, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

2.841728725s ago: executing program 2 (id=346):
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/md_mod/parameters/start_ro\x00', 0x302, 0x0)
sendfile$auto(r0, r0, 0x0, 0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000001080), 0xffffffffffffffff)
sendmsg$auto_L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x40090)

2.546237186s ago: executing program 2 (id=347):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0)
sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x52204b}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x880)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0x200007, 0x19)
mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000)
select$auto(0x3, 0x0, &(0x7f0000000100)={[0x8, 0xb, 0x0, 0x9, 0xfffffffffffffffc, 0x83, 0x6, 0x2, 0x9, 0xffff, 0x4000000000000002, 0xd, 0x3, 0xfffffffffffffffe, 0x7, 0x1000000006]}, 0x0, 0x0)
syslog$auto(0x2, &(0x7f0000000000)='-#:\x00[\xda\xe2\xc3L\xd30{Q\xecvP\x93\x87\x1e\xdd\x95\x1b\x19qI\vv\xacO*X0V\x93\x85\xff\xb2\xdd\xd8\xd5Kh\xfa\xa3\xc7\x9b}\xec\x1e\xdc\x80\x1fR\xc30\x9a\xae\\\'\x14\x98\x98\xc3iDv\x97\xdfTMt\xe5?\xd0\xcc\xb8\xfa\a\x7f\x7f\x00\x00\x00\x00\x00\x00\x00n_\xb1\x1c\x7f\xb0y\xec\xe2\xcc\x1a/\xfa{d\xe4BN\x9c\xb9\x87.\xfe\xe7&1j\xe6]\xc3\x9anE6\x81\xe4\xec\xfa\xefE\xf7\x17h\xf4pumR\xd55Dd(\x0f(b\x1aD\xf4\x03\xc3\\\xdf\x8f\xa8\x82\xab\x102\xd1\xaf\xcaT\x86\x171\x11Q4\x94\x9d\xf5\x9c\xe3\xaa\xf3\xd26i\xf9\xb2\xd9T\xc9\xfd\xba\x91^\x19\x95\xde\xbc \xa8\x98\xc3\xed\xe9,{\xd4\xa1\xe4p\xcf\b\f\xb4\xbe_\xf2\xbe\xef\v\xf1d\xdd\x0e\xfc\xc3\xeaqt\x94\xe7\xce\xf1\xc5\x94~\xf6Cx\x0e\x98\xc7gE>*\x9c%\xa0\\\x14\t\tv.\x1c\x1a\xf1\xba\xc0>\xf4Hc\xc3\xfa\x033\x8f\xb9(\n/\xcdo\xc2', 0xcf)
close_range$auto(0x2, 0x8, 0x0)
shmget$auto(0x400, 0x10563, 0x568c12f2)
shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa)
syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
shmdt$auto(&(0x7f0000000000)=':-h!/-^@(\']@%]/\x00')
clone$auto(0x1002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9)
mmap$auto(0x0, 0xc, 0x4000000000df, 0x44eb2, 0x10006, 0x300000000000)
syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff)

2.545882764s ago: executing program 3 (id=348):
socket(0x10, 0x2, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804)
lstat$auto(0x0, &(0x7f0000000180)={0x4, 0xd, 0x100000001, 0x63, 0x0, <r0=>0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x400, 0x7ffffff9, 0x5, 0xffffffff80000000, 0x9, 0x61, 0x105})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x89fc, &(0x7f0000000040)={'bridge0\x00'})
statmount$auto(0x0, &(0x7f0000000040)={0x0, 0x0, 0x38, 0xffffff01, 0x9, 0x9, 0x80000001, 0x7, 0x8, 0x5, 0x5, 0x9, 0x2, 0x8, 0x5, 0xf, 0xffffffffffffffff, 0x9, 0x1, 0x5}, 0x800, 0x0)
sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00{', @ANYRES16=0x0, @ANYRES32=r0], 0x28}, 0x1, 0x0, 0x0, 0x404c885}, 0x24008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
poll$auto(&(0x7f0000002340)={0xca, 0x10, 0x3b}, 0x2, 0x2)
io_setup$auto(0xfffffff8, &(0x7f0000000280)=0x1)
mmap$auto(0x0, 0x20009, 0x7fffffff, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x9, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xf7}, 0x7)
ioctl$auto_SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x742, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0xb60c2, 0x194)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000200), 0xffffffffffffffff)
mmap$auto(0x0, 0xc, 0x4fc, 0x13, 0x3, 0xffffffffffff4bab)
pipe2$auto(0x0, 0x80)
r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/032/001\x00', 0x202, 0x0)
ioctl$auto_USBDEVFS_RESETEP(r2, 0x80045503, &(0x7f0000000040)=0x81)
write$auto(0x3, 0x0, 0xfffffdef)
unshare$auto(0x40000080)
unshare$auto(0x40000080)

2.3540273s ago: executing program 0 (id=349):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x405, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
socket(0x2, 0x5, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0xfffffffffffffffe, 0x400, 0x4000000000de, 0xeb1, 0xffffffffffffffff, 0x3ff)
remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x6, 0x4)
socket(0xa, 0x1, 0x56)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = getpgid(0x0)
kcmp$auto(r4, r3, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_SET_QOS_MAP(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="d8190300", @ANYRES16, @ANYBLOB="08002bbd7000fedbdf256800000046004801dc266fcebd92e437b03d6f7bf9019872a79c693a679ed22accb537c0e7b86a6641f38fba40c4623d6f5d31e08fa592572d8f8631d0b241452f8273acea88c518c6d7000008001f01860500009b00ac00d5fb21b57f2aaef65f36010e3597d5a0d707fcc310c0f13f1ebf22f33ea9b602785d17a91c243cad82c39a98c0b2c14d849b4d627d5b63d863515931d690f629ad36f02ec82d5b866f3516187c3c764608ab53564ab8391b5b6ef78588cd1757d4795d34a59aa5569eb281557d56c9bee8d12c5c78e163ae057bf565ac20223d3123715a0c847638ac41ab7833bd8ce06fef549ad461d6000600fb00090000000600ab0002000000ac026e8073011380ea006a005deb91a41e6e41b4118a646cfc85714697ca913425a81ef2b388903dad33947f75809a8efb2ead2c3a5003926c6f76433d8595d7554d2015c362942fd227508776722311dc89b35db43c0360707b2cf015800112a98c6f7f6bd3645e731175067ae9d344d5c9b187fd06d46b525ab65420f98732e6511f38bf80029e5d7fa2f0fd317f445ccaadf116261564602e9588a1a02e242ac416b25cbf0032205d75f3605f21cb762f3fa75a9bf05a501396e253f89fc76dfad6d1432758502d25ca2df4c8a3cf5b18bd6969fd7daa1b2e73613db87578cd77f38a76f9ece6244674c66b5e2b5656ec000004006b8004002b80c25faa73bf97721b2e7fe95143b1df4243d7a1b6348b90f3b218e0a0770aa4e1b489e623f5ff856b54ee388a6b8dadd4eb04a864cdf396473de29b75a83c23a8ce87bf44d70bf9971e4409565bc21af82f56b6d475070ce56758b3532cdf5ec33066243ecb9f67a02f473e4c11b433fa9117a2982c99e2e1e725d3000800b7006e626400cc00a400c56a84c256ad4fd8ba75e95ecd35c9f5fd4dfa5d22328c676e5d677c8e2f0307160f3f6ba1bbeca9a75895ddc01903ef724fc8412a202abef021bac32e533a125720982de63da629fd62bf8d1268239b8c7d71beb4760e90075161a6202c360b16923d61a8d6e86e009e2762d84ca45b8da7206a0d3914260eafefb5fd1e3b50bd1b74b40becc6b90f4ef7df03c3b13ff8508fcca478438aa5a837df4b49fad47316276354ddce07bcba026dcd052555ad803bad6e77e3a82b0985affd52b6e1dff409d6ae74ca0408007600", @ANYRES32=r3, @ANYBLOB="e7fed39ede5a371933e7fd1b87624b55242ce4d8eab04a041132fca87ae98fd6f3816f22b7375da30264a7fac13ac1b2f59c9532f047221377b5a8dd820d71d88349fcb2f489f09ba9b5b50d2ab37fe61d64ed2877e38d6d060096000400000008004200070000000c002e010100000000000000"], 0x3d8}, 0x1, 0x0, 0x0, 0x48080}, 0x20000010)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000009400)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x1020}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000)
semctl$auto(0x8, 0x806, 0x13, 0x46)
socket(0x18, 0x2, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffd]}, 0x0)
socket(0x2, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
shutdown$auto(0x200000003, 0x2)

2.175906004s ago: executing program 1 (id=350):
close_range$auto(0x2, 0x8, 0x0)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x200382, 0x0)
r0 = socket(0x28, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/card0/pcm0c/sub4/xrun_injection\x00', 0x400, 0x0)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="2f212abd"], 0x14}}, 0x4000000)
mount$auto(0x0, 0x0, 0x0, 0x3379, 0x0)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
poll$auto(&(0x7f0000000040)={0xffffffffffffffff, 0x7}, 0x1, 0x9)
mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x2000040080000004, 0xe)
r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0)
socket(0x1f, 0x2, 0x73)
openat$auto_dvb_dvr_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x600b00, 0x0)
futex$auto(&(0x7f00000000c0)=0x3, 0x6, 0x0, &(0x7f0000000140)={0x3, 0x9}, &(0x7f0000000180)=0x8, 0xffffff00)
bind$auto(0x3, 0x0, 0x6a)
syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff)
madvise$auto(0x110c230000, 0x8031ca, 0x9)
mmap$auto(0x0, 0x4020009, 0xdf, 0x14, 0x401, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/tty/drivers\x00', 0x101000, 0x0)
ioctl$auto_SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000000c00))
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
sendmsg$auto_NBD_CMD_DISCONNECT(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x36f227933e955d34)
kexec_load$auto(0x0, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
mq_timedreceive$auto(r0, &(0x7f0000000300)='\x04\x00\x00\x00\xda\x91H{\xbcx\xcf\x03\xb8\xe0\xe0\xb8:f\x00\x00\x00\x00J%\xb2z\xc4A\x9b\x13\xbc\x96u\xa2\x94{\x91\xe2\x105\xe0M\xe0\x99P,\x81\xcb\b\xd9u\f\xdaT\xb0\xb0\xab5\x1b\xcc\xbe_\xd9}\xaeS`\x7fs\xba5L-\xd8\xa3\xf9\xce\x80\x8a\x1e\xc3\x9c\x8b\xc6\x16\xed\x92\x99\xa2.\xb6\xde\x15_t\xac\f', 0x7f3, &(0x7f0000000200), &(0x7f0000000280)={0x8, 0x4})
write$auto_proc_mem_operations_base(r1, &(0x7f0000001680)="a7", 0x80000)

1.265031065s ago: executing program 0 (id=351):
eventfd$auto(0x3ff)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0)
openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x20082, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(r0, r2, 0x2)
landlock_create_ruleset$auto(0x0, 0x9, 0x0)
landlock_restrict_self$auto(r2, 0x0)
pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00')
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
rt_sigprocmask$auto(0x10, 0x0, 0x0, 0x8)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
ioctl$auto(0x3, 0xae41, 0x38)

968.57132ms ago: executing program 3 (id=352):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
mremap$auto(0x0, 0xfee0, 0x3fd6, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$auto_nlbl_calipso(&(0x7f0000001180), r0)
r1 = socket(0x1d, 0x4, 0x20000006)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r3, 0x40046109, &(0x7f0000002c40)=0xd0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', <r6=>0x0})
sendmsg$auto_NET_SHAPER_CMD_GROUP(r4, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB, @ANYRES32=r6, @ANYBLOB="080003"], 0x34}, 0x1, 0x0, 0x0, 0x44000}, 0x14)
r7 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0)
ioctl$auto_CEC_S_MODE(r7, 0x40046109, &(0x7f0000002c40)=0x10)
close_range$auto(r2, r7, 0x0)
io_uring_setup$auto(0x40005, 0x0)
madvise$auto(0x108000, 0x800034, 0x9)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syzkaller1\x00'})
bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@vsock={0x28, 0x0, 0x2711, @my=0x0}, 0x69)
unshare$auto(0x40000080)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="010326bd70000ac70e806ca73d7984ebab6120d918ca50f9e5ff307c24c8cb2dbe9f094112d7aeb85d7353cda2aa2dc5e39ea690"], 0x14}, 0x1, 0x0, 0x0, 0x8810}, 0x0)
openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040), 0x404100, 0x0)

954.157473ms ago: executing program 1 (id=353):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x84dd, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x15)
setreuid$auto(0x0, 0x20000000004)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1000af"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
r0 = socket(0x15, 0x5, 0x0)
getsockname$auto(r0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r1 = socket(0x2, 0x805, 0x100)
socket(0x2, 0x800, 0x0)
socket(0x15, 0xfffffffffffffffd, 0x6)
r2 = getpgid(0x0)
pidfd_open$auto(r2, 0x0)
r3 = socket(0x2b, 0x1, 0x1)
sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20040000)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000)
setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3)
setsockopt$auto(r3, 0x29, 0x39, 0x0, 0x0)
syz_open_procfs$namespace(r2, &(0x7f0000000180)='ns/time_for_children\x00')
copy_file_range$auto(0xffffffffffffffff, &(0x7f0000000000)=0x2, r1, &(0x7f0000000100)=0x7, 0x401, 0xffffffff)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a)

0s ago: executing program 1 (id=354):
alarm$auto(0x2)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0)
mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000)
write$auto(0x3, 0x0, 0xfdef)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
socketpair$auto(0x5, 0x2, 0x7, 0x0)
r1 = socket(0xa, 0x801, 0x84)
getsockopt$auto(r1, 0x84, 0x72, 0x0, &(0x7f0000000100)=0x22a)
r2 = openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0)
write$auto(r2, 0x0, 0xe)
read$auto_def_blk_fops_fs(r0, &(0x7f0000000140)=""/194, 0xc2)
select$auto(0x3, &(0x7f0000000000)={[0xffff, 0x8, 0x9, 0x1, 0x0, 0xff, 0x6, 0x2, 0x7fffffffffffffff, 0xffff, 0x0, 0x5, 0x8000000000000001, 0x9, 0xf5, 0x3]}, &(0x7f0000000080)={[0xb68, 0x10, 0xf, 0x5, 0xc, 0xcf42, 0x5, 0x8, 0x2, 0x1, 0x8000000000000000, 0x8001, 0xce15, 0xad, 0x1ff, 0x3]}, &(0x7f0000000100)={[0x401, 0x80, 0x101, 0xfffffffffffffff8, 0x6, 0x7, 0x7, 0xfffffffffffffffe, 0x9, 0x6, 0x3, 0x5, 0x6, 0xffffffffffffffff, 0x829, 0x2]}, &(0x7f0000000180)={0x3e, 0x3})
setresgid$auto(0x81, 0x0, 0x0)
alarm$auto(0x2) (async)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) (async)
mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) (async)
write$auto(0x3, 0x0, 0xfdef) (async)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async)
socketpair$auto(0x5, 0x2, 0x7, 0x0) (async)
socket(0xa, 0x801, 0x84) (async)
getsockopt$auto(r1, 0x84, 0x72, 0x0, &(0x7f0000000100)=0x22a) (async)
openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/bluetooth/hci0/force_devcoredump\x00', 0x2, 0x0) (async)
write$auto(r2, 0x0, 0xe) (async)
read$auto_def_blk_fops_fs(r0, &(0x7f0000000140)=""/194, 0xc2) (async)
select$auto(0x3, &(0x7f0000000000)={[0xffff, 0x8, 0x9, 0x1, 0x0, 0xff, 0x6, 0x2, 0x7fffffffffffffff, 0xffff, 0x0, 0x5, 0x8000000000000001, 0x9, 0xf5, 0x3]}, &(0x7f0000000080)={[0xb68, 0x10, 0xf, 0x5, 0xc, 0xcf42, 0x5, 0x8, 0x2, 0x1, 0x8000000000000000, 0x8001, 0xce15, 0xad, 0x1ff, 0x3]}, &(0x7f0000000100)={[0x401, 0x80, 0x101, 0xfffffffffffffff8, 0x6, 0x7, 0x7, 0xfffffffffffffffe, 0x9, 0x6, 0x3, 0x5, 0x6, 0xffffffffffffffff, 0x829, 0x2]}, &(0x7f0000000180)={0x3e, 0x3}) (async)
setresgid$auto(0x81, 0x0, 0x0) (async)

kernel console output (not intermixed with test programs):

 mode
[   90.290155][ T5842] hsr_slave_1: entered promiscuous mode
[   90.296647][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.304233][ T5842] Cannot create hsr debugfs directory
[   90.314977][ T5840] hsr_slave_0: entered promiscuous mode
[   90.321158][ T5840] hsr_slave_1: entered promiscuous mode
[   90.328508][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.336222][ T5840] Cannot create hsr debugfs directory
[   90.405936][ T5846] Bluetooth: hci2: command tx timeout
[   90.405940][ T5852] Bluetooth: hci0: command tx timeout
[   90.406403][ T5846] Bluetooth: hci1: command tx timeout
[   90.411832][ T5852] Bluetooth: hci3: command tx timeout
[   90.698825][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.719416][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.731531][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.745607][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.800032][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.816619][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.827714][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.848195][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.924099][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   90.936022][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   90.957616][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   90.991023][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   91.069739][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.081470][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   91.091929][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   91.102141][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   91.117702][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   91.181784][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   91.202515][ T3536] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.209877][ T3536] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.240457][ T3536] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.247638][ T3536] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.274247][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.292235][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.354008][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   91.371066][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   91.385142][ T3004] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.392308][ T3004] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.417884][ T3004] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.425073][ T3004] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.457204][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.464369][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.477891][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.485107][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.573814][ T5839] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   91.586117][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.682747][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.744152][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   91.800847][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.827993][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.835174][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.860371][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.867695][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.000963][ T5841] veth0_vlan: entered promiscuous mode
[   92.040304][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.058359][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.074457][ T5841] veth1_vlan: entered promiscuous mode
[   92.189576][ T5841] veth0_macvtap: entered promiscuous mode
[   92.204027][ T5839] veth0_vlan: entered promiscuous mode
[   92.223342][ T5841] veth1_macvtap: entered promiscuous mode
[   92.240758][ T5842] veth0_vlan: entered promiscuous mode
[   92.281743][ T5842] veth1_vlan: entered promiscuous mode
[   92.301616][ T5839] veth1_vlan: entered promiscuous mode
[   92.332032][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.373139][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.391622][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.406741][ T5842] veth0_macvtap: entered promiscuous mode
[   92.421580][ T5841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.431897][ T5841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.441374][ T5841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.452027][ T5841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.475938][ T5842] veth1_macvtap: entered promiscuous mode
[   92.485109][ T5852] Bluetooth: hci3: command tx timeout
[   92.485633][ T5839] veth0_macvtap: entered promiscuous mode
[   92.496529][ T5852] Bluetooth: hci1: command tx timeout
[   92.502056][ T5852] Bluetooth: hci0: command tx timeout
[   92.504934][ T5846] Bluetooth: hci2: command tx timeout
[   92.560804][ T5839] veth1_macvtap: entered promiscuous mode
[   92.572541][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.591336][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.606694][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.647427][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.663314][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.675483][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.700409][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.712118][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.722326][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   92.734437][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.746859][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.772634][ T5840] veth0_vlan: entered promiscuous mode
[   92.789739][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.811807][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.822931][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.833811][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.846176][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.855294][ T5842] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.864051][ T5842] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.874154][ T5842] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.883532][ T5842] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.913148][ T5840] veth1_vlan: entered promiscuous mode
[   92.940170][ T5839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.949802][ T5839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.959730][ T5839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.969798][ T5839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.053898][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.085121][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.173783][ T5840] veth0_macvtap: entered promiscuous mode
[   93.205514][ T5840] veth1_macvtap: entered promiscuous mode
[   93.223295][ T3004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.245168][ T3004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.281095][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.289494][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.400494][ T5841] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.401070][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.427862][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.439516][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.450353][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.460338][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   93.471164][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.486806][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.499375][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.520837][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.530483][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.538308][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.604337][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.617151][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.628398][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.639598][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.651145][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   93.661986][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   93.674632][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.701785][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.711336][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.721172][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.730036][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.749958][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.772590][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.967560][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.997388][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.069479][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.116033][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.167220][ T5909] Zero length message leads to an empty skb
[   94.566822][   T56] Bluetooth: hci0: command tx timeout
[   94.572365][ T5846] Bluetooth: hci1: command tx timeout
[   94.572391][ T5852] Bluetooth: hci3: command tx timeout
[   94.577821][ T5846] Bluetooth: hci2: command tx timeout
[   94.919846][ T5920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5'.
[   94.982546][ T5922] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6'.
[   95.035118][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.049134][ T5925] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6'.
[   95.063117][ T5922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   95.102522][ T5922] batman_adv: batadv0: Removing interface: batadv_slave_0
[   95.116517][ T5922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   95.135748][ T5922] batman_adv: batadv0: Removing interface: batadv_slave_1
[   95.505194][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.210357][ T5937] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   96.212433][ T5943] netlink: 330 bytes leftover after parsing attributes in process `syz.0.8'.
[   96.645143][ T5852] Bluetooth: hci0: command tx timeout
[   96.645205][ T5852] Bluetooth: hci3: command tx timeout
[   96.645245][ T5852] Bluetooth: hci2: command tx timeout
[   96.645284][ T5852] Bluetooth: hci1: command tx timeout
[   96.924402][ T5947] Invalid ELF header magic: != ELF
[   97.290331][  T907] cfg80211: failed to load regulatory.db
[   97.629883][ T5957] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   98.320811][ T5967] netlink: 'syz.0.14': attribute type 11 has an invalid length.
[   98.486051][ T5967] netlink: 28 bytes leftover after parsing attributes in process `syz.0.14'.
[   98.765154][ T5966] ima: policy update failed
[   98.776272][   T30] audit: type=1802 audit(1741910074.467:2): pid=5966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.14" res=0 errno=0

syzkaller
syzkaller login: [  103.407005][ T6018] device-mapper: ioctl: ioctl interface mismatch: kernel(4.49.0), user(0.0.0), cmd(5)
[  103.425292][ T6018] FAULT_INJECTION: forcing a failure.
[  103.425292][ T6018] name failslab, interval 1, probability 0, space 0, times 1
[  103.474646][ T6018] CPU: 0 UID: 0 PID: 6018 Comm: syz.0.24 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  103.474692][ T6018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  103.474716][ T6018] Call Trace:
[  103.474725][ T6018]  <TASK>
[  103.474738][ T6018]  dump_stack_lvl+0x16c/0x1f0
[  103.474798][ T6018]  should_fail_ex+0x50a/0x650
[  103.474828][ T6018]  ? fs_reclaim_acquire+0xae/0x150
[  103.474873][ T6018]  should_failslab+0xc2/0x120
[  103.474905][ T6018]  kmem_cache_alloc_bulk_noprof+0x7e/0xb10
[  103.474961][ T6018]  ? trace_kmem_cache_alloc+0x2d/0xd0
[  103.475003][ T6018]  ? kmem_cache_alloc_noprof+0x279/0x3d0
[  103.475057][ T6018]  ? mas_dup_build.constprop.0+0x5f3/0x1760
[  103.475115][ T6018]  ? mas_dup_build.constprop.0+0xc6f/0x1760
[  103.475166][ T6018]  mas_dup_build.constprop.0+0xc6f/0x1760
[  103.475232][ T6018]  ? __pfx___lock_acquire+0x10/0x10
[  103.475290][ T6018]  __mt_dup+0xec/0x1f0
[  103.475336][ T6018]  ? __pfx___mt_dup+0x10/0x10
[  103.475393][ T6018]  ? get_mm_exe_file+0x8a/0x1a0
[  103.475446][ T6018]  ? __pfx_lock_release+0x10/0x10
[  103.475511][ T6018]  ? lock_acquire+0x2f/0xb0
[  103.475552][ T6018]  ? get_mm_exe_file+0x30/0x1a0
[  103.475630][ T6018]  copy_process+0x68f5/0x8c50
[  103.475693][ T6018]  ? __pfx_copy_process+0x10/0x10
[  103.475728][ T6018]  ? try_to_wake_up+0x953/0x1490
[  103.475783][ T6018]  ? plist_check_head+0xa3/0x150
[  103.475830][ T6018]  ? wake_up_q+0xb0/0x160
[  103.475872][ T6018]  ? do_raw_spin_unlock+0x172/0x230
[  103.475911][ T6018]  kernel_clone+0xfd/0x960
[  103.475943][ T6018]  ? __pfx_futex_wake+0x10/0x10
[  103.475990][ T6018]  ? __pfx_kernel_clone+0x10/0x10
[  103.476047][ T6018]  __do_sys_clone+0xcf/0x120
[  103.476079][ T6018]  ? __pfx___do_sys_clone+0x10/0x10
[  103.476111][ T6018]  ? __pfx___might_resched+0x10/0x10
[  103.476182][ T6018]  ? rcu_is_watching+0x12/0xc0
[  103.476236][ T6018]  do_syscall_64+0xcd/0x250
[  103.476290][ T6018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.476337][ T6018] RIP: 0033:0x7f2cc718d169
[  103.476364][ T6018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.476395][ T6018] RSP: 002b:00007f2cc807cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  103.476426][ T6018] RAX: ffffffffffffffda RBX: 00007f2cc73a5fa0 RCX: 00007f2cc718d169
[  103.476447][ T6018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  103.476464][ T6018] RBP: 00007f2cc720e2a0 R08: 0000000000000000 R09: 0000000000000000
[  103.476483][ T6018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.476502][ T6018] R13: 0000000000000000 R14: 00007f2cc73a5fa0 R15: 00007ffc250648f8
[  103.476544][ T6018]  </TASK>
[  104.547157][ T6021] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  104.620112][ T6021] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  105.081178][ T6029] nbd: must specify a size in bytes for the device
[  106.558199][ T6043] process 'syz.3.30' launched '/dev/fd/3' with NULL argv: empty string added
[  106.566026][ T6049] cougar: G6 mapped to space
[  109.177065][ T6061] netlink: 12 bytes leftover after parsing attributes in process `syz.3.34'.
[  109.351872][ T6061] netlink: 8 bytes leftover after parsing attributes in process `syz.3.34'.
[  111.525148][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  112.485262][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  112.618613][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  112.705382][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  115.222615][ T6135] usb usb15: usbfs: process 6135 (syz.3.49) did not claim interface 0 before use
[  117.735912][ T6167] netlink: 12888 bytes leftover after parsing attributes in process `syz.3.55'.
[  118.005731][ T6168] Invalid ELF header magic: != ELF
[  118.490597][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.658191][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.954192][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.098978][ T6177] ovs_ÿÃ: entered promiscuous mode
[  119.220807][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.872893][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  119.882637][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  119.894898][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  119.915011][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  119.925499][ T5852] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  119.938788][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  120.197036][   T12] bridge_slave_1: left allmulticast mode
[  120.214930][   T12] bridge_slave_1: left promiscuous mode
[  120.222974][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.424266][   T12] bridge_slave_0: left allmulticast mode
[  120.465872][   T12] bridge_slave_0: left promiscuous mode
[  120.472545][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.623422][   T30] audit: type=1326 audit(6036877394.292:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6203 comm="syz.2.61" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f692d18d169 code=0x0
[  122.004996][ T5852] Bluetooth: hci2: command tx timeout
[  122.881198][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  122.990741][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  123.017069][   T12] bond0 (unregistering): Released all slaves
[  123.385111][ T6236] [U] 
[  123.388108][ T6236] [U] 
[  123.390878][ T6236] [U] 
[  123.393644][ T6236] [U] 
[  123.463391][ T6236] [U] 
[  123.466293][ T6236] [U] 
[  123.469061][ T6236] [U] 
[  123.471816][ T6236] [U] 
[  123.537822][ T6236] [U] 
[  123.540633][ T6236] [U] 
[  123.543386][ T6236] [U] 
[  123.546145][ T6236] [U] 
[  123.623709][ T6238] tipc: Started in network mode
[  123.635063][ T6236] [U] 
[  123.637850][ T6236] [U] 
[  123.640615][ T6236] [U] 
[  123.643381][ T6236] [U] 
[  123.665075][ T6236] [U] 
[  123.667878][ T6236] [U] 
[  123.670645][ T6236] [U] 
[  123.673414][ T6236] [U] 
[  123.684022][ T6236] [U] 
[  123.686815][ T6236] [U] 
[  123.689572][ T6236] [U] 
[  123.692330][ T6236] [U] 
[  123.696291][ T6236] [U] 
[  123.699071][ T6236] [U] 
[  123.701838][ T6236] [U] 
[  123.704609][ T6236] [U] 
[  123.708307][ T6236] [U] 
[  123.711080][ T6236] [U] 
[  123.713841][ T6236] [U] 
[  123.716610][ T6236] [U] 
[  123.721526][ T6236] [U] 
[  123.724306][ T6236] [U] 
[  123.727076][ T6236] [U] 
[  123.729846][ T6236] [U] 
[  123.739010][ T6238] tipc: Node identity 8e4e6f15, cluster identity 4711
[  123.747492][ T6238] tipc: Node number set to 2387504917
[  123.759224][ T6236] [U] 
[  123.761999][ T6236] [U] 
[  123.764765][ T6236] [U] 
[  123.767534][ T6236] [U] 
[  123.772582][ T6236] [U] 
[  123.775384][ T6236] [U] 
[  123.778140][ T6236] [U] 
[  123.780987][ T6236] [U] 
[  123.800604][ T6236] [U] 
[  123.803406][ T6236] [U] 
[  123.806167][ T6236] [U] 
[  123.808936][ T6236] [U] 
[  123.817332][ T6236] [U] 
[  123.820125][ T6236] [U] 
[  123.822888][ T6236] [U] 
[  123.825655][ T6236] [U] 
[  123.858952][ T6236] [U] 
[  123.861755][ T6236] [U] 
[  123.864530][ T6236] [U] 
[  123.867304][ T6236] [U] 
[  123.997636][ T6227] [U] 
[  124.023559][ T6186] chnl_net:caif_netlink_parms(): no params data found
[  124.085450][ T5852] Bluetooth: hci2: command tx timeout
[  124.478387][   T30] audit: type=1800 audit(6036877397.172:4): pid=6261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.67" name="lu_gp_id" dev="configfs" ino=9615 res=0 errno=0
[  124.671008][ T6250] Invalid ELF header magic: != ELF
[  124.677493][ T6186] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.684638][ T6186] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.703382][ T6186] bridge_slave_0: entered allmulticast mode
[  124.739799][ T6186] bridge_slave_0: entered promiscuous mode
[  124.763740][ T6186] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.774928][ T6186] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.806530][ T6186] bridge_slave_1: entered allmulticast mode
[  124.813654][ T6186] bridge_slave_1: entered promiscuous mode
[  124.898781][   T12] hsr_slave_0: left promiscuous mode
[  124.906417][   T12] hsr_slave_1: left promiscuous mode
[  124.919006][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  124.941841][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  124.958310][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  124.989619][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.044205][   T12] veth1_macvtap: left promiscuous mode
[  125.055583][   T12] veth0_macvtap: left promiscuous mode
[  125.061227][   T12] veth1_vlan: left promiscuous mode
[  125.075613][   T12] veth0_vlan: left promiscuous mode
[  125.110883][ T6269] kstrtoul() returned -22 for lu_gp_id
[  126.167607][ T5852] Bluetooth: hci2: command tx timeout
[  126.319932][   T12] team0 (unregistering): Port device team_slave_1 removed
[  126.371280][   T12] team0 (unregistering): Port device team_slave_0 removed
[  127.286428][ T6186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.352270][ T6186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.616740][ T6186] team0: Port device team_slave_0 added
[  127.666572][ T6186] team0: Port device team_slave_1 added
[  127.727500][ T6186] batman_adv: batadv0: Adding interface: batadv_slave_0
[  127.744925][ T6186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.770868][    C1] vkms_vblank_simulate: vblank timer overrun
[  127.792792][ T6186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  127.843049][ T6186] batman_adv: batadv0: Adding interface: batadv_slave_1
[  127.852387][ T6186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  127.885137][ T6186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  128.027473][ T6186] hsr_slave_0: entered promiscuous mode
[  128.040250][ T6186] hsr_slave_1: entered promiscuous mode
[  128.052481][ T6186] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  128.070820][ T6186] Cannot create hsr debugfs directory
[  128.245300][ T5852] Bluetooth: hci2: command tx timeout
[  128.979613][ T6301] netlink: 342 bytes leftover after parsing attributes in process `syz.3.72'.
[  129.648197][ T6186] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  129.703920][ T6186] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  129.734159][ T6186] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  129.790577][ T6186] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  130.075934][ T6186] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.109564][ T6186] 8021q: adding VLAN 0 to HW filter on device team0
[  130.136483][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.136589][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.161069][ T3536] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.161139][ T3536] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.093006][ T6186] 8021q: adding VLAN 0 to HW filter on device batadv0
[  131.194696][ T6340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.77'.
[  131.210275][ T6186] veth0_vlan: entered promiscuous mode
[  131.298131][ T6186] veth1_vlan: entered promiscuous mode
[  131.378825][ T6186] veth0_macvtap: entered promiscuous mode
[  131.420013][ T6186] veth1_macvtap: entered promiscuous mode
[  131.453849][ T6186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.453885][ T6186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.453908][ T6186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  131.453932][ T6186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.457315][ T6186] batman_adv: batadv0: Interface activated: batadv_slave_0
[  131.469412][ T6186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  131.469445][ T6186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.469460][ T6186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  131.469481][ T6186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  131.470519][ T6186] batman_adv: batadv0: Interface activated: batadv_slave_1
[  131.488858][ T6186] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  131.488953][ T6186] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  131.489000][ T6186] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  131.489046][ T6186] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  131.707824][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.707893][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.767779][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  131.767810][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.977827][ T6400] busy
[  135.624091][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.832313][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.103529][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.330219][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.361889][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  136.372430][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  136.381102][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  136.396118][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  136.410125][ T5858] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  136.427169][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  136.745366][   T13] bridge_slave_1: left allmulticast mode
[  136.751187][   T13] bridge_slave_1: left promiscuous mode
[  136.766202][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.807114][   T13] bridge_slave_0: left allmulticast mode
[  136.812849][   T13] bridge_slave_0: left promiscuous mode
[  136.830728][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.101269][ T6482] kAFS: Invalid Command on /proc/fs/afs/cells file
[  137.230758][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  137.245611][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  137.254241][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  137.262450][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  137.275447][ T5852] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  137.309581][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  137.385158][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  137.394945][    T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!!
[  138.194691][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  138.210681][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  138.223281][   T13] bond0 (unregistering): Released all slaves
[  138.278002][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  138.285067][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  138.496697][ T5852] Bluetooth: hci1: command tx timeout
[  138.838456][ T6467] chnl_net:caif_netlink_parms(): no params data found
[  138.934370][   T13] hsr_slave_0: left promiscuous mode
[  138.988292][   T13] hsr_slave_1: left promiscuous mode
[  139.010585][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  139.025197][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  139.040430][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  139.091457][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  139.120300][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  139.168883][   T13] veth1_macvtap: left promiscuous mode
[  139.174503][   T13] veth0_macvtap: left promiscuous mode
[  139.196967][   T13] veth1_vlan: left promiscuous mode
[  139.215313][   T13] veth0_vlan: left promiscuous mode
[  139.365478][ T5852] Bluetooth: hci2: command tx timeout
[  140.022993][ T6522] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[6522]
[  140.415482][   T13] team0 (unregistering): Port device team_slave_1 removed
[  140.470885][   T13] team0 (unregistering): Port device team_slave_0 removed
[  140.568636][ T5852] Bluetooth: hci1: command tx timeout
[  141.333814][ T6467] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.341512][ T6467] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.350172][ T6467] bridge_slave_0: entered allmulticast mode
[  141.359010][ T6467] bridge_slave_0: entered promiscuous mode
[  141.369218][ T6467] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.378295][ T6467] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.386046][ T6467] bridge_slave_1: entered allmulticast mode
[  141.393501][ T6467] bridge_slave_1: entered promiscuous mode
[  141.445434][ T5852] Bluetooth: hci2: command tx timeout
[  141.550347][ T6467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  141.580744][ T6467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  141.669210][ T6486] chnl_net:caif_netlink_parms(): no params data found
[  141.711545][ T6467] team0: Port device team_slave_0 added
[  141.766688][ T6467] team0: Port device team_slave_1 added
[  141.854616][ T6467] batman_adv: batadv0: Adding interface: batadv_slave_0
[  141.861832][ T6467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.887900][    C0] vkms_vblank_simulate: vblank timer overrun
[  141.895065][ T6467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  141.934657][ T6467] batman_adv: batadv0: Adding interface: batadv_slave_1
[  141.950364][ T6467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.984294][ T6467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  142.228489][ T6486] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.249258][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.263513][ T6486] bridge_slave_0: entered allmulticast mode
[  142.271969][ T6486] bridge_slave_0: entered promiscuous mode
[  142.374727][ T6486] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.391643][ T6486] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.415062][ T6486] bridge_slave_1: entered allmulticast mode
[  142.425631][ T6486] bridge_slave_1: entered promiscuous mode
[  142.524032][ T6467] hsr_slave_0: entered promiscuous mode
[  142.530812][ T6467] hsr_slave_1: entered promiscuous mode
[  142.549152][ T6467] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  142.570804][ T6467] Cannot create hsr debugfs directory
[  142.651573][ T5852] Bluetooth: hci1: command tx timeout
[  142.673511][ T6486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.752300][ T6486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.977486][ T6486] team0: Port device team_slave_0 added
[  142.988225][ T6486] team0: Port device team_slave_1 added
[  143.121653][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_0
[  143.152896][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.214701][ T6486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  143.337893][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_1
[  143.360570][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  143.442361][ T6486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  143.492135][ T6576] netlink: 4 bytes leftover after parsing attributes in process `syz.3.103'.
[  143.525124][ T5852] Bluetooth: hci2: command tx timeout
[  143.617988][ T6467] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.706106][ T6486] hsr_slave_0: entered promiscuous mode
[  143.712685][ T6486] hsr_slave_1: entered promiscuous mode
[  143.745935][ T6486] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  143.753565][ T6486] Cannot create hsr debugfs directory
[  143.931987][ T6467] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.075235][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  144.133134][ T6467] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.233161][ T6467] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.513511][   T83] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.603572][ T6467] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  144.725530][ T5852] Bluetooth: hci1: command tx timeout
[  144.798135][   T83] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.852912][ T6467] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  144.895207][ T6467] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  145.077396][   T83] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.125253][ T6467] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  145.269785][   T83] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.495748][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  145.505983][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  145.515445][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  145.524216][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  145.532638][ T5858] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  145.540489][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  145.606565][ T5852] Bluetooth: hci2: command tx timeout
[  145.715615][   T83] bridge_slave_1: left allmulticast mode
[  145.721362][   T83] bridge_slave_1: left promiscuous mode
[  145.746012][   T83] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.759380][   T83] bridge_slave_0: left allmulticast mode
[  145.772663][   T83] bridge_slave_0: left promiscuous mode
[  145.783456][   T83] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.442145][   T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  146.472366][   T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  146.486921][   T83] bond0 (unregistering): Released all slaves
[  146.567145][ T6628] MTRR 1 not used
[  146.650138][   T83] tipc: Left network mode
[  146.718494][ T6467] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.790507][ T6486] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  146.825149][ T6486] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  146.883416][ T6486] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  146.913559][ T6486] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  147.191581][   T83] hsr_slave_0: left promiscuous mode
[  147.206060][   T83] hsr_slave_1: left promiscuous mode
[  147.212010][   T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  147.235851][   T83] batman_adv: batadv0: Removing interface: batadv_slave_0
[  147.247701][   T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  147.258625][   T83] batman_adv: batadv0: Removing interface: batadv_slave_1
[  147.288271][   T83] veth1_macvtap: left promiscuous mode
[  147.293873][   T83] veth0_macvtap: left promiscuous mode
[  147.300743][   T83] veth1_vlan: left promiscuous mode
[  147.307387][   T83] veth0_vlan: left promiscuous mode
[  147.614966][ T5852] Bluetooth: hci4: command tx timeout
[  147.928758][   T83] team0 (unregistering): Port device team_slave_1 removed
[  147.971156][   T83] team0 (unregistering): Port device team_slave_0 removed
[  148.282626][ T6467] 8021q: adding VLAN 0 to HW filter on device team0
[  148.313158][ T6608] chnl_net:caif_netlink_parms(): no params data found
[  148.369146][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.376383][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.431390][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.439138][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.698277][ T6608] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.714600][ T6608] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.722207][ T6608] bridge_slave_0: entered allmulticast mode
[  148.732439][ T6608] bridge_slave_0: entered promiscuous mode
[  148.749352][ T6608] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.756976][ T6608] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.765176][ T6608] bridge_slave_1: entered allmulticast mode
[  148.772092][ T6608] bridge_slave_1: entered promiscuous mode
[  148.872372][ T6608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.906859][ T6608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.983582][ T6608] team0: Port device team_slave_0 added
[  149.014186][ T6608] team0: Port device team_slave_1 added
[  149.031418][ T6486] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.093670][ T6608] batman_adv: batadv0: Adding interface: batadv_slave_0
[  149.114332][ T6608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.175421][ T6608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  149.229161][ T6486] 8021q: adding VLAN 0 to HW filter on device team0
[  149.231908][ T6695] busy
[  149.249411][ T6608] batman_adv: batadv0: Adding interface: batadv_slave_1
[  149.262209][ T6608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  149.289652][ T6608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  149.367778][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.374977][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  149.386419][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.394651][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.447306][ T6608] hsr_slave_0: entered promiscuous mode
[  149.454326][ T6608] hsr_slave_1: entered promiscuous mode
[  149.461222][ T6608] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  149.469409][ T6608] Cannot create hsr debugfs directory
[  149.486798][ T6467] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.686444][ T5852] Bluetooth: hci4: command tx timeout
[  150.014701][ T6467] veth0_vlan: entered promiscuous mode
[  150.142535][ T6467] veth1_vlan: entered promiscuous mode
[  150.285954][ T6467] veth0_macvtap: entered promiscuous mode
[  150.311308][ T6467] veth1_macvtap: entered promiscuous mode
[  150.607568][ T6467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.618407][ T6467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.631020][ T6467] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.678005][ T6486] 8021q: adding VLAN 0 to HW filter on device batadv0
[  150.729904][ T6467] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.758599][ T6467] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.769793][ T6467] batman_adv: batadv0: Interface activated: batadv_slave_1
[  150.800704][ T6467] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  150.813113][ T6467] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  150.829328][ T6467] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  150.840782][ T6467] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.958554][ T6608] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  150.978278][ T6608] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  151.011125][ T6486] veth0_vlan: entered promiscuous mode
[  151.042265][ T6608] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  151.058775][ T6608] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  151.124569][ T6486] veth1_vlan: entered promiscuous mode
[  151.241434][   T54] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.295424][   T54] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.356209][ T6486] veth0_macvtap: entered promiscuous mode
[  151.410199][ T6486] veth1_macvtap: entered promiscuous mode
[  151.439069][ T3004] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  151.470173][ T3004] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  151.530236][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.551220][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.562958][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  151.579487][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.620574][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_0
[  151.658526][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.686559][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.710309][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  151.734056][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  151.765142][ T5852] Bluetooth: hci4: command tx timeout
[  151.779670][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_1
[  151.800689][ T6718] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[6718]
[  151.834431][ T6486] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  151.864118][ T6486] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  151.894837][ T6486] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  151.919223][ T6486] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.947906][ T6608] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.270868][ T6608] 8021q: adding VLAN 0 to HW filter on device team0
[  152.366922][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.417468][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  152.429258][   T83] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.436483][   T83] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.486639][   T83] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.493812][   T83] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.542077][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  152.572861][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.031904][ T6608] 8021q: adding VLAN 0 to HW filter on device batadv0
[  153.142203][ T6608] veth0_vlan: entered promiscuous mode
[  153.202993][ T6608] veth1_vlan: entered promiscuous mode
[  153.285623][ T6608] veth0_macvtap: entered promiscuous mode
[  153.316841][ T6608] veth1_macvtap: entered promiscuous mode
[  153.344551][ T6608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  153.367958][ T6608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.393083][ T6762] syz.0.92 uses obsolete (PF_INET,SOCK_PACKET)
[  153.429347][ T6608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  153.484960][ T6608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.504910][ T6608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  153.525760][ T6608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.546260][ T6608] batman_adv: batadv0: Interface activated: batadv_slave_0
[  153.609033][ T6608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  153.640621][ T6608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.670941][ T6608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  153.682113][ T6608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.721475][ T6608] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  153.752189][ T6608] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  153.779120][ T6608] batman_adv: batadv0: Interface activated: batadv_slave_1
[  153.855930][ T5852] Bluetooth: hci4: command tx timeout
[  153.938804][ T6608] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  153.954985][ T6608] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  153.964154][ T6608] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  153.973743][ T6608] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.268680][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  154.303541][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  154.421612][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  154.445418][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  154.875167][ T6777] netlink: 8 bytes leftover after parsing attributes in process `syz.1.115'.
[  155.365428][ T6779] nvme_fabrics: missing parameter 'transport=%s'
[  155.372175][ T6779] nvme_fabrics: missing parameter 'nqn=%s'
[  155.452959][ T6787] random: crng reseeded on system resumption
[  155.716045][ T6768] mmap: syz.0.114 (6768) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  155.991068][ T6779] __vm_enough_memory: pid: 6779, comm: syz.2.106, bytes: 4503599627366400 not enough memory for the allocation
[  156.536390][   T83] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.650163][ T6797] Invalid ELF header magic: != ELF
[  156.872358][   T83] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  156.999174][   T83] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.117601][   T83] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.200351][ T6792] netlink: 4 bytes leftover after parsing attributes in process `syz.3.116'.
[  157.444352][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  157.473291][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  157.486546][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  157.504634][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  157.513122][ T5858] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  157.521938][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  157.690478][   T83] bridge_slave_1: left allmulticast mode
[  157.706663][   T83] bridge_slave_1: left promiscuous mode
[  157.731046][   T83] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.776795][   T83] bridge_slave_0: left allmulticast mode
[  157.802990][   T83] bridge_slave_0: left promiscuous mode
[  157.823018][   T83] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.976423][ T6830] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  159.285914][   T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  159.301361][   T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  159.338319][   T83] bond0 (unregistering): Released all slaves
[  159.477167][ T6833] FAULT_INJECTION: forcing a failure.
[  159.477167][ T6833] name failslab, interval 1, probability 0, space 0, times 0
[  159.493887][ T6833] CPU: 0 UID: 0 PID: 6833 Comm: syz.2.123 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  159.493931][ T6833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  159.493950][ T6833] Call Trace:
[  159.493960][ T6833]  <TASK>
[  159.493972][ T6833]  dump_stack_lvl+0x16c/0x1f0
[  159.494029][ T6833]  should_fail_ex+0x50a/0x650
[  159.494060][ T6833]  ? fs_reclaim_acquire+0xae/0x150
[  159.494118][ T6833]  should_failslab+0xc2/0x120
[  159.494151][ T6833]  __kmalloc_node_noprof+0xd1/0x510
[  159.494201][ T6833]  ? tracing_stop_tr+0xc8/0x270
[  159.494247][ T6833]  ? __rb_allocate_pages+0x4df/0xef0
[  159.494299][ T6833]  __rb_allocate_pages+0x4df/0xef0
[  159.494356][ T6833]  ring_buffer_resize+0xe52/0x18a0
[  159.494417][ T6833]  __tracing_resize_ring_buffer.part.0+0x52/0x1f0
[  159.494474][ T6833]  tracing_update_buffers+0x369/0x430
[  159.494521][ T6833]  ? __pfx_tracing_update_buffers+0x10/0x10
[  159.494580][ T6833]  event_pid_write.isra.0+0xfa/0x7a0
[  159.494627][ T6833]  ? __pfx_event_pid_write.isra.0+0x10/0x10
[  159.494685][ T6833]  ? __pfx_ftrace_event_pid_write+0x10/0x10
[  159.494730][ T6833]  vfs_write+0x24c/0x1150
[  159.494783][ T6833]  ? __fget_files+0x1fc/0x3a0
[  159.494831][ T6833]  ? __pfx___mutex_lock+0x10/0x10
[  159.494878][ T6833]  ? __pfx_vfs_write+0x10/0x10
[  159.494935][ T6833]  ? __fget_files+0x206/0x3a0
[  159.494996][ T6833]  ksys_write+0x12b/0x250
[  159.495039][ T6833]  ? __pfx_ksys_write+0x10/0x10
[  159.495108][ T6833]  do_syscall_64+0xcd/0x250
[  159.495161][ T6833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.495208][ T6833] RIP: 0033:0x7f083db8d169
[  159.495234][ T6833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.495265][ T6833] RSP: 002b:00007f083eaae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  159.495295][ T6833] RAX: ffffffffffffffda RBX: 00007f083dda5fa0 RCX: 00007f083db8d169
[  159.495318][ T6833] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003
[  159.495337][ T6833] RBP: 00007f083dc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  159.495356][ T6833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  159.495374][ T6833] R13: 0000000000000000 R14: 00007f083dda5fa0 R15: 00007ffdbea76c18
[  159.495417][ T6833]  </TASK>
[  159.745820][ T5852] Bluetooth: hci1: command tx timeout
[  160.493749][   T83] hsr_slave_0: left promiscuous mode
[  160.545479][   T83] hsr_slave_1: left promiscuous mode
[  160.555923][   T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  160.563487][   T83] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.609647][   T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  160.631993][   T83] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.706495][   T83] veth1_macvtap: left promiscuous mode
[  160.744490][   T83] veth0_macvtap: left promiscuous mode
[  160.760573][   T83] veth1_vlan: left promiscuous mode
[  160.776946][   T83] veth0_vlan: left promiscuous mode
[  161.764992][ T5858] Bluetooth: hci1: command tx timeout
[  162.193963][   T83] team0 (unregistering): Port device team_slave_1 removed
[  162.293636][ T6871] FAULT_INJECTION: forcing a failure.
[  162.293636][ T6871] name failslab, interval 1, probability 0, space 0, times 0
[  162.316264][ T6871] CPU: 1 UID: 0 PID: 6871 Comm: syz.2.128 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  162.316306][ T6871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  162.316325][ T6871] Call Trace:
[  162.316335][ T6871]  <TASK>
[  162.316347][ T6871]  dump_stack_lvl+0x16c/0x1f0
[  162.316402][ T6871]  should_fail_ex+0x50a/0x650
[  162.316431][ T6871]  ? fs_reclaim_acquire+0xae/0x150
[  162.316477][ T6871]  ? __pfx_stats_fop_open+0x10/0x10
[  162.316517][ T6871]  should_failslab+0xc2/0x120
[  162.316548][ T6871]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  162.316596][ T6871]  ? trace_kmalloc+0x2d/0xd0
[  162.316631][ T6871]  ? seq_open+0x55/0x170
[  162.316670][ T6871]  ? __pfx_stats_fop_open+0x10/0x10
[  162.316710][ T6871]  seq_open+0x55/0x170
[  162.316746][ T6871]  __seq_open_private+0x3e/0xd0
[  162.316786][ T6871]  sc_common_open+0x6b/0x200
[  162.316827][ T6871]  full_proxy_open_regular+0x1b6/0x360
[  162.316879][ T6871]  do_dentry_open+0x735/0x1c40
[  162.316927][ T6871]  ? __pfx_full_proxy_open_regular+0x10/0x10
[  162.316977][ T6871]  ? inode_permission+0xdd/0x5f0
[  162.317017][ T6871]  vfs_open+0x82/0x3f0
[  162.317047][ T6871]  ? may_open+0x1f2/0x400
[  162.317089][ T6871]  path_openat+0x1e88/0x2d80
[  162.317159][ T6871]  ? __pfx_path_openat+0x10/0x10
[  162.317208][ T6871]  ? __pfx___lock_acquire+0x10/0x10
[  162.317251][ T6871]  ? lock_acquire.part.0+0x11b/0x380
[  162.317297][ T6871]  ? find_held_lock+0x2d/0x110
[  162.317337][ T6871]  do_filp_open+0x20c/0x470
[  162.317385][ T6871]  ? __pfx_do_filp_open+0x10/0x10
[  162.317430][ T6871]  ? find_held_lock+0x2d/0x110
[  162.317491][ T6871]  ? alloc_fd+0x41f/0x760
[  162.317547][ T6871]  do_sys_openat2+0x17a/0x1e0
[  162.317582][ T6871]  ? __pfx_do_sys_openat2+0x10/0x10
[  162.317620][ T6871]  ? __pfx___might_resched+0x10/0x10
[  162.317680][ T6871]  __x64_sys_openat+0x175/0x210
[  162.317715][ T6871]  ? __pfx___x64_sys_openat+0x10/0x10
[  162.317767][ T6871]  do_syscall_64+0xcd/0x250
[  162.317818][ T6871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.317861][ T6871] RIP: 0033:0x7f083db8d169
[  162.317887][ T6871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.317918][ T6871] RSP: 002b:00007f083eaae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  162.317949][ T6871] RAX: ffffffffffffffda RBX: 00007f083dda5fa0 RCX: 00007f083db8d169
[  162.317970][ T6871] RDX: 0000000000181043 RSI: 0000400000000000 RDI: ffffffffffffff9c
[  162.317991][ T6871] RBP: 00007f083dc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  162.318011][ T6871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  162.318030][ T6871] R13: 0000000000000000 R14: 00007f083dda5fa0 R15: 00007ffdbea76c18
[  162.318069][ T6871]  </TASK>
[  162.884313][   T83] team0 (unregistering): Port device team_slave_0 removed
[  163.571085][   T30] audit: type=1326 audit(6036877436.262:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6874 comm="syz.0.129" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f012638d169 code=0x0
[  163.816436][ T6806] chnl_net:caif_netlink_parms(): no params data found
[  163.846487][ T5858] Bluetooth: hci1: command tx timeout
[  164.248765][ T6806] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.274967][ T6806] bridge0: port 1(bridge_slave_0) entered disabled state
[  164.305071][ T6806] bridge_slave_0: entered allmulticast mode
[  164.316306][ T6806] bridge_slave_0: entered promiscuous mode
[  164.339095][ T6806] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.361831][ T6806] bridge0: port 2(bridge_slave_1) entered disabled state
[  164.380324][ T6806] bridge_slave_1: entered allmulticast mode
[  164.401736][ T6806] bridge_slave_1: entered promiscuous mode
[  164.477198][ T6806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  164.517045][ T6806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  164.658394][ T6806] team0: Port device team_slave_0 added
[  164.693182][ T6806] team0: Port device team_slave_1 added
[  164.793094][ T6806] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.815032][ T6806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.856473][ T6897] FAULT_INJECTION: forcing a failure.
[  164.856473][ T6897] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  164.874890][ T6897] CPU: 1 UID: 0 PID: 6897 Comm: syz.3.131 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  164.874930][ T6897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  164.874948][ T6897] Call Trace:
[  164.874957][ T6897]  <TASK>
[  164.874969][ T6897]  dump_stack_lvl+0x16c/0x1f0
[  164.875022][ T6897]  should_fail_ex+0x50a/0x650
[  164.875052][ T6897]  ? __pfx___might_resched+0x10/0x10
[  164.875110][ T6897]  should_fail_alloc_page+0xe7/0x130
[  164.875146][ T6897]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  164.875199][ T6897]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  164.875255][ T6897]  ? __pfx_mark_lock+0x10/0x10
[  164.875303][ T6897]  ? hlock_class+0x4e/0x130
[  164.875336][ T6897]  ? mark_lock+0xb5/0xc60
[  164.875379][ T6897]  ? hlock_class+0x4e/0x130
[  164.875412][ T6897]  ? __lock_acquire+0x15a9/0x3c40
[  164.875459][ T6897]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  164.875513][ T6897]  ? hlock_class+0x4e/0x130
[  164.875568][ T6897]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  164.875623][ T6897]  ? policy_nodemask+0xea/0x4e0
[  164.875658][ T6897]  alloc_pages_mpol+0x1fc/0x540
[  164.875693][ T6897]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  164.875725][ T6897]  ? find_held_lock+0x2d/0x110
[  164.875767][ T6897]  folio_alloc_mpol_noprof+0x36/0x2f0
[  164.875808][ T6897]  shmem_alloc_folio+0x135/0x160
[  164.875871][ T6897]  shmem_alloc_and_add_folio+0x48e/0xc10
[  164.875915][ T6897]  ? shmem_huge_global_enabled+0x72/0x6b0
[  164.875951][ T6897]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  164.875994][ T6897]  ? shmem_allowable_huge_orders+0xd0/0x410
[  164.876043][ T6897]  shmem_get_folio_gfp+0x689/0x1530
[  164.876090][ T6897]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  164.876142][ T6897]  shmem_fault+0x200/0xae0
[  164.876180][ T6897]  ? hlock_class+0x4e/0x130
[  164.876214][ T6897]  ? __pfx_shmem_fault+0x10/0x10
[  164.876262][ T6897]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  164.876310][ T6897]  ? rcu_is_watching+0x12/0xc0
[  164.876348][ T6897]  ? __pfx_filemap_map_pages+0x10/0x10
[  164.876387][ T6897]  __do_fault+0x10a/0x490
[  164.876419][ T6897]  ? __pfx_filemap_map_pages+0x10/0x10
[  164.876451][ T6897]  do_pte_missing+0x1a8/0x3e10
[  164.876502][ T6897]  __handle_mm_fault+0x1166/0x2c60
[  164.876552][ T6897]  ? __pfx___handle_mm_fault+0x10/0x10
[  164.876592][ T6897]  ? follow_page_pte+0x3ac/0x1490
[  164.876630][ T6897]  ? __pfx_lock_release+0x10/0x10
[  164.876690][ T6897]  handle_mm_fault+0x3fa/0xaa0
[  164.876736][ T6897]  __get_user_pages+0x773/0x36f0
[  164.876786][ T6897]  ? __pfx___get_user_pages+0x10/0x10
[  164.876823][ T6897]  ? down_read_killable+0xcc/0x380
[  164.876855][ T6897]  ? __pfx_down_read_killable+0x10/0x10
[  164.876880][ T6897]  ? lock_acquire+0x2f/0xb0
[  164.876926][ T6897]  faultin_page_range+0x24a/0x980
[  164.876976][ T6897]  do_madvise+0x553/0x7c0
[  164.877010][ T6897]  ? __pfx_do_madvise+0x10/0x10
[  164.877040][ T6897]  ? __x64_sys_futex+0x1e1/0x4c0
[  164.877080][ T6897]  ? rcu_is_watching+0x12/0xc0
[  164.877113][ T6897]  __x64_sys_madvise+0xa9/0x110
[  164.877141][ T6897]  ? lockdep_hardirqs_on+0x7c/0x110
[  164.877179][ T6897]  do_syscall_64+0xcd/0x250
[  164.877221][ T6897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.877258][ T6897] RIP: 0033:0x7fb73198d169
[  164.877279][ T6897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.877305][ T6897] RSP: 002b:00007fb7327bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  164.877329][ T6897] RAX: ffffffffffffffda RBX: 00007fb731ba5fa0 RCX: 00007fb73198d169
[  164.877346][ T6897] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000
[  164.877363][ T6897] RBP: 00007fb731a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  164.877379][ T6897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  164.877395][ T6897] R13: 0000000000000000 R14: 00007fb731ba5fa0 R15: 00007fff10780b98
[  164.877427][ T6897]  </TASK>
[  164.894953][ T6806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  165.494204][ T6806] batman_adv: batadv0: Adding interface: batadv_slave_1
[  165.532043][ T6806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.589658][ T6806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  165.870198][ T6806] hsr_slave_0: entered promiscuous mode
[  165.886265][ T6806] hsr_slave_1: entered promiscuous mode
[  165.900621][ T6806] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  165.924940][ T5858] Bluetooth: hci1: command tx timeout
[  165.931470][ T6806] Cannot create hsr debugfs directory
[  166.681781][ T6930] netlink: 28 bytes leftover after parsing attributes in process `syz.0.136'.
[  167.475998][ T6927] Process accounting resumed
[  167.552159][ T6806] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  167.587823][ T6806] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  167.777318][ T6806] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  167.813538][ T6806] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  168.038565][ T6806] 8021q: adding VLAN 0 to HW filter on device bond0
[  168.080269][ T6806] 8021q: adding VLAN 0 to HW filter on device team0
[  168.159682][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.166930][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  168.212733][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.219994][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  168.636706][ T6970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.144'.
[  168.792957][ T6806] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.908456][ T6806] veth0_vlan: entered promiscuous mode
[  168.931925][ T6806] veth1_vlan: entered promiscuous mode
[  168.980965][ T6806] veth0_macvtap: entered promiscuous mode
[  168.999948][ T6806] veth1_macvtap: entered promiscuous mode
[  169.066956][ T6806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.084888][ T6806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.112025][ T6806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.161818][ T6806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.182064][ T6806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  169.203244][ T6806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.228119][ T6806] batman_adv: batadv0: Interface activated: batadv_slave_0
[  169.261689][ T6806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.293525][ T6806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.321221][ T6806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.340149][ T6806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.350532][ T6806] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  169.379114][ T6806] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  169.401017][ T6806] batman_adv: batadv0: Interface activated: batadv_slave_1
[  169.465087][ T6806] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  169.493677][ T6806] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  169.516134][ T6806] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  169.535700][ T6806] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  169.633084][ T6991] netlink: 28 bytes leftover after parsing attributes in process `syz.2.147'.
[  170.721776][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.805290][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.930422][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.952694][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  171.284518][ T7032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.152'.
[  171.377126][ T5858] Bluetooth: hci1: SCO packet too small
[  173.929957][ T7102] : Can't lookup blockdev
[  175.923962][   T30] audit: type=1800 audit(6036877448.612:6): pid=7132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.165" name="dummy_udc" dev="gadgetfs" ino=7238 res=0 errno=0
[  178.223259][ T7174] tc_dump_action: action bad kind
[  178.229478][ T7174] netlink: 342 bytes leftover after parsing attributes in process `syz.3.175'.
[  178.344954][ T7176] netlink: 28 bytes leftover after parsing attributes in process `syz.0.174'.
[  179.029781][ T7189] Invalid input. Must be >= 4608
[  179.038300][ T7183] FAULT_INJECTION: forcing a failure.
[  179.038300][ T7183] name failslab, interval 1, probability 0, space 0, times 0
[  179.062926][ T7183] CPU: 1 UID: 0 PID: 7183 Comm: syz.2.177 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  179.062968][ T7183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  179.062988][ T7183] Call Trace:
[  179.062996][ T7183]  <TASK>
[  179.063009][ T7183]  dump_stack_lvl+0x16c/0x1f0
[  179.063064][ T7183]  should_fail_ex+0x50a/0x650
[  179.063097][ T7183]  ? fs_reclaim_acquire+0xae/0x150
[  179.063142][ T7183]  ? snd_seq_oss_readq_new+0x99/0x2c0
[  179.063191][ T7183]  should_failslab+0xc2/0x120
[  179.063222][ T7183]  __kmalloc_noprof+0xcb/0x510
[  179.063282][ T7183]  snd_seq_oss_readq_new+0x99/0x2c0
[  179.063334][ T7183]  snd_seq_oss_open+0x54b/0xa20
[  179.063383][ T7183]  odev_open+0x6f/0x90
[  179.063417][ T7183]  ? __pfx_odev_open+0x10/0x10
[  179.063453][ T7183]  soundcore_open+0x409/0x580
[  179.063492][ T7183]  ? __pfx_soundcore_open+0x10/0x10
[  179.063528][ T7183]  chrdev_open+0x237/0x6a0
[  179.063668][ T7183]  ? __pfx_apparmor_file_open+0x10/0x10
[  179.063717][ T7183]  ? __pfx_chrdev_open+0x10/0x10
[  179.063772][ T7183]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  179.063826][ T7183]  do_dentry_open+0x735/0x1c40
[  179.063877][ T7183]  ? __pfx_chrdev_open+0x10/0x10
[  179.063933][ T7183]  ? inode_permission+0xdd/0x5f0
[  179.063974][ T7183]  vfs_open+0x82/0x3f0
[  179.064007][ T7183]  ? may_open+0x1f2/0x400
[  179.064049][ T7183]  path_openat+0x1e88/0x2d80
[  179.064113][ T7183]  ? __pfx_path_openat+0x10/0x10
[  179.064163][ T7183]  ? __pfx___lock_acquire+0x10/0x10
[  179.064210][ T7183]  ? lock_acquire.part.0+0x11b/0x380
[  179.064259][ T7183]  ? find_held_lock+0x2d/0x110
[  179.064301][ T7183]  do_filp_open+0x20c/0x470
[  179.064348][ T7183]  ? __pfx_do_filp_open+0x10/0x10
[  179.064394][ T7183]  ? find_held_lock+0x2d/0x110
[  179.064457][ T7183]  ? alloc_fd+0x41f/0x760
[  179.064516][ T7183]  do_sys_openat2+0x17a/0x1e0
[  179.064551][ T7183]  ? __pfx_do_sys_openat2+0x10/0x10
[  179.064603][ T7183]  ? do_raw_spin_unlock+0x172/0x230
[  179.064646][ T7183]  __x64_sys_openat+0x175/0x210
[  179.064684][ T7183]  ? __pfx___x64_sys_openat+0x10/0x10
[  179.064740][ T7183]  do_syscall_64+0xcd/0x250
[  179.064798][ T7183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.064842][ T7183] RIP: 0033:0x7f083db8d169
[  179.064867][ T7183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.064897][ T7183] RSP: 002b:00007f083eaae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  179.064928][ T7183] RAX: ffffffffffffffda RBX: 00007f083dda5fa0 RCX: 00007f083db8d169
[  179.064949][ T7183] RDX: 0000000000000080 RSI: 0000400000000500 RDI: ffffffffffffff9c
[  179.064969][ T7183] RBP: 00007f083dc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  179.064989][ T7183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.065008][ T7183] R13: 0000000000000000 R14: 00007f083dda5fa0 R15: 00007ffdbea76c18
[  179.065048][ T7183]  </TASK>
[  179.349260][    C1] vkms_vblank_simulate: vblank timer overrun
[  181.380339][ T7224] netlink: set zone limit has 8 unknown bytes
[  182.228375][ T7245] netlink: 8 bytes leftover after parsing attributes in process `syz.1.191'.
[  183.948044][ T7261] netlink: 8 bytes leftover after parsing attributes in process `syz.3.194'.
[  184.758086][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.009919][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.075483][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  185.091790][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  185.100232][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  185.102834][ T7282] random: crng reseeded on system resumption
[  185.118159][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  185.131880][ T5852] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  185.142459][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  185.202851][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.416858][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.815921][   T36] bridge_slave_1: left allmulticast mode
[  185.822321][   T36] bridge_slave_1: left promiscuous mode
[  185.835466][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.873578][   T36] bridge_slave_0: left allmulticast mode
[  185.890126][   T36] bridge_slave_0: left promiscuous mode
[  185.912101][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.554642][ T7282] netlink: 'syz.0.200': attribute type 1 has an invalid length.
[  187.206669][ T5852] Bluetooth: hci1: command tx timeout
[  187.252407][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  187.287263][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.322822][   T36] bond0 (unregistering): Released all slaves
[  187.985984][ T7278] chnl_net:caif_netlink_parms(): no params data found
[  188.024372][   T36] hsr_slave_0: left promiscuous mode
[  188.044932][   T36] hsr_slave_1: left promiscuous mode
[  188.051061][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  188.062532][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  188.092228][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  188.104893][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  188.166000][   T36] veth1_macvtap: left promiscuous mode
[  188.183003][   T36] veth0_macvtap: left promiscuous mode
[  188.200559][   T36] veth1_vlan: left promiscuous mode
[  188.207475][   T36] veth0_vlan: left promiscuous mode
[  189.287143][ T5852] Bluetooth: hci1: command tx timeout
[  189.359430][   T36] team0 (unregistering): Port device team_slave_1 removed
[  189.404008][   T36] team0 (unregistering): Port device team_slave_0 removed
[  190.088752][ T7278] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.124209][ T7278] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.135075][ T7278] bridge_slave_0: entered allmulticast mode
[  190.152004][ T7278] bridge_slave_0: entered promiscuous mode
[  190.195330][ T7355] busy
[  190.208610][ T7278] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.225186][ T7278] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.233045][ T7278] bridge_slave_1: entered allmulticast mode
[  190.244495][ T7278] bridge_slave_1: entered promiscuous mode
[  190.383529][ T7359] netlink: 8 bytes leftover after parsing attributes in process `syz.3.209'.
[  190.429752][ T7278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  190.472612][ T7278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  190.692895][ T7278] team0: Port device team_slave_0 added
[  190.761169][ T7278] team0: Port device team_slave_1 added
[  190.927178][ T7278] batman_adv: batadv0: Adding interface: batadv_slave_0
[  190.965625][ T7278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.124986][ T7278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  191.170816][ T7278] batman_adv: batadv0: Adding interface: batadv_slave_1
[  191.194983][ T7278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  191.245679][ T7385] netlink: 'syz.0.214': attribute type 4 has an invalid length.
[  191.254883][ T7278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  191.369897][ T5852] Bluetooth: hci1: command tx timeout
[  192.053416][ T7278] hsr_slave_0: entered promiscuous mode
[  192.108387][ T7278] hsr_slave_1: entered promiscuous mode
[  192.148087][ T7278] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  192.156340][ T7278] Cannot create hsr debugfs directory
[  193.135349][ T7391] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  193.167469][ T7391] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  193.318698][ T7391] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  193.356663][ T7391] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  193.365887][ T7391] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  193.442176][ T7391] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  193.445108][ T5852] Bluetooth: hci1: command tx timeout
[  193.521537][ T7391] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  193.569313][ T7391] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  193.614609][ T7391] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  193.668672][ T7391] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  193.706347][ T7391] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  193.764064][ T7391] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  194.238528][ T7450] netlink: 8 bytes leftover after parsing attributes in process `syz.0.224'.
[  194.248520][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout
[  194.917848][ T7278] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  194.977471][ T7278] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  195.051074][ T7278] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  195.105479][ T7278] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  195.365036][ T5852] Bluetooth: hci2: command 0x0c1a tx timeout
[  195.403495][ T7278] 8021q: adding VLAN 0 to HW filter on device bond0
[  195.442574][ T7278] 8021q: adding VLAN 0 to HW filter on device team0
[  195.535246][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout
[  195.620317][ T3004] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.627524][ T3004] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.684956][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout
[  195.748226][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.755419][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  195.970552][ T7278] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  196.325552][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout
[  196.697456][ T7492] FAULT_INJECTION: forcing a failure.
[  196.697456][ T7492] name failslab, interval 1, probability 0, space 0, times 0
[  196.794395][ T7492] CPU: 0 UID: 0 PID: 7492 Comm: syz.2.231 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  196.794439][ T7492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  196.794457][ T7492] Call Trace:
[  196.794466][ T7492]  <TASK>
[  196.794478][ T7492]  dump_stack_lvl+0x16c/0x1f0
[  196.794531][ T7492]  should_fail_ex+0x50a/0x650
[  196.794559][ T7492]  ? __pfx_lock_release+0x10/0x10
[  196.794609][ T7492]  should_failslab+0xc2/0x120
[  196.794641][ T7492]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  196.794692][ T7492]  ? zswap_store+0x84e/0x2690
[  196.794744][ T7492]  zswap_store+0x84e/0x2690
[  196.794784][ T7492]  ? find_held_lock+0x2d/0x110
[  196.794825][ T7492]  ? __pfx_zswap_store+0x10/0x10
[  196.794862][ T7492]  ? do_raw_spin_lock+0x12d/0x2c0
[  196.794891][ T7492]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  196.794920][ T7492]  ? lock_acquire+0x2f/0xb0
[  196.794958][ T7492]  ? folio_free_swap+0x112/0x570
[  196.794989][ T7492]  ? do_raw_spin_unlock+0x172/0x230
[  196.795017][ T7492]  ? swp_swap_info+0xcf/0x130
[  196.795172][ T7492]  ? __pfx_swp_swap_info+0x10/0x10
[  196.795214][ T7492]  swap_writepage+0x3b6/0x1120
[  196.795253][ T7492]  ? folio_clear_dirty_for_io+0x112/0x800
[  196.795311][ T7492]  pageout+0x3b2/0xaa0
[  196.795342][ T7492]  ? __pfx_pageout+0x10/0x10
[  196.795416][ T7492]  ? __pfx_try_to_unmap_one+0x10/0x10
[  196.795462][ T7492]  ? __pfx_folio_not_mapped+0x10/0x10
[  196.795505][ T7492]  ? __pfx_folio_lock_anon_vma_read+0x10/0x10
[  196.795558][ T7492]  ? folio_mark_dirty+0xd8/0x150
[  196.795609][ T7492]  shrink_folio_list+0x2f7f/0x40c0
[  196.795656][ T7492]  ? __pfx_shrink_folio_list+0x10/0x10
[  196.795689][ T7492]  ? hlock_class+0x4e/0x130
[  196.795722][ T7492]  ? __lock_acquire+0xc20/0x3c40
[  196.795772][ T7492]  ? hlock_class+0x4e/0x130
[  196.795804][ T7492]  ? __lock_acquire+0xcc5/0x3c40
[  196.795850][ T7492]  ? hlock_class+0x4e/0x130
[  196.795887][ T7492]  ? hlock_class+0x4e/0x130
[  196.795919][ T7492]  ? mark_lock+0xb5/0xc60
[  196.795964][ T7492]  ? hlock_class+0x4e/0x130
[  196.795997][ T7492]  ? mark_lock+0xb5/0xc60
[  196.796081][ T7492]  ? hlock_class+0x4e/0x130
[  196.796114][ T7492]  ? __lock_acquire+0x15a9/0x3c40
[  196.796163][ T7492]  reclaim_folio_list+0xd8/0x5e0
[  196.796203][ T7492]  ? __pfx_reclaim_folio_list+0x10/0x10
[  196.796235][ T7492]  ? hlock_class+0x4e/0x130
[  196.796267][ T7492]  ? mark_lock+0xb5/0xc60
[  196.796325][ T7492]  ? find_held_lock+0x2d/0x110
[  196.796364][ T7492]  ? folio_isolate_lru+0x577/0x8e0
[  196.796398][ T7492]  ? find_held_lock+0x2d/0x110
[  196.796430][ T7492]  ? find_held_lock+0x2d/0x110
[  196.796468][ T7492]  reclaim_pages+0x481/0x650
[  196.796508][ T7492]  ? __pfx_reclaim_pages+0x10/0x10
[  196.796556][ T7492]  madvise_cold_or_pageout_pte_range+0x13ae/0x20d0
[  196.796612][ T7492]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  196.796656][ T7492]  ? find_held_lock+0x2d/0x110
[  196.796700][ T7492]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[  196.796740][ T7492]  walk_pgd_range+0xc7b/0x1a70
[  196.796785][ T7492]  ? mt_find+0x4c8/0xa20
[  196.796844][ T7492]  ? __pfx_walk_pgd_range+0x10/0x10
[  196.796890][ T7492]  __walk_page_range+0x161/0x820
[  196.796927][ T7492]  ? find_vma+0xc0/0x140
[  196.796964][ T7492]  ? __pfx_find_vma+0x10/0x10
[  196.797007][ T7492]  ? walk_page_test+0x9b/0x180
[  196.797053][ T7492]  walk_page_range_mm+0x55a/0x940
[  196.797094][ T7492]  ? __pfx_walk_page_range_mm+0x10/0x10
[  196.797127][ T7492]  ? mlock_drain_local+0x22d/0x4f0
[  196.797168][ T7492]  ? lock_acquire+0x2f/0xb0
[  196.797210][ T7492]  ? mlock_drain_local+0x6f/0x4f0
[  196.797244][ T7492]  walk_page_range+0x63/0x90
[  196.797280][ T7492]  madvise_pageout+0x326/0x820
[  196.797315][ T7492]  ? find_held_lock+0x2d/0x110
[  196.797349][ T7492]  ? __pfx_madvise_pageout+0x10/0x10
[  196.797383][ T7492]  ? mt_find+0x82d/0xa20
[  196.797458][ T7492]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  196.797515][ T7492]  madvise_vma_behavior+0x452/0x1de0
[  196.797556][ T7492]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  196.797595][ T7492]  ? find_vma_prev+0xdb/0x160
[  196.797647][ T7492]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  196.797681][ T7492]  ? find_vma+0xc0/0x140
[  196.797719][ T7492]  ? __pfx_find_vma+0x10/0x10
[  196.797771][ T7492]  ? __pfx_rwsem_read_trylock+0x10/0x10
[  196.797822][ T7492]  ? do_madvise+0x2b3/0x7c0
[  196.797862][ T7492]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  196.797895][ T7492]  madvise_walk_vmas+0x1cf/0x2c0
[  196.797932][ T7492]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  196.797977][ T7492]  do_madvise+0x366/0x7c0
[  196.798012][ T7492]  ? cap_task_prctl+0x2af/0xa80
[  196.798053][ T7492]  ? __pfx_do_madvise+0x10/0x10
[  196.798090][ T7492]  ? __x64_sys_futex+0x1e1/0x4c0
[  196.798136][ T7492]  ? arch_syscall_is_vdso_sigreturn+0xb6/0x230
[  196.798180][ T7492]  ? syscall_user_dispatch+0x7a/0x130
[  196.798238][ T7492]  __x64_sys_madvise+0xa9/0x110
[  196.798276][ T7492]  do_syscall_64+0xcd/0x250
[  196.798328][ T7492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.798374][ T7492] RIP: 0033:0x7f083db8d169
[  196.798399][ T7492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.798429][ T7492] RSP: 002b:00007f083eaae038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  196.798458][ T7492] RAX: ffffffffffffffda RBX: 00007f083dda5fa0 RCX: 00007f083db8d169
[  196.798478][ T7492] RDX: 0000000000000015 RSI: ffffffffffff0001 RDI: 0000000000000000
[  196.798498][ T7492] RBP: 00007f083dc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  196.798517][ T7492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  196.798535][ T7492] R13: 0000000000000000 R14: 00007f083dda5fa0 R15: 00007ffdbea76c18
[  196.798575][ T7492]  </TASK>
[  197.479260][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  197.604895][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout
[  197.692082][ T7278] 8021q: adding VLAN 0 to HW filter on device batadv0
[  197.766339][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout
[  197.995218][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.187921][ T7278] veth0_vlan: entered promiscuous mode
[  198.323096][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.405283][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout
[  198.487307][ T7278] veth1_vlan: entered promiscuous mode
[  198.684409][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  198.853536][ T7536] netlink: 'syz.3.235': attribute type 32 has an invalid length.
[  198.895024][ T7536] netlink: 'syz.3.235': attribute type 33 has an invalid length.
[  198.902839][ T7536] netlink: 'syz.3.235': attribute type 35 has an invalid length.
[  198.950917][ T7536] netlink: 'syz.3.235': attribute type 37 has an invalid length.
[  198.970855][ T7536] netlink: 'syz.3.235': attribute type 39 has an invalid length.
[  198.995672][ T7536] netlink: 'syz.3.235': attribute type 40 has an invalid length.
[  199.015018][ T7536] netlink: 'syz.3.235': attribute type 41 has an invalid length.
[  199.022903][ T7536] netlink: 'syz.3.235': attribute type 44 has an invalid length.
[  199.034991][ T7536] netlink: 'syz.3.235': attribute type 46 has an invalid length.
[  199.070838][ T7536] netlink: 'syz.3.235': attribute type 47 has an invalid length.
[  199.079168][ T7536] netlink: 2 bytes leftover after parsing attributes in process `syz.3.235'.
[  199.103451][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  199.113625][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  199.122817][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  199.132037][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  199.140401][ T5858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  199.148425][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  199.287574][ T7278] veth0_macvtap: entered promiscuous mode
[  199.364730][ T7278] veth1_macvtap: entered promiscuous mode
[  199.642495][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.667512][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.689509][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.700461][ T5852] Bluetooth: hci4: command 0x0c1a tx timeout
[  199.707440][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  199.713790][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  199.722336][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.733135][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  199.743849][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.756532][ T7278] batman_adv: batadv0: Interface activated: batadv_slave_0
[  199.774270][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.785092][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.795412][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.806073][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.816210][ T7278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  199.826972][ T7278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  199.838599][ T7278] batman_adv: batadv0: Interface activated: batadv_slave_1
[  199.847945][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout
[  199.893823][   T13] bridge_slave_1: left allmulticast mode
[  199.906405][   T13] bridge_slave_1: left promiscuous mode
[  199.927853][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.950202][   T13] bridge_slave_0: left allmulticast mode
[  199.969971][   T13] bridge_slave_0: left promiscuous mode
[  199.985487][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.655866][ T7569] FAULT_INJECTION: forcing a failure.
[  200.655866][ T7569] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  200.684984][ T7569] CPU: 0 UID: 0 PID: 7569 Comm: syz.3.237 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  200.685029][ T7569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  200.685047][ T7569] Call Trace:
[  200.685057][ T7569]  <TASK>
[  200.685070][ T7569]  dump_stack_lvl+0x16c/0x1f0
[  200.685125][ T7569]  should_fail_ex+0x50a/0x650
[  200.685161][ T7569]  _copy_from_user+0x2e/0xd0
[  200.685199][ T7569]  kvm_dev_ioctl_get_cpuid+0x43c/0x6f0
[  200.685232][ T7569]  ? trace_lock_acquire+0x14e/0x1f0
[  200.685275][ T7569]  ? __pfx_kvm_dev_ioctl_get_cpuid+0x10/0x10
[  200.685308][ T7569]  ? __might_fault+0xe3/0x190
[  200.685343][ T7569]  ? __might_fault+0xe3/0x190
[  200.685386][ T7569]  kvm_arch_dev_ioctl+0x40e/0x730
[  200.685417][ T7569]  ? __pfx_kvm_arch_dev_ioctl+0x10/0x10
[  200.685450][ T7569]  ? do_vfs_ioctl+0x513/0x1990
[  200.685499][ T7569]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  200.685542][ T7569]  ? kmem_cache_free+0x2e2/0x4d0
[  200.685596][ T7569]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  200.685650][ T7569]  kvm_dev_ioctl+0x781/0x1a90
[  200.685704][ T7569]  ? __pfx_lock_release+0x10/0x10
[  200.685750][ T7569]  ? trace_lock_acquire+0x14e/0x1f0
[  200.685793][ T7569]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  200.685849][ T7569]  ? __fget_files+0x206/0x3a0
[  200.685902][ T7569]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[  200.685956][ T7569]  __x64_sys_ioctl+0x190/0x200
[  200.686000][ T7569]  do_syscall_64+0xcd/0x250
[  200.686051][ T7569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.686096][ T7569] RIP: 0033:0x7fb73198d169
[  200.686121][ T7569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.686151][ T7569] RSP: 002b:00007fb7327bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.686181][ T7569] RAX: ffffffffffffffda RBX: 00007fb731ba5fa0 RCX: 00007fb73198d169
[  200.686202][ T7569] RDX: 0000000000000000 RSI: 00000000c008ae09 RDI: 0000000000000006
[  200.686220][ T7569] RBP: 00007fb731a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  200.686238][ T7569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.686256][ T7569] R13: 0000000000000000 R14: 00007fb731ba5fa0 R15: 00007fff10780b98
[  200.686294][ T7569]  </TASK>
[  201.208848][ T5852] Bluetooth: hci2: command tx timeout
[  201.411517][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  201.471736][ T7588] busy
[  201.478086][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  201.493225][   T13] bond0 (unregistering): Released all slaves
[  201.549997][ T7278] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  201.583277][ T7278] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  201.593773][ T7278] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  201.630090][ T7278] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  201.639363][ T7590] netlink: 8 bytes leftover after parsing attributes in process `syz.3.239'.
[  202.579480][   T13] hsr_slave_0: left promiscuous mode
[  202.592207][   T13] hsr_slave_1: left promiscuous mode
[  202.615636][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  202.630616][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  202.646990][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  202.654474][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.687972][   T13] veth1_macvtap: left promiscuous mode
[  202.693701][   T13] veth0_macvtap: left promiscuous mode
[  202.713855][   T13] veth1_vlan: left promiscuous mode
[  202.719664][   T13] veth0_vlan: left promiscuous mode
[  202.788264][ T7610] FAULT_INJECTION: forcing a failure.
[  202.788264][ T7610] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  202.836374][ T7610] CPU: 1 UID: 0 PID: 7610 Comm: syz.2.240 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  202.836419][ T7610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  202.836436][ T7610] Call Trace:
[  202.836446][ T7610]  <TASK>
[  202.836457][ T7610]  dump_stack_lvl+0x16c/0x1f0
[  202.836525][ T7610]  should_fail_ex+0x50a/0x650
[  202.836553][ T7610]  ? __pfx___might_resched+0x10/0x10
[  202.836611][ T7610]  should_fail_alloc_page+0xe7/0x130
[  202.836645][ T7610]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  202.836698][ T7610]  __alloc_frozen_pages_noprof+0x18e/0x2470
[  202.836753][ T7610]  ? save_trace+0x53/0xb60
[  202.836795][ T7610]  ? add_lock_to_list+0x17d/0x390
[  202.836838][ T7610]  ? hlock_class+0x4e/0x130
[  202.836871][ T7610]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  202.836942][ T7610]  ? __pfx___lock_acquire+0x10/0x10
[  202.836990][ T7610]  ? add_lock_to_list+0x17d/0x390
[  202.837027][ T7610]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  202.837082][ T7610]  ? policy_nodemask+0xea/0x4e0
[  202.837116][ T7610]  alloc_pages_mpol+0x1fc/0x540
[  202.837149][ T7610]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  202.837178][ T7610]  ? __page_table_check_ptes_set+0x16b/0x3e0
[  202.837255][ T7610]  ? do_raw_spin_lock+0x12d/0x2c0
[  202.837287][ T7610]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  202.837323][ T7610]  alloc_pages_noprof+0x131/0x390
[  202.837355][ T7610]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  202.837401][ T7610]  get_free_pages_noprof+0xc/0x40
[  202.837437][ T7610]  kasan_populate_vmalloc_pte+0x2d/0x160
[  202.837483][ T7610]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  202.837531][ T7610]  __apply_to_page_range+0x5fd/0xd30
[  202.837581][ T7610]  ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10
[  202.837636][ T7610]  ? __pfx___apply_to_page_range+0x10/0x10
[  202.837684][ T7610]  ? insert_vmap_area+0x2ef/0x4d0
[  202.837728][ T7610]  alloc_vmap_area+0x93e/0x2a60
[  202.837785][ T7610]  ? __pfx_alloc_vmap_area+0x10/0x10
[  202.837836][ T7610]  __get_vm_area_node+0x19e/0x2f0
[  202.837886][ T7610]  vmap+0x15a/0x350
[  202.837925][ T7610]  ? relay_open_buf.part.0+0x446/0xb90
[  202.837970][ T7610]  ? __pfx_vmap+0x10/0x10
[  202.838023][ T7610]  relay_open_buf.part.0+0x446/0xb90
[  202.838082][ T7610]  relay_open+0x653/0xad0
[  202.838125][ T7610]  ? debugfs_create_file_full+0x41/0x60
[  202.838163][ T7610]  do_blk_trace_setup+0x503/0xb50
[  202.838213][ T7610]  blk_trace_setup+0xee/0x1b0
[  202.838312][ T7610]  ? __pfx_blk_trace_setup+0x10/0x10
[  202.838348][ T7610]  ? __pfx_snprintf+0x10/0x10
[  202.838413][ T7610]  blk_trace_ioctl+0x147/0x280
[  202.838451][ T7610]  ? __pfx_blk_trace_ioctl+0x10/0x10
[  202.838492][ T7610]  ? trace_lock_acquire+0x14e/0x1f0
[  202.838528][ T7610]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  202.838583][ T7610]  blkdev_ioctl+0x109/0x6d0
[  202.838617][ T7610]  ? __pfx_blkdev_ioctl+0x10/0x10
[  202.838647][ T7610]  ? __fget_files+0x206/0x3a0
[  202.838700][ T7610]  ? __pfx_blkdev_ioctl+0x10/0x10
[  202.838736][ T7610]  __x64_sys_ioctl+0x190/0x200
[  202.838780][ T7610]  do_syscall_64+0xcd/0x250
[  202.838831][ T7610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.838876][ T7610] RIP: 0033:0x7f083db8d169
[  202.838901][ T7610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.838932][ T7610] RSP: 002b:00007f083eaae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.838962][ T7610] RAX: ffffffffffffffda RBX: 00007f083dda5fa0 RCX: 00007f083db8d169
[  202.838982][ T7610] RDX: 0000400000000180 RSI: 00000000c0481273 RDI: 0000000000000006
[  202.839002][ T7610] RBP: 00007f083dc0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  202.839021][ T7610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  202.839040][ T7610] R13: 0000000000000000 R14: 00007f083dda5fa0 R15: 00007ffdbea76c18
[  202.839080][ T7610]  </TASK>
[  203.284901][ T5852] Bluetooth: hci2: command tx timeout
[  203.395748][ T7610] netlink: 28 bytes leftover after parsing attributes in process `syz.2.240'.
[  203.856504][   T13] team0 (unregistering): Port device team_slave_1 removed
[  203.951412][   T13] team0 (unregistering): Port device team_slave_0 removed
[  204.908303][ T7610] ipvlan1: entered promiscuous mode
[  204.948912][ T7545] chnl_net:caif_netlink_parms(): no params data found
[  205.006912][   T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.023191][   T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.365892][ T5852] Bluetooth: hci2: command tx timeout
[  205.382497][ T7545] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.405434][ T7545] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.437247][ T7545] bridge_slave_0: entered allmulticast mode
[  205.467177][ T7545] bridge_slave_0: entered promiscuous mode
[  205.523432][ T7545] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.525016][ T3536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.544960][ T7545] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.564875][ T3536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.565116][ T7545] bridge_slave_1: entered allmulticast mode
[  205.602435][ T7545] bridge_slave_1: entered promiscuous mode
[  205.773999][ T7545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  205.833642][ T7545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.029913][ T7545] team0: Port device team_slave_0 added
[  206.062551][ T7545] team0: Port device team_slave_1 added
[  206.224340][ T7545] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.243048][ T7545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.339561][ T7545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.387428][ T7545] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.394453][ T7545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.474887][ T7545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.676532][ T7545] hsr_slave_0: entered promiscuous mode
[  206.683088][ T7545] hsr_slave_1: entered promiscuous mode
[  206.718221][ T7545] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  206.766780][ T7545] Cannot create hsr debugfs directory
[  207.456353][ T5852] Bluetooth: hci2: command tx timeout
[  208.565164][ T7545] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  208.670380][ T7545] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  208.812815][ T7545] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  209.023815][ T7545] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  209.345157][ T7545] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.445095][ T7694] netlink: 8 bytes leftover after parsing attributes in process `syz.1.252'.
[  209.635067][   T30] audit: type=1800 audit(4294967329.290:7): pid=7693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.251" name="dummy_udc" dev="gadgetfs" ino=7238 res=0 errno=0
[  209.713522][ T7545] 8021q: adding VLAN 0 to HW filter on device team0
[  210.480680][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.487941][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  210.524379][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.531671][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.787972][ T7545] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.938045][ T7545] veth0_vlan: entered promiscuous mode
[  211.980990][ T7545] veth1_vlan: entered promiscuous mode
[  212.367258][ T7545] veth0_macvtap: entered promiscuous mode
[  212.387777][ T7545] veth1_macvtap: entered promiscuous mode
[  212.584272][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.690445][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.722026][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.745275][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.784847][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.814827][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.844904][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.872657][ T7545] batman_adv: batadv0: Interface activated: batadv_slave_0
[  213.045780][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.103743][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.154853][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.185838][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.234832][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.244729][ T7545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.266628][ T7545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.267901][ T7545] batman_adv: batadv0: Interface activated: batadv_slave_1
[  213.361437][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.436471][ T7545] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  213.475091][ T7545] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  213.483919][ T7545] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  213.524927][ T7545] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  213.649942][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  213.661704][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  213.672831][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  213.683896][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  213.694409][ T5858] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  213.701959][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  213.806635][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.263861][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  214.280438][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  214.329400][   T13] bridge_slave_1: left allmulticast mode
[  214.336869][   T13] bridge_slave_1: left promiscuous mode
[  214.345000][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.428991][   T13] bridge_slave_0: left allmulticast mode
[  214.434804][   T13] bridge_slave_0: left promiscuous mode
[  214.440668][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.667483][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  215.689912][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  215.709538][   T13] bond0 (unregistering): Released all slaves
[  215.765112][ T5852] Bluetooth: hci1: command tx timeout
[  215.798705][ T3536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.893306][ T3536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.266266][ T7749] chnl_net:caif_netlink_parms(): no params data found
[  217.845504][ T5852] Bluetooth: hci1: command tx timeout
[  217.936598][   T13] hsr_slave_0: left promiscuous mode
[  217.949762][   T13] hsr_slave_1: left promiscuous mode
[  217.973633][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  217.985132][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.996698][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  218.004183][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  218.054387][   T13] veth1_macvtap: left promiscuous mode
[  218.079115][   T13] veth0_macvtap: left promiscuous mode
[  218.088214][   T13] veth1_vlan: left promiscuous mode
[  218.093611][   T13] veth0_vlan: left promiscuous mode
[  218.847131][   T13] team0 (unregistering): Port device team_slave_1 removed
[  218.894281][   T13] team0 (unregistering): Port device team_slave_0 removed
[  219.348504][ T7807] netlink: 334 bytes leftover after parsing attributes in process `syz.3.264'.
[  219.370933][ T7749] bridge0: port 1(bridge_slave_0) entered blocking state
[  219.378910][ T7749] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.386393][ T7749] bridge_slave_0: entered allmulticast mode
[  219.401685][ T7749] bridge_slave_0: entered promiscuous mode
[  219.417676][ T7749] bridge0: port 2(bridge_slave_1) entered blocking state
[  219.425618][ T7749] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.432838][ T7749] bridge_slave_1: entered allmulticast mode
[  219.439923][ T7749] bridge_slave_1: entered promiscuous mode
[  219.523979][ T7749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  219.566487][ T7749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  219.730224][ T7749] team0: Port device team_slave_0 added
[  219.741256][ T7749] team0: Port device team_slave_1 added
[  219.841274][ T7749] batman_adv: batadv0: Adding interface: batadv_slave_0
[  219.851705][ T7749] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.883176][ T7749] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  219.915551][ T7749] batman_adv: batadv0: Adding interface: batadv_slave_1
[  219.922572][ T7749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  219.957055][ T5852] Bluetooth: hci1: command tx timeout
[  219.963527][ T7749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  220.052756][ T7749] hsr_slave_0: entered promiscuous mode
[  220.061497][ T7749] hsr_slave_1: entered promiscuous mode
[  220.068365][ T7749] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  220.077318][ T7749] Cannot create hsr debugfs directory
[  221.898159][ T7749] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  221.948343][ T7749] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  222.005027][ T5852] Bluetooth: hci1: command tx timeout
[  222.245106][ T7749] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  222.361960][ T7749] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  222.953062][ T7749] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.046730][ T7749] 8021q: adding VLAN 0 to HW filter on device team0
[  223.083654][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.090884][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.143212][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.150474][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.913041][ T7749] 8021q: adding VLAN 0 to HW filter on device batadv0
[  224.078696][ T7749] veth0_vlan: entered promiscuous mode
[  224.168310][ T7749] veth1_vlan: entered promiscuous mode
[  224.355748][ T7749] veth0_macvtap: entered promiscuous mode
[  224.401867][ T7749] veth1_macvtap: entered promiscuous mode
[  224.486540][ T7749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.504874][ T7749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.535031][ T7749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.574952][ T7749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.614895][ T7749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.645423][ T7749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.680911][ T7749] batman_adv: batadv0: Interface activated: batadv_slave_0
[  224.748292][ T7749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  224.788785][ T7749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.826790][ T7749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  224.866957][ T7749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.898685][ T7749] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  224.930268][ T7749] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.961890][ T7749] batman_adv: batadv0: Interface activated: batadv_slave_1
[  225.025763][ T7749] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  225.034644][ T7749] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  225.085060][ T7749] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  225.093875][ T7749] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.428697][ T3004] bridge_slave_1: left allmulticast mode
[  225.445231][ T3004] bridge_slave_1: left promiscuous mode
[  225.451072][ T3004] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.492902][ T3004] bridge_slave_0: left allmulticast mode
[  225.511941][ T3004] bridge_slave_0: left promiscuous mode
[  225.530713][ T3004] bridge0: port 1(bridge_slave_0) entered disabled state
[  226.470235][ T3004] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  226.487853][ T3004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  226.504164][ T3004] bond0 (unregistering): Released all slaves
[  226.558212][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.591392][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.649973][ T3004] ovs_ÿÃ: left promiscuous mode
[  226.780359][ T3536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.796023][ T3536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.133494][ T7976] netlink: 12 bytes leftover after parsing attributes in process `syz.1.256'.
[  227.416757][ T3004] hsr_slave_0: left promiscuous mode
[  227.440505][ T3004] hsr_slave_1: left promiscuous mode
[  227.457679][ T3004] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  227.495442][ T3004] batman_adv: batadv0: Removing interface: batadv_slave_0
[  227.552349][ T3004] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  227.577187][ T7980] Invalid ELF header magic: != ELF
[  227.580494][ T3004] batman_adv: batadv0: Removing interface: batadv_slave_1
[  227.651242][ T3004] veth1_macvtap: left promiscuous mode
[  227.671611][ T3004] veth0_macvtap: left promiscuous mode
[  227.687794][ T3004] veth1_vlan: left promiscuous mode
[  227.693205][ T3004] veth0_vlan: left promiscuous mode
[  228.643831][ T7970] syz.3.280 (7970) used greatest stack depth: 20800 bytes left
[  229.057242][ T3004] team0 (unregistering): Port device team_slave_1 removed
[  229.115429][ T3004] team0 (unregistering): Port device team_slave_0 removed
[  230.918126][ T1148] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.070526][ T1148] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.435929][ T1148] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.729784][ T1148] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.059646][ T1148] bridge_slave_1: left allmulticast mode
[  232.065871][ T1148] bridge_slave_1: left promiscuous mode
[  232.071670][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.117581][ T1148] bridge_slave_0: left allmulticast mode
[  232.124425][ T1148] bridge_slave_0: left promiscuous mode
[  232.130367][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.397410][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  232.422584][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  232.432106][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  232.449347][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  232.457381][ T5858] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  232.465464][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  233.021564][ T8025] Invalid ELF header magic: != ELF
[  233.258073][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  233.276475][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  233.292016][ T1148] bond0 (unregistering): Released all slaves
[  234.338206][ T1148] hsr_slave_0: left promiscuous mode
[  234.394254][ T1148] hsr_slave_1: left promiscuous mode
[  234.406752][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  234.414226][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0
[  234.475783][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  234.483273][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_1
[  234.530002][ T1148] veth1_macvtap: left promiscuous mode
[  234.556679][ T1148] veth0_macvtap: left promiscuous mode
[  234.562620][ T1148] veth1_vlan: left promiscuous mode
[  234.568256][ T5858] Bluetooth: hci4: command tx timeout
[  234.584978][ T1148] veth0_vlan: left promiscuous mode
[  235.875450][ T1148] team0 (unregistering): Port device team_slave_1 removed
[  235.927083][ T1148] team0 (unregistering): Port device team_slave_0 removed
[  236.319905][ T8014] chnl_net:caif_netlink_parms(): no params data found
[  236.377495][ T8061] netlink: 334 bytes leftover after parsing attributes in process `syz.0.297'.
[  236.611296][ T8014] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.636985][ T8014] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.644403][ T8014] bridge_slave_0: entered allmulticast mode
[  236.650529][ T5858] Bluetooth: hci4: command tx timeout
[  236.664248][ T8014] bridge_slave_0: entered promiscuous mode
[  236.694464][ T8014] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.704465][ T8014] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.711860][ T8014] bridge_slave_1: entered allmulticast mode
[  236.721849][ T8014] bridge_slave_1: entered promiscuous mode

syzkaller
syzkaller login: [  236.819787][ T8014] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.848443][ T8014] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.912133][ T8014] team0: Port device team_slave_0 added
[  237.016804][ T8014] team0: Port device team_slave_1 added
[  237.096870][ T8014] batman_adv: batadv0: Adding interface: batadv_slave_0
[  237.110078][ T8014] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.139550][ T8014] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  237.193800][ T8014] batman_adv: batadv0: Adding interface: batadv_slave_1
[  237.221519][ T8014] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.324942][ T8014] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  237.589527][ T8014] hsr_slave_0: entered promiscuous mode
[  237.649910][ T8014] hsr_slave_1: entered promiscuous mode
[  237.656396][ T8014] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  237.664090][ T8014] Cannot create hsr debugfs directory
[  238.726538][ T5858] Bluetooth: hci4: command tx timeout
[  240.471314][ T8014] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  240.537348][ T8014] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  240.702695][ T8014] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  240.779311][ T8014] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  240.805122][ T5858] Bluetooth: hci4: command tx timeout
[  240.931251][ T8014] 8021q: adding VLAN 0 to HW filter on device bond0
[  240.977816][ T8014] 8021q: adding VLAN 0 to HW filter on device team0
[  241.021861][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.029106][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  241.081068][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.088309][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  241.704239][ T8014] 8021q: adding VLAN 0 to HW filter on device batadv0
[  241.712811][   T30] audit: type=1800 audit(4294967361.370:8): pid=8125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.305" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0
[  241.990952][ T8014] veth0_vlan: entered promiscuous mode
[  242.012888][ T8014] veth1_vlan: entered promiscuous mode
[  242.044225][ T8014] veth0_macvtap: entered promiscuous mode
[  242.055036][ T8014] veth1_macvtap: entered promiscuous mode
[  242.075199][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  242.087120][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.097823][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  242.109557][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.121713][ T8014] batman_adv: batadv0: Interface activated: batadv_slave_0
[  242.181176][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.215384][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.255579][ T8014] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  242.285005][ T8014] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  242.313650][ T8014] batman_adv: batadv0: Interface activated: batadv_slave_1
[  242.366910][ T8014] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  242.407796][ T8014] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  242.429146][ T8014] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  242.449866][ T8014] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0

syzkaller
syzkaller login: [  243.178388][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.198862][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.286333][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.294258][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.649990][ T8198] busy
[  244.730474][ T8229] busy
[  245.498526][ T8243] program syz.0.316 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  246.625102][ T8259] netlink: 342 bytes leftover after parsing attributes in process `syz.1.318'.
[  249.719754][ T8348] program syz.3.326 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  250.059422][ T8361] busy

syzkaller
syzkaller login: [  252.552531][ T8407] usb usb32: usbfs: process 8407 (syz.1.337) did not claim interface 0 before use
[  253.756525][ T8428] mkiss: ax0: crc mode is auto.
[  253.963717][ T8425] Invalid ELF header magic: != ELF
[  254.129453][ T8433] FAULT_INJECTION: forcing a failure.
[  254.129453][ T8433] name failslab, interval 1, probability 0, space 0, times 0
[  254.177001][ T8433] CPU: 0 UID: 0 PID: 8433 Comm: syz.1.342 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  254.177055][ T8433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  254.177089][ T8433] Call Trace:
[  254.177100][ T8433]  <TASK>
[  254.177112][ T8433]  dump_stack_lvl+0x16c/0x1f0
[  254.177169][ T8433]  should_fail_ex+0x50a/0x650
[  254.177201][ T8433]  ? fs_reclaim_acquire+0xae/0x150
[  254.177249][ T8433]  should_failslab+0xc2/0x120
[  254.177282][ T8433]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  254.177334][ T8433]  ? alloc_empty_file+0x73/0x1e0
[  254.177375][ T8433]  alloc_empty_file+0x73/0x1e0
[  254.177413][ T8433]  alloc_file_pseudo+0x13b/0x230
[  254.177451][ T8433]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  254.177489][ T8433]  ? shmem_get_inode+0x73a/0xf00
[  254.177547][ T8433]  __shmem_file_setup+0x210/0x300
[  254.177586][ T8433]  shmem_zero_setup+0x93/0x1b0
[  254.177630][ T8433]  __mmap_region+0x2021/0x2760
[  254.177666][ T8433]  ? __pfx___mmap_region+0x10/0x10
[  254.177717][ T8433]  ? hlock_class+0x4e/0x130
[  254.177752][ T8433]  ? mark_lock+0xb5/0xc60
[  254.177811][ T8433]  ? schedule+0x298/0x350
[  254.177904][ T8433]  ? cap_capable+0xb3/0x250
[  254.177947][ T8433]  mmap_region+0x1ab/0x3f0
[  254.177986][ T8433]  do_mmap+0xd8d/0x11b0
[  254.178045][ T8433]  ? __pfx_do_mmap+0x10/0x10
[  254.178090][ T8433]  ? __pfx_down_write_killable+0x10/0x10
[  254.178131][ T8433]  vm_mmap_pgoff+0x203/0x3a0
[  254.178187][ T8433]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  254.178240][ T8433]  ? __x64_sys_futex+0x1e1/0x4c0
[  254.178280][ T8433]  ? __x64_sys_futex+0x1ea/0x4c0
[  254.178326][ T8433]  ksys_mmap_pgoff+0x7d/0x5c0
[  254.178369][ T8433]  ? rcu_is_watching+0x12/0xc0
[  254.178408][ T8433]  __x64_sys_mmap+0x125/0x190
[  254.178462][ T8433]  do_syscall_64+0xcd/0x250
[  254.178513][ T8433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.178560][ T8433] RIP: 0033:0x7f10aa58d169
[  254.178586][ T8433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.178617][ T8433] RSP: 002b:00007f10ab31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  254.178649][ T8433] RAX: ffffffffffffffda RBX: 00007f10aa7a5fa0 RCX: 00007f10aa58d169
[  254.178670][ T8433] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000
[  254.178691][ T8433] RBP: 00007f10aa60e2a0 R08: fffffffffffffffa R09: 0000000000008000
[  254.178713][ T8433] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000
[  254.178733][ T8433] R13: 0000000000000000 R14: 00007f10aa7a5fa0 R15: 00007ffd66843938
[  254.178775][ T8433]  </TASK>
[  254.297539][ T8437] dlm: non-version read from control device 85
[  255.251745][ T8447] usb usb32: usbfs: process 8447 (syz.3.348) did not claim interface 0 before use
[  256.845760][ T8477] netlink: 146 bytes leftover after parsing attributes in process `syz.1.353'.
[  257.646724][ T8491] ==================================================================
[  257.654850][ T8491] BUG: KASAN: slab-use-after-free in force_devcd_write+0x317/0x330
[  257.662781][ T8491] Read of size 8 at addr ffff888027f87000 by task syz.1.354/8491
[  257.670513][ T8491] 
[  257.672846][ T8491] CPU: 1 UID: 0 PID: 8491 Comm: syz.1.354 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  257.672877][ T8491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  257.672893][ T8491] Call Trace:
[  257.672902][ T8491]  <TASK>
[  257.672912][ T8491]  dump_stack_lvl+0x116/0x1f0
[  257.672952][ T8491]  print_report+0xc3/0x670
[  257.672976][ T8491]  ? __virt_addr_valid+0x5e/0x590
[  257.673002][ T8491]  ? __phys_addr+0xc6/0x150
[  257.673029][ T8491]  kasan_report+0xd9/0x110
[  257.673052][ T8491]  ? force_devcd_write+0x317/0x330
[  257.673088][ T8491]  ? force_devcd_write+0x317/0x330
[  257.673127][ T8491]  force_devcd_write+0x317/0x330
[  257.673163][ T8491]  ? __pfx_force_devcd_write+0x10/0x10
[  257.673199][ T8491]  ? __debugfs_file_get+0x1ff/0x850
[  257.673235][ T8491]  ? __pfx___debugfs_file_get+0x10/0x10
[  257.673270][ T8491]  ? rcu_is_watching+0x12/0xc0
[  257.673297][ T8491]  ? trace_lock_acquire+0x14e/0x1f0
[  257.673329][ T8491]  full_proxy_write+0x13c/0x200
[  257.673365][ T8491]  ? __pfx_full_proxy_write+0x10/0x10
[  257.673399][ T8491]  vfs_write+0x24c/0x1150
[  257.673436][ T8491]  ? __fget_files+0x1fc/0x3a0
[  257.673480][ T8491]  ? __pfx___mutex_lock+0x10/0x10
[  257.673519][ T8491]  ? __pfx_vfs_write+0x10/0x10
[  257.673559][ T8491]  ? __fget_files+0x206/0x3a0
[  257.673601][ T8491]  ksys_write+0x12b/0x250
[  257.673637][ T8491]  ? __pfx_ksys_write+0x10/0x10
[  257.673678][ T8491]  do_syscall_64+0xcd/0x250
[  257.673719][ T8491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.673758][ T8491] RIP: 0033:0x7f10aa58d169
[  257.673777][ T8491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.673804][ T8491] RSP: 002b:00007f10ab2fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  257.673828][ T8491] RAX: ffffffffffffffda RBX: 00007f10aa7a6080 RCX: 00007f10aa58d169
[  257.673845][ T8491] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000007
[  257.673861][ T8491] RBP: 00007f10aa60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  257.673877][ T8491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  257.673893][ T8491] R13: 0000000000000000 R14: 00007f10aa7a6080 R15: 00007ffd66843938
[  257.673916][ T8491]  </TASK>
[  257.673925][ T8491] 
[  257.895953][ T8491] Allocated by task 8453:
[  257.900296][ T8491]  kasan_save_stack+0x33/0x60
[  257.905007][ T8491]  kasan_save_track+0x14/0x30
[  257.909820][ T8491]  __kasan_kmalloc+0xaa/0xb0
[  257.914451][ T8491]  afs_alloc_call+0x51/0x640
[  257.919071][ T8491]  afs_charge_preallocation+0xff/0x330
[  257.924546][ T8491]  afs_open_socket+0x2b3/0x380
[  257.929329][ T8491]  afs_net_init+0x95d/0xc60
[  257.933867][ T8491]  ops_init+0x1df/0x5f0
[  257.938042][ T8491]  setup_net+0x21f/0x860
[  257.942302][ T8491]  copy_net_ns+0x2a6/0x5f0
[  257.946740][ T8491]  create_new_namespaces+0x3ea/0xad0
[  257.952059][ T8491]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  257.957727][ T8491]  ksys_unshare+0x45d/0xa40
[  257.962245][ T8491]  __x64_sys_unshare+0x31/0x40
[  257.967037][ T8491]  do_syscall_64+0xcd/0x250
[  257.971570][ T8491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.977493][ T8491] 
[  257.979823][ T8491] Freed by task 12:
[  257.983636][ T8491]  kasan_save_stack+0x33/0x60
[  257.988354][ T8491]  kasan_save_track+0x14/0x30
[  257.993070][ T8491]  kasan_save_free_info+0x3b/0x60
[  257.998124][ T8491]  __kasan_slab_free+0x51/0x70
[  258.002955][ T8491]  kfree+0x2c4/0x4d0
[  258.006886][ T8491]  afs_free_call+0x303/0x440
[  258.011525][ T8491]  afs_put_call+0x188/0x1e0
[  258.016047][ T8491]  rxrpc_discard_prealloc+0x67b/0x930
[  258.021447][ T8491]  rxrpc_listen+0x117/0x330
[  258.025976][ T8491]  afs_close_socket+0x97/0x340
[  258.030752][ T8491]  afs_net_exit+0x93/0x130
[  258.035192][ T8491]  ops_exit_list+0xb0/0x180
[  258.039713][ T8491]  cleanup_net+0x5c6/0xb30
[  258.044150][ T8491]  process_one_work+0x9c5/0x1ba0
[  258.049118][ T8491]  worker_thread+0x6c8/0xf00
[  258.053735][ T8491]  kthread+0x3af/0x750
[  258.057835][ T8491]  ret_from_fork+0x45/0x80
[  258.062372][ T8491]  ret_from_fork_asm+0x1a/0x30
[  258.067159][ T8491] 
[  258.069492][ T8491] The buggy address belongs to the object at ffff888027f87000
[  258.069492][ T8491]  which belongs to the cache kmalloc-1k of size 1024
[  258.083557][ T8491] The buggy address is located 0 bytes inside of
[  258.083557][ T8491]  freed 1024-byte region [ffff888027f87000, ffff888027f87400)
[  258.097283][ T8491] 
[  258.099611][ T8491] The buggy address belongs to the physical page:
[  258.106039][ T8491] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27f80
[  258.114820][ T8491] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  258.123427][ T8491] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  258.130993][ T8491] page_type: f5(slab)
[  258.135002][ T8491] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  258.143710][ T8491] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  258.152330][ T8491] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122
[  258.161062][ T8491] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  258.169760][ T8491] head: 00fff00000000003 ffffea00009fe001 ffffffffffffffff 0000000000000000
[  258.178466][ T8491] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  258.187151][ T8491] page dumped because: kasan: bad access detected
[  258.193585][ T8491] page_owner tracks the page as allocated
[  258.199322][ T8491] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 13, tgid 13 (kworker/u8:1), ts 15024104552, free_ts 0
[  258.217692][ T8491]  post_alloc_hook+0x181/0x1b0
[  258.222496][ T8491]  get_page_from_freelist+0xfce/0x2f80
[  258.227988][ T8491]  __alloc_frozen_pages_noprof+0x221/0x2470
[  258.233916][ T8491]  new_slab+0x94/0x330
[  258.238012][ T8491]  ___slab_alloc+0xc5d/0x1720
[  258.242713][ T8491]  __slab_alloc.constprop.0+0x56/0xb0
[  258.248111][ T8491]  __kmalloc_cache_node_noprof+0x101/0x420
[  258.253948][ T8491]  blk_mq_alloc_and_init_hctx+0x639/0x11b0
[  258.259794][ T8491]  blk_mq_realloc_hw_ctxs+0x8e0/0xbe0
[  258.265202][ T8491]  blk_mq_init_allocated_queue+0x39e/0x11f0
[  258.271120][ T8491]  blk_mq_alloc_queue+0x1c3/0x290
[  258.276176][ T8491]  scsi_alloc_sdev+0x890/0xd80
[  258.280958][ T8491]  scsi_probe_and_add_lun+0x789/0xda0
[  258.286346][ T8491]  __scsi_scan_target+0x1ea/0x580
[  258.291388][ T8491]  scsi_scan_channel+0x149/0x1e0
[  258.296345][ T8491]  scsi_scan_host_selected+0x302/0x400
[  258.301825][ T8491] page_owner free stack trace missing
[  258.307201][ T8491] 
[  258.309530][ T8491] Memory state around the buggy address:
[  258.315172][ T8491]  ffff888027f86f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  258.323246][ T8491]  ffff888027f86f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  258.331339][ T8491] >ffff888027f87000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  258.339421][ T8491]                    ^
[  258.343502][ T8491]  ffff888027f87080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  258.351581][ T8491]  ffff888027f87100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  258.359664][ T8491] ==================================================================
[  258.411215][ T8491] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  258.418481][ T8491] CPU: 0 UID: 0 PID: 8491 Comm: syz.1.354 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0
[  258.429120][ T8491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  258.439221][ T8491] Call Trace:
[  258.442541][ T8491]  <TASK>
[  258.445510][ T8491]  dump_stack_lvl+0x3d/0x1f0
[  258.450166][ T8491]  panic+0x71d/0x800
[  258.454117][ T8491]  ? __pfx_panic+0x10/0x10
[  258.458591][ T8491]  ? preempt_schedule_thunk+0x1a/0x30
[  258.464024][ T8491]  ? preempt_schedule_common+0x44/0xc0
[  258.469539][ T8491]  ? check_panic_on_warn+0x1f/0xb0
[  258.474700][ T8491]  check_panic_on_warn+0xab/0xb0
[  258.479683][ T8491]  end_report+0x117/0x180
[  258.484053][ T8491]  kasan_report+0xe9/0x110
[  258.488517][ T8491]  ? force_devcd_write+0x317/0x330
[  258.493686][ T8491]  ? force_devcd_write+0x317/0x330
[  258.498862][ T8491]  force_devcd_write+0x317/0x330
[  258.503864][ T8491]  ? __pfx_force_devcd_write+0x10/0x10
[  258.509389][ T8491]  ? __debugfs_file_get+0x1ff/0x850
[  258.514652][ T8491]  ? __pfx___debugfs_file_get+0x10/0x10
[  258.520245][ T8491]  ? rcu_is_watching+0x12/0xc0
[  258.525039][ T8491]  ? trace_lock_acquire+0x14e/0x1f0
[  258.530297][ T8491]  full_proxy_write+0x13c/0x200
[  258.535209][ T8491]  ? __pfx_full_proxy_write+0x10/0x10
[  258.540622][ T8491]  vfs_write+0x24c/0x1150
[  258.545181][ T8491]  ? __fget_files+0x1fc/0x3a0
[  258.549924][ T8491]  ? __pfx___mutex_lock+0x10/0x10
[  258.555010][ T8491]  ? __pfx_vfs_write+0x10/0x10
[  258.559826][ T8491]  ? __fget_files+0x206/0x3a0
[  258.564565][ T8491]  ksys_write+0x12b/0x250
[  258.568971][ T8491]  ? __pfx_ksys_write+0x10/0x10
[  258.573870][ T8491]  do_syscall_64+0xcd/0x250
[  258.578420][ T8491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  258.584351][ T8491] RIP: 0033:0x7f10aa58d169
[  258.588785][ T8491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  258.608416][ T8491] RSP: 002b:00007f10ab2fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  258.616855][ T8491] RAX: ffffffffffffffda RBX: 00007f10aa7a6080 RCX: 00007f10aa58d169
[  258.624840][ T8491] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000007
[  258.632824][ T8491] RBP: 00007f10aa60e2a0 R08: 0000000000000000 R09: 0000000000000000
[  258.640809][ T8491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  258.648792][ T8491] R13: 0000000000000000 R14: 00007f10aa7a6080 R15: 00007ffd66843938
[  258.656823][ T8491]  </TASK>
[  258.660121][ T8491] Kernel Offset: disabled
[  258.664464][ T8491] Rebooting in 86400 seconds..