last executing test programs: 8m42.532640382s ago: executing program 0 (id=179): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) socket$nl_generic(0x11, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0xa, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1b000000", @ANYBLOB='_'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 8m42.215504573s ago: executing program 0 (id=183): mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) ioctl$auto(0x3, 0x5411, 0x38) 8m42.040374163s ago: executing program 0 (id=185): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x121040, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/rose6/statistics/tx_window_errors\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x7) r1 = openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker_raw\x00', 0xc05, 0x0) write$auto_tracing_mark_raw_fops_trace(r1, 0x0, 0x10) close_range$auto(0x2, 0x8, 0x0) 8m41.5097288s ago: executing program 0 (id=191): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) socket(0x2, 0x6, 0x0) sysfs$auto(0x2, 0x0, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r0, 0x0) epoll_wait$auto(0x5, 0x0, 0x2, 0xfffffffd) 8m41.228484655s ago: executing program 0 (id=195): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 8m40.982204087s ago: executing program 0 (id=199): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) 8m25.717453921s ago: executing program 32 (id=199): open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x801, 0x84) socket(0x2, 0x1, 0x0) socket(0x1, 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) 4m7.761631554s ago: executing program 1 (id=2030): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, 0x0, 0x6f4) bpf$auto(0x2, 0x0, 0xf) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x3, 0x4, 0x4000000000dc, 0x40eb2, 0xa1c, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x53, 0x9) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) 4m5.38756448s ago: executing program 1 (id=2038): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0x6) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x6) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x8000000000007}, 0x9) 4m4.545122544s ago: executing program 1 (id=2042): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x23, 0x2, 0x0) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x1e, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x1) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x8, 0x5, 0x8) 4m3.664960468s ago: executing program 1 (id=2053): close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x2, 0x0) socket(0x22, 0x2, 0x2) sendto$auto(0x4, 0x0, 0xff, 0x6, 0x0, 0xe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1, 0x0) pread64$auto(r0, 0x0, 0x200001fb, 0x0) mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(0x3, &(0x7f0000000180)={@sival_int=0x3781, @inferred, 0x1}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/node/node1/compact\x00', 0x101800, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') acct$auto(0x0) 4m3.332118424s ago: executing program 1 (id=2046): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x1, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0xfffffffffffffe01, 0x2, 0x0, 0x3dc3, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x5, 0x7, 0xffffffffffffffff, 0x8, 0xcab, 0x6, 0x0, 0x4, 0x7}, 0x1000) select$auto(0x3, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x9, 0x9, 0x3, 0x6, 0x2, 0x9, 0x5e58296f, 0x4000000000000000, 0x9, 0x3, 0x200, 0x8, 0x6]}, 0x0, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x24004141) sendmmsg$auto(0x3, &(0x7f0000000040)={{0x0, 0x2, &(0x7f0000000080)={0x0, 0x1}, 0x10a, 0x0, 0x0, 0x3ff}, 0xed7138c}, 0x200, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1100000012"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x0) 4m2.843919681s ago: executing program 1 (id=2048): openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x121c01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x100000a, 0x1, 0x401bf, 0x7352, 0x40, 0x65f, 0x1ffde, 0x7, 0x3, 0x4, 0x9, 0x3, 0x5, 0x8, 0x3000, 0x9, 0x6, 0x10002, 0x80, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84, [0x0, 0x0, 0x0, 0x100, 0x0, 0x6, 0xfffffffffffffffd, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x1, 0x4, 0x7, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x200000000000, 0x0, 0xffffffffefffffff, 0x3, 0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x400000000005b8, 0xc, 0x4000000000, 0x8, 0x4, 0x6, 0x6, 0x890, 0x800000000000a, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0x4, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x8, 0x0, 0x100000]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x8}]}, 0x1c}}, 0x44000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder1\x00', 0x100, 0x0) 3m47.802927004s ago: executing program 33 (id=2048): openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, 0x0, 0x121c01, 0x0) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, &(0x7f0000000180)={0x100000a, 0x1, 0x401bf, 0x7352, 0x40, 0x65f, 0x1ffde, 0x7, 0x3, 0x4, 0x9, 0x3, 0x5, 0x8, 0x3000, 0x9, 0x6, 0x10002, 0x80, 0x4, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84, [0x0, 0x0, 0x0, 0x100, 0x0, 0x6, 0xfffffffffffffffd, 0xa, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x1, 0x4, 0x7, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x200000000000, 0x0, 0xffffffffefffffff, 0x3, 0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x400000000005b8, 0xc, 0x4000000000, 0x8, 0x4, 0x6, 0x6, 0x890, 0x800000000000a, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0x4, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x8, 0x0, 0x100000]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x8}]}, 0x1c}}, 0x44000) r2 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binderfs/binder1\x00', 0x100, 0x0) 2m36.570690469s ago: executing program 4 (id=2391): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4020009, 0x9f, 0xeb1, 0x401, 0x8000) get_robust_list$auto(0x0, 0x0, 0x0) r0 = socket(0xa, 0x5, 0x0) setsockopt$auto(r0, 0x10000000084, 0x4, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/irq/4/smp_affinity\x00', 0x141401, 0x0) write$auto(0x3, 0x0, 0x4000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x600004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$auto_RNDADDENTROPY2(0xffffffffffffffff, 0x40085203, 0x0) close_range$auto(0x2, 0x8, 0x0) 2m35.622806835s ago: executing program 4 (id=2395): r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socket(0x2, 0x3, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) open(0x0, 0x1a1043, 0x2a) read$auto(0x3, 0x0, 0x80) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@can, 0x6a) 2m34.239101417s ago: executing program 4 (id=2400): socket(0x10, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) open(0x0, 0x2a4c0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(0x0, 0x149443, 0x0) socket(0x1e, 0x5, 0x0) socket(0x10, 0x2, 0xc) pipe$auto(0x0) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0xb, 0x0, 0x0) 2m33.506674933s ago: executing program 4 (id=2403): mmap$auto(0x0, 0x40000c, 0xdf, 0x9b72, 0x2, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) close_range$auto(0x0, 0x5, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x1, 0x1, 0x10, 0x0, 0x3) writev$auto(0x1, 0x0, 0x1) sendmsg$auto_VDPA_CMD_DEV_CONFIG_GET(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x20004815) bind$auto(0x3, &(0x7f0000000000), 0x68) sendmsg$auto_WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x4008850}, 0x22048044) socket(0x2, 0x1, 0x0) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) io_setup$auto(0x8001, 0x0) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0xc76, 0x8000) madvise$auto(0x0, 0x6, 0xe) 2m32.199294603s ago: executing program 4 (id=2408): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6nA6\x1a\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\xcf\x00'/236, 0x4, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) sendmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r2, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) 2m31.392805573s ago: executing program 4 (id=2411): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4, 0x0) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0xcf2a, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x0, 0x4, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x20) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) mq_notify$auto(0x5cf5, &(0x7f00000006c0)={@sival_ptr=0x0, @inferred, 0x2, @_sigev_thread={0x0, 0x0}}) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x5, 0x0) getsockopt$auto(r1, 0x84, 0x2, 0x0, 0x0) keyctl$auto(0x1e, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) 2m16.139089135s ago: executing program 34 (id=2411): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4, 0x0) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0xcf2a, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x0, 0x4, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x20) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r0) mq_notify$auto(0x5cf5, &(0x7f00000006c0)={@sival_ptr=0x0, @inferred, 0x2, @_sigev_thread={0x0, 0x0}}) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x5, 0x0) getsockopt$auto(r1, 0x84, 0x2, 0x0, 0x0) keyctl$auto(0x1e, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) 1m39.167793383s ago: executing program 3 (id=2586): bind$auto(0x3, 0x0, 0x6b) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) setsockopt$auto(0xffffffffffffffff, 0x4, 0x8001, 0x0, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x2, 0x1) socket(0x2, 0x801, 0x106) socket(0x26, 0x80805, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x145) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x1e}, 0x3) ioctl$auto(0x1, 0x890c, 0x8) unshare$auto(0x40000080) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) unshare$auto(0x40000080) 1m38.089395404s ago: executing program 3 (id=2589): mmap$auto(0xfffffffffffffffd, 0x4, 0x4000000020df, 0x40eb2, 0x402, 0x300000000000) r0 = socket(0x1d, 0x3, 0x1) getsockname$auto(r0, 0x0, 0x0) connect$auto(r0, &(0x7f0000000000)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7}, 0x7f) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000011c0)='./cgroup.cpu/hugetlb.1GB.rsvd.failcnt\x00', 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000140)=""/123, 0x7b) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r3, 0x921064a7, 0x20000a) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptywa\x00', 0x400, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000100), 0x2240c0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000180)=""/128, 0x80) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) read$auto(r1, 0x0, 0x20) 1m37.068479306s ago: executing program 3 (id=2593): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0), 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto(0x4000000000000c8, 0x800454d3, 0x3) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) write$auto(0xc8, 0x0, 0x40f6) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) fsopen$auto(0x0, 0x3) socketpair$auto(0xf, 0x7fff, 0x4, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) readv$auto(0x0, 0x0, 0x7ff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) read$auto(0x4, 0x0, 0xfdef) 1m36.251908429s ago: executing program 3 (id=2594): mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) shutdown$auto(0x200000003, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22241, 0x155) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x6c, 0x697c}, 0xed71390}, 0x9a6, 0x0) io_uring_setup$auto(0x7, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, &(0x7f0000000040)='\x00', 0xdb01) sendmsg$auto_HWSIM_CMD_TX_INFO_FRAME(r1, 0x0, 0x800) 1m35.960559947s ago: executing program 3 (id=2598): r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6nA6\x1a\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\xcf\x00'/236, 0x4, 0x0) mmap$auto(0x0, 0x1000, 0xe2, 0x9b72, 0x7, 0x28000) mount_setattr$auto(0x5, 0x0, 0x8000, &(0x7f0000000640)={0x0, 0x4, 0x100000}, 0x283) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r2, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) 1m35.453262764s ago: executing program 3 (id=2600): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(0x0, 0x261c2, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, r1, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x6}, 0xc) 1m20.02253435s ago: executing program 35 (id=2600): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(0x0, 0x261c2, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, r1, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x6}, 0xc) 58.572794398s ago: executing program 2 (id=2755): setsockopt$auto(0x3, 0x6, 0x19, 0x0, 0xfb3) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x300, @loopback}, 0x55) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(r0, 0x0, 0x240c0081) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mprotect$auto(0x1ffff000, 0x7fffffff, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0001, 0x17) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) 57.048109728s ago: executing program 2 (id=2758): r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000003fc0)='/dev/bus/usb/017/001\x00', 0xa300, 0x0) io_uring_setup$auto(0x6, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) madvise$auto(0x0, 0x5, 0x15) r1 = bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0xffffffffffffffff, 0x5}) r4 = syz_genetlink_get_family_id$auto_ncsi(&(0x7f00000001c0), r3) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="04002abd7000ffdbdf250500000008000100", @ANYRES32=0x0, @ANYBLOB="b7addaa806597a5138b386c109c265b2aff90b351a026af6abad38a19a031ce5866b878a3bee971fa11faa2acfa26c080ba7419a3443f703e96e12dbeededc443c4649cabf0a65d724a5f832f7ea2782336e2c48f0149979863f1b61d74a5de2c50962e5853ca405b216c610f18038c0e7d6dfbf"], 0x1c}, 0x1, 0x0, 0x0, 0x80d5}, 0x805) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syzkaller1\x00'}) openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, 0x0, 0x20843, 0x0) r5 = syz_clone(0x2020000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NCSI_CMD_CLEAR_INTERFACE(r1, 0x0, 0x4000800) process_vm_readv$auto(r5, &(0x7f0000000100)={0x0, 0x1}, 0x3, 0x0, 0x1, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) futex$auto(&(0x7f0000000080)=0xc8ac, 0xc, 0x1, 0x0, 0x0, 0xc8ac) read$auto_proc_pid_maps_operations_internal(r0, &(0x7f00000010c0)=""/4096, 0x1000) 56.239113668s ago: executing program 2 (id=2761): bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) r0 = socket(0x10, 0x2, 0x4) r1 = socket(0xa, 0x801, 0x84) listen$auto(r1, 0x3) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) 56.033637296s ago: executing program 2 (id=2765): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@HWSIM_ATTR_REG_HINT_ALPHA2={0x5, 0xb, '.'}]}, 0x1c}}, 0x4044820) open(0x0, 0x201c2, 0x10e) socket(0xa, 0x1, 0x1) bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400004, 0xdf, 0x9b7f, 0x59be, 0x8000) socket(0x15, 0x5, 0x0) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x6, 0xfffffffb) pselect6$auto(0xffffffff, &(0x7f00000000c0)={[0x2, 0xfff, 0x6, 0xbda3, 0x0, 0x9, 0x5, 0xc7, 0x5, 0x400, 0x7, 0x3, 0x2, 0x7ffffffd, 0x87d9, 0xa]}, &(0x7f0000000180)={[0x182, 0x9bbb, 0x0, 0x3, 0x58, 0xb5, 0x8, 0x400, 0x6, 0x4, 0x7ff, 0xa5, 0x2, 0x7de1, 0xed1b, 0x8c5]}, &(0x7f0000000200)={[0x8001, 0x0, 0x36d8, 0x39, 0x0, 0x7ff, 0x8, 0x7fffffff, 0x6, 0xe51d, 0x401, 0xffff, 0x2, 0x39d9eb, 0x8, 0x9]}, &(0x7f0000000280)={0xa}, 0x0) mknod$auto(0x0, 0xc9, 0xc7) shmget$auto(0x8, 0x10563, 0x568d1af2) socket(0xa, 0x3, 0xff) setsockopt$auto(0x400000000000003, 0x29, 0x16, 0x0, 0x20056b) io_uring_setup$auto(0x5, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 55.472831269s ago: executing program 2 (id=2766): madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) ioperm$auto(0x7, 0x6, 0x2) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) readahead$auto(r0, 0x10000000e, 0x0) syz_clone3(&(0x7f0000000200)={0x182000080, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0}, 0x58) rt_sigtimedwait$auto(&(0x7f0000000040)={0x7fffffff}, 0x0, 0x0, 0x8) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video15\x00', 0x180, 0x0) read$auto_v4l2_fops_v4l2_dev(r1, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, 0x0, 0xc) mmap$auto(0xd, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) bpf$auto(0x1, 0x0, 0xc) 54.126453541s ago: executing program 2 (id=2770): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x8}]}, 0x1c}}, 0x44000) r2 = openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0) read$auto_sc_seq_fops_netdebug(r2, &(0x7f0000000180)=""/4096, 0x1000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0x4000000000df, 0xeb1, 0x401, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x4048015) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) mmap$auto(0x0, 0x2020009, 0xffffffffffffffff, 0xeb1, r3, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r4 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) write$auto(r4, 0x0, 0xeffd) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001180), r4) r6 = getuid() setresuid$auto(0x0, r6, 0xee00) sendmsg$auto_NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000001600)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000015c0)={&(0x7f00000011c0)={0x3c4, r5, 0x109, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_COORDINATOR={0x39e, 0x1e, 0x0, 0x1, [@generic="b8b6b8cace2558448990db5e474d9c439edf4f54b759f980aa3ab2cf1abfd895d498ce41b63165792abfc08909c8da860af46788db5c52ca7167cf3c28faf7e6e469a48da537d30305ca97e2ae1af881f6fba58e3c9f2df0dae6b2c07e1a9180d57a6b6aab99e6cd2dae60af57574b7290b72763e9a8fa8acfbc762556e01992d8cbd763f98b1a81ba068c950b10bbeb7a39ff26547500c28affbbbce3a6dc696e9c2db19ea4", @typed={0xc, 0xee, 0x0, 0x0, @u64=0x8}, @typed={0x8, 0xfb, 0x0, 0x0, @fd=r4}, @generic="b58056fae5d17d2d214d17696cf4d7df4e8a01bd5b3d82b811e8f23891fa925be775ebba50ae0432f26a7b0d7305a51db1a73e9a6a824bf60e56", @nested={0x59, 0x3b, 0x0, 0x1, [@nested={0x4, 0x13c}, @generic="f41f1bff80b79c40d94199e78addf42f096bbe05479d05617eff4ac6905a804cc10ba71d4da6b8a51170c3da147a380e3cb4fc23bbda36b47bf1bfe263769f3d366dcb803a471b0b8057ea1574", @nested={0x4, 0x18}]}, @nested={0x1e9, 0xaa, 0x0, 0x1, [@generic="849a170107ead33adc158f3357cf6dd630e3415f", @typed={0x8, 0x11d, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @nested={0x4, 0xd3}, @generic="84b666c6ea9c66832cb3940df4300bd268936067f2843399ee061b5f9dd3abfce1eca972290d9173153f05f381727fc0a06c7821a3ba96a69a108ffe460655b162c0ce32cf9ade2de6bfb7ab4d7f92fb5aefb63cf9edb8f68fd1dba428890cac6fcb2225a7024618e07616c8cf417518f773675ff89bc7f54ffb4e90c34f0a7daff358057582921f9846f59b9065ab9a57ef62d88753ae07f130ed18e7e4d2f4d221f1c4f57eca49131fbf45564f0630ffb93d1c86c183d934c8c6", @typed={0x14, 0xd, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0xb1, 0x0, 0x0, @uid=r6}, @typed={0x8, 0xb, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x4, 0x24}, @generic="1c3a32e5f884794b123ee4dfa40b93657ed62789ff9536a9762e9de1dfc793553fa69d72d609dd509170b80262a23f4a8d864f740b2e406346562edb5be2e447c4b87a83c7f888a5c25057fdae07eec0e2b19d0d8feb7ccb5bb297037b6ff50838b0d5440f0b5a47cfc0d5f1f6f6de682edfc8829c68e660238bb72f8b3ec11534ad69e74c0750a48df29b2f94a0d29cd47a9ff89c079a7326fc35fe510a42fc626c0d4604671d06a441c968ff676072879a092c7f65c3f38e0db6647f61fc8a43e874e550f976b0412370761c9ba2487ab7f1c674d2c03be23c23f79ee4c9923f32"]}, @generic="172fb1e092c12bc2b1ff499acae674322c9f051c96abd2506c7e2fb385dbc41007f3994e9f07634cab7d237d675b640e4e29c748e20fe5a4335d14ce5c33a2b9dabee4a7c4dd223b8fc6995e0dc052851b6961f93c01e07afe6ffbfdf9c3", @generic]}, @NL802154_ATTR_SCAN_CHANNELS={0x8, 0x21, 0x3ff}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x1}]}, 0x3c4}, 0x1, 0x0, 0x0, 0x40820}, 0x4000000) write$auto(0xffffffffffffffff, 0x0, 0x1ff) 38.944240896s ago: executing program 36 (id=2770): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x8}]}, 0x1c}}, 0x44000) r2 = openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0) read$auto_sc_seq_fops_netdebug(r2, &(0x7f0000000180)=""/4096, 0x1000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0x4000000000df, 0xeb1, 0x401, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x4048015) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) mmap$auto(0x0, 0x2020009, 0xffffffffffffffff, 0xeb1, r3, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r4 = open(&(0x7f0000000040)='./file0\x00', 0x40841, 0x8) write$auto(r4, 0x0, 0xeffd) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000001180), r4) r6 = getuid() setresuid$auto(0x0, r6, 0xee00) sendmsg$auto_NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000001600)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000015c0)={&(0x7f00000011c0)={0x3c4, r5, 0x109, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_COORDINATOR={0x39e, 0x1e, 0x0, 0x1, [@generic="b8b6b8cace2558448990db5e474d9c439edf4f54b759f980aa3ab2cf1abfd895d498ce41b63165792abfc08909c8da860af46788db5c52ca7167cf3c28faf7e6e469a48da537d30305ca97e2ae1af881f6fba58e3c9f2df0dae6b2c07e1a9180d57a6b6aab99e6cd2dae60af57574b7290b72763e9a8fa8acfbc762556e01992d8cbd763f98b1a81ba068c950b10bbeb7a39ff26547500c28affbbbce3a6dc696e9c2db19ea4", @typed={0xc, 0xee, 0x0, 0x0, @u64=0x8}, @typed={0x8, 0xfb, 0x0, 0x0, @fd=r4}, @generic="b58056fae5d17d2d214d17696cf4d7df4e8a01bd5b3d82b811e8f23891fa925be775ebba50ae0432f26a7b0d7305a51db1a73e9a6a824bf60e56", @nested={0x59, 0x3b, 0x0, 0x1, [@nested={0x4, 0x13c}, @generic="f41f1bff80b79c40d94199e78addf42f096bbe05479d05617eff4ac6905a804cc10ba71d4da6b8a51170c3da147a380e3cb4fc23bbda36b47bf1bfe263769f3d366dcb803a471b0b8057ea1574", @nested={0x4, 0x18}]}, @nested={0x1e9, 0xaa, 0x0, 0x1, [@generic="849a170107ead33adc158f3357cf6dd630e3415f", @typed={0x8, 0x11d, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @nested={0x4, 0xd3}, @generic="84b666c6ea9c66832cb3940df4300bd268936067f2843399ee061b5f9dd3abfce1eca972290d9173153f05f381727fc0a06c7821a3ba96a69a108ffe460655b162c0ce32cf9ade2de6bfb7ab4d7f92fb5aefb63cf9edb8f68fd1dba428890cac6fcb2225a7024618e07616c8cf417518f773675ff89bc7f54ffb4e90c34f0a7daff358057582921f9846f59b9065ab9a57ef62d88753ae07f130ed18e7e4d2f4d221f1c4f57eca49131fbf45564f0630ffb93d1c86c183d934c8c6", @typed={0x14, 0xd, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0xb1, 0x0, 0x0, @uid=r6}, @typed={0x8, 0xb, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x4, 0x24}, @generic="1c3a32e5f884794b123ee4dfa40b93657ed62789ff9536a9762e9de1dfc793553fa69d72d609dd509170b80262a23f4a8d864f740b2e406346562edb5be2e447c4b87a83c7f888a5c25057fdae07eec0e2b19d0d8feb7ccb5bb297037b6ff50838b0d5440f0b5a47cfc0d5f1f6f6de682edfc8829c68e660238bb72f8b3ec11534ad69e74c0750a48df29b2f94a0d29cd47a9ff89c079a7326fc35fe510a42fc626c0d4604671d06a441c968ff676072879a092c7f65c3f38e0db6647f61fc8a43e874e550f976b0412370761c9ba2487ab7f1c674d2c03be23c23f79ee4c9923f32"]}, @generic="172fb1e092c12bc2b1ff499acae674322c9f051c96abd2506c7e2fb385dbc41007f3994e9f07634cab7d237d675b640e4e29c748e20fe5a4335d14ce5c33a2b9dabee4a7c4dd223b8fc6995e0dc052851b6961f93c01e07afe6ffbfdf9c3", @generic]}, @NL802154_ATTR_SCAN_CHANNELS={0x8, 0x21, 0x3ff}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x1}]}, 0x3c4}, 0x1, 0x0, 0x0, 0x40820}, 0x4000000) write$auto(0xffffffffffffffff, 0x0, 0x1ff) 15.199111794s ago: executing program 7 (id=2864): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x10004010) close_range$auto(r0, r0, 0x20000000) io_uring_setup$auto(0x6, 0x0) open(0x0, 0x161342, 0x100) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x9) socket(0x1d, 0x3, 0x1) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0xc004) socketpair$auto(0x3, 0x5, 0x7, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mknod$auto(0x0, 0x1081, 0x9) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 14.65900507s ago: executing program 5 (id=2866): socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x5) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket(0x11, 0x2, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x970e0ad, 0x8000) socket(0x2a, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x12, 0x0, 0x106, 0x0, 0x5, 0x10}, 0xed7138c}, 0x7, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3) 13.290119875s ago: executing program 5 (id=2868): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x18, 0xe67, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) sysfs$auto(0x2, 0x3, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x1ac}}, 0x40000) recvmmsg$auto(r1, 0x0, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89a3, 0x24) mmap$auto(0x0, 0x8, 0x72, 0x8b72, 0x8f1, 0x8000) r2 = socket(0x2, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r2, 0x401c5820, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0) r3 = socket(0x1e, 0x1, 0x0) sendmsg$auto_ETHTOOL_MSG_MM_GET(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40400c0}, 0x14002881) madvise$auto(0x0, 0x2003f0, 0x17) madvise$auto(0x0, 0x9, 0x2) 12.21522073s ago: executing program 8 (id=2872): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x18, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0x1000000016, 0x13, 0x3, 0x400180000000) fallocate$auto(0x8000000000000003, 0x3, 0xf, 0x200000002) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000001e00), 0x82180, 0x0) ppoll$auto(0x0, 0x3, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x6, 0xb0, 0x6) r0 = getuid() msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, 0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff}) setresuid$auto(r0, 0x0, r1) process_mrelease$auto(0x4, 0x0) ioctl$auto_KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) 11.851278626s ago: executing program 6 (id=2874): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x18, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0x1000000016, 0x13, 0x3, 0x400180000000) fallocate$auto(0x8000000000000003, 0x3, 0xf, 0x200000002) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000001e00), 0x82180, 0x0) ppoll$auto(0x0, 0x3, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x6, 0xb0, 0x6) r0 = getuid() msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, 0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff}) setresuid$auto(r0, 0x0, r1) 11.727977729s ago: executing program 7 (id=2875): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm1p/sub5/sw_params\x00', 0x2c8480, 0x0) select$auto(0x5, &(0x7f0000000080)={[0x20000009, 0xfffffffffffffffc, 0x9, 0x5, 0xc, 0x3, 0x3, 0x1ffe000, 0xcad, 0x2, 0x9, 0xf, 0xa657, 0x202, 0x6, 0x1]}, 0x0, 0x0, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/can/rcvlist_all\x00', 0x8000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f00000000c0)=""/10, 0xa) r2 = socket(0x2, 0x5, 0x0) sendmmsg$auto(r2, &(0x7f00000003c0)={{&(0x7f0000000040), 0x10, 0x0, 0x7, 0x0, 0x2, 0xb}, 0xa7}, 0x7, 0x7fffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r3) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/input/event0\x00', 0x4000, 0x0) io_submit$auto(0xbe2f, 0xfffffffffffffff2, &(0x7f0000000140)=&(0x7f0000000100)={0x7, 0x3, 0xfffff541, 0x5, 0xfffb, r0, 0x8, 0xfffffffffffffff9, 0xb, 0x0, 0xe1, r2}) pwrite64$auto(r6, &(0x7f0000000200)='+)\x00', 0x8, 0x7fffffff) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0040000", @ANYRES16=r4, @ANYBLOB="2f212cbd7000fcdbdf252100000008000300", @ANYRES32=r5, @ANYBLOB="b1042d8010"], 0x4d0}}, 0x4000000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000240), 0xffffffffffffffff) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop5\x00', 0x60742, 0x0) readahead$auto(r9, 0x10000000e, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32=r10], 0x24}, 0x1, 0x0, 0x0, 0x4000023}, 0x80) 11.65722486s ago: executing program 6 (id=2876): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r0 = open(0x0, 0xeee00, 0x31) mmap$auto(0x0, 0x5, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) prctl$auto(0x10000000024, 0x2, 0x2008, 0x4000000c, 0x80001) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setns(0xffffffffffffffff, 0x0) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) write$auto_msr_fops_msr(r0, 0x0, 0x0) getsockname$auto(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0xaea) fcntl$auto(0x0, 0x407, 0x100000) mlockall$auto(0x7) mmap$auto(0x13, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) memfd_create$auto(&(0x7f0000000000)='A\x00\x00\x00\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\f\x00\x00\v\x00E\xdb\x81\xd9\xd8\xe640\xc6\xa4Sr\x82\xcc\"K\xe1IIT\x00\x00\x00', 0xe) rseq$auto(0x0, 0x8000, 0x0, 0x6) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) 11.548055924s ago: executing program 8 (id=2877): socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x5) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) socket(0x11, 0x2, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x970e0ad, 0x8000) socket(0x2a, 0x2, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x12, 0x0, 0x106, 0x0, 0x5, 0x10}, 0xed7138c}, 0x7, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3) 10.794579925s ago: executing program 5 (id=2878): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = gettid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) kill$auto(r0, 0x11) prctl$auto(0x16, 0x1, 0x6, 0xfffffffffffffffe, 0x4) stat$auto(0x0, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sg0\x00', 0x8000, 0x0) ioctl$auto(0x3, 0x2286, 0x7) 9.210610436s ago: executing program 5 (id=2879): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_receive_size\x00', 0x103742, 0x0) write$auto(r0, 0x0, 0x9) pipe2$auto(&(0x7f0000000180)=r0, 0x67) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000140), r1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) r4 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000100), r3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r4, @ANYRES32=r1, @ANYRESHEX=r2, @ANYRESDEC=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x4c004}, 0xc010) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) 8.970844142s ago: executing program 8 (id=2880): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0xfbe8, 0x3) mlock$auto(0x7c88, 0x7fff) socket(0x2, 0x2, 0x88) connect$auto(0x3, &(0x7f00000000c0), 0x55) socket$nl_generic(0x10, 0x3, 0x10) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x3, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xe}}, 0x6, 0x4008) 8.699563899s ago: executing program 7 (id=2881): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x18, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0x1000000016, 0x13, 0x3, 0x400180000000) fallocate$auto(0x8000000000000003, 0x3, 0xf, 0x200000002) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000001e00), 0x82180, 0x0) ppoll$auto(0x0, 0x3, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) close_range$auto(0x6, 0xb0, 0x6) r0 = getuid() msgctl$auto(0x1, 0x5, &(0x7f0000000300)={{0x2, 0xffffffffffffffff, 0xee00, 0x80e8, 0x401, 0x0, 0xa}, 0x0, &(0x7f00000002c0)=0x7, 0x8, 0x4, 0x80000000, 0x7fff, 0x101, 0x4, 0x7ff, 0xfeff}) setresuid$auto(r0, 0x0, r1) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209f, 0xe9e, 0x4, 0x15, 0x1000, 0x100000001, 0xa, 0xf, 0x0, 0x0, 0xe, 0x9, 0x101, 0xff, 0x2, 0x80080001]}, 0x0, 0x0) process_mrelease$auto(0x4, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) 7.760468259s ago: executing program 7 (id=2882): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000180)='ns/ipc\x00') socket(0x2, 0x5, 0x0) socket(0x11, 0x80003, 0x300) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) bind$auto(0x3, 0x0, 0x6b) 7.331831657s ago: executing program 8 (id=2883): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0xa, 0xa) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_fops_atomic_t_(0xffffffffffffff9c, 0x0, 0x240, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x5, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 6.23638966s ago: executing program 6 (id=2884): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) flistxattr$auto(0x3, 0x0, 0x3) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r0 = socket(0xa, 0x3, 0x5) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto(r1, 0x5, 0x9) sendmmsg$auto(r0, &(0x7f0000000180)={{&(0x7f00000000c0)="4c8e1feda5ad08a3842c513a9afae76828eda4ac78e1b66eefefe489b16eaa4a3c7c222c494fa1", 0x200, 0x0, 0x72, 0x0, 0x8, 0x80000000}, 0x9}, 0x7, 0x100000a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/sctp/remaddr\x00', 0xb00, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000100), 0x400040, 0x0) getsockopt$auto(0x4, 0x6, 0x4, 0x0, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, 0x0, 0xc800) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto_bm_status_operations_binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)="b7327a", 0x3) pread64$auto(r2, 0x0, 0x594c, 0x9fffffffd) 6.132935787s ago: executing program 7 (id=2885): socket(0x1d, 0x4, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) io_uring_setup$auto(0x40005, 0x0) madvise$auto(0x108000, 0x800034, 0x9) mbind$auto(0x401, 0x400, 0x6, &(0x7f0000000040)=0x7, 0x7fff, 0x5) bind$auto(0xffffffffffffffff, &(0x7f0000000000), 0x69) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xb, 0x2, 0x0) open(0x0, 0x261c2, 0x84) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = socket(0x23, 0x80805, 0x0) mincore$auto(0x0, 0x10000, 0x0) poll$auto(&(0x7f0000000040)={r0, 0x7, 0x8}, 0x80, 0x400400) setsockopt$auto(r1, 0x113, 0x1, 0x0, 0x81) 5.982046608s ago: executing program 8 (id=2886): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x0, 0x80000001) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) madvise$auto(0x0, 0xffffffffffff0001, 0x15) getitimer$auto(0x0, 0x0) signalfd$auto(0xffffffff, 0x0, 0x8) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) keyctl$auto(0x1f, 0x1, 0x0, 0x3, 0x400110000000001) 3.587665328s ago: executing program 6 (id=2887): r0 = socket(0x2a, 0x2, 0x6) recvfrom$auto(r0, 0x0, 0x80000002, 0x1, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00'}) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x100) socket(0x10, 0x3, 0x6) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ptmx\x00', 0x189000, 0x0) openat$auto_proc_timens_offsets_operations_base(0xffffffffffffff9c, &(0x7f0000002440), 0x80c02, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_options\x00', 0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0xa, 0x3, 0x2) socket(0x10, 0x3, 0x6) socketpair$auto(0x3, 0xc, 0x8000000000000000, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) readv$auto(0x6, &(0x7f0000000040)={0x0, 0x100}, 0x8) 2.949930422s ago: executing program 5 (id=2888): mmap$auto(0x0, 0x2020008, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x2, 0x8003, 0x101, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0202, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = open(0x0, 0x0, 0x102) mmap$auto(0x0, 0x400005, 0x10001, 0xbbc, 0x2, 0x7ffe) madvise$auto(0x0, 0x5, 0x15) madvise$auto(0x1, 0x200003, 0x7) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop6\x00', 0x1800, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r3, 0x4c00, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYRES8=r1, @ANYRESDEC=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x200000c1) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)="747171098626e3edfd597e7ab15fdc9f2f04b42682de18fbeee984752f5ca4b3d0bbf9a1e405c7a52a21badde2d140f49d471295013271da04feca535600", 0x3}, 0x2, 0x0, 0x1, 0xa505}, 0x800}, 0x7, 0x4008) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/kcore\x00', 0x10b402, 0x0) madvise$auto(0x0, 0x2000040080000004, 0xe) pread64$auto(r4, &(0x7f0000000040)='/proc/scsi/sg/devices\x00', 0x100000001, 0x4000000000000004) 2.320013182s ago: executing program 6 (id=2889): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernel_debug_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/keys\x00', 0x8340, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) r0 = socket(0x10, 0x2, 0xf) bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff}, 0xd) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x8) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80805, 0x0) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x181502, 0x0) write$auto(r1, 0x0, 0xc3) 1.586913181s ago: executing program 6 (id=2890): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec2\x00', 0x801, 0x0) ioctl$auto_CEC_RECEIVE(r0, 0xc0386106, &(0x7f0000000140)={0x4, 0xe89, 0xfffffff6, 0xd, 0xfffffffd, 0x1000001, "db00000000000000000100", 0xf9, 0x2, 0x7, 0x4, 0x7, 0x0, 0x7}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_USB_RAW_IOCTL_EP_ENABLE(0xffffffffffffffff, 0x40095505, 0x0) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x108000, 0x800034, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x68143, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x62812336, 0x401, 0x7) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) read$auto(0x3, 0x0, 0x80) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x6640, 0x155) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080), 0x6b) 1.382214226s ago: executing program 8 (id=2891): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) removexattr$auto(0x0, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rxrpc/calls\x00', 0x100, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000040)=""/88, 0x58) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000001080)=""/4092, 0xffc) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socketpair$auto(0x1d, 0x2, 0x2, 0x0) socket(0x1, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0xf44, 0x0, 0x9) connect$auto(0x3, &(0x7f00000001c0), 0x55) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x8, 0x3ff57696, 0x9b72, 0x5, 0x8000000000008000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x80000001, 0x8) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0xffff, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x6, 0x4) 1.122176973s ago: executing program 5 (id=2892): mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) splice$auto(0x4, 0x0, 0x2, 0x0, 0xfffffffffffffffc, 0x4) r0 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) madvise$auto(0x0, 0x2000040080000004, 0xe) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) r1 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1a00279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002abd77dcb7fcdf2503000000190000000000000001"], 0x24}, 0x1, 0x0, 0x0, 0x4008810}, 0x10000000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r2 = socket(0x10, 0x2, 0x0) r3 = socket(0xa, 0x2, 0x3a) connect$auto(0x3, 0x0, 0x55) setsockopt$auto(0x3, 0x1, 0x19, 0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_DEL_PMK(r3, 0x0, 0x40000) sendmsg$auto_IPVS_CMD_GET_INFO(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000005}, 0x4004010) read$auto(0x3, 0x0, 0x7) 0s ago: executing program 7 (id=2893): pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rs\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeep\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f4) bpf$auto(0x18, &(0x7f0000000040)=@bpf_attr_4={0x7, r0, 0x5, r0}, 0x92) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x91e4) mmap$auto(0xc, 0x200006, 0x1, 0x11, 0x602, 0x4) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kernel console output (not intermixed with test programs): ink: 4 bytes leftover after parsing attributes in process `syz.1.84'. [ 85.304347][ T6162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.102'. [ 85.349585][ T6162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.102'. [ 85.591384][ T6169] netlink: 342 bytes leftover after parsing attributes in process `syz.1.104'. [ 85.599866][ T6171] netlink: 330 bytes leftover after parsing attributes in process `syz.2.105'. [ 85.603086][ T6169] IPv6: NLM_F_CREATE should be specified when creating new route [ 85.633823][ T6167] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 85.640009][ T6167] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 85.716349][ T6167] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 85.750930][ T6167] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 85.758942][ T6173] netlink: 20 bytes leftover after parsing attributes in process `syz.0.106'. [ 85.773191][ T6167] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 85.810849][ T6167] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 85.862108][ T6167] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 85.868498][ T6167] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 85.908955][ T6167] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 85.977349][ T6167] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 85.984085][ T6167] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 86.021702][ T6167] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 86.541846][ T6195] netlink: 326 bytes leftover after parsing attributes in process `syz.3.114'. [ 86.568563][ T6189] netlink: 326 bytes leftover after parsing attributes in process `syz.0.111'. [ 86.596880][ T6196] netlink: 326 bytes leftover after parsing attributes in process `syz.2.113'. [ 86.953638][ T6207] netlink: 326 bytes leftover after parsing attributes in process `syz.3.118'. [ 87.703264][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 87.783007][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 87.862919][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 88.033259][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 89.174307][ T6246] __nla_validate_parse: 4 callbacks suppressed [ 89.174329][ T6246] netlink: 330 bytes leftover after parsing attributes in process `syz.2.130'. [ 89.560236][ T6248] netlink: 326 bytes leftover after parsing attributes in process `syz.2.131'. [ 89.783009][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 89.864334][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 89.942934][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 90.102900][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 90.614059][ T6263] netlink: 330 bytes leftover after parsing attributes in process `syz.3.138'. [ 91.710644][ T6283] netlink: 306 bytes leftover after parsing attributes in process `syz.2.148'. [ 91.872968][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 91.943028][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 92.022971][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 92.184200][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout [ 92.265117][ T6292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.152'. [ 92.343264][ T6292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.152'. [ 93.503681][ T6326] validate_nla: 1 callbacks suppressed [ 93.503702][ T6326] netlink: 'syz.2.164': attribute type 4 has an invalid length. [ 93.522725][ T6326] netlink: 314 bytes leftover after parsing attributes in process `syz.2.164'. [ 94.792348][ T6346] netlink: 330 bytes leftover after parsing attributes in process `syz.0.172'. [ 95.098501][ T6358] netlink: 146 bytes leftover after parsing attributes in process `syz.2.178'. [ 95.333791][ T6369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.180'. [ 95.363256][ T6369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.180'. [ 95.971864][ T6389] netlink: 130 bytes leftover after parsing attributes in process `syz.1.188'. [ 96.959587][ T6421] netlink: 330 bytes leftover after parsing attributes in process `syz.3.202'. [ 97.451863][ T6434] netlink: 36 bytes leftover after parsing attributes in process `syz.2.208'. [ 97.607067][ T6436] sctp: [Deprecated]: syz.1.203 (pid 6436) Use of int in maxseg socket option. [ 97.607067][ T6436] Use struct sctp_assoc_value instead [ 99.192534][ T6467] netlink: 322 bytes leftover after parsing attributes in process `syz.1.219'. [ 99.218868][ T6467] vcan0: entered promiscuous mode [ 99.840779][ T6482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.224'. [ 101.807851][ T6508] netlink: 'syz.3.232': attribute type 1 has an invalid length. [ 104.766348][ T6549] netlink: 334 bytes leftover after parsing attributes in process `syz.3.246'. [ 104.790087][ T6551] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 106.943593][ T6576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.256'. [ 107.020524][ T6576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.256'. [ 109.416272][ T6610] netlink: 12 bytes leftover after parsing attributes in process `syz.2.267'. [ 109.494641][ T6614] netlink: 16 bytes leftover after parsing attributes in process `syz.2.267'. [ 109.590369][ T6610] HfR: entered promiscuous mode [ 111.673634][ T6647] netlink: 322 bytes leftover after parsing attributes in process `syz.3.283'. [ 112.493252][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 112.513530][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 112.573030][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 112.591478][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 112.599183][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 112.607416][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 113.036895][ T6656] chnl_net:caif_netlink_parms(): no params data found [ 113.171530][ T6656] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.182196][ T6656] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.201739][ T6656] bridge_slave_0: entered allmulticast mode [ 113.221986][ T6656] bridge_slave_0: entered promiscuous mode [ 113.241133][ T6656] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.254672][ T6656] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.271599][ T6656] bridge_slave_1: entered allmulticast mode [ 113.288965][ T6656] bridge_slave_1: entered promiscuous mode [ 113.335254][ T6656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 113.354363][ T6656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 113.423389][ T6656] team0: Port device team_slave_0 added [ 113.432039][ T6656] team0: Port device team_slave_1 added [ 113.503373][ T6656] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.510412][ T6656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.550058][ T6656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.565067][ T6656] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.582305][ T6656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.612970][ T6656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.779640][ T6656] hsr_slave_0: entered promiscuous mode [ 113.794958][ T6656] hsr_slave_1: entered promiscuous mode [ 113.832691][ T6656] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.852925][ T6656] Cannot create hsr debugfs directory [ 114.185030][ T6691] netlink: 222 bytes leftover after parsing attributes in process `syz.3.297'. [ 114.218439][ T6691] netlink: 222 bytes leftover after parsing attributes in process `syz.3.297'. [ 114.322543][ T6656] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 114.371310][ T6656] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 114.445904][ T6656] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 114.498142][ T6656] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 114.603606][ T6698] netlink: 28 bytes leftover after parsing attributes in process `syz.1.300'. [ 114.664171][ T5840] Bluetooth: hci4: command tx timeout [ 114.768695][ T6698] bond0: (slave bond_slave_1): Releasing backup interface [ 114.853092][ T6700] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 114.875400][ T6700] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 114.882088][ T6656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.890033][ T6700] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 114.909892][ T6700] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 114.929788][ T6700] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 114.951980][ T6700] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 115.016990][ T6656] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.049407][ T3478] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.056589][ T3478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.129873][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.137087][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.595094][ T6656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.825773][ T6656] veth0_vlan: entered promiscuous mode [ 115.837559][ T6656] veth1_vlan: entered promiscuous mode [ 115.861995][ T6656] veth0_macvtap: entered promiscuous mode [ 115.870818][ T6656] veth1_macvtap: entered promiscuous mode [ 115.889317][ T6656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.900335][ T6656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.910813][ T6656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.921982][ T6656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.932078][ T6656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.943671][ T6656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.953728][ T6656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.964836][ T6656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.976960][ T6656] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.992615][ T6656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.004191][ T6656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.021661][ T6656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.032938][ T6656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.043482][ T6656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.054289][ T6656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.064776][ T6656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.077784][ T6656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.092754][ T6656] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.122465][ T6656] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.149547][ T6656] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.166408][ T6656] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.179589][ T6656] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.268774][ T6736] netlink: 504 bytes leftover after parsing attributes in process `syz.1.310'. [ 116.280306][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.293038][ T6739] ======================================================= [ 116.293038][ T6739] WARNING: The mand mount option has been deprecated and [ 116.293038][ T6739] and is ignored by this kernel. Remove the mand [ 116.293038][ T6739] option from the mount to silence this warning. [ 116.293038][ T6739] ======================================================= [ 116.304344][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.371900][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.390315][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.499842][ T6743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'. [ 116.509074][ T6745] netlink: 'syz.3.313': attribute type 39 has an invalid length. [ 116.509153][ T6745] netlink: 'syz.3.313': attribute type 40 has an invalid length. [ 116.509170][ T6745] netlink: 'syz.3.313': attribute type 41 has an invalid length. [ 116.509189][ T6745] netlink: 'syz.3.313': attribute type 44 has an invalid length. [ 116.509207][ T6745] netlink: 'syz.3.313': attribute type 46 has an invalid length. [ 116.509223][ T6745] netlink: 'syz.3.313': attribute type 47 has an invalid length. [ 116.509241][ T6745] netlink: 'syz.3.313': attribute type 48 has an invalid length. [ 116.509257][ T6745] netlink: 'syz.3.313': attribute type 49 has an invalid length. [ 116.509274][ T6745] netlink: 'syz.3.313': attribute type 50 has an invalid length. [ 116.509290][ T6745] netlink: 6 bytes leftover after parsing attributes in process `syz.3.313'. [ 116.904085][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout [ 116.904128][ T54] Bluetooth: hci1: command 0x0c1a tx timeout [ 116.910156][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 116.992978][ T5831] Bluetooth: hci4: command 0x040f tx timeout [ 117.105804][ T6765] netlink: 330 bytes leftover after parsing attributes in process `syz.4.320'. [ 117.300134][ T6769] netlink: 4 bytes leftover after parsing attributes in process `syz.4.321'. [ 117.344086][ T6769] netlink: 4 bytes leftover after parsing attributes in process `syz.4.321'. [ 117.536474][ T6774] netlink: 4 bytes leftover after parsing attributes in process `syz.4.323'. [ 117.888764][ T6779] ICMPv6: process `syz.3.325' is using deprecated sysctl (syscall) net.ipv6.neigh.virt_wifi0.retrans_time - use net.ipv6.neigh.virt_wifi0.retrans_time_ms instead [ 119.062972][ T5831] Bluetooth: hci4: command 0x040f tx timeout [ 120.198076][ T6849] __nla_validate_parse: 3 callbacks suppressed [ 120.198096][ T6849] netlink: 330 bytes leftover after parsing attributes in process `syz.1.351'. [ 120.411666][ T6856] mkiss: ax0: crc mode is auto. [ 121.143312][ T5831] Bluetooth: hci4: command 0x040f tx timeout [ 123.214414][ T6918] netlink: 342 bytes leftover after parsing attributes in process `syz.3.379'. [ 123.234147][ T5831] Bluetooth: hci4: command 0x040f tx timeout [ 125.301824][ T6959] mkiss: ax0: crc mode is auto. [ 125.360973][ T5831] Bluetooth: hci4: command 0x040f tx timeout [ 125.453983][ T6960] netlink: 'syz.2.397': attribute type 10 has an invalid length. [ 125.499932][ T6960] netlink: 330 bytes leftover after parsing attributes in process `syz.2.397'. [ 127.085877][ T7005] netlink: 28 bytes leftover after parsing attributes in process `syz.3.411'. [ 127.392913][ T7005] lo: entered promiscuous mode [ 127.453004][ T7005] lo: entered allmulticast mode [ 127.819224][ T7009] mmap: syz.2.415 (7009) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 128.763267][ T7024] tipc: Started in network mode [ 128.768315][ T7024] tipc: Node identity ffffffff, cluster identity 4711 [ 128.827097][ T7024] tipc: Node number set to 4294967295 [ 133.147393][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.153872][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.395981][ T7116] netlink: 334 bytes leftover after parsing attributes in process `syz.1.453'. [ 134.083010][ T7131] netlink: 4755 bytes leftover after parsing attributes in process `syz.1.460'. [ 134.574019][ T7143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.464'. [ 134.640309][ T7143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.464'. [ 134.654653][ T7142] netlink: 12 bytes leftover after parsing attributes in process `syz.1.465'. [ 135.511434][ T7162] netlink: 330 bytes leftover after parsing attributes in process `syz.3.472'. [ 135.841845][ T7171] netlink: 334 bytes leftover after parsing attributes in process `syz.1.476'. [ 135.941611][ T7175] netlink: 'syz.3.478': attribute type 19 has an invalid length. [ 135.963145][ T7175] netlink: 114 bytes leftover after parsing attributes in process `syz.3.478'. [ 136.088306][ T7177] netlink: 334 bytes leftover after parsing attributes in process `syz.1.480'. [ 136.245553][ T7185] netlink: 'syz.2.481': attribute type 21 has an invalid length. [ 136.253798][ T7185] netlink: 326 bytes leftover after parsing attributes in process `syz.2.481'. [ 139.373253][ T7271] program syz.3.518 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 139.879172][ T7283] __nla_validate_parse: 6 callbacks suppressed [ 139.879194][ T7283] netlink: 8 bytes leftover after parsing attributes in process `syz.1.521'. [ 141.099716][ T7311] netlink: 322 bytes leftover after parsing attributes in process `syz.3.533'. [ 141.198649][ T7311] bond0: entered promiscuous mode [ 141.204565][ T7311] bond_slave_0: entered promiscuous mode [ 141.232304][ T7311] bond_slave_1: entered promiscuous mode [ 141.252989][ T7315] netlink: 342 bytes leftover after parsing attributes in process `syz.1.534'. [ 141.303757][ T7315] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 141.311351][ T7315] IPv6: NLM_F_CREATE should be set when creating new route [ 141.318728][ T7315] IPv6: NLM_F_CREATE should be set when creating new route [ 141.325998][ T7315] IPv6: NLM_F_CREATE should be set when creating new route [ 141.606876][ T7319] netlink: 504 bytes leftover after parsing attributes in process `syz.3.537'. [ 143.706072][ T7358] netlink: 'syz.4.551': attribute type 5 has an invalid length. [ 143.739280][ T7358] netlink: 314 bytes leftover after parsing attributes in process `syz.4.551'. [ 144.040839][ T7362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.553'. [ 144.086255][ T7362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.553'. [ 145.113877][ T7382] netlink: 342 bytes leftover after parsing attributes in process `syz.3.560'. [ 145.151156][ T7382] netlink: 102 bytes leftover after parsing attributes in process `syz.3.560'. [ 146.136802][ T7403] netlink: 338 bytes leftover after parsing attributes in process `syz.4.569'. [ 146.180265][ T7403] netlink: 338 bytes leftover after parsing attributes in process `syz.4.569'. [ 146.226560][ T7403] netlink: 210 bytes leftover after parsing attributes in process `syz.4.569'. [ 146.913695][ T7419] netlink: 50 bytes leftover after parsing attributes in process `syz.3.575'. [ 147.622625][ T7433] netlink: 28 bytes leftover after parsing attributes in process `syz.2.579'. [ 147.668661][ T7433] vcan0: entered promiscuous mode [ 149.075321][ T7464] block nbd0: not configured, cannot reconfigure [ 150.584015][ T7497] sock: sock_set_timeout: `syz.2.604' (pid 7497) tries to set negative timeout [ 151.499775][ T7521] netlink: 4 bytes leftover after parsing attributes in process `syz.2.616'. [ 151.522076][ T7521] netlink: 4 bytes leftover after parsing attributes in process `syz.2.616'. [ 152.463780][ T7553] netlink: 20 bytes leftover after parsing attributes in process `syz.4.629'. [ 152.711632][ T7563] netlink: 334 bytes leftover after parsing attributes in process `syz.2.633'. [ 153.040030][ T7578] netlink: 'syz.4.639': attribute type 33 has an invalid length. [ 153.058166][ T7578] netlink: 322 bytes leftover after parsing attributes in process `syz.4.639'. [ 153.066243][ T7581] netlink: 326 bytes leftover after parsing attributes in process `syz.2.641'. [ 153.866483][ T7602] netlink: 314 bytes leftover after parsing attributes in process `syz.2.647'. [ 154.314428][ T7609] netlink: 'syz.2.651': attribute type 20 has an invalid length. [ 154.337574][ T7609] netlink: 330 bytes leftover after parsing attributes in process `syz.2.651'. [ 154.513749][ T7614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.653'. [ 154.611627][ T7614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.653'. [ 154.847128][ T7622] netlink: 'syz.4.658': attribute type 64 has an invalid length. [ 154.894909][ T7624] netlink: 'syz.2.657': attribute type 8 has an invalid length. [ 154.911200][ T7624] netlink: 'syz.2.657': attribute type 9 has an invalid length. [ 156.787121][ T7676] netlink: 'syz.1.677': attribute type 4 has an invalid length. [ 156.812960][ T7676] __nla_validate_parse: 4 callbacks suppressed [ 156.812981][ T7676] netlink: 314 bytes leftover after parsing attributes in process `syz.1.677'. [ 156.864100][ T7676] IPv6: NLM_F_REPLACE set, but no existing node found! [ 157.461413][ T7690] netlink: 8 bytes leftover after parsing attributes in process `syz.4.683'. [ 157.485857][ T7690] netlink: 10 bytes leftover after parsing attributes in process `syz.4.683'. [ 157.503215][ T7690] netlink: 8 bytes leftover after parsing attributes in process `syz.4.683'. [ 158.237824][ T7704] netlink: 326 bytes leftover after parsing attributes in process `syz.2.689'. [ 158.431567][ T7709] netlink: 28 bytes leftover after parsing attributes in process `syz.2.691'. [ 158.533754][ T7709] bond0: (slave bond_slave_0): Releasing backup interface [ 158.666421][ T7706] netlink: 'syz.1.690': attribute type 10 has an invalid length. [ 158.687760][ T7706] netlink: 'syz.1.690': attribute type 13 has an invalid length. [ 159.663435][ T7733] netlink: 4368 bytes leftover after parsing attributes in process `syz.3.700'. [ 160.266891][ T7750] netlink: 504 bytes leftover after parsing attributes in process `syz.2.707'. [ 160.284994][ T7750] netlink: 504 bytes leftover after parsing attributes in process `syz.2.707'. [ 161.713329][ T7791] netlink: 222 bytes leftover after parsing attributes in process `syz.4.721'. [ 162.407149][ T7814] netlink: 146 bytes leftover after parsing attributes in process `syz.1.733'. [ 163.517901][ T7849] netlink: 314 bytes leftover after parsing attributes in process `syz.3.746'. [ 165.857654][ T7920] netlink: 330 bytes leftover after parsing attributes in process `syz.4.772'. [ 166.458676][ T7923] netlink: 146 bytes leftover after parsing attributes in process `syz.2.779'. [ 167.143007][ T7949] sp0: Synchronizing with TNC [ 168.339575][ T7985] netlink: 'syz.4.798': attribute type 5 has an invalid length. [ 168.352593][ T7985] netlink: 314 bytes leftover after parsing attributes in process `syz.4.798'. [ 168.709903][ T7995] netlink: 330 bytes leftover after parsing attributes in process `syz.4.804'. [ 168.963181][ T8001] netlink: 'syz.3.806': attribute type 21 has an invalid length. [ 168.983073][ T8001] netlink: 326 bytes leftover after parsing attributes in process `syz.3.806'. [ 169.543949][ T8020] netlink: 'syz.1.814': attribute type 19 has an invalid length. [ 169.562556][ T8020] netlink: 114 bytes leftover after parsing attributes in process `syz.1.814'. [ 170.079678][ T8036] netlink: 330 bytes leftover after parsing attributes in process `syz.1.820'. [ 171.678684][ T8069] netlink: 266 bytes leftover after parsing attributes in process `syz.2.831'. [ 171.757838][ T8069] IPv6: NLM_F_CREATE should be specified when creating new route [ 171.831574][ T8073] HfR: entered promiscuous mode [ 171.857835][ T8077] openvswitch: HfR: Dropping previously announced user features [ 171.909913][ T8073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.833'. [ 174.103599][ T8117] netlink: 326 bytes leftover after parsing attributes in process `syz.2.847'. [ 176.308134][ T8145] netlink: 28 bytes leftover after parsing attributes in process `syz.1.858'. [ 176.368893][ T8145] veth1_macvtap: left promiscuous mode [ 176.669614][ T8148] lo: entered promiscuous mode [ 176.724573][ T8148] lo: left promiscuous mode [ 179.835329][ T8209] netlink: 'syz.1.880': attribute type 33 has an invalid length. [ 179.835355][ T8209] netlink: 322 bytes leftover after parsing attributes in process `syz.1.880'. [ 180.145987][ T8224] netlink: 4 bytes leftover after parsing attributes in process `syz.1.885'. [ 181.315395][ T8240] netlink: 326 bytes leftover after parsing attributes in process `syz.1.892'. [ 181.380452][ T8240] veth0_macvtap: left promiscuous mode [ 181.563200][ T29] audit: type=1800 audit(1734605768.102:2): pid=8245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.893" name="dbroot" dev="configfs" ino=16864 res=0 errno=0 [ 181.595957][ T8245] db_root: cannot open: initcall:initcall_finish [ 181.595957][ T8245] initcall:initcall_start [ 181.595957][ T8245] initcall:initcall_level [ 181.595957][ T8245] vsyscall:emulate_vsyscall [ 181.595957][ T8245] kvm:kvm_test_age_hva [ 181.595957][ T8245] kvm:kvm_age_hva [ 181.595957][ T8245] kvm:kvm_unmap_hva_range [ 181.595957][ T8245] kvm:kvm_dirty_ring_exit [ 181.595957][ T8245] kvm:kvm_dirty_ring_reset [ 181.595957][ T8245] kvm:kvm_dirty_ring_push [ 181.595957][ T8245] kvm:kvm_halt_poll_ns [ 181.595957][ T8245] kvm:kvm_async_pf_completed [ 181.595957][ T8245] kvm:kvm_async_pf_ready [ 181.595957][ T8245] kvm:kvm_async_pf_not_present [ 181.595957][ T8245] kvm:kvm_async_pf_repeated_fault [ 181.595957][ T8245] kvm:kvm_try_async_get_page [ 181.595957][ T8245] kvm:kvm_fpu [ 181.595957][ T8245] kvm:kvm_iocsr [ 181.595957][ T8245] kvm:kvm_mmio [ 181.595957][ T8245] kvm:kvm_ack_irq [ 181.595957][ T8245] kvm:kvm_msi_set_irq [ 181.595957][ T8245] kvm:kvm_ioapic_delayed_eoi_inj [ 181.595957][ T8245] kvm:kvm_ioapic_set_irq [ 181.595957][ T8245] kvm:kvm_set_irq [ 181.595957][ T8245] kvm:kvm_vcpu_wakeup [ 181.595957][ T8245] kvm:kvm_userspace_exit [ 181.595957][ T8245] kvm:kvm_rmp_fault [ 181.595957][ T8245] kvm:kvm_vmgexit_msr_protocol_exit [ 181.595957][ T8245] kvm:kvm_vmgexit_msr_protocol_enter [ 181.595957][ T8245] kvm:kvm_vmgexit_exit [ 181.595957][ T8245] kvm:kvm_vmgexit_enter [ 181.595957][ T8245] kvm:kvm_hv_syndbg_get_msr [ 181.595957][ T8245] kvm:kvm_hv_syndbg_set_msr [ 181.595957][ T8245] kvm:kvm_nested_vmenter_failed [ 181.595957][ T8245] kvm:kvm_pv_tlb_flush [ 181.595957][ T8245] kvm:kvm_hv_send_ipi_ex [ 181.595957][ T8245] kvm:kvm_hv_send_ipi [ 181.595957][ T8245] kvm:kvm_hv_flush_tlb_ex [ 181.595957][ T8245] kvm:kvm_hv_flush_tlb [ 181.595957][ T8245] kvm:kvm_hv_timer_state [ 181.595957][ T8245] kvm:kvm_avic_doorbell [ 181.595957][ T8245] kvm:kvm_avic_kick_vcpu_slowpath [ 181.595957][ T8245] kvm:kvm_avic_ga_log [ 181.595957][ T8245] k [ 182.126735][ T8260] netlink: 330 bytes leftover after parsing attributes in process `syz.2.897'. [ 182.343392][ T8263] netlink: 338 bytes leftover after parsing attributes in process `syz.3.900'. [ 187.096041][ T8348] netlink: 1 bytes leftover after parsing attributes in process `syz.4.931'. [ 189.701020][ T8396] netlink: 'syz.3.948': attribute type 2 has an invalid length. [ 190.399172][ T8406] netlink: 330 bytes leftover after parsing attributes in process `syz.4.952'. [ 190.578369][ T8410] netlink: 'syz.1.953': attribute type 4 has an invalid length. [ 190.629296][ T8410] netlink: 314 bytes leftover after parsing attributes in process `syz.1.953'. [ 190.650415][ T8411] netlink: 'syz.1.953': attribute type 4 has an invalid length. [ 190.696988][ T8411] netlink: 314 bytes leftover after parsing attributes in process `syz.1.953'. [ 194.453936][ T8476] netlink: 'syz.4.980': attribute type 4 has an invalid length. [ 194.461632][ T8476] netlink: 314 bytes leftover after parsing attributes in process `syz.4.980'. [ 194.590051][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.596480][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.484802][ T8520] netlink: 18 bytes leftover after parsing attributes in process `syz.4.982'. [ 197.079859][ T8532] netlink: 4 bytes leftover after parsing attributes in process `syz.2.990'. [ 197.118722][ T8532] netlink: 4 bytes leftover after parsing attributes in process `syz.2.990'. [ 200.201257][ T8580] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1005'. [ 200.253623][ T8580] net veth1_virt_wifi ›: renamed from virt_wifi0 [ 200.482290][ T8588] netlink: 22 bytes leftover after parsing attributes in process `syz.4.1007'. [ 200.670744][ T8591] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1009'. [ 200.806985][ T8591] bond0: (slave bond_slave_0): Releasing backup interface [ 202.706969][ T8630] netlink: 266 bytes leftover after parsing attributes in process `syz.2.1020'. [ 203.870997][ T8655] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1029'. [ 204.040494][ T8655] bond0: (slave bond_slave_0): Releasing backup interface [ 204.081954][ T8655] bond_slave_0 (unregistering): left promiscuous mode [ 205.648515][ T8685] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1043'. [ 205.660272][ T8685] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1043'. [ 205.775328][ T8685] netlink: 130 bytes leftover after parsing attributes in process `syz.3.1043'. [ 206.481527][ T8707] HfR: entered promiscuous mode [ 206.685493][ T8711] openvswitch: netlink: IP tunnel dst address not specified [ 206.707890][ T8711] openvswitch: netlink: IP tunnel dst address not specified [ 206.730593][ T8714] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1053'. [ 206.769840][ T8714] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1053'. [ 206.795714][ T8714] netlink: 'syz.3.1053': attribute type 1 has an invalid length. [ 206.809712][ T8714] netlink: 'syz.3.1053': attribute type 1 has an invalid length. [ 207.296314][ T8720] nbd: illegal input index 50331648 [ 209.185552][ T8746] openvswitch: HfR: Dropping previously announced user features [ 210.130211][ T8765] netlink: 306 bytes leftover after parsing attributes in process `syz.4.1078'. [ 210.139692][ T8765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1078'. [ 210.166241][ T8765] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1078'. [ 210.750091][ T8784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1076'. [ 210.802743][ T8784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1076'. [ 211.054201][ T8793] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1079'. [ 211.203557][ T8797] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1082'. [ 211.794527][ T8820] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1089'. [ 212.534361][ T8831] erspan0: entered allmulticast mode [ 213.321069][ T8862] netlink: 338 bytes leftover after parsing attributes in process `syz.3.1104'. [ 214.231553][ T8875] nbd: illegal input index 50331648 [ 219.569686][ T8968] netlink: 452 bytes leftover after parsing attributes in process `syz.1.1138'. [ 219.610292][ T8968] netlink: 452 bytes leftover after parsing attributes in process `syz.1.1138'. [ 221.929360][ T9018] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1154'. [ 223.693930][ T9056] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1166'. [ 223.719931][ T9056] ›: renamed from veth0_vlan (while UP) [ 229.281457][ T9147] ptrace attach of "./syz-executor exec"[6656] was attempted by "./syz-executor exec"[9147] [ 234.244366][ T5831] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 239.890576][ T9306] sp0: Synchronizing with TNC [ 240.578945][ T9316] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1249'. [ 241.210336][ T9327] netlink: 'syz.3.1253': attribute type 2 has an invalid length. [ 241.269298][ T9327] netlink: 'syz.3.1253': attribute type 2 has an invalid length. [ 241.744766][ T9335] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1256'. [ 243.392620][ T9352] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1262'. [ 243.699962][ T9344] kexec: Could not allocate control_code_buffer [ 244.117102][ T9360] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1265'. [ 244.974415][ T9375] netlink: 138 bytes leftover after parsing attributes in process `syz.4.1269'. [ 248.005780][ T9432] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1292'. [ 248.190660][ T9436] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1293'. [ 248.230068][ T9436] netlink: 274 bytes leftover after parsing attributes in process `syz.2.1293'. [ 248.439591][ T9439] openvswitch: HfR: Dropping previously announced user features [ 248.472518][ T9439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1294'. [ 249.166565][ T9453] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1301'. [ 251.034198][ T9492] netlink: 'syz.4.1316': attribute type 64 has an invalid length. [ 251.138744][ T9492] netlink: 74 bytes leftover after parsing attributes in process `syz.4.1316'. [ 253.168976][ T9530] kernel read not supported for file /éçTµhÊYdèܨ3ô`Ãüå—e&jdˆKÜBUXàØ0z¾Lš¼æÆ84³ÿÿÿÿ (pid: 9530 comm: syz.2.1328) [ 253.213142][ T29] audit: type=1800 audit(1734999055.759:3): pid=9530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1328" name=E9E71E54B568CA0E5964E8DCA833F46006C310FCE59765266A64884BDC425558E01BD8307A04BE4C9ABCE6C63834B3FFFFFFFF dev="mqueue" ino=21382 res=0 errno=0 [ 255.200068][ T9579] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1348'. [ 255.255992][ T9579] netlink: 274 bytes leftover after parsing attributes in process `syz.1.1348'. [ 256.029287][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.035794][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.448927][ T9634] could not allocate digest TFM handle [ 257.947610][ T9662] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1378'. [ 258.092420][ T9662] team0: Port device team_slave_0 removed [ 258.472769][ T9675] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1382'. [ 258.501292][ T9675] netlink: 306 bytes leftover after parsing attributes in process `syz.3.1382'. [ 259.178632][ T9694] binder: 9691:9694 ioctl c0306201 9 returned -14 [ 259.412920][ T29] audit: type=1800 audit(1734999061.949:4): pid=9700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1390" name="members" dev="configfs" ino=21955 res=0 errno=0 [ 259.839141][ T9709] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1395'. [ 259.851299][ T9709] netlink: 274 bytes leftover after parsing attributes in process `syz.3.1395'. [ 260.896788][ T9736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1405'. [ 261.937808][ T9775] netlink: 246 bytes leftover after parsing attributes in process `syz.3.1419'. [ 262.505421][ T9788] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1424'. [ 263.134322][ T9808] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1428'. [ 264.546452][ T9832] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1439'. [ 265.663259][ T9853] netlink: 322 bytes leftover after parsing attributes in process `syz.3.1448'. [ 265.680026][ T9853] bond0: entered allmulticast mode [ 265.686097][ T9853] bond_slave_1: entered allmulticast mode [ 265.700430][ T9853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 266.619717][ T9872] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1457'. [ 266.647626][ T9872] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1457'. [ 270.664295][ T9941] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1479'. [ 270.679694][ T9941] netlink: 504 bytes leftover after parsing attributes in process `syz.2.1479'. [ 273.164315][ T9997] netlink: 338 bytes leftover after parsing attributes in process `syz.1.1499'. [ 273.219881][ T9997] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.229292][ T9997] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.925535][T10017] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1508'. [ 274.963017][T10017] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1508'. [ 274.970940][T10019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1507'. [ 275.342410][T10029] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1510'. [ 277.134440][T10065] netlink: 22 bytes leftover after parsing attributes in process `syz.4.1525'. [ 281.465549][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 281.483209][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 281.491777][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 281.502550][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 281.523056][ T5840] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 281.533000][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 281.717019][T10163] chnl_net:caif_netlink_parms(): no params data found [ 281.810260][T10163] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.860203][T10163] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.898343][T10163] bridge_slave_0: entered allmulticast mode [ 281.924006][T10163] bridge_slave_0: entered promiscuous mode [ 281.952557][T10163] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.988187][T10163] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.998578][T10163] bridge_slave_1: entered allmulticast mode [ 282.016393][T10163] bridge_slave_1: entered promiscuous mode [ 282.207614][T10163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.241359][T10163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.356545][T10163] team0: Port device team_slave_0 added [ 282.375228][T10163] team0: Port device team_slave_1 added [ 282.531490][T10163] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.582926][T10163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.632314][T10163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.653530][T10163] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.660518][T10163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.719799][T10163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.930159][T10163] hsr_slave_0: entered promiscuous mode [ 282.951422][T10163] hsr_slave_1: entered promiscuous mode [ 282.962743][T10163] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.978334][T10163] Cannot create hsr debugfs directory [ 283.285444][T10163] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.495214][T10163] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.622960][ T5840] Bluetooth: hci1: command tx timeout [ 283.934795][T10163] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.052164][T10163] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.363534][T10194] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1565'. [ 284.792089][T10163] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 284.871524][T10163] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 284.994975][T10163] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 285.193039][T10215] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1570'. [ 285.234032][T10163] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 285.256502][T10215] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1570'. [ 285.331807][T10220] netlink: 22 bytes leftover after parsing attributes in process `syz.2.1571'. [ 285.581265][T10163] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.609980][T10163] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.666637][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.673805][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.710699][ T5840] Bluetooth: hci1: command tx timeout [ 285.814267][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.821407][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.375122][T10163] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 286.427261][T10235] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1576'. [ 286.770191][T10163] veth0_vlan: entered promiscuous mode [ 286.804713][T10163] veth1_vlan: entered promiscuous mode [ 286.854502][T10240] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1579'. [ 286.931728][T10163] veth0_macvtap: entered promiscuous mode [ 286.956843][T10163] veth1_macvtap: entered promiscuous mode [ 286.975488][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 286.989223][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.011743][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.040000][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.061690][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.077278][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.108256][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.125419][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.145467][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 287.163162][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.188637][T10163] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.227101][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.263243][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.280124][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.304466][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.328596][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.356081][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.383047][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.402915][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.435097][T10163] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.462847][T10163] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.495189][T10163] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.514410][T10240] netlink: 274 bytes leftover after parsing attributes in process `syz.1.1579'. [ 287.595178][T10163] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.631075][T10163] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.665137][T10163] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.691485][T10163] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.784678][ T5840] Bluetooth: hci1: command tx timeout [ 288.003057][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.010916][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 288.097459][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.122944][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.863000][ T5840] Bluetooth: hci1: command tx timeout [ 293.298745][T10315] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1601'. [ 297.458501][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 297.484983][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 297.510284][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 297.533526][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 297.564961][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 297.592917][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 297.616148][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 297.672277][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1614'. [ 298.564253][T10384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1623'. [ 298.604771][T10384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1623'. [ 299.970155][T10415] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1635'. [ 299.988601][T10417] openvswitch: HfR: Dropping previously announced user features [ 300.012536][T10417] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1636'. [ 300.043591][T10417] HfR: left promiscuous mode [ 301.489316][T10447] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1648'. [ 303.370819][T10466] netlink: 'syz.4.1656': attribute type 2 has an invalid length. [ 303.379083][T10466] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1656'. [ 303.390604][T10466] netlink: 'syz.4.1656': attribute type 2 has an invalid length. [ 303.637267][T10480] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1660'. [ 304.413289][ T29] audit: type=1806 audit(4294967302.920:5): xattr="." res=0 [ 304.505070][T10502] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1668'. [ 304.523269][T10502] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 305.011174][T10522] netlink: 'syz.4.1675': attribute type 10 has an invalid length. [ 305.022086][T10522] netlink: 230 bytes leftover after parsing attributes in process `syz.4.1675'. [ 305.037813][T10522] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 308.312686][T10604] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1705'. [ 308.324553][T10604] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1705'. [ 308.552984][T10608] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 308.585597][T10608] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 308.673164][T10608] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 308.679288][T10608] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 308.700637][T10608] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 308.898130][T10608] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 309.895261][T10638] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1715'. [ 310.516366][T10645] netlink: 'syz.3.1717': attribute type 2 has an invalid length. [ 310.569711][T10646] netlink: 'syz.3.1717': attribute type 2 has an invalid length. [ 310.583271][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 310.663299][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 310.743056][ T5840] Bluetooth: hci4: command 0x040f tx timeout [ 310.749152][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 311.527031][T10656] Invalid ELF header magic: != ELF [ 312.832930][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 313.428972][T10683] netlink: 286 bytes leftover after parsing attributes in process `syz.1.1730'. [ 313.729350][T10694] netlink: 'syz.1.1734': attribute type 6 has an invalid length. [ 313.822961][T10694] netlink: 'syz.1.1734': attribute type 7 has an invalid length. [ 313.856132][T10694] netlink: 'syz.1.1734': attribute type 8 has an invalid length. [ 313.907354][T10694] netlink: 'syz.1.1734': attribute type 9 has an invalid length. [ 313.944052][T10694] netlink: 226 bytes leftover after parsing attributes in process `syz.1.1734'. [ 314.322828][T10707] netlink: 'syz.1.1739': attribute type 6 has an invalid length. [ 314.352063][T10707] netlink: 306 bytes leftover after parsing attributes in process `syz.1.1739'. [ 314.912068][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 316.172105][T10742] [U]  [ 316.811102][T10763] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1761'. [ 316.837280][T10763] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1761'. [ 317.021700][T10770] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1763'. [ 317.046836][T10770] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 317.120642][T10770] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 317.363889][T10774] Dead loop on virtual device ip6_vti0, fix it urgently! [ 317.372028][T10774] Dead loop on virtual device ip6_vti0, fix it urgently! [ 317.393235][T10774] Dead loop on virtual device ip6_vti0, fix it urgently! [ 317.476652][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.483249][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.656152][T10807] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1777'. [ 318.692125][T10807] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1777'. [ 318.715589][T10809] nbd: must specify at least one socket [ 319.063621][T10819] netlink: 'syz.4.1783': attribute type 29 has an invalid length. [ 319.087583][T10819] netlink: 'syz.4.1783': attribute type 30 has an invalid length. [ 319.104693][T10819] netlink: 'syz.4.1783': attribute type 31 has an invalid length. [ 319.127930][T10819] netlink: 'syz.4.1783': attribute type 32 has an invalid length. [ 319.143377][T10819] netlink: 'syz.4.1783': attribute type 33 has an invalid length. [ 319.171575][T10819] netlink: 'syz.4.1783': attribute type 35 has an invalid length. [ 319.213197][T10819] netlink: 'syz.4.1783': attribute type 37 has an invalid length. [ 319.222432][T10819] netlink: 18 bytes leftover after parsing attributes in process `syz.4.1783'. [ 319.612134][T10834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1787'. [ 319.632464][T10834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1787'. [ 319.811513][T10828] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 319.889401][T10828] CIFS mount error: No usable UNC path provided in device string! [ 319.889401][T10828] [ 319.889834][T10837] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1788'. [ 319.965253][T10828] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 321.003080][T10854] Invalid ELF header magic: != ELF [ 321.576445][T10866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1795'. [ 323.247685][T10889] __nla_validate_parse: 1 callbacks suppressed [ 323.247706][T10889] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1802'. [ 323.485791][T10889] geneve1: entered allmulticast mode [ 327.393873][T10944] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1819'. [ 328.014165][T10965] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1825'. [ 330.433075][T11004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1838'. [ 330.684058][T11013] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1843'. [ 330.757382][T11015] lo: entered allmulticast mode [ 330.778636][T11015] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1844'. [ 331.239358][T11014] lo: left allmulticast mode [ 331.666859][T11034] QAT: Stopping all acceleration devices. [ 333.474934][T11066] Process accounting resumed [ 334.093615][T11072] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 334.203060][T11072] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 334.243800][T11081] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1865'. [ 335.588684][T11096] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1869'. [ 335.640140][T11096] geneve1: entered allmulticast mode [ 336.640824][T11116] HSR: entered promiscuous mode [ 338.006317][T11142] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1882'. [ 338.675342][T11154] HSR: entered promiscuous mode [ 338.803312][T11150] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1884'. [ 338.870935][T11150] geneve1: entered allmulticast mode [ 341.473677][T11198] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1897'. [ 341.493827][T11198] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.544368][T11198] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.596263][T11198] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.642935][T11198] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.668137][T11198] geneve1: entered allmulticast mode [ 343.267689][T11230] delete_channel: no stack [ 343.602362][T11237] lo: entered allmulticast mode [ 343.627016][T11237] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1911'. [ 343.994923][T11236] lo: left allmulticast mode [ 344.718515][T11251] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1913'. [ 347.714229][T11285] HfR: entered promiscuous mode [ 347.799427][T11285] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1923'. [ 347.893053][T11285] HfR: left promiscuous mode [ 349.285216][T11320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1934'. [ 349.305597][T11320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1934'. [ 353.613244][T11387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1955'. [ 354.408713][T11398] Invalid ELF header magic: != ELF [ 355.801090][T11408] kexec: Could not allocate control_code_buffer [ 356.053320][T11427] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 356.075467][T11427] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 356.103978][T11427] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 356.152770][T11427] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 356.629819][T11440] netlink: 22 bytes leftover after parsing attributes in process `syz.3.1971'. [ 358.112416][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 358.118766][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 358.183630][ T5831] Bluetooth: hci4: command 0x040f tx timeout [ 358.189746][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 361.698363][T11527] [U] [ 361.701445][T11527] [U] [ 361.704153][T11527] [U] [ 361.706856][T11527] [U] [ 361.740701][T11527] [U] [ 361.743478][T11527] [U] [ 361.746207][T11527] [U] [ 361.748933][T11527] [U] [ 361.785244][T11527] [U] [ 361.788004][T11527] [U] [ 361.790734][T11527] [U] [ 361.793470][T11527] [U] [ 361.818513][T11527] [U] [ 361.821276][T11527] [U] [ 361.824015][T11527] [U] [ 361.826750][T11527] [U] [ 361.866347][T11530] [U] [ 362.423380][T11537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2002'. [ 362.483394][T11537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2002'. [ 367.527055][T11590] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2015'. [ 368.372520][T11604] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2021'. [ 369.229177][T11619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2025'. [ 369.697206][T11627] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2028'. [ 369.757479][T11629] netlink: 252 bytes leftover after parsing attributes in process `syz.2.2028'. [ 371.355054][T11645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2033'. [ 371.402107][T11645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2033'. [ 371.709911][T11650] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2034'. [ 371.867108][T11650] veth1_macvtap: left promiscuous mode [ 371.936511][T11647] svc: failed to register nfsdv3 RPC service (errno 111). [ 371.953129][T11647] svc: failed to register nfsaclv3 RPC service (errno 111). [ 375.069826][T11707] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2048'. [ 378.033024][T11729] Process accounting resumed [ 378.909208][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.915895][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.616676][T11756] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2066'. [ 380.655424][T11756] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2066'. [ 381.585210][T11766] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2068'. [ 381.650735][T11764] could not allocate digest TFM handle [ 384.843349][T11798] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2076'. [ 385.181770][T11803] Process accounting resumed [ 386.724340][T11825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2084'. [ 386.774317][T11825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2084'. [ 388.209936][T11834] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2086'. [ 390.430016][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 390.460302][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 390.483181][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 390.510775][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 390.521452][ T5831] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 390.529756][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 390.863767][T11858] chnl_net:caif_netlink_parms(): no params data found [ 391.434951][T11858] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.442273][T11858] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.472892][T11858] bridge_slave_0: entered allmulticast mode [ 391.480917][T11858] bridge_slave_0: entered promiscuous mode [ 391.513710][T11858] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.522687][T11858] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.552247][T11858] bridge_slave_1: entered allmulticast mode [ 391.564320][T11858] bridge_slave_1: entered promiscuous mode [ 391.824598][T11858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 391.856476][T11858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 392.025387][T11880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2100'. [ 392.065640][T11858] team0: Port device team_slave_0 added [ 392.076371][T11858] team0: Port device team_slave_1 added [ 392.224260][T11858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 392.252536][T11858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.320528][T11858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 392.353836][T11858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 392.361934][T11858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 392.422060][T11858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 392.496608][T11858] hsr_slave_0: entered promiscuous mode [ 392.504570][T11858] hsr_slave_1: entered promiscuous mode [ 392.510810][T11858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 392.531084][T11858] Cannot create hsr debugfs directory [ 392.583166][ T5840] Bluetooth: hci3: command tx timeout [ 392.935078][T11858] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 392.965849][T11858] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 393.003181][T11858] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 393.034395][T11858] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 393.248527][T11858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 393.302305][T11858] 8021q: adding VLAN 0 to HW filter on device team0 [ 393.349114][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.356305][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 393.388696][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.395883][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 393.436552][T11858] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 393.447256][T11858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 393.816022][T11858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 393.960060][T11913] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2108'. [ 394.398853][T11858] veth0_vlan: entered promiscuous mode [ 394.412845][T11858] veth1_vlan: entered promiscuous mode [ 394.437512][T11858] veth0_macvtap: entered promiscuous mode [ 394.446960][T11858] veth1_macvtap: entered promiscuous mode [ 394.461271][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.472003][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.482296][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.493346][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.503572][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.514167][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.524708][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.535769][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.545709][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.556225][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.567907][T11858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 394.580221][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.590997][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.601134][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.611881][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.621936][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.633234][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.643639][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.654152][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.665425][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.675959][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.686139][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.695120][ T5840] Bluetooth: hci3: command tx timeout [ 394.696874][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.714745][T11858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 394.845943][T11858] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.854876][T11858] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.863865][T11858] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.872653][T11858] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.070876][T11928] openvswitch: HSR: Dropping previously announced user features [ 395.103154][T11933] netlink: 'syz.4.2110': attribute type 4 has an invalid length. [ 395.119378][ T1115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.143314][ T1115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.244852][ T1159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.261545][ T1159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.273424][T11935] delete_channel: no stack [ 395.475334][T11939] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2094'. [ 395.781478][T11945] Invalid ELF header magic: != ELF [ 396.368799][T11951] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2117'. [ 396.743287][ T5840] Bluetooth: hci3: command tx timeout [ 397.005343][T11961] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2121'. [ 398.695278][T11984] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 398.706114][T11984] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 398.824276][ T5840] Bluetooth: hci3: command tx timeout [ 399.242905][T11995] kernel read not supported for file /#)-\&[} (pid: 11995 comm: syz.2.2131) [ 399.263066][ T29] audit: type=1800 audit(4294967339.360:6): pid=11995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2131" name="#)-\&[}" dev="mqueue" ino=33067 res=0 errno=0 [ 399.358210][T11994] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2130'. [ 399.592290][T12000] [U] [ 399.595055][T12000] [U] [ 399.597785][T12000] [U] [ 399.600515][T12000] [U] [ 399.605570][T12000] [U] [ 399.608315][T12000] [U] [ 399.611033][T12000] [U] [ 399.613752][T12000] [U] [ 399.616914][T12000] [U] [ 399.619658][T12000] [U] [ 399.622388][T12000] [U] [ 399.625122][T12000] [U] [ 399.628555][T12000] [U] [ 399.631290][T12000] [U] [ 399.634010][T12000] [U] [ 399.636732][T12000] [U] [ 399.640536][T12000] [U] [ 399.643273][T12000] [U] [ 399.646001][T12000] [U] [ 399.648718][T12000] [U] [ 399.652518][T12000] [U] [ 399.655298][T12000] [U] [ 399.658024][T12000] [U] [ 399.660748][T12000] [U] [ 399.664523][T12000] [U] [ 399.667261][T12000] [U] [ 399.669977][T12000] [U] [ 399.672680][T12000] [U] [ 399.676162][T12000] [U] [ 399.678880][T12000] [U] [ 399.681580][T12000] [U] [ 399.684280][T12000] [U] [ 399.687624][T12000] [U] [ 399.690354][T12000] [U] [ 399.693084][T12000] [U] [ 399.695823][T12000] [U] [ 399.699286][T12000] [U] [ 399.702034][T12000] [U] [ 399.704745][T12000] [U] [ 399.707454][T12000] [U] [ 399.710766][T12000] [U] [ 399.713506][T12000] [U] [ 399.716236][T12000] [U] [ 399.719001][T12000] [U] [ 399.722349][T12000] [U] [ 399.725089][T12000] [U] [ 399.727810][T12000] [U] [ 399.730529][T12000] [U] [ 399.733877][T12000] [U] [ 399.736625][T12000] [U] [ 399.739355][T12000] [U] [ 399.742068][T12000] [U] [ 399.745595][T12000] [U] [ 399.748316][T12000] [U] [ 399.751037][T12000] [U] [ 399.753758][T12000] [U] [ 399.758724][T12000] [U] [ 399.761458][T12000] [U] [ 399.764179][T12000] [U] [ 399.766891][T12000] [U] [ 399.769951][T12000] [U] [ 399.772671][T12000] [U] [ 399.775392][T12000] [U] [ 399.778107][T12000] [U] [ 399.781201][T12000] [U] [ 399.783938][T12000] [U] [ 399.786654][T12000] [U] [ 399.789376][T12000] [U] [ 399.792632][T12000] [U] [ 399.795368][T12000] [U] [ 399.798087][T12000] [U] [ 399.800809][T12000] [U] [ 399.804297][T12000] [U] [ 399.807031][T12000] [U] [ 399.809749][T12000] [U] [ 399.812466][T12000] [U] [ 399.816104][T12000] [U] [ 399.818940][T12000] [U] [ 399.821665][T12000] [U] [ 399.824378][T12000] [U] [ 399.827758][T12000] [U] [ 399.830496][T12000] [U] [ 399.833219][T12000] [U] [ 399.835955][T12000] [U] [ 399.839056][T12000] [U] [ 399.841784][T12000] [U] [ 399.844508][T12000] [U] [ 399.847235][T12000] [U] [ 399.850897][T12000] [U] [ 399.853631][T12000] [U] [ 399.856353][T12000] [U] [ 399.859073][T12000] [U] [ 399.862695][T12000] [U] [ 399.865430][T12000] [U] [ 399.868154][T12000] [U] [ 399.870874][T12000] [U] [ 399.874039][T12000] [U] [ 399.876777][T12000] [U] [ 399.879499][T12000] [U] [ 399.882219][T12000] [U] [ 399.885269][T12000] [U] [ 399.887997][T12000] [U] [ 399.890716][T12000] [U] [ 399.893435][T12000] [U] [ 399.896548][T12000] [U] [ 399.899272][T12000] [U] [ 399.901990][T12000] [U] [ 399.904709][T12000] [U] [ 399.907971][T12000] [U] [ 399.910693][T12000] [U] [ 399.913409][T12000] [U] [ 399.916119][T12000] [U] [ 399.919710][T12000] [U] [ 399.922445][T12000] [U] [ 399.925170][T12000] [U] [ 399.927887][T12000] [U] [ 399.930936][T12000] [U] [ 399.933649][T12000] [U] [ 399.936346][T12000] [U] [ 399.939039][T12000] [U] [ 399.999105][T11999] [U] [ 400.241272][T12008] HSR: entered promiscuous mode [ 400.405546][T12013] delete_channel: no stack [ 401.132507][T12028] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2140'. [ 401.627648][T12034] kernel read not supported for file /#)-\&[} (pid: 12034 comm: syz.5.2142) [ 401.695947][ T29] audit: type=1800 audit(4294967341.800:7): pid=12034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2142" name="#)-\&[}" dev="mqueue" ino=32487 res=0 errno=0 [ 402.177484][T12041] [U] [ 402.180243][T12041] [U] [ 402.182958][T12041] [U] [ 402.185677][T12041] [U] [ 402.214888][T12041] [U] [ 402.217658][T12041] [U] [ 402.220403][T12041] [U] [ 402.223132][T12041] [U] [ 402.233093][T12041] [U] [ 402.235842][T12041] [U] [ 402.238570][T12041] [U] [ 402.241298][T12041] [U] [ 402.256156][T12041] [U] [ 402.258921][T12041] [U] [ 402.261643][T12041] [U] [ 402.264376][T12041] [U] [ 402.281435][ T29] audit: type=1800 audit(4294967342.380:8): pid=12043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2145" name="lu_gp_id" dev="configfs" ino=33175 res=0 errno=0 [ 402.288300][T12041] [U] [ 402.304444][T12041] [U] [ 402.307165][T12041] [U] [ 402.309890][T12041] [U] [ 402.346300][T12041] [U] [ 402.349059][T12041] [U] [ 402.351776][T12041] [U] [ 402.354492][T12041] [U] [ 402.359907][T12041] [U] [ 402.362645][T12041] [U] [ 402.365369][T12041] [U] [ 402.368090][T12041] [U] [ 402.372669][T12041] [U] [ 402.375431][T12041] [U] [ 402.378154][T12041] [U] [ 402.380876][T12041] [U] [ 402.388514][T12041] [U] [ 402.391257][T12041] [U] [ 402.393983][T12041] [U] [ 402.396710][T12041] [U] [ 402.417562][T12041] [U] [ 402.420301][T12041] [U] [ 402.423007][T12041] [U] [ 402.425703][T12041] [U] [ 402.448042][T12041] [U] [ 402.450801][T12041] [U] [ 402.453529][T12041] [U] [ 402.456250][T12041] [U] [ 402.482425][T12041] [U] [ 402.485188][T12041] [U] [ 402.487918][T12041] [U] [ 402.490648][T12041] [U] [ 402.561654][T12041] [U] [ 402.564426][T12041] [U] [ 402.567150][T12041] [U] [ 402.569879][T12041] [U] [ 402.600707][T12041] [U] [ 402.603470][T12041] [U] [ 402.606202][T12041] [U] [ 402.608928][T12041] [U] [ 402.639713][T12041] [U] [ 402.642479][T12041] [U] [ 402.645207][T12041] [U] [ 402.647933][T12041] [U] [ 402.656099][T12041] [U] [ 402.658844][T12041] [U] [ 402.661560][T12041] [U] [ 402.664280][T12041] [U] [ 402.673592][T12041] [U] [ 402.676347][T12041] [U] [ 402.679066][T12041] [U] [ 402.681784][T12041] [U] [ 402.685961][T12041] [U] [ 402.688712][T12041] [U] [ 402.691436][T12041] [U] [ 402.694157][T12041] [U] [ 402.698131][T12041] [U] [ 402.700876][T12041] [U] [ 402.703603][T12041] [U] [ 402.706336][T12041] [U] [ 402.719139][T12041] [U] [ 402.721899][T12041] [U] [ 402.724621][T12041] [U] [ 402.727350][T12041] [U] [ 402.730374][T12041] [U] [ 402.733101][T12041] [U] [ 402.735819][T12041] [U] [ 402.738532][T12041] [U] [ 402.764861][T12041] [U] [ 402.767629][T12041] [U] [ 402.770361][T12041] [U] [ 402.773083][T12041] [U] [ 402.778852][T12051] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2156'. [ 402.783226][T12041] [U] [ 402.790467][T12041] [U] [ 402.793176][T12041] [U] [ 402.795874][T12041] [U] [ 402.801061][T12041] [U] [ 402.803810][T12041] [U] [ 402.806531][T12041] [U] [ 402.809234][T12041] [U] [ 402.812219][T12041] [U] [ 402.814939][T12041] [U] [ 402.817644][T12041] [U] [ 402.820347][T12041] [U] [ 402.826980][T12041] [U] [ 402.829712][T12041] [U] [ 402.832413][T12041] [U] [ 402.835111][T12041] [U] [ 402.838074][T12041] [U] [ 402.840800][T12041] [U] [ 402.843517][T12041] [U] [ 402.846239][T12041] [U] [ 402.853300][T12041] [U] [ 402.856028][T12041] [U] [ 402.858727][T12041] [U] [ 402.861422][T12041] [U] [ 402.872855][T12041] [U] [ 402.875602][T12041] [U] [ 402.878329][T12041] [U] [ 402.881069][T12041] [U] [ 402.903755][T12041] [U] [ 402.906514][T12041] [U] [ 402.909241][T12041] [U] [ 402.911963][T12041] [U] [ 402.997922][T12040] [U] [ 403.978408][T12080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2159'. [ 403.999055][T12080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2159'. [ 405.833591][T12107] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 405.892946][T12107] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 406.294959][T12095] kexec: Could not allocate control_code_buffer [ 407.058396][T12128] Invalid ELF header magic: != ELF [ 407.621119][T12134] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2177'. [ 408.875908][T12161] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2186'. [ 410.736716][T12195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2195'. [ 410.782993][T12195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2195'. [ 413.867329][T12223] HfR: entered promiscuous mode [ 413.938444][T12223] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2202'. [ 413.998988][T12223] HfR: left promiscuous mode [ 418.983977][T12284] binder: 12283:12284 ioctl 40044900 800000000000003 returned -22 [ 420.788003][T12307] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2226'. [ 421.042006][T12310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2227'. [ 421.373811][T12310] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 421.398363][T12310] bond0 (unregistering): Released all slaves [ 422.269214][T12330] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[12330] [ 422.544218][T12335] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 422.612921][T12335] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 424.224483][T12361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2243'. [ 424.752383][T12374] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2248'. [ 424.797174][T12374] mac80211_hwsim hwsim7 ›: renamed from wlan0 (while UP) [ 425.410365][T12382] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2251'. [ 426.513222][T12412] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2258'. [ 428.309010][T12430] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 428.403994][T12430] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 428.502953][T12427] ptrace attach of "./syz-executor exec"[6656] was attempted by "./syz-executor exec"[12427] [ 429.937495][T12448] HfR: entered promiscuous mode [ 429.999510][T12448] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2267'. [ 430.019885][T12448] HfR: left promiscuous mode [ 431.143870][T12473] [U] [ 431.146639][T12473] [U] [ 431.149377][T12473] [U] [ 431.152103][T12473] [U] [ 431.179921][T12473] [U] [ 431.182689][T12473] [U] [ 431.185427][T12473] [U] [ 431.188150][T12473] [U] [ 431.244399][T12473] [U] [ 431.247167][T12473] [U] [ 431.249900][T12473] [U] [ 431.252633][T12473] [U] [ 431.333104][T12480] [U] [ 431.610064][T12483] serio: Serial port ptm0 [ 435.023829][T12495] Invalid ELF header magic: != ELF [ 435.505800][T12524] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 435.536008][T12524] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 437.424938][T12557] netlink: 'syz.2.2297': attribute type 2 has an invalid length. [ 438.369240][T12573] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2301'. [ 440.364618][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.371448][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.012680][T12593] binder: 12592:12593 ioctl 40044900 800000000000003 returned -22 [ 441.242251][T12597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2308'. [ 441.483340][ T29] audit: type=1326 audit(4294967381.550:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12594 comm="syz.4.2307" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd251185d29 code=0x0 [ 443.318716][ T29] audit: type=1800 audit(4294967383.420:10): pid=12630 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2325" name="members" dev="configfs" ino=35977 res=0 errno=0 [ 444.772436][T12648] netlink: 326 bytes leftover after parsing attributes in process `syz.5.2330'. [ 444.835276][T12648] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.843787][T12648] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.940356][T12715] netlink: 'syz.2.2350': attribute type 1 has an invalid length. [ 448.008148][T12715] nbd: error processing sock list [ 455.398046][T12788] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2363'. [ 456.069964][T12794] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 456.094059][T12794] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 459.276079][T12844] Process accounting resumed [ 459.301408][T12846] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2381'. [ 460.836341][T12869] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2388'. [ 460.993108][T12866] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2388'. [ 463.663207][T12907] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 463.681825][T12907] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 464.701221][ T29] audit: type=1326 audit(4294967404.800:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12921 comm="syz.3.2404" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f397e985d29 code=0x0 [ 465.593783][T12940] openvswitch: HfR: Dropping previously announced user features [ 466.373897][T12949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2410'. [ 466.423548][T12949] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2410'. [ 467.354220][ T29] audit: type=1326 audit(4294967407.460:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12958 comm="syz.2.2414" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0996385d29 code=0x0 [ 467.827534][T12972] HfR: entered promiscuous mode [ 467.852550][T12972] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2427'. [ 467.885675][T12972] HfR: left promiscuous mode [ 467.977104][T12976] tipc: Started in network mode [ 467.982063][T12976] tipc: Node identity ffffffff, cluster identity 4711 [ 467.990222][T12976] tipc: Node number set to 4294967295 [ 468.869366][T12995] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2426'. [ 469.157632][T12995] bond0: (slave bond_slave_1): Releasing backup interface [ 470.289083][T13012] can0: slcan on ptm0. [ 470.403276][T13011] can0 (unregistered): slcan off ptm0. [ 470.510073][T13015] HfR: entered promiscuous mode [ 470.555155][T13015] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2432'. [ 470.583027][T13015] HfR: left promiscuous mode [ 470.753700][T13033] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2435'. [ 470.914045][T13033] team0: Port device team_slave_0 removed [ 471.363628][T13047] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2436'. [ 472.072959][T13061] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 472.093647][T13061] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 473.594501][ T29] audit: type=1326 audit(4295164021.702:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13087 comm="syz.2.2446" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0996385d29 code=0x0 [ 481.906261][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 481.919147][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 481.959877][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 482.028732][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 482.036890][ T5831] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 482.044721][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 482.271975][T13106] chnl_net:caif_netlink_parms(): no params data found [ 482.458166][T13106] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.483938][T13106] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.511700][T13106] bridge_slave_0: entered allmulticast mode [ 482.525655][T13106] bridge_slave_0: entered promiscuous mode [ 482.539290][T13115] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2453'. [ 482.543421][T13106] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.563207][T13106] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.570670][T13106] bridge_slave_1: entered allmulticast mode [ 482.577916][T13106] bridge_slave_1: entered promiscuous mode [ 482.714666][T13115] team0: Port device team_slave_1 removed [ 482.761868][T13106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 482.894272][T13106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 483.048227][T13106] team0: Port device team_slave_0 added [ 483.065867][T13106] team0: Port device team_slave_1 added [ 483.133460][T13106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 483.160787][T13106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.201117][T13106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 483.213358][T13133] ima: policy update failed [ 483.214124][T13106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 483.225153][T13106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.251573][T13106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 483.253100][ T29] audit: type=1802 audit(4295164031.322:14): pid=13133 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.2457" res=0 errno=0 [ 483.493590][T13106] hsr_slave_0: entered promiscuous mode [ 483.530269][T13106] hsr_slave_1: entered promiscuous mode [ 483.556057][T13106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 483.593841][T13106] Cannot create hsr debugfs directory [ 484.103428][ T5840] Bluetooth: hci5: command tx timeout [ 484.204653][T13106] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 484.253995][T13106] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 484.278954][T13106] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 484.312144][T13106] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 484.362145][T13152] syz.3.2460 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 484.963001][T13106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.997299][T13106] 8021q: adding VLAN 0 to HW filter on device team0 [ 485.040925][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 485.048102][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 485.097752][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 485.104968][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 485.690587][T13106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 486.003272][T13173] ptrace attach of "./syz-executor exec"[11858] was attempted by "./syz-executor exec"[13173] [ 486.122297][T13106] veth0_vlan: entered promiscuous mode [ 486.158484][T13106] veth1_vlan: entered promiscuous mode [ 486.183427][ T5840] Bluetooth: hci5: command tx timeout [ 486.422312][T13106] veth0_macvtap: entered promiscuous mode [ 486.460529][T13106] veth1_macvtap: entered promiscuous mode [ 486.517635][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.542536][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.580011][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.601189][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.626656][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.648402][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.671476][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.692864][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.714953][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.733160][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.752857][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 486.773072][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.797909][T13106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.849993][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.867032][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.877021][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.888215][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.898133][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.908854][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.918762][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.929351][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.939341][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.949867][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.959888][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.970589][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 486.980818][T13106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 486.993212][T13106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.004574][T13106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 487.024896][T13106] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.033926][T13106] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.042690][T13106] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.051612][T13106] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.271525][ T1115] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.302249][ T1115] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.451615][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.491526][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 488.240665][ T29] audit: type=1326 audit(4295164036.342:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.3.2472" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f397e985d29 code=0x0 [ 488.263297][ T5840] Bluetooth: hci5: command tx timeout [ 490.343295][ T5840] Bluetooth: hci5: command tx timeout [ 491.103131][T13253] Invalid ELF header magic: != ELF [ 491.513692][T13263] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2482'. [ 491.569223][T13263] veth1_macvtap: left promiscuous mode [ 491.588591][T13263] macsec0: entered allmulticast mode [ 500.675029][T13386] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2514'. [ 500.697031][T13386] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 500.776524][T13390] netlink: 'syz.3.2514': attribute type 46 has an invalid length. [ 500.898711][T13386] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 501.785676][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.795706][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.177361][ T29] audit: type=1326 audit(8277292042.560:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13470 comm="syz.5.2534" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c96f85d29 code=0x0 [ 507.697754][ T29] audit: type=1326 audit(8277292043.090:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13475 comm="syz.6.2535" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bc0f85d29 code=0x0 [ 508.184684][T13491] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2540'. [ 508.292080][T13491] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 508.969271][T13509] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2545'. [ 509.003003][ T29] audit: type=1326 audit(8277292044.390:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13497 comm="syz.5.2542" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c96f85d29 code=0x0 [ 509.044275][T13499] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2541'. [ 509.309052][T13499] team0: Port device team_slave_1 removed [ 511.483333][T13543] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2554'. [ 511.513043][T13543] bridge_slave_1: left allmulticast mode [ 511.518778][T13543] bridge_slave_1: left promiscuous mode [ 511.525271][T13543] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.565271][T13543] bridge_slave_0: left allmulticast mode [ 511.571047][T13543] bridge_slave_0: left promiscuous mode [ 511.593179][T13543] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.576046][T13561] Invalid ELF header magic: != ELF [ 512.696207][ T29] audit: type=1326 audit(8277292048.090:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13556 comm="syz.3.2558" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f397e985d29 code=0x0 [ 513.547022][T13572] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2562'. [ 513.577209][T13572] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 514.105256][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 515.911942][ T29] audit: type=1326 audit(8277292051.300:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13602 comm="syz.5.2569" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c96f85d29 code=0x0 [ 516.585650][T13608] Process accounting resumed [ 518.520712][T13645] can0: slcan on ptm0. [ 518.674278][T13644] can0 (unregistered): slcan off ptm0. [ 519.107411][T13670] [U] [ 519.110177][T13670] [U] [ 519.112900][T13670] [U] [ 519.115639][T13670] [U] [ 519.133146][T13670] [U] [ 519.135921][T13670] [U] [ 519.138641][T13670] [U] [ 519.141361][T13670] [U] [ 519.151093][T13670] [U] [ 519.153849][T13670] [U] [ 519.156577][T13670] [U] [ 519.159303][T13670] [U] [ 519.187221][T13670] [U] [ 519.189987][T13670] [U] [ 519.192721][T13670] [U] [ 519.195445][T13670] [U] [ 519.223440][T13670] [U] [ 519.226200][T13670] [U] [ 519.228929][T13670] [U] [ 519.231655][T13670] [U] [ 519.235440][T13670] [U] [ 519.238180][T13670] [U] [ 519.240907][T13670] [U] [ 519.243636][T13670] [U] [ 519.253188][T13670] [U] [ 519.255893][T13670] [U] [ 519.258575][T13670] [U] [ 519.261282][T13670] [U] [ 519.293202][T13670] [U] [ 519.295977][T13670] [U] [ 519.298704][T13670] [U] [ 519.301427][T13670] [U] [ 519.313984][T13670] [U] [ 519.316753][T13670] [U] [ 519.319487][T13670] [U] [ 519.322206][T13670] [U] [ 519.404696][T13670] [U] [ 519.407466][T13670] [U] [ 519.410191][T13670] [U] [ 519.412915][T13670] [U] [ 519.458708][T13670] [U] [ 519.461469][T13670] [U] [ 519.464221][T13670] [U] [ 519.466943][T13670] [U] [ 519.493208][T13670] [U] [ 519.495978][T13670] [U] [ 519.498715][T13670] [U] [ 519.501442][T13670] [U] [ 519.536502][T13670] [U] [ 519.539276][T13670] [U] [ 519.542004][T13670] [U] [ 519.544724][T13670] [U] [ 519.583581][T13670] [U] [ 519.583629][T13670] [U] [ 519.583669][T13670] [U] [ 519.583708][T13670] [U] [ 519.583998][T13670] [U] [ 519.584037][T13670] [U] [ 519.584076][T13670] [U] [ 519.584114][T13670] [U] [ 519.584295][T13670] [U] [ 519.584328][T13670] [U] [ 519.610999][T13670] [U] [ 519.613696][T13670] [U] [ 519.664603][T13670] [U] [ 519.667359][T13670] [U] [ 519.670075][T13670] [U] [ 519.672797][T13670] [U] [ 519.763470][T13670] [U] [ 519.766241][T13670] [U] [ 519.768989][T13670] [U] [ 519.771718][T13670] [U] [ 519.803595][T13670] [U] [ 519.806354][T13670] [U] [ 519.809086][T13670] [U] [ 519.811800][T13670] [U] [ 519.848648][T13681] serio: Serial port ptm0 [ 519.859736][T13670] [U] [ 519.862487][T13670] [U] [ 519.865213][T13670] [U] [ 519.867939][T13670] [U] [ 519.913797][T13670] [U] [ 519.916561][T13670] [U] [ 519.919293][T13670] [U] [ 519.922017][T13670] [U] [ 519.981229][T13670] [U] [ 519.983992][T13670] [U] [ 519.986725][T13670] [U] [ 519.989450][T13670] [U] [ 520.057438][T13670] [U] [ 520.060210][T13670] [U] [ 520.064473][T13670] [U] [ 520.064513][T13670] [U] [ 520.113966][T13670] [U] [ 520.370248][T13698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2590'. [ 520.823923][ T29] audit: type=1326 audit(8277292056.220:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13703 comm="syz.6.2592" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bc0f85d29 code=0x0 [ 521.040130][T13646] Invalid ELF header magic: != ELF [ 521.809197][T13723] HfR: entered promiscuous mode [ 521.843906][T13723] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2598'. [ 521.873678][T13723] HfR: left promiscuous mode [ 522.587291][T13737] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2601'. [ 523.006355][T13739] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2602'. [ 523.696496][T13761] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2610'. [ 523.716175][T13761] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 527.108106][ T29] audit: type=1326 audit(8277292062.500:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13820 comm="syz.5.2627" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c96f85d29 code=0x0 [ 527.957767][T13833] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2631'. [ 528.137598][ T29] audit: type=1326 audit(8277292063.530:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.6.2630" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bc0f85d29 code=0x0 [ 531.370287][T13909] netlink: 322 bytes leftover after parsing attributes in process `syz.5.2649'. [ 531.379965][T13909] bond0: entered promiscuous mode [ 531.386770][T13909] bond_slave_0: entered promiscuous mode [ 531.393232][T13909] bond0: entered allmulticast mode [ 531.398461][T13909] bond_slave_0: entered allmulticast mode [ 533.803904][ T29] audit: type=1326 audit(8277292069.200:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13938 comm="syz.2.2658" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0996385d29 code=0x0 [ 535.242959][ T29] audit: type=1326 audit(8277292070.630:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13967 comm="syz.6.2666" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bc0f85d29 code=0x0 [ 537.956621][T14004] can0: slcan on pty48. [ 538.063332][T14004] can0 (unregistered): slcan off pty48. [ 538.220665][ T5831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 538.230164][ T5831] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 538.250881][ T5831] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 538.289893][ T5831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 538.299897][ T5831] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 538.308916][ T5831] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 538.536119][T13994] kexec: Could not allocate control_code_buffer [ 538.603173][T14014] vivid-013: ================= START STATUS ================= [ 538.611547][T14014] vivid-013: Generate PTS: true [ 538.616887][T14014] vivid-013: Generate SCR: true [ 538.621931][T14014] tpg source WxH: 640x360 (Y'CbCr) [ 538.627399][T14014] tpg field: 1 [ 538.630799][T14014] tpg crop: 640x360@0x0 [ 538.635278][T14014] tpg compose: 640x360@0x0 [ 538.639722][T14014] tpg colorspace: 8 [ 538.643857][T14014] tpg transfer function: 0/0 [ 538.648784][T14014] tpg Y'CbCr encoding: 0/0 [ 538.653456][T14014] tpg quantization: 0/0 [ 538.657630][T14014] tpg RGB range: 0/2 [ 538.663303][T14014] vivid-013: ================== END STATUS ================== [ 538.866141][T14005] chnl_net:caif_netlink_parms(): no params data found [ 539.134599][T14005] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.141733][T14005] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.170024][T14005] bridge_slave_0: entered allmulticast mode [ 539.187625][T14005] bridge_slave_0: entered promiscuous mode [ 539.214463][T14005] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.225961][T14005] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.233650][T14005] bridge_slave_1: entered allmulticast mode [ 539.240997][T14005] bridge_slave_1: entered promiscuous mode [ 539.334807][T14005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.392232][T14005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 539.477540][T14005] team0: Port device team_slave_0 added [ 539.496151][T14005] team0: Port device team_slave_1 added [ 539.566699][T14005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.590685][T14005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.682961][T14005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.709631][T14005] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.716858][T14005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.743681][T14005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.934971][T14005] hsr_slave_0: entered promiscuous mode [ 539.989549][T14005] hsr_slave_1: entered promiscuous mode [ 540.030850][T14005] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 540.072919][T14005] Cannot create hsr debugfs directory [ 540.342981][ T5840] Bluetooth: hci6: command tx timeout [ 540.640014][T14005] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 540.708869][T14005] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 540.745846][T14005] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 540.785624][T14005] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 540.907866][ T29] audit: type=1326 audit(8277292076.290:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14053 comm="syz.2.2688" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0996385d29 code=0x0 [ 540.981205][T14005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.037384][T14005] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.069131][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.076311][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.122632][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.129800][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.231206][T14005] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 541.255996][T14005] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 541.627164][T14005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.290105][T14005] veth0_vlan: entered promiscuous mode [ 542.329281][T14005] veth1_vlan: entered promiscuous mode [ 542.423210][ T5840] Bluetooth: hci6: command tx timeout [ 542.425769][T14005] veth0_macvtap: entered promiscuous mode [ 542.450232][T14005] veth1_macvtap: entered promiscuous mode [ 542.529619][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.565786][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.596218][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.617196][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.642837][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.676655][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.702856][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.733005][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.762911][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.800789][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.832967][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.855727][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.877264][T14005] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.915818][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.942869][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.966073][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.983604][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.004869][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.033240][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.052967][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.072935][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.103044][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.132931][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.163391][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.202906][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.218166][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.242895][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.272860][T14005] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.302891][T14005] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.332935][T14005] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 543.388058][T14005] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.433005][T14005] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.441776][T14005] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.474504][T14005] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.633706][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.651779][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.720378][ T3478] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.738149][ T3478] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.169152][ T29] audit: type=1326 audit(8277292079.560:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14092 comm="syz.2.2695" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0996385d29 code=0x0 [ 544.513086][ T5840] Bluetooth: hci6: command tx timeout [ 544.689528][T14117] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2702'. [ 546.586385][ T5840] Bluetooth: hci6: command tx timeout [ 546.817403][ T29] audit: type=1326 audit(8277292082.210:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14140 comm="syz.5.2708" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c96f85d29 code=0x0 [ 547.253466][T14150] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2710'. [ 547.283041][T14150] mac80211_hwsim hwsim37 wlan0: entered promiscuous mode [ 547.290704][T14150] mac80211_hwsim hwsim37 wlan0: entered allmulticast mode [ 547.448098][T14153] Invalid ELF header magic: != ELF [ 547.812318][T14158] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2712'. [ 547.988180][T14158] team_slave_0: entered allmulticast mode [ 548.050121][T14154] Process accounting paused [ 550.452552][T14190] delete_channel: no stack [ 551.045373][ T29] audit: type=1804 audit(8277292086.420:29): pid=14209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2727" name="/newroot/sys/kernel/tracing/free_buffer" dev="tracefs" ino=1242 res=1 errno=0 [ 552.373013][T14221] Process accounting resumed [ 552.420298][T14221] bridge0: port 3(team0) entered blocking state [ 552.431420][T14221] bridge0: port 3(team0) entered disabled state [ 552.438000][T14221] team0: entered allmulticast mode [ 552.443373][T14221] team_slave_0: entered allmulticast mode [ 552.449129][T14221] team_slave_1: entered allmulticast mode [ 552.456455][T14221] team0: entered promiscuous mode [ 552.461521][T14221] team_slave_0: entered promiscuous mode [ 552.467731][T14221] team_slave_1: entered promiscuous mode [ 552.478416][T14219] HfR: entered promiscuous mode [ 552.492702][T14219] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2730'. [ 552.503226][T14219] HfR: left promiscuous mode [ 552.953087][T14216] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2729'. [ 553.408836][T14245] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2736'. [ 553.429216][T14240] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2734'. [ 558.950481][T14316] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2753'. [ 561.148039][T14342] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2759'. [ 562.002435][ T29] audit: type=1800 audit(8277292097.390:30): pid=14361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2765" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 563.201392][ T29] audit: type=1800 audit(8277292098.570:31): pid=14378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2762" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 563.227087][T11706] svc: failed to register nfsdv3 RPC service (errno 512). [ 563.236512][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.243014][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.261374][T11706] svc: failed to register nfsaclv3 RPC service (errno 512). [ 563.691269][T14383] [U] [ 563.694039][T14383] [U] [ 563.696766][T14383] [U] [ 563.699489][T14383] [U] [ 563.736846][T14383] [U] [ 563.739606][T14383] [U] [ 563.742337][T14383] [U] [ 563.745065][T14383] [U] [ 563.793310][T14383] [U] [ 563.796075][T14383] [U] [ 563.798793][T14383] [U] [ 563.801517][T14383] [U] [ 563.823233][T14383] [U] [ 563.825987][T14383] [U] [ 563.828706][T14383] [U] [ 563.831429][T14383] [U] [ 563.873468][T14383] [U] [ 563.876239][T14383] [U] [ 563.878972][T14383] [U] [ 563.881697][T14383] [U] [ 563.913119][T14383] [U] [ 563.915876][T14383] [U] [ 563.918601][T14383] [U] [ 563.921323][T14383] [U] [ 563.943464][T14383] [U] [ 563.946240][T14383] [U] [ 563.948965][T14383] [U] [ 563.951685][T14383] [U] [ 563.970559][T14383] [U] [ 563.973325][T14383] [U] [ 563.976045][T14383] [U] [ 563.978769][T14383] [U] [ 563.991629][T14383] [U] [ 563.994388][T14383] [U] [ 563.997111][T14383] [U] [ 563.999835][T14383] [U] [ 564.014843][T14383] [U] [ 564.017594][T14383] [U] [ 564.020310][T14383] [U] [ 564.023030][T14383] [U] [ 564.030481][T14386] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2771'. [ 564.039892][T14383] [U] [ 564.042648][T14383] [U] [ 564.045360][T14383] [U] [ 564.048063][T14383] [U] [ 564.063138][T14383] [U] [ 564.065899][T14383] [U] [ 564.068625][T14383] [U] [ 564.071356][T14383] [U] [ 564.083242][T14383] [U] [ 564.085974][T14383] [U] [ 564.088676][T14383] [U] [ 564.091378][T14383] [U] [ 564.120310][T14383] [U] [ 564.123075][T14383] [U] [ 564.125799][T14383] [U] [ 564.128523][T14383] [U] [ 564.150643][T14383] [U] [ 564.153401][T14383] [U] [ 564.156111][T14383] [U] [ 564.158806][T14383] [U] [ 564.198261][T14383] [U] [ 564.201032][T14383] [U] [ 564.203767][T14383] [U] [ 564.206487][T14383] [U] [ 564.246570][T14383] [U] [ 564.249326][T14383] [U] [ 564.252041][T14383] [U] [ 564.254764][T14383] [U] [ 564.288924][T14383] [U] [ 564.291694][T14383] [U] [ 564.294419][T14383] [U] [ 564.297142][T14383] [U] [ 564.322541][T14383] [U] [ 564.325296][T14383] [U] [ 564.328011][T14383] [U] [ 564.330727][T14383] [U] [ 564.368219][T14383] [U] [ 564.370981][T14383] [U] [ 564.373712][T14383] [U] [ 564.376452][T14383] [U] [ 564.413187][T14383] [U] [ 564.415955][T14383] [U] [ 564.418677][T14383] [U] [ 564.421398][T14383] [U] [ 564.437216][T14383] [U] [ 564.440057][T14383] [U] [ 564.442790][T14383] [U] [ 564.445505][T14383] [U] [ 564.473303][T14383] [U] [ 564.476058][T14383] [U] [ 564.478784][T14383] [U] [ 564.481507][T14383] [U] [ 564.570207][T14383] [U] [ 566.926964][T14415] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2779'. [ 568.135317][T14436] netlink: 'syz.7.2785': attribute type 15 has an invalid length. [ 568.144830][T14436] netlink: 252 bytes leftover after parsing attributes in process `syz.7.2785'. [ 568.166415][T14436] netlink: 'syz.7.2785': attribute type 15 has an invalid length. [ 568.176462][T14436] netlink: 252 bytes leftover after parsing attributes in process `syz.7.2785'. [ 570.682307][ T1115] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 576.213002][ T29] audit: type=1326 audit(8277292111.600:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14483 comm="syz.6.2798" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bc0f85d29 code=0x0 [ 577.735792][T14507] kernel read not supported for file /#)-\&[} (pid: 14507 comm: syz.6.2804) [ 577.753150][ T29] audit: type=1804 audit(8277292113.130:33): pid=14507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2804" name="#)-\&[}" dev="mqueue" ino=46321 res=1 errno=0 [ 577.881471][ T29] audit: type=1804 audit(8277292113.250:34): pid=14509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.2804" name="#)-\&[}" dev="mqueue" ino=46321 res=1 errno=0 [ 577.993152][ T29] audit: type=1804 audit(8277292113.250:35): pid=14509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.2804" name="#)-\&[}" dev="mqueue" ino=46321 res=1 errno=0 [ 578.103446][ T29] audit: type=1800 audit(8277292113.340:36): pid=14507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2804" name="#)-\&[}" dev="mqueue" ino=46321 res=0 errno=0 [ 580.235700][ T5840] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 580.245175][ T5840] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 580.258761][ T5840] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 580.271036][ T5840] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 580.280941][ T5840] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 580.288580][ T5840] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 581.367312][T14524] chnl_net:caif_netlink_parms(): no params data found [ 581.669764][T14524] bridge0: port 1(bridge_slave_0) entered blocking state [ 581.723029][T14524] bridge0: port 1(bridge_slave_0) entered disabled state [ 581.730293][T14524] bridge_slave_0: entered allmulticast mode [ 581.768139][T14524] bridge_slave_0: entered promiscuous mode [ 581.795396][T14524] bridge0: port 2(bridge_slave_1) entered blocking state [ 581.843153][T14524] bridge0: port 2(bridge_slave_1) entered disabled state [ 581.850493][T14524] bridge_slave_1: entered allmulticast mode [ 581.884447][T14524] bridge_slave_1: entered promiscuous mode [ 582.122017][T14524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 582.154942][T14524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 582.253574][T14524] team0: Port device team_slave_0 added [ 582.287501][T14524] team0: Port device team_slave_1 added [ 582.343078][ T5831] Bluetooth: hci7: command tx timeout [ 582.373747][T14524] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 582.463029][T14524] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.503107][T14524] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 582.532990][T14524] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 582.550209][T14524] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.633092][T14524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 582.821310][T14524] hsr_slave_0: entered promiscuous mode [ 582.926283][T14524] hsr_slave_1: entered promiscuous mode [ 582.954403][T14524] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 582.991023][T14524] Cannot create hsr debugfs directory [ 583.377120][T14517] kexec: Could not allocate control_code_buffer getty: ttyS0: read error: Resource temporarily unavailable [ 584.403025][ T29] audit: type=1326 audit(8277292119.790:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14545 comm="syz.5.2813" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c96f85d29 code=0x0 [ 584.425382][ T5831] Bluetooth: hci7: command tx timeout [ 584.886140][T14524] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 584.955586][T14524] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 585.053714][T14524] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 585.057883][T14524] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 585.073499][ T5831] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 585.535367][T14524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 585.640681][T14524] 8021q: adding VLAN 0 to HW filter on device team0 [ 585.729606][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.736767][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 585.793872][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.800999][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.079454][T14567] kfence: disabled [ 586.506800][ T5831] Bluetooth: hci7: command tx timeout [ 586.682569][T14524] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 587.325031][T14524] veth0_vlan: entered promiscuous mode [ 587.366027][T14524] veth1_vlan: entered promiscuous mode [ 587.444448][T14524] veth0_macvtap: entered promiscuous mode [ 587.475009][T14524] veth1_macvtap: entered promiscuous mode [ 587.514967][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.533196][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.567131][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.592181][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.617634][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.643314][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.669333][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.697999][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.722925][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.748379][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.771662][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.804865][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.827378][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.848355][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.873827][T14524] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 587.901494][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.934842][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.967349][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.992734][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.023548][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.051762][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.080075][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.106406][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.131974][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.162216][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.193133][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.215078][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.239519][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.267033][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.313025][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.353462][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.385234][T14524] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 588.412124][T14524] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 588.453933][T14524] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 588.486148][T14524] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.512970][T14524] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.533822][T14524] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.553544][T14524] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.583021][ T5831] Bluetooth: hci7: command tx timeout [ 588.922189][ T1159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.963189][ T1159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.059285][ T3478] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.113001][ T3478] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 592.224808][T14635] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2832'. [ 592.268666][T14637] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2833'. [ 592.273238][T14635] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 592.713466][T14643] lo: entered allmulticast mode [ 592.730590][T14643] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2835'. [ 592.735745][T14641] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2834'. [ 593.457776][T14642] lo: left allmulticast mode [ 593.467646][T14650] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 593.517026][T14650] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 594.101754][T14660] capability: warning: `syz.8.2840' uses 32-bit capabilities (legacy support in use) [ 594.497622][T14669] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2843'. [ 594.847552][T14673] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2844'. syzkaller syzkaller login: [ 595.177434][T14654] Invalid ELF header magic: != ELF [ 596.588473][ T35] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 597.054723][T14687] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2848'. [ 597.144040][T14687] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2848'. [ 604.868408][T14758] netlink: 330 bytes leftover after parsing attributes in process `syz.6.2869'. [ 606.265744][ T5840] Bluetooth: hci5: command 0x0406 tx timeout [ 607.124403][T14782] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2875'. [ 608.065026][ T29] audit: type=1326 audit(8277292143.440:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14789 comm="syz.5.2878" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8c96f85d29 code=0x0 [ 608.086691][ C1] vkms_vblank_simulate: vblank timer overrun [ 609.390178][T14796] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2879'. [ 609.590062][T14801] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2880'. [ 617.106903][T14849] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2892'. [ 617.624185][ T30] INFO: task syz-executor:6656 blocked for more than 143 seconds. [ 617.632177][ T30] Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 617.660352][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 617.673046][ T30] task:syz-executor state:D stack:23632 pid:6656 tgid:6656 ppid:1 flags:0x00004004 [ 617.703475][ T30] Call Trace: [ 617.706813][ T30] [ 617.709768][ T30] __schedule+0xe58/0x5ad0 [ 617.785000][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 617.790325][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 617.838154][ T30] ? __pfx___schedule+0x10/0x10 [ 617.866696][ T30] ? schedule+0x298/0x350 [ 617.871132][ T30] ? __pfx_lock_release+0x10/0x10 [ 617.912927][ T30] ? lock_acquire+0x2f/0xb0 [ 617.917508][ T30] ? schedule+0x1fd/0x350 [ 617.921906][ T30] schedule+0xe7/0x350 [ 617.958921][ T30] schedule_preempt_disabled+0x13/0x30 [ 618.002882][ T30] __mutex_lock+0x62b/0xa60 [ 618.007464][ T30] ? nfsd_shutdown_threads+0x5b/0xf0 [ 618.032947][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 618.038103][ T30] ? __pfx_lock_release+0x10/0x10 [ 618.102880][ T30] ? nfsd_shutdown_threads+0x5b/0xf0 [ 618.108246][ T30] nfsd_shutdown_threads+0x5b/0xf0 [ 618.132895][ T30] nfsd_umount+0x48/0xe0 [ 618.137542][ T30] deactivate_locked_super+0xbe/0x1a0 [ 618.167433][ T30] deactivate_super+0xde/0x100 [ 618.172305][ T30] cleanup_mnt+0x222/0x450 [ 618.202974][ T30] task_work_run+0x14e/0x250 [ 618.207659][ T30] ? __pfx_task_work_run+0x10/0x10 [ 618.233042][ T30] syscall_exit_to_user_mode+0x27b/0x2a0 [ 618.266262][ T30] do_syscall_64+0xda/0x250 [ 618.270878][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.312897][ T30] RIP: 0033:0x7fd251187057 [ 618.317403][ T30] RSP: 002b:00007ffecaf95ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 618.338972][ T30] RAX: 0000000000000000 RBX: 00007fd251201894 RCX: 00007fd251187057 [ 618.362895][ T30] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffecaf96c10 [ 618.393639][ T30] RBP: 00007ffecaf96bfc R08: 0000000000000000 R09: 00007fd25202a000 [ 618.401679][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffecaf96c10 [ 618.462917][ T30] R13: 00007fd251201894 R14: 00007ffecaf96c50 R15: 0000000000000224 [ 618.495562][ T30] [ 618.498755][ T30] [ 618.498755][ T30] Showing all locks held in the system: [ 618.530337][ T30] 1 lock held by khungtaskd/30: [ 618.545596][ T30] #0: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 [ 618.622864][ T30] 3 locks held by kworker/u8:4/81: [ 618.628049][ T30] 4 locks held by kworker/u8:7/1159: [ 618.672891][ T30] #0: ffff8880b863ed18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 618.712896][ T30] #1: ffff8880b8628a88 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2c1/0x8e0 [ 618.732855][ T30] #2: ffff8880654f8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0x9d/0x560 [ 618.752847][ T30] #3: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: ieee80211_sta_active_ibss+0xe7/0x420 [ 618.781732][ T30] 2 locks held by syz-executor/6656: [ 618.792832][ T30] #0: ffff8880351940e0 (&type->s_umount_key#51){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100 [ 618.823176][ T30] #1: ffffffff8e1bb108 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 618.842838][ T30] 2 locks held by syz-executor/10163: [ 618.848248][ T30] #0: ffff8880319e80e0 (&type->s_umount_key#51){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100 [ 618.872859][ T30] #1: ffffffff8e1bb108 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 618.886049][ T30] 2 locks held by syz.1.2048/11706: [ 618.891287][ T30] #0: ffffffff8fb5e390 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 618.922880][ T30] #1: ffffffff8e1bb108 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x694/0xbe0 [ 618.942878][ T30] 1 lock held by syz-executor/13106: [ 618.948287][ T30] 1 lock held by syz.5.2661/13956: [ 618.961979][ T30] 1 lock held by syz-executor/14005: [ 618.967734][ T30] #0: ffff8880b863ed18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 618.992844][ T30] 2 locks held by syz.2.2770/14382: [ 618.998088][ T30] #0: ffffffff8fb5e390 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 619.022856][ T30] #1: ffffffff8e1bb108 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x694/0xbe0 [ 619.042906][ T30] 2 locks held by getty/14672: [ 619.047727][ T30] #0: ffff8880357120a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 619.072870][ T30] #1: ffffc900035db2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 [ 619.092863][ T30] 2 locks held by syz.7.2851/14699: [ 619.098154][ T30] 3 locks held by syz.5.2862/14735: [ 619.112855][ T30] 2 locks held by syz.8.2861/14743: [ 619.118102][ T30] 2 locks held by syz.8.2870/14766: [ 619.132885][ T30] 2 locks held by syz.6.2874/14775: [ 619.138165][ T30] 2 locks held by syz.7.2881/14803: [ 619.152861][ T30] 2 locks held by syz.5.2888/14835: [ 619.162894][ T30] 2 locks held by syz.8.2891/14853: [ 619.168195][ T30] [ 619.182842][ T30] ============================================= [ 619.182842][ T30] [ 619.191887][ T30] NMI backtrace for cpu 1 [ 619.196246][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 619.206775][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 619.216858][ T30] Call Trace: [ 619.220426][ T30] [ 619.223377][ T30] dump_stack_lvl+0x116/0x1f0 [ 619.228087][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 619.233065][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 619.239083][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 619.245108][ T30] watchdog+0xf14/0x1240 [ 619.249380][ T30] ? __pfx_watchdog+0x10/0x10 [ 619.254079][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 619.259303][ T30] ? __kthread_parkme+0x148/0x220 [ 619.264363][ T30] ? __pfx_watchdog+0x10/0x10 [ 619.269065][ T30] kthread+0x2c1/0x3a0 [ 619.273154][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.278376][ T30] ? __pfx_kthread+0x10/0x10 [ 619.282996][ T30] ret_from_fork+0x45/0x80 [ 619.287430][ T30] ? __pfx_kthread+0x10/0x10 [ 619.292050][ T30] ret_from_fork_asm+0x1a/0x30 [ 619.296867][ T30] [ 619.299985][ C1] vkms_vblank_simulate: vblank timer overrun [ 619.306760][ T30] Sending NMI from CPU 1 to CPUs 0: [ 619.311997][ C0] NMI backtrace for cpu 0 [ 619.312019][ C0] CPU: 0 UID: 0 PID: 81 Comm: kworker/u8:4 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 619.312045][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 619.312059][ C0] Workqueue: events_unbound nsim_dev_trap_report_work [ 619.312090][ C0] RIP: 0010:__kasan_check_read+0x8/0x20 [ 619.312116][ C0] Code: 5d 41 5c 41 5d e9 a8 0a 7d ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <89> f6 31 d2 e9 ff f0 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 619.312135][ C0] RSP: 0018:ffffc9000215f978 EFLAGS: 00000006 [ 619.312160][ C0] RAX: 0000000000000003 RBX: 00000000000000c7 RCX: ffffffff8175605e [ 619.312174][ C0] RDX: 1ffff1100387a8e0 RSI: 0000000000000008 RDI: ffffffff969b6cd8 [ 619.312187][ C0] RBP: ffffc9000215fac8 R08: 0000000000000000 R09: 0000000000000001 [ 619.312200][ C0] R10: ffffffff901ce217 R11: 0000000000000b8f R12: ffff88801c3d3c00 [ 619.312214][ C0] R13: 0000000000000004 R14: 0000000000000002 R15: 1ffff9200042bf38 [ 619.312228][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 619.312248][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 619.312263][ C0] CR2: 00007f5cb5f720b8 CR3: 00000000331f4000 CR4: 00000000003526f0 [ 619.312277][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 619.312289][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 619.312302][ C0] Call Trace: [ 619.312308][ C0] [ 619.312315][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 619.312347][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 619.312376][ C0] ? nmi_handle+0x1ac/0x5d0 [ 619.312397][ C0] ? __kasan_check_read+0x8/0x20 [ 619.312419][ C0] ? default_do_nmi+0x6a/0x160 [ 619.312447][ C0] ? exc_nmi+0x170/0x1e0 [ 619.312474][ C0] ? end_repeat_nmi+0xf/0x53 [ 619.312502][ C0] ? hlock_class+0x4e/0x130 [ 619.312528][ C0] ? __kasan_check_read+0x8/0x20 [ 619.312549][ C0] ? __kasan_check_read+0x8/0x20 [ 619.312572][ C0] ? __kasan_check_read+0x8/0x20 [ 619.312593][ C0] [ 619.312599][ C0] [ 619.312605][ C0] hlock_class+0x4e/0x130 [ 619.312629][ C0] mark_lock+0xb5/0xc60 [ 619.312658][ C0] ? __pfx_mark_lock+0x10/0x10 [ 619.312693][ C0] mark_held_locks+0x9f/0xe0 [ 619.312722][ C0] lockdep_hardirqs_on_prepare+0x137/0x420 [ 619.312753][ C0] trace_hardirqs_on+0x36/0x40 [ 619.312773][ C0] kasan_quarantine_put+0x10a/0x240 [ 619.312800][ C0] kmem_cache_free+0x152/0x4c0 [ 619.312825][ C0] ? kfree_skbmem+0x1a4/0x1f0 [ 619.312849][ C0] kfree_skbmem+0x1a4/0x1f0 [ 619.312871][ C0] consume_skb+0xcc/0x100 [ 619.312901][ C0] nsim_dev_trap_report_work+0x8e6/0xd20 [ 619.312933][ C0] process_one_work+0x958/0x1b30 [ 619.312956][ C0] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 619.312986][ C0] ? __pfx_process_one_work+0x10/0x10 [ 619.313011][ C0] ? assign_work+0x1a0/0x250 [ 619.313043][ C0] worker_thread+0x6c8/0xf00 [ 619.313067][ C0] ? __kthread_parkme+0x148/0x220 [ 619.313094][ C0] ? __pfx_worker_thread+0x10/0x10 [ 619.313115][ C0] kthread+0x2c1/0x3a0 [ 619.313139][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.313168][ C0] ? __pfx_kthread+0x10/0x10 [ 619.313194][ C0] ret_from_fork+0x45/0x80 [ 619.313214][ C0] ? __pfx_kthread+0x10/0x10 [ 619.313239][ C0] ret_from_fork_asm+0x1a/0x30 [ 619.313275][ C0] [ 619.432856][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 619.432875][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 619.432905][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 619.432920][ T30] Call Trace: [ 619.432927][ T30] [ 619.432937][ T30] dump_stack_lvl+0x3d/0x1f0 [ 619.432971][ T30] panic+0x71d/0x800 [ 619.433004][ T30] ? __pfx_panic+0x10/0x10 [ 619.433034][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 619.433064][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 619.433099][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 619.433130][ T30] ? watchdog+0xd7e/0x1240 [ 619.433156][ T30] ? watchdog+0xd71/0x1240 [ 619.433184][ T30] watchdog+0xd8f/0x1240 [ 619.433214][ T30] ? __pfx_watchdog+0x10/0x10 [ 619.433238][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 619.433268][ T30] ? __kthread_parkme+0x148/0x220 [ 619.433299][ T30] ? __pfx_watchdog+0x10/0x10 [ 619.433324][ T30] kthread+0x2c1/0x3a0 [ 619.433350][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.433374][ T30] ? __pfx_kthread+0x10/0x10 [ 619.433404][ T30] ret_from_fork+0x45/0x80 [ 619.433426][ T30] ? __pfx_kthread+0x10/0x10 [ 619.433455][ T30] ret_from_fork_asm+0x1a/0x30 [ 619.433500][ T30] [ 619.769597][ T30] Kernel Offset: disabled [ 619.773921][ T30] Rebooting in 86400 seconds..