last executing test programs: 10m2.505253517s ago: executing program 2 (id=249): mmap$auto(0x0, 0x202000a, 0x3, 0xeb1, 0xfffffffffffffffe, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) 10m1.70025417s ago: executing program 2 (id=252): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd11/trace/act_mask\x00', 0x129982, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r1) sendmsg$auto_TIPC_NL_MEDIA_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYRES32=r0, @ANYRES16=r2, @ANYRESDEC=r1], 0x18}, 0x1, 0x0, 0x0, 0x800}, 0xc090) mmap$auto(0x0, 0xa, 0x4000db, 0x9b70, 0x7, 0x8010) io_uring_setup$auto(0x2, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/afs/servers\x00', 0x100, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x2020209, 0x3, 0x18, 0xfffffffffffffffa, 0x8000) r4 = socket(0xa, 0x801, 0x84) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), 0xffffffffffffffff) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40448d4) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r4, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60044061}, 0x44) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x3, 0x801, 0x84) listen$auto(r6, 0x81) socket$nl_generic(0x10, 0x3, 0x10) accept$auto(0x3, 0x0, 0x0) mmap$auto(0x2, 0x40009, 0x40000000000003, 0x1010, 0x7, 0x8) mlockall$auto(0x7) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000040)=""/88, 0x58) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu1/topology/die_cpus_list\x00', 0x101400, 0x0) read$auto(r7, &(0x7f0000002440)='\"\x00', 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 10m0.745471505s ago: executing program 2 (id=254): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_fops_u64_ro_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ramdisk_pages/ram2\x00', 0x10400, 0x0) close_range$auto(r0, r1, 0xd65) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000003) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) socket(0x2, 0x1, 0x106) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x68, 0x0, 0x4000000}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20000010) madvise$auto(0xfffffffffffffffe, 0xffffffffffff0005, 0x19) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) madvise$auto(0x0, 0xffffffffffff0001, 0x15) fstatfs$auto(0x3, 0xfffffffffffffffd) getcwd$auto(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) inotify_add_watch$auto(0x4, 0x0, 0x9) recvmsg$auto(0x4, 0x0, 0x1) select$auto(0x62e, 0x0, &(0x7f0000000280)={[0x3, 0x7, 0xff, 0x19, 0xa, 0x80000001, 0xc0, 0x4, 0x6, 0x8001, 0x3, 0x4000000, 0x7fff, 0x7, 0xa94e, 0xa488000000000000]}, &(0x7f0000000300)={[0xffffffffffffffff, 0x2, 0x100000001, 0x6, 0x3d0, 0x5, 0xde30, 0x400, 0x2, 0xffff, 0x4, 0x1, 0xa0b, 0x5, 0x200, 0xf]}, &(0x7f0000000380)={0xfffffffffffffff8, 0x2}) socket(0x2, 0x1, 0x0) socket(0x2, 0x3, 0x6) socket(0x2, 0x5, 0x0) getsockopt$auto(0x4, 0x6, 0x24, 0xfffffffffffffffc, 0x0) 9m58.858461088s ago: executing program 2 (id=264): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto_ucma_fops_ucma(r0, &(0x7f00000001c0)="160000003e47a70f", 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) close_range$auto(0x2, 0x8000, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_PEER_REMOVE(r2, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000011080)={&(0x7f000000e000)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="010026bd7000fe93df2414000000040007"], 0x18}, 0x1, 0x0, 0x0, 0x104}, 0x40) (async) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) (async) syz_genetlink_get_family_id$auto_nl80211(0x0, r1) 9m58.604260615s ago: executing program 2 (id=268): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x146) execve$auto(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) socketpair$auto(0x8, 0x1, 0x7, &(0x7f0000000000)=0x3) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) open(&(0x7f0000000800)='./file0\x00', 0x855617af268a4e4a, 0x0) 9m57.875791587s ago: executing program 2 (id=273): pipe$auto(&(0x7f0000000000)=0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_DISCONNECT(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r2, 0x601, 0x91, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044}, 0x4000000) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r2, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x2}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2f027ad5}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) quotactl$auto(0x2, &(0x7f0000000080)='/dev/ram2\x00', 0x1, 0x0) r3 = socket(0x15, 0x5, 0x0) setsockopt$auto(r3, 0x114, 0x6, 0x0, 0x8000002) socket$nl_generic(0x10, 0x3, 0x10) 9m42.765409608s ago: executing program 32 (id=273): pipe$auto(&(0x7f0000000000)=0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_DISCONNECT(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r2, 0x601, 0x91, 0x25dfdbff, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044}, 0x4000000) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r2, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x2}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2f027ad5}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) quotactl$auto(0x2, &(0x7f0000000080)='/dev/ram2\x00', 0x1, 0x0) r3 = socket(0x15, 0x5, 0x0) setsockopt$auto(r3, 0x114, 0x6, 0x0, 0x8000002) socket$nl_generic(0x10, 0x3, 0x10) 2m34.346418395s ago: executing program 1 (id=2711): open(&(0x7f0000000040)='./file0\x00', 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x1) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x144) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) r1 = socket(0xa, 0x801, 0x100) getsockopt$auto(r1, 0x40000000029, 0x36, 0xfffffffffffffffe, 0x0) write$auto(r1, 0x0, 0x2c5edab4) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec17\x00', 0x3e102, 0x0) mmap$auto(0xfffffff7ffffffff, 0x420009, 0x4000000000df, 0x17, 0x6, 0x8000) socketpair$auto(0x8, 0x0, 0x4000000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r0, r2, 0x2) openat$auto_ima_measurements_count_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) (async) r3 = openat$auto_ima_measurements_count_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$auto(r3, 0x7, 0xdd96) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0x3, 0x1, 0x82400001, 0x0, 0x0, 0x18) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) close_range$auto(0x2, 0x8, 0x0) creat$auto(0x0, 0x4) (async) creat$auto(0x0, 0x4) creat$auto(0x0, 0x9) mmap$auto(0x6a, 0x4, 0x2, 0xf9, 0x0, 0x4eb7) (async) mmap$auto(0x6a, 0x4, 0x2, 0xf9, 0x0, 0x4eb7) open(0x0, 0x538c43, 0x121) (async) open(0x0, 0x538c43, 0x121) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) (async) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) shutdown$auto(0x200000003, 0x2) (async) shutdown$auto(0x200000003, 0x2) ioctl$auto_CEC_S_MODE(r2, 0x40046109, &(0x7f0000002c40)=0xd0) (async) ioctl$auto_CEC_S_MODE(r2, 0x40046109, &(0x7f0000002c40)=0xd0) 2m28.544904008s ago: executing program 1 (id=2732): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x14, &(0x7f0000000040), 0x1) (fail_nth: 8) 2m25.128767007s ago: executing program 1 (id=2743): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) exit$auto(0x7) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), 0xffffffffffffffff) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x1c, r1, 0x301, 0x70bd2c, 0x25dfdbfb, {}, [@CTRL_ATTR_FAMILY_ID={0x6, 0x1, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4019}, 0x0) close_range$auto(r0, 0x8, 0x0) mq_open$auto(&(0x7f00000002c0)='\xe9\xe7\x1eT\xb5h\xca\x0eYd\xe8\xdc\xa83\xf4`\x06\xc3\x10\xfc\xe5\x97e&jd\x88K\xdcBUX\xe0\x1b\xd80z\x04\xbeL\x9a\xbc\xe6\xc684\xb3\xff\xff\xff\xff\x00\x00\x00\x00\x18\x94k\xb0\xa8s\x8e\xa49\xca\xa3G\xbe\xbeH\x0eg\x89\xd8Z\x90\xa0\xf3C\x14 \x92h\xeb@\xd5\xdcD\x18\'\'\x14Z3*Z\x04j\xcd\x9d\x84B\b\x12a\xa4WH\x03\xbc\xfdl\xe6\x86\xc8\x8d\xb8\xee\xd5\x0e\x03F\xd59\xf8;P?\x14\xb9#\xa6\xf3\xd2|\xce\xf4\x8ev\x1b\xadPi\xd9\xf0<\xfd\xe7\x1a{Y\x9a\xb4\x80Jd\xc2\xd3\xff\xe5^\xf0\xc5\xf9\xd8\a\xb7\xd8\xc2qbf\x91\xae\xe4\x92\xd98\xd8|\xda\xda\x13\x18\xf8k\xf1\xfe\xe4%\x91n\xda=\xf6\x06\x8f\xf1/\xd0\xaaB\x85\xb7\xa0!P\xfc\xe6\xf4\x1cs\x03:(\x11\x92T\xf1\xc0\xfc\x87\xde|\x17]\x7f|\xc6\n\x84[\xd6\xcd+dQ\x934\xba\xe4\xc70\xe3\xed\x96q\x84\t7\x80\x8b\xc5\x0e>\xeb\xd1\x9e\x986\x8e8\xb9r\x8d\x87\x9a\xef4Y\xee\xf5\b\xda\xb9\x9eO=\xf3tZR\xfb\x85\xe3Pt\x15\xe9.|\xe2\xf0\x17\xa4iL?\xf7\x94\xf47\xba\x9eL\x94\x03\xb5~\x98\x10B\xae\xaf\x03\x9aei\x9c`\xd9\xfe\xaf\xb2Y\'U\tt\x93\xd0(\x84Db&\x13\v\xb9\xedO\x87j', 0xdf, 0x10, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) io_uring_setup$auto(0x6, 0x0) clone$auto(0x8001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) 2m11.420775635s ago: executing program 1 (id=2804): r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000340), r0) sendmsg$auto_NFC_CMD_GET_SE(r0, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r1, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@NFC_ATTR_FIRMWARE_NAME={0x14, 0x14, 'MAC802154_HWSIM\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x400000c}, 0x94) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB="5de1523353782950330a"], 0x1ac}}, 0x40000) read$auto(r0, &(0x7f0000000000)='$-]&@\x00', 0xfdef) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES16, @ANYBLOB="01002d"], 0x24}, 0x1, 0x0, 0x0, 0x40000021}, 0x2404c094) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x60000004}, 0xc800) mprotect$auto(0x1ffff000, 0x8000000000000002, 0x5) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008090}, 0x8004) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/current_tracer\x00', 0x40482, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x1f40) write$auto(0x3, 0x0, 0xfdef) r3 = syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f00000000c0), r0) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, r3, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x8}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x5}, @MAC802154_HWSIM_ATTR_RADIO_ID={0x8, 0x1, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40005) 2m10.592704719s ago: executing program 1 (id=2807): openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) writev$auto(0x4, &(0x7f0000000080)={&(0x7f0000000000)="f21acf9b606dcfc822f46702b5ef6d56b54a96126e716ae9c86009b648d76328216de196a169e751805c958557db34b8cc8a00"/60, 0xe0de}, 0x2) 1m58.560757302s ago: executing program 1 (id=2849): move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfff9) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) fsopen$auto(&(0x7f0000000000)='nlctrl\x00', 0x3) readv$auto(0x8000, &(0x7f0000000100)={&(0x7f0000000040)="f1e54dc42a19744acaf07784c52c1d44906c730c6039b0eea46e87813678446f47bce59a032e1e69513d84bfbec051", 0x9}, 0x4) socketpair$auto(0xf, 0x7fff, 0x4, &(0x7f00000000c0)=0xe9) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) readv$auto(0x0, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x7ff) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001100)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010325efb5026ddfe3250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0xc040810) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0xe986, 0x4, 0x4, 0x13, 0x9, 0x9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) read$auto(0x4, 0x0, 0xfdef) 1m43.229275707s ago: executing program 33 (id=2849): move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfff9) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) fsopen$auto(&(0x7f0000000000)='nlctrl\x00', 0x3) readv$auto(0x8000, &(0x7f0000000100)={&(0x7f0000000040)="f1e54dc42a19744acaf07784c52c1d44906c730c6039b0eea46e87813678446f47bce59a032e1e69513d84bfbec051", 0x9}, 0x4) socketpair$auto(0xf, 0x7fff, 0x4, &(0x7f00000000c0)=0xe9) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) readv$auto(0x0, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x7ff) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001100)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="010325efb5026ddfe3250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0xc040810) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0xe986, 0x4, 0x4, 0x13, 0x9, 0x9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) read$auto(0x4, 0x0, 0xfdef) 1m11.480621207s ago: executing program 5 (id=3074): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) unshare$auto(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r1, 0x0) umount2$auto(&(0x7f0000000080)='.\x00', 0x3) setns(r0, 0x0) creat$auto(&(0x7f00000000c0)='./file0\x00', 0x20c) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) truncate$auto(&(0x7f0000000040)='./file0\x00', 0x1000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1af4e482bceb7718}, 0x40000) r2 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0) write$auto(r2, &(0x7f0000000080)='/sys/kernel/tracing/dynamic_events\x00', 0x5) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r3 = openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/make-it-fail\x00', 0x40002, 0x0) setresuid$auto(0x2, 0x7, 0x0) write$auto_proc_fault_inject_operations_base(r3, 0x0, 0x0) socket(0x2a, 0x2, 0x6) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) connect$auto(0x3, 0x0, 0x54) 1m9.627426136s ago: executing program 5 (id=3079): r0 = socket(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x1c8, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1b4, 0x3, 0x0, 0x1, [@typed={0x8, 0xc2, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x4, 0x2a}, @typed={0x4, 0x11}, @typed={0x8, 0x2e, 0x0, 0x0, @fd=r0}, @generic="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c33b14cc842bc1e2a5da4203e64ceaa9db5223aa655b6313c011b3e73a75f1aa1f7b2ea43344b15bd494886e355cf6d92c8fe670a42bc677830013e9c4aa4fa30c3e6630bf0ed13206d5a18f6813c6fb03466112aedf5d67bb5b99fe96a6dcd279916b0bce029925b63c48d41ca8a76e46c", @nested={0xf8, 0x5, 0x0, 0x1, [@nested={0xf4, 0x63, 0x0, 0x1, [@nested={0xef, 0x9e, 0x0, 0x1, [@typed={0x8, 0x5a, 0x0, 0x0, @str='/}!\x00'}, @generic="e4291be092a7001d7e581b9c5fac05ccb5162b260e9c457b435a0628a211fa749cd7e9f034b2375262692c2206052bc5ca31cf62bd911a8d740b88e3d2f3168bb29e80576482365dcc856fecedce85fbc1ecd7d8e39f756b51c60c4237215c0a3a989224d40eda48b43c2a3ca5f4376f2ead574416a7a7bef5586132988a576dc3df1b1306081d770df20099b800d7861fe879a11dbe0fde8193301e4f204e90d62e1eab7eb018fb095acd47b8f1cacfb027c2549848fa4ed3089d30af96badc2526d73af89fef752c34b10d08cc042cd904da4a2d457f82d9451d1d4aaf16", @nested={0x4, 0xc9}]}]}]}]}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x40000}, 0x2404c810) 1m9.436128282s ago: executing program 5 (id=3081): close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000d80), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x8}, @NFSD_A_SERVER_GRACETIME={0x8, 0x2, 0x10}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20045051}, 0x40) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) 1m9.230600246s ago: executing program 5 (id=3083): openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x80800, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) sendfile$auto(0x6, 0x3, 0x0, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x20001000, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x21, 0x2, 0x2) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0xfffffffffffffffe, 0x8, 0x8003, 0xeb3, 0xfffffffffffffff9, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x800}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x8c3a, 0x2, 0xf) socket(0x2, 0x3, 0xa) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x1, 0x89a0, 0x8) read$auto(0x3, 0x0, 0x400000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0x4000000e1, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x3, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 1m7.569188536s ago: executing program 5 (id=3090): openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy0/reset\x00', 0x81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) tkill$auto(0x80000000000001, 0x7) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb1, 0x10006, 0x300000000000) io_uring_setup$auto(0x6, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PRIVFLAGS_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x2c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}]}, 0x2c}}, 0x8000) pwrite64$auto(0xc8, 0x0, 0xfded, 0x3) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_BEACON(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000040}, 0x400c040) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_SET_MAC_ACL(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x0, 0xffb6fbcc1dba0ef, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20040081}, 0x8010) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080), 0x6b) connect$auto(0x3, &(0x7f00000000c0), 0x55) getpeername$auto(0x3, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/pagemap\x00', 0x82840, 0x0) 1m7.093590847s ago: executing program 5 (id=3095): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.bfq.io_serviced_recursive\x00', 0x15ac82, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000003c0)=""/262, 0x106) mprotect$auto(0x7, 0xb, 0x1) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="011f00bd7000fddbdf251500000008000300", @ANYRES32=r3], 0x24}, 0x1, 0x0, 0x0, 0x24048080}, 0x80) r4 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000100), 0x2aca82, 0x0) io_cancel$auto(0x401, &(0x7f00000001c0)={0x1, 0x7, 0xfffffff9, 0x8, 0x1, r2, 0x4, 0x3, 0x1, 0x0, 0xb01, r4}, &(0x7f0000000240)={0xfffffffffffff316, 0xffffffffffffffff, 0x5, 0xee9}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffd8f, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x40800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m6.683186484s ago: executing program 34 (id=3095): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.bfq.io_serviced_recursive\x00', 0x15ac82, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000003c0)=""/262, 0x106) mprotect$auto(0x7, 0xb, 0x1) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="011f00bd7000fddbdf251500000008000300", @ANYRES32=r3], 0x24}, 0x1, 0x0, 0x0, 0x24048080}, 0x80) r4 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000100), 0x2aca82, 0x0) io_cancel$auto(0x401, &(0x7f00000001c0)={0x1, 0x7, 0xfffffff9, 0x8, 0x1, r2, 0x4, 0x3, 0x1, 0x0, 0xb01, r4}, &(0x7f0000000240)={0xfffffffffffff316, 0xffffffffffffffff, 0x5, 0xee9}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffd8f, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x40800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 7.844842623s ago: executing program 0 (id=3402): mmap$auto(0xfffffffffffffffc, 0x10, 0x2, 0x20000040eb3, 0x602, 0x300000000000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x0, 0x9, 0x8, 0x8000000008012, 0x3, 0x8000) mmap$auto(0x8, 0x2, 0x5, 0x19, 0x1, 0x3) mremap$auto(0x0, 0x6, 0x3fd6, 0x3, 0x20000000) 7.621694435s ago: executing program 0 (id=3403): mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x100000, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) open(&(0x7f0000000300)='./file0\x00', 0x7ffd, 0x12) write$auto(0x3, 0x0, 0x100082) clone$auto(0x7, 0x2000400000d, 0xfffffffffffffffc, 0x0, 0x3) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) renameat2$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x9) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x801}, 0x80) fcntl$auto(r0, 0x0, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) mq_open$auto(&(0x7f0000000280)='#)-\\&[}\x00', 0x5, 0x10, 0x0) mmap$auto(0x0, 0xc, 0x4000000000df, 0x12, 0x9, 0x7) mmap$auto(0x1ff, 0x3, 0x1, 0x80000000ebf, 0xf3e, 0x27fff) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) fanotify_init$auto(0x5, 0x800) pipe2$auto(0x0, 0x80) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) memfd_secret$auto(0x0) socket(0x2, 0x1, 0x0) memfd_secret$auto(0x81) 4.579077618s ago: executing program 3 (id=3410): sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f0000000040)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) (async) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000080), 0x1ffffffff}, 0x6, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) (async) r2 = openat$auto_aoe_fops_aoechr(0xffffffffffffff9c, &(0x7f0000000280)='/dev/etherd/revalidate\x00', 0x541, 0x0) munmap$auto(0x1ffff000, 0x2000000c) write$auto_aoe_fops_aoechr(r2, &(0x7f0000000000)='v', 0x1) (async) ioctl$auto_I2C_SMBUS(r1, 0x720, 0x4) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, 0x0, 0x810) (async, rerun: 64) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr0/gro_flush_timeout\x00', 0x163802, 0x0) (rerun: 64) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32) write$auto(0x3, 0x0, 0xfffffdef) (async, rerun: 32) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r1) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r4, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0x2b}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x1}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, 0x8000000000000001}, @NL802154_ATTR_CCA_MODE={0x8, 0xc, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040000}, 0x810) r5 = socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) socketpair$auto(0x1a, 0x4, 0x7ffffffc, 0x0) (async) setsockopt$auto(r5, 0x107, 0xe, 0x0, 0x4) 3.965577766s ago: executing program 0 (id=3413): close_range$auto(0x0, 0xfffffffffffff001, 0x2) syslog$auto(0x4, &(0x7f0000000040)='..\x00', 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/user\x00') getdents64$auto(r0, 0x0, 0x489) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) 3.445250408s ago: executing program 6 (id=3416): mmap$auto(0x0, 0xbb6, 0xdf, 0xeb1, 0x400000000401, 0x8000) mmap$auto(0x0, 0x88, 0xdf, 0x9b74, 0x2, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x106) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) socketpair$auto(0x1, 0x801, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) prctl$auto(0x41555856, 0x4, 0x2008, 0x0, 0x0) 3.120739671s ago: executing program 3 (id=3418): io_setup$auto(0x7, &(0x7f0000000000)=0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) recvfrom$auto(0x3, 0x0, 0x4, 0x100, 0x0, 0xfffffffffffffffd) close_range$auto(0x2, 0xffffffffffffffff, 0x80000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x180, 0x0) read$auto(r0, &(0x7f0000003740)='^.*k\x00', 0x9) io_setup$auto(0x3, &(0x7f0000000040)=0x8) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001cc0)='./cgroup.net/blkio.bfq.group_wait_time\x00', 0x180, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001d00)=""/197, 0xc5) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_register$auto(0x2, 0x8, 0x0, 0x7f) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mtd0\x00', 0x800, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010025bdd8b77fbb549f962100000800", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sendmsg$auto_NET_SHAPER_CMD_CAP_GET(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4000) read$auto_mtd_fops_mtdchar(r2, &(0x7f0000000d00)=""/4096, 0x1000) socket(0xd, 0x4, 0x8) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) 2.990461403s ago: executing program 0 (id=3419): r0 = socket(0x10, 0x2, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) (async) mincore$auto(0x7398, 0x1c5, &(0x7f0000000000)='.\x00') (async) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1a00279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 2.773756365s ago: executing program 6 (id=3420): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x2240, 0x154) sysfs$auto(0x2, 0x0, 0x0) fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setresuid$auto(0x5c91, 0xd80, 0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) r1 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r1, 0x10f, 0x40, 0x0, 0x14) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) socket(0xa, 0x801, 0x84) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) open(&(0x7f0000000800)='./file0\x00', 0x2240, 0x154) (async) sysfs$auto(0x2, 0x0, 0x0) (async) fsopen$auto(0x0, 0x1) (async) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x1, 0x8000) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) setresuid$auto(0x5c91, 0xd80, 0x7) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) (async) socket(0x1e, 0x4, 0x0) (async) setsockopt$auto(r1, 0x10f, 0x40, 0x0, 0x14) (async) 2.658704567s ago: executing program 3 (id=3421): sendmsg$auto_NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x14, 0x0, 0x413, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4804}, 0x80) r0 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) read$auto_o2hb_debug_fops_heartbeat(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(&(0x7f0000000040)='nl80211\x00', 0x4) r2 = socket(0x2, 0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mkdir$auto(0x0, 0x8001) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r2) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\r\x00\x00', @ANYRES16=r3, @ANYBLOB="080029bd7000fedbdf254f0000000500a2000c0000000600650005000000"], 0x24}, 0x1, 0x0, 0x0, 0x9c948}, 0x40000) arch_prctl$auto(0x1004, 0xe735) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x15, 0x5, 0x0) ioctl$auto(0x3, 0x89e1, 0x91) r4 = socket(0xa, 0x5, 0x0) getsockopt$auto(r4, 0x0, 0x9, 0x0, &(0x7f0000000140)=0x100) syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000001c0), r4) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r1, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4004804) 2.658150371s ago: executing program 0 (id=3422): r0 = socket$nl_generic(0x10, 0x3, 0x10) pselect6$auto(0x4, &(0x7f0000000000)={[0x6, 0x8, 0x0, 0xff, 0xb4, 0xffffffffffffffff, 0x2, 0xfffffffffffffffb, 0x2, 0x3, 0x3, 0xe, 0x6, 0x480, 0x9, 0xffffffffffffffff]}, &(0x7f0000000080)={[0x6, 0x7, 0x6bbd79ff, 0x5, 0x5, 0x2, 0x5, 0x1, 0x9, 0x9d06, 0xaa, 0x2, 0x8, 0x6, 0x0, 0x7]}, &(0x7f00000001c0)={[0x9, 0x3f61, 0xc1, 0xffffffff, 0x4, 0x4, 0xffffffffffffcc61, 0x4, 0x0, 0x9, 0x0, 0x1, 0x0, 0x1, 0x6, 0x8001]}, &(0x7f0000000100)={0x6, 0xf6}, &(0x7f0000000240)="b98a36d155c8c37f4df47a623be059175deea282c745b75eaf8a7c00181395f45847bcb10c9e13ba762be1ab3fb8") r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), r0) read$auto(r0, 0x0, 0x1f36) sendmsg$auto_NL80211_CMD_GET_WIPHY(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0x6}, 0x803}, 0x10a, 0x6, 0x0) 2.150388063s ago: executing program 3 (id=3424): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) r0 = openat$auto_minstrel_ht_stat_csv_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy18/netdev:wlan1/stations/08:02:11:00:00:00/rc_stats_csv\x00', 0x585000, 0x0) setsockopt$auto(r0, 0x2, 0x3e, 0x0, 0xfffffffc) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 2.074917528s ago: executing program 0 (id=3425): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_map_fd}, 0xa3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioperm$auto(0x4, 0xbc6, 0x81) socket(0x25, 0x1, 0x3) socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x100000006, 0x1, 0x3c, 0xfffffffffffffffe, 0x0) socket(0x2, 0x2, 0x88) ioctl$auto(0xc9, 0x100000002, 0x4000000005c8d) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x3f00) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x5, 0x84) socket(0x1, 0x1, 0x1) io_uring_setup$auto(0x3, 0x0) io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) io_uring_register$auto(0x2, 0x6, &(0x7f0000000180), 0x1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) msgrcv$auto(0x9, &(0x7f0000000000)={0x80000000, 0xff}, 0xd647, 0x4, 0x2) madvise$auto(0x0, 0xf663, 0x15) pipe2$auto(0x0, 0x80) migrate_pages$auto(0x0, 0x101, 0x0, &(0x7f0000000140)=0x9) madvise$auto(0x0, 0xffffffffffff0001, 0x15) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) mmap$auto(0x93, 0x9, 0x9, 0x14, 0x100000001, 0x2) 1.880735727s ago: executing program 6 (id=3426): openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000980)='/sys/kernel/debug/ieee80211/phy3/aql_enable\x00', 0x129100, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0xee380, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) unlink$auto(&(0x7f0000000080)='@-&x-\\^\x92+\\d$!#*/\x00') capget$auto(&(0x7f0000000200)={0x7, 0x0}, &(0x7f0000000240)={0x3, 0x1, 0x8}) r1 = gettid() r2 = getpgid(r1) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080), 0x6b) r3 = gettid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mremap$auto(0x4000, 0x1fee0, 0x3fd6, 0x3, 0xfffff000) r4 = getpgrp(0xffffffffffffffff) syz_clone3(&(0x7f00000002c0)={0x10080000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0xf}, &(0x7f00000000c0)=""/215, 0xd7, &(0x7f00000001c0)=""/26, &(0x7f0000000280)=[r0, r2, r3, r4], 0x4}, 0x58) 1.26166532s ago: executing program 6 (id=3429): openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/smps\x00', 0x28c01, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mtdblock0\x00', 0xa4300, 0x0) mmap$auto(0x0, 0xa5, 0xdf, 0x9b72, 0x1ff, 0x28000) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) close_range$auto(0x2, 0xffffffffffffffff, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) rename$auto(&(0x7f0000000080)='}[,&*}\x00', &(0x7f0000000140)='g\xb8\x00\x80\xe0\x1d') 1.1472939s ago: executing program 4 (id=3431): getresgid$auto(&(0x7f0000000000)=0x7f6d2511, &(0x7f0000000040)=0x3, &(0x7f00000000c0)=0x2) readahead$auto(0x0, 0x2, 0x9) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sda1\x00', 0x47c2, 0x0) read$auto_def_blk_fops_fs(r0, &(0x7f0000000140)=""/194, 0xc2) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r1 = syz_genetlink_get_family_id$auto_wireguard(&(0x7f0000001140), 0xffffffffffffffff) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd77dcb7fcdf2d0300000023000000", @ANYRESOCT], 0x24}, 0x1, 0x0, 0x0, 0x4008850}, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/kvm/parameters/report_ignored_msrs\x00', 0x101042, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) setrlimit$auto(0x8, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket(0x2, 0x3, 0x1) sendfile$auto(0x6, 0x3, 0x0, 0xfffffdef) write$auto(r3, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000021}, 0x8004) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r5 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="18000000", @ANYRES8=r5, @ANYRES8=r4, @ANYRES32], 0x18}}, 0x80) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x10048884) setresuid$auto(0x8000000000000001, 0x1, 0x200) 843.761085ms ago: executing program 4 (id=3432): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) unshare$auto(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r1, 0x0) umount2$auto(&(0x7f0000000080)='.\x00', 0x3) setns(r0, 0x0) creat$auto(&(0x7f00000000c0)='./file0\x00', 0x20c) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) truncate$auto(&(0x7f0000000040)='./file0\x00', 0x1000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1af4e482bceb7718}, 0x40000) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/make-it-fail\x00', 0x40002, 0x0) setresuid$auto(0x2, 0x7, 0x0) write$auto_proc_fault_inject_operations_base(r2, 0x0, 0x0) 842.709633ms ago: executing program 3 (id=3433): openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000100), 0x2200, 0x0) socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vbi11\x00', 0x80700, 0x0) io_uring_setup$auto(0x8000, &(0x7f0000000140)={0x2, 0x8, 0x3, 0x0, 0x7, 0x101, 0xffffffffffffffff, [0x95, 0x9], {0xffffff80, 0x9, 0x10, 0xb831, 0x3, 0xdbb, 0x3, 0xee9, 0x2}, {0x8001, 0x6, 0x8, 0x1, 0x8, 0x0, 0x4, 0x6, 0xf}}) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) ioperm$auto(0x800, 0x5, 0xd) pkey_free$auto(0x800) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mount$auto(&(0x7f0000000000)='tunl0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x5, 0x0) 700.964311ms ago: executing program 6 (id=3434): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f00000002c0)={{0xfffff566, 0x5, 0x6, 0x0, "4941aa833e2fc65b6b3cf7cec76d6778adceac3cda35ba9c2b2d43eeb0dc4cc8dd3500f11581916caa0d3053", 0x7}, 0x4, 0xfffffff9, 0x401, 0x80000181, @enumerated={0x6, 0x5, "00000000d52dbe5e58dcb7641f58661870525adcaedaa5deaa336a61b7382f979a0ff0b3d9581c0861bbe128e249d9f994ef5578e78507637044b73a4c4b5700", 0xffffffffffffff40, 0x3ff}, "8fc1888a63ec65b4280045bbb58de438f8cc142ef6df1259b05ba1183be9bd31b642b4051bc743001f7547a99807bcc1000000000000005a00001000"}) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r2 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000040)="b8b66d9762e4c41d89b357adf0d000c8847542b7ca7e05f600946b989893ab93d42b8a6bcc2a8e76fdea6c8df041392b2a0c5ec8576f5f26a7bf155b35755852073237af79ff1722f5890919df7a441fa9b732dc3cf475fc11c72edbbce57cd909310fe0fc8e7b70070ce2af1e43519346b17ca7c56c359aa67c9ac87e7b89cceef9fe6e00e810b5db5c69674e0af2b590fa420d69e6282b51bf83912ce9a2f9418ebdfc1eede7d22b39235bb0604fb126c007e7d9d4", 0x3, &(0x7f0000000140)={&(0x7f0000000100), 0x100}, 0x7, &(0x7f0000000180)="e19bb05d2d6bcb84d4bbbadcc695ffdd50c78c786027cd12a6b28f25c474a60c603d931e26f1274c6d5077324be76121413d7d97384395f8", 0x6, 0x200}, 0x4}, 0x6, 0xfffffffb) write$auto_uhid_fops_uhid(r2, 0x0, 0xfccd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x101a02, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) r3 = open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) r4 = syz_open_procfs$namespace(0x0, &(0x7f00000017c0)='ns/uts\x00') ioctl$auto(r4, 0xc, 0x2) ftruncate$auto(r3, 0xdab2) 698.241992ms ago: executing program 4 (id=3435): r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400000000000400, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) io_uring_setup$auto(0xa7ce, &(0x7f0000000080)={0x4dfc87, 0x3d, 0x1, 0x0, 0x7ff, 0x3, r0, [0x1, 0x3, 0x7], {0x9, 0x7fffffff, 0x100, 0x7, 0x101, 0x400, 0x0, 0x80, 0x5}, {0x5, 0x1000, 0x6, 0x1, 0x6, 0x6, 0x1, 0x9, 0x18}}) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r0) r3 = getpid() sendmsg$auto_NL80211_CMD_JOIN_MESH(r1, &(0x7f0000001600)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000015c0)={&(0x7f0000000180)={0x1414, r2, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_MLO_SUPPORT={0x4}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0xffff}, @NL80211_ATTR_KEY={0x117c, 0x50, 0x0, 0x1, [@nested={0x10be, 0x13a, 0x0, 0x1, [@generic="c1e68995231f68ab89ccbda3c8875deb84f597ba463a6a2240f3376f64c8cc87cc1e30ff89424cd50dbd0d0e42c8c478f3edf492bab7963f1e1f1e7d400ebcd27bb60d94e04da5737b2a1f5e7ea42dfce13a0dc314cbf0ff0b460cea28a0934ec16cea115d4da35d23edbe43bc6d224e8c0e27893495d5ab3f2d30328658900e515968354eb7a3338f4387383261bdfe9f193d9c1bbe3fa7db148f72ce367ab74bf177b3cc09e5f8e1d409d99e00b13fd8e036a70089b013ea9552b10474bbfaf975cfb35be96d086bb6b4d1b4444a4a7be70095aa8a29ab54e1dd2ba803ab2e8367518675391898ef9c3f3fe29a3f06d95eae1623d5c85584972e84c555dd49b21e4aa9d94c108d9f9061adb44a41d1651ef6dd1ded31e4c75160ab997a42825cfd8078f58222b46d0b8a071f5ecc04e77ba18ffc2e8cfe0e0dc15d1201c24392ec02d4080630c87fd8490230740ecfeb99b4edf85e454848606c2917194be22038e920b9b1cffc74986fc3b8c3a13ca448d8a433a2fc24c975963ea4754a6d214f0562528ff9eb643220ff4bf2b7afca4a02332f3cf446afe355d15ba892310779d8f0f05728f9cf3b77b12ce35ac22fcbb82b76ec420a2d85a20f8121840c484d4e08d19c3d7dc8517552759bfd56a1a609d64f6de0c7df5337a8504674665d174c953259fcbd5992254d956ce7ee11004952ec728aa977d414794293561f4eacc153d38b26b440382d12d0506c6f4264f632fba25812a987753b54ec5db1ba74a8f4a8e8acb0429d2070e59c4a4f1720f634e034ab5205b2d363077a072fbf7a37da4ba5e49b8a463fed427df670ec08a484feba9751918eddc7034359d0b5752fd80c600ace15060334b17505d0d8b7f3305a23d410efac08d48b844a6d5ad54861e780770ae2d683d90669ee3e5b15e2bf1ae8cf170b82af610d08c53366d8dee280d5b07071ce41d47588a4736c143cedbce156343fdc25a051c0311b2f1adc15791a4a65f7ecc85e7da46f101a6fd7839da6477cabf983fcaa05a94eb00adb578df3a1700a668b69090d44137f9ab367537100d7d2e905f383102432e089b4155cd16b6c7e80adb27af4d22e008454c2dd839f114a93ea32878c4b66e51217511b69abc4c95e592a7f9f36d899ba0a537ed194019120c8c97390cbceb668a66c6df8cc9aee45f1b6fe4680e08d6d905aaf13fa6832b8ca044220c7a88e36b27dd10e4736e1f33c92114515bfeeac524cc63e45d12076b19daef3f861ce5830e8b27dd8411b7ab42833588931e9fc64448f737e8618a43396dbc9ad812b5eeaebc64ab04ef05485dfd51cd7b1cd1bc5d740c51df9d0ddf859edc16bc5ac5635f59f8cddcbccaf9fde63f3fdd56407bf10b8763f13db8e2a6dd4c811915f1fd229129792acafcbf9cfee62b57499b23d0a94813a50546038e6129b3f4c8d588ba4bf7c6ad012499b32d6ded254fe98b52a019fdc99f221902fd4fe001b7c4e8d255e1a016762bfe55fcd84e2ed0ceee866bffc308a180006aa71f30594f0e54f3cac7a8fed94b66d5e355b7fdccf00ba92dff8a1446e03bf344a5466ce8d4fc163e6d6c83ba160cb9a54ae900a0c8569ae202a21f0be572e917e6ef6cf3496a1fa3572ee876e40e6973af9420f81c58d101d5dcfdef3efdebba23a8749ac20d7b0ea740f08cc57917613d13a9989cfe2e8a55d9c42ddcd1c89232fec8d26fcf3d2384a9433ffd411aacff392437c9f869019739ccd77d5842b63ad6157aaac68a6902f8021e95e6831d6c2066da641dfec12e1ae9d2f5f2c06d7b4951b4d7895bddf45f1ab1f9535ad6fb70fac60c946478515b0aaac38e9edf308f9016edaad2e454b04d385ba7f0dd3440f1b8a54d22acca697ac61e6bb8f6477d393f7e746755a606c3bf1a36a10b8b507852fa34ca3aead5261d799aaf16e5a8d5f66831617644a6520c51cb539291d836753e2129fe785e712ce8b925226a015751c23d68417cbefea4f1882ad30b5478f893fe91fccc9747fa736095a2705c7f9772831fb08eaf8be23e5a5dc02221a15b63c7b87c3e5dc41c1975bd396da7ac9d03c4cb3f7ec947e35195f2dce38efdb397949b9107d1cb4a9b071c09dc754619cad88380df1b4b8472bfdb784ecdf4a540ff0f81a0fb698c51cf443fa834331cb912da636c32f9ff2b53e0223af656236124fd583fd3ec28818ef226fda7cbc0296bfe5d463e17d5a4c164de0f0de5d092deb65a5855fe061b02854d5e5d56e3b5c7ee4c15f5347785ab6aaf11aec6c4634f2daf794b0c09c298a7cabf80294deba480b20197d64ab73cc81cf40ae8cf71bae18b640e45741554b8a382938ffb6e00870bae8ed4ad2b4ea5fd6098d2164048a9680485607ea55c3f4a136493775d97b969a5bb7083615943fb5a6e296fa32bb10f3aa2e66c1e319ef3168f1a86578a0615d8c207da18c31b08227e4864e39eb6cdd18dd53d663aade9cc4072372da737e2cfe058af59048abb9e0d6d62629bda696dccfa8a726e79ff10c358b6b2bbfdb6c291883f057930815341dcd00ae79d203d3050c6c0e3e6232103c8b5e2ae4872017313e969ac2be16021ef95b8826d85870315952de777afa4148890a71d47b9525a6483ecae2fe17dc527bb01b4990c670fd83a6a4618e5f873639e4dbf1d220e93fd056d1d7fa34bba4625e2402cd21d0c32a9d9460bf8ac9421d66a44af364ba146a12c1631fce4745c254880bd51751944e308e444fd7a99d8409aa79e4f6ed8348ab54657baaa9bc79dbc27c2a43ecbd8fa2e107029a430648191049205b59caf482771c420db4cf448a771887e6449eef0934de5850989c00aa25be0238cc022c6b5811db93e35491625cfa4047a07eadc0ffeb6fb181da4eff5724c5908e9af38d4d03e9c20c21ecc7e6b283c0486bd91a4c2b2ae38ffeed0a4d6171be98513a26cc3c0c9a21eb7605a8e3f5053ccbdbee085a60866b63baa6e4c134ca0c2978854f95fc66da8c9c99fb6aee8b4cbe6c65330edd825a0d1e0cddc18053f60ff038e5a7843dc4e96c4b34b174d05eabc7e846f447d5b177a6f91e09d631034e1e76b4e241b068264b4b520af078c39a751b3a153904a3b6801fd26ccc346a980ca9e638366ac316e3b8fb847178a7ae1f7235d11173ac3e9a3323cd9d43c15168026e62d64248cffd64c728ff6040b00c4ace01546c45b4862592e8d26fd38e71a3f394b562ddb9000534bb3f4a8fd4ed812e4db311dd1bc96adef2959bfea8b4c3553fa1169317d481ba681870bff55cd6a73d3452b3b5876567480f10e0c60d664cfcae51c7164c26f5ba3f899ceb279ed0aad8d1a2445e5178260ff40bc7c16b36b414415d4289e3648a57119ab4d09f6cef87089c65f7c758d6d617a3cfafc3f83b23129f280ecc86b0c55359037cff7647d9957950489630bcd18c019c4262aa050a49f3aad32f20f76247625ca1fcee2edc83f8f231bc1fcea0151f0bd93ffd382c15571e679c6862333d32ed3fb10a7498bda0fcfbbeaacea45ab87705f0493005cc180f9dbe36f1ef6e07ebeefd622eec9f856536a2afbb8cba74aac2cdadeecf9cb208080e3067ff240422bfffe7436b5fff62c2aa7f19b22cced77f41e7aaf75dcd56f68be7083681588d4a95ca57d9e51ddb31e4cbdac4713ab378d3f3ea4ae922f83fff7dee2e54aed0d04145a54d46edc8c072e4f8f20c8cc85780afac3ebc2633a7ba4cb86db072b888c157a665951bab41e108291ae6ac8e421da255b19429892dde79dc961f827deafbee221eb3108c335c2ef76f5da49329493b82e1fa80f055f07a26c10e57dc8b4abc0b8b75acad51b8f054c16e70dbe1f092ea95b60f948b2c270d59ecd48b700d4ddaba8723762b455de8b6294d222524598fb15ca70c482f701f9e030680604be49105b644be08bbc80d23f2bc2562a3dfa3de55c6d0b089ac9f344f55eac5fce3e6f372523327db7bfd9c69bd10cba5381dad2f75e31abe2ff09259dbed49b513f81ea39c688a1a59844cf7d2c090b9f8a19a21b41a40f90dcb3b052247fe47d448568f9ea81dd2e7505e02e22073c4d5fa072affeecef52d234382e0794a86cd63be1bd7f09d85ace1546c59277bdd00f8bdf8adf02dfc4a2199dadb0865e95bd7a86449b1ee942689ec77e690e437f79c73e6c95cb328166e810b49cc31faf31354833fdf41ce178a1accd51948c2fed14ce8b73691b54248655c23417a4de019f2311c075ce302fd25fdbc834f684871ec5ab03242b2f5223c0f2cca219b6b32242badefa379eb41ab9fa048e20a50eedaf96118ee28b22a54854e5d2251d1bb26d747f78dcf574cb5535b2f2ac23510fc4b91b9cf903dae3ace57fcc2d61ad0db4d2c70a2c58cd44b4ad1e0dd93e518c536b23926c00c49f253e3c1bef2e7e5401f87ebbcf0b49a86b0afe415ab35a3e40997a7b64d3ae6746224a11f5b074159078dc2984d0ee050115960bb3131c5c08b72ce7b848ee362adfaa4bd4534dadddad4ded5f8d70f93d48d54db58d3a5c0ca5d88b06c8355dd9b47b6d129dc44e361af89ce9821097a0dd4a14de1a632cf7ab7e6998d87843a8d855eda9f6964666794f91899df5d2e12ea655f1da391ad1cba49e6d6c0991ca87ba77e3e8b6725fce6e38e71aa6480e1a356135c1e4d2da51b02e01e9fac50037c2c939f16dc6487a6b2d0de7d7499c561304eb43c6672366cd224b4ddb13989dfcb3c789df0981fc1bcfe2d79f4d888f17c201b65cc2d825a749f12e42bd852ca312bc224ebcf09f5bbf5eecd2f3caf7945649d96c63b07ef3774698fe8e9db9b75e0f8922815363cbf82314ad6503173f0475779b570cfeba781c83ea03a2bffa215ce2a4f685df4fce8d509dada356e8a5db6e6cffb92f515d7e2c31314b51c8b9bafa12a355f727a5b97bce258bfbbbb7aa724e36fe34f7d7ffcbc648b5b871f281a45644da66a546b466edcf194b4003bda98275c1458c1f562bb79370a1a4f4fbaf44cf5f6cda9de0c5fad10033860de76dbfe4eee599a0ca5df2b70c9add451077073d16c845dd1f7a8ba79261cc5ee927062c41bbe38681227e3d0bc06dc7e2ecd2e988e3dc8b627b103aef60d2e3485ea894a4852046ff34fb603045212188c4e8af7da72feee8b548fcb789aac3c7cb1ffe43021e3e4a71922b58a0c9b973659bd9d82ff7d07ccb6443b440bc63816098f73a6f00c50bfdf85a5a72e36c6612854039c3f8d6c0e9d8aeb0c0cdd36fbe7ef851b961abdf51ffb2ebdf62c7d459b27ef837eb2058b7c49c3c4993137d0538533cd0629c8957e31447d61db1782e87eebfca6e8cb8ddd0d76e4bc435159df06f0bf75e6d9f929d189ec38724670b4750231f22db9cc714e4dc55ef5a82260b516537f7d1661623c4858b90a8ababbbe5ffd7827322dae5939446bfbb6f8393fee88531eea587ce347fe84f66558f6d7ca5915d6d1477055f5bb2266f922bf7b4b53d8239e76c0ceab2a9d8b6dbfed0f85312ce0751958cf97a65b666f37d97b2f13dd521c8d37a49248a52e4c525815878be3f1c2611cb2e717bb5b50d39cccf40a552331e47df0ce1b10473ed506a1af3563ee39cab4b70e96244e512c2e55d75d11dfa0513a75dcb53d389f5ae6b6f87bd68b098b255baaa8035bc9140bd72fdfbaf21b947466255e397a29caf969bc708d885a136bce62b76da9329037594dd6a427b0092e17397587d1117ba84863e4bc5ebce2d40406f77696282d3fb008f746ca0f7ddf86036951faa5494c951489cdda15", @generic="fc041334b1ae9e2aa1ae7bf724ef913ab5c0649315fb5c86e659dcbe6459346e77fcffbfd1fd7f53eb221a0a398dc0a8600f0a7220ee6eb57119fcb630fe24d1d1e48b7b0248bd3bfedecb38865445c899457bac6de0abaae8b471ae4ac547b1cbaf0d94c0bcb51d3145c34c04e944ed6eeef3398a1d02355a32d20b4ae3e72ce6db4944cd295e51ea0139d2e28980b7bc61a93ddba0b6262f495cff6af4e005ee76627ab45159cbe71a5ebb3322addae6b7449b9123d1a95a2e"]}, @generic="ab3024719033596c10ac7cdd483a99107691ed340b5ae53af58d6411364d9319234552bdcdf96a2e64f9ff7953dbdd02c2fd24f4dbc4552f3386a94b568cc7a34a9d9b89caf9ce80621bb2966f930488375edf2ab6992c89274896468501fc071e7103b5ecf5014d465c3fb5b88e2abe5ab06e463086738284dd4fd4d7abdb0e6dbe05b29480a38409f1971218933a6d298bee1535bd071d397706fe6534ae7e0d054031a4a71f99323bd35c06c6a88f", @typed={0x8, 0x79, 0x0, 0x0, @pid=r3}]}, @NL80211_ATTR_ROAM_SUPPORT={0x4}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8}, @NL80211_ATTR_FTM_RESPONDER={0x168, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0xe6, 0x2, "afec3a58175d18c71875b41ce6390c9b798da299734d93a4aecd0d66e056cb0c201c4fd495f2a112946e2eefc6b4af528da63cc2a8cbbb78634697d408a1739ab6a7fcf2a7a69bdf3f6039b0bc98076d046270c36fce617df218b4b063a93b850804783788abc559ee08e79b840eee79c5e0caf2ec028317c553c4628af1efa30daadb626640a40712bbeef27a60cc6f474fb319357da6431531953e643202bafc988d9231b6d14696746f377c79cba75f52b731df78bfb8abfbe116b80dd7cbace55b4d37713dc0a0c3d3e8a9ccb46e2beef66e643f7198562d012e06f20ffa37b5"}, @NL80211_FTM_RESP_ATTR_LCI={0x7b, 0x2, "716c0a7ea291515522541d9f4ab20375dbc9000a6784e9866fa7dc8378e2fe69ffc2f537c24e4e68033102f25dd9c535f8205f059baabae63ed45464225a27656a822a98261917110a613c4384e5da9db171634af887bb9d718e69a8841500458ca5e8bf0adb467c3f28b4af084fd9bbe0165fdf05f506"}]}, @NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_AUTH_DATA={0xfa, 0x9c, "b92bb1531d40ef60ea11da91f5b36aaf3897b97b9d1d27f5a8f8ad3172366dcdec4743ebd9f72dd8126da129e807c5dea695e3cc3d7bcf64110e9bc4a25e317b0ed87590542edac5225bc99f6b022316feeb195a7b7c134883a4ca6278d3c06d3a40eae4849551687739f05d0ff163faf42deafe8dd64327854c2f4f746332c5b3c6e0f98fd1f9f640fee4ee8f5bf2662800fd638a5d4f6598f67f4e09fbfe970119aa14060f67f7332606df2eaec94db49db2af10f79d0b6adc18ba92406e07c1ace76304b5c8ce141cfe02a1df41aeab86499be5d4d9d336e74abfeb7d4ef83ea82322c02beccc0400c5896ad5ec8a33b7984012c7"}]}, 0x1414}, 0x1, 0x0, 0x0, 0x20000915}, 0x4004010) madvise$auto(0x0, 0xffffffffffff0001, 0x12) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') ioctl$NS_GET_PARENT(r4, 0xb701, 0x0) 424.443618ms ago: executing program 3 (id=3436): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0xf000, 0x8, 0x1000000003, 0x9b72, 0x2, 0x8000) semctl$auto(0x0, 0xfffffffffffffffa, 0x100000001, 0x95cc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x48, 0x0) fsopen$auto(0x0, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x5, 0x9, 0x80, 0x11, 0x8, 0xb) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_map_fd=0x29d, 0x7, @old_map_fd=0x3ff}, 0xa3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/queue/io_poll\x00', 0x109500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/203, 0xcb) setrlimit$auto(0x1000000007, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x40, 0xe0) statx$auto(0xffffffffffffffff, 0x0, 0x8, 0x6, &(0x7f0000000080)={0x5, 0x1, 0x2, 0x7, 0xffffffffffffffff, 0xee01, 0x2, 0x400, 0x4, 0x80, 0x6, 0x8, {0x0, 0x8}, {0x0, 0x5}, {0x1, 0x2}, {0x2, 0x7515}, 0xfffff91a, 0x73, 0x2, 0x2, 0x4, 0x4df, 0x9, 0x176, 0x7, 0xbfe, 0xa, 0x80000001, [0xfa7, 0x4, 0x7, 0x0, 0x3, 0x4, 0x1ff, 0x8000000000000001]}) shmctl$auto(0xd67, 0x8, &(0x7f0000000240)={{0x5, 0xee01, 0xffffffffffffffff, 0x9, 0x7, 0x9, 0x9}, 0x9, 0x2, 0xffff, 0x7d, 0x0, 0x3, 0x4, 0x0, &(0x7f00000001c0), &(0x7f0000000200)}) r6 = getegid() shmctl$auto(0x9, 0x0, &(0x7f0000000340)={{0x9, r5, r6, 0x4c, 0x1, 0x0, 0x4}, 0x9, 0x80000000, 0x8, 0x2, 0x7, 0x9, 0x6, 0x0, &(0x7f00000002c0), 0x0}) fstat$auto(r3, &(0x7f0000000180)={0x5, 0x3, 0x7, 0xb, r4, r6, 0x0, 0x923, 0x3, 0x3, 0x9, 0x10001, 0x5, 0x1, 0x7, 0x3, 0x100000001}) statx$auto(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0xa, 0x7ff, &(0x7f0000000100)={0x7, 0x0, 0x9, 0x6, 0xffffffffffffffff, r6, 0x1f39, 0x3400, 0x101, 0x4, 0xa3, 0x2, {0x7a, 0x2}, {0x5ac, 0x6}, {0x6, 0x5}, {0x5bc5, 0xd}, 0x6, 0x8, 0x1, 0x6, 0x16, 0xd, 0xb6a9cbc, 0x6, 0x8, 0x2, 0xfffffffd, 0xe2, [0x4, 0x8000000000000000, 0x3, 0x5, 0x8, 0x7, 0x9, 0x1, 0xfac]}) socket(0x2a, 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) clone$auto(0x21002, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x9) ioctl$auto(r1, 0x100, 0x0) 423.777308ms ago: executing program 6 (id=3444): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) unshare$auto(0x200) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r1, 0x0) umount2$auto(&(0x7f0000000080)='.\x00', 0x3) setns(r0, 0x0) creat$auto(&(0x7f00000000c0)='./file0\x00', 0x20c) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) truncate$auto(&(0x7f0000000040)='./file0\x00', 0x1000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1af4e482bceb7718}, 0x40000) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_proc_fault_inject_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/make-it-fail\x00', 0x40002, 0x0) setresuid$auto(0x2, 0x7, 0x0) write$auto_proc_fault_inject_operations_base(r2, 0x0, 0x0) 423.034312ms ago: executing program 4 (id=3437): set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/bus/usb/drivers/usb-storage/bind\x00', 0x389103, 0x0) bpf$auto(0x5, &(0x7f0000000240)=@batch={0x100, 0xffffffff, 0x7, 0x9, 0x3ff, r0, 0x4f91, 0x6f5}, 0x3b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xffffffffffff0011, 0x80000000000401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x15, 0x5, 0x0) io_uring_setup$auto(0x7, 0x0) clone$auto(0x1ff00, 0x0, 0x0, 0x0, 0x9) exit$auto(0x7) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x73, 0x0, &(0x7f0000000040)=0x20000000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x0, 0x9, 0x6, 0x8001}, 0x4) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r2 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) mmap$auto(0x0, 0x5, 0x3, 0x18, 0xfffffffffffffffa, 0x1000008000) close_range$auto(0x2, 0x8, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f00000001c0), 0x8000, 0x0) read$auto_force_wakeup_fops_hci_vhci(r2, &(0x7f0000000000)=""/8, 0x8) r3 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/framebuffer\x00', 0x101000, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(r3, &(0x7f00000000c0)=""/168, 0xa8) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) socket(0xa, 0x801, 0x84) connect$auto(r2, 0x0, 0x56) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) 249.477145ms ago: executing program 4 (id=3438): openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000980)='/sys/kernel/debug/ieee80211/phy3/aql_enable\x00', 0x129100, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram6\x00', 0xee380, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) unlink$auto(&(0x7f0000000080)='@-&x-\\^\x92+\\d$!#*/\x00') capget$auto(&(0x7f0000000200)={0x7, 0x0}, &(0x7f0000000240)={0x3, 0x1, 0x8}) r1 = gettid() tgkill$auto(0x0, r1, 0x7) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080), 0x6b) r2 = gettid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mremap$auto(0x4000, 0x1fee0, 0x3fd6, 0x3, 0xfffff000) r3 = getpgrp(0xffffffffffffffff) syz_clone3(&(0x7f00000002c0)={0x10080000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0xf}, &(0x7f00000000c0)=""/215, 0xd7, &(0x7f00000001c0)=""/26, &(0x7f0000000280)=[r0, 0x0, r2, r3], 0x4}, 0x58) 0s ago: executing program 4 (id=3439): fsmount$auto(0xffffffffffffffff, 0x1, 0xf9) r0 = socket(0x2b, 0x1, 0x1) r1 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) keyctl$auto(0x2000000000000017, 0x0, 0xdd6a, 0xfffffffffffffffe, 0x4) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000340)='/dev/video23\x00', 0x80000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) ioctl$auto(0x3, 0x4020565a, 0x38) connect$auto(0xffffffffffffffff, &(0x7f00000000c0), 0xbd) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x19, &(0x7f00000000c0), 0x0) landlock_restrict_self$auto(0xffffffffffffffff, 0x80000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) ioctl$auto(0x3, 0x401870c8, 0x38) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) getsockopt$auto(r0, 0x40000000029, 0x1, 0xfffffffffffffffe, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r1) sendmsg$auto_NL80211_CMD_START_NAN(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x24, r3, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_TIMEOUT_REASON={0x8, 0xf8, 0xffff9aa8}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x8000) kernel console output (not intermixed with test programs): +0x837/0x12d0 [ 353.357631][T12227] ? __pfx_wiphy_register+0x10/0x10 [ 353.363783][T12227] ieee80211_register_hw+0x2951/0x3fa0 [ 353.369313][T12227] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 353.375238][T12227] ? net_generic+0xea/0x2a0 [ 353.379812][T12227] ? lockdep_init_map_type+0x16d/0x7d0 [ 353.385321][T12227] ? rcu_is_watching+0x12/0xc0 [ 353.390132][T12227] ? trace_hrtimer_init+0x1a6/0x230 [ 353.395380][T12227] ? __hrtimer_init+0x106/0x2c0 [ 353.400275][T12227] mac80211_hwsim_new_radio+0x2c47/0x56c0 [ 353.406063][T12227] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 353.412182][T12227] ? hwsim_new_radio_nl+0x9ff/0x12b0 [ 353.417516][T12227] hwsim_new_radio_nl+0xb42/0x12b0 [ 353.422692][T12227] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 353.428298][T12227] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 353.435709][T12227] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 353.443418][T12227] genl_family_rcv_msg_doit+0x202/0x2f0 [ 353.450207][T12227] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 353.456612][T12227] ? genl_get_cmd+0x195/0x580 [ 353.461355][T12227] ? bpf_lsm_capable+0x9/0x10 [ 353.466069][T12227] ? security_capable+0x7e/0x260 [ 353.471062][T12227] ? ns_capable+0xd7/0x110 [ 353.475519][T12227] genl_rcv_msg+0x565/0x800 [ 353.480067][T12227] ? __pfx_genl_rcv_msg+0x10/0x10 [ 353.485132][T12227] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 353.490756][T12227] netlink_rcv_skb+0x165/0x410 [ 353.495667][T12227] ? __pfx_genl_rcv_msg+0x10/0x10 [ 353.500752][T12227] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 353.506095][T12227] ? down_read+0xc9/0x330 [ 353.510475][T12227] ? __pfx_down_read+0x10/0x10 [ 353.515293][T12227] ? netlink_deliver_tap+0x1ae/0xca0 [ 353.520640][T12227] genl_rcv+0x28/0x40 [ 353.524662][T12227] netlink_unicast+0x53c/0x7f0 [ 353.529467][T12227] ? __pfx_netlink_unicast+0x10/0x10 [ 353.534792][T12227] ? __phys_addr_symbol+0x30/0x80 [ 353.539869][T12227] ? __check_object_size+0x488/0x710 [ 353.545217][T12227] netlink_sendmsg+0x8b8/0xd70 [ 353.550032][T12227] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.555896][T12227] ____sys_sendmsg+0x9ae/0xb40 [ 353.560706][T12227] ? copy_msghdr_from_user+0x10b/0x160 [ 353.566220][T12227] ? __pfx_____sys_sendmsg+0x10/0x10 [ 353.572709][T12227] ___sys_sendmsg+0x135/0x1e0 [ 353.577453][T12227] ? __pfx____sys_sendmsg+0x10/0x10 [ 353.582725][T12227] ? __pfx_lock_release+0x10/0x10 [ 353.587808][T12227] ? trace_lock_acquire+0x14e/0x1f0 [ 353.593066][T12227] ? __fget_files+0x206/0x3a0 [ 353.597796][T12227] __sys_sendmsg+0x16e/0x220 [ 353.602431][T12227] ? __pfx___sys_sendmsg+0x10/0x10 [ 353.607617][T12227] ? __x64_sys_futex+0x1e1/0x4c0 [ 353.612714][T12227] do_syscall_64+0xcd/0x250 [ 353.617261][T12227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.623200][T12227] RIP: 0033:0x7f3055985d19 [ 353.627645][T12227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.647295][T12227] RSP: 002b:00007f30566ea038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.655773][T12227] RAX: ffffffffffffffda RBX: 00007f3055b75fa0 RCX: 00007f3055985d19 [ 353.663791][T12227] RDX: 0000000004000800 RSI: 0000000020000e00 RDI: 0000000000000003 [ 353.671808][T12227] RBP: 00007f3055a01a20 R08: 0000000000000000 R09: 0000000000000000 [ 353.679819][T12227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.687827][T12227] R13: 0000000000000000 R14: 00007f3055b75fa0 R15: 00007fff3c4d3dc8 [ 353.695856][T12227] [ 354.795696][T12256] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1463'. [ 355.366088][T12267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1468'. [ 358.612151][T12361] FAULT_INJECTION: forcing a failure. [ 358.612151][T12361] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 358.646254][T12361] CPU: 1 UID: 0 PID: 12361 Comm: syz.1.1489 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 358.658314][T12361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 358.668495][T12361] Call Trace: [ 358.671787][T12361] [ 358.674719][T12361] dump_stack_lvl+0x16c/0x1f0 [ 358.679407][T12361] should_fail_ex+0x497/0x5b0 [ 358.684100][T12361] _copy_to_user+0x32/0xd0 [ 358.688533][T12361] semctl_info.constprop.0+0x33a/0x460 [ 358.694015][T12361] ? __pfx_semctl_info.constprop.0+0x10/0x10 [ 358.700104][T12361] ? __mutex_unlock_slowpath+0x164/0x690 [ 358.705760][T12361] ksys_semctl.constprop.0+0x148/0x2e0 [ 358.711236][T12361] ? __fget_files+0x206/0x3a0 [ 358.715924][T12361] ? __pfx_ksys_semctl.constprop.0+0x10/0x10 [ 358.721929][T12361] ? syscall_user_dispatch+0x77/0x140 [ 358.727325][T12361] do_syscall_64+0xcd/0x250 [ 358.731849][T12361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.737750][T12361] RIP: 0033:0x7f499a585d19 [ 358.742172][T12361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.762341][T12361] RSP: 002b:00007f499b35a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000042 [ 358.770774][T12361] RAX: ffffffffffffffda RBX: 00007f499a775fa0 RCX: 00007f499a585d19 [ 358.778752][T12361] RDX: 0000000000000013 RSI: 0000000000000002 RDI: 00000000000001ff [ 358.786728][T12361] RBP: 00007f499b35a090 R08: 0000000000000000 R09: 0000000000000000 [ 358.794705][T12361] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 358.802770][T12361] R13: 0000000000000000 R14: 00007f499a775fa0 R15: 00007ffeeb5d4668 [ 358.810784][T12361] [ 359.343122][T12372] hugetlbfs: syz.4.1493 (12372): Using mlock ulimits for SHM_HUGETLB is obsolete [ 362.142770][T12429] [U] [ 362.145834][T12429] [U] [ 362.148562][T12429] [U] [ 362.151279][T12429] [U] [ 362.168098][T12429] [U] [ 362.170865][T12429] [U] [ 362.173587][T12429] [U] [ 362.176322][T12429] [U] [ 362.193784][T12430] [U] [ 362.725763][T12436] tmpfs: Unknown parameter ',8' [ 369.620285][T12660] netlink: 'syz.1.1557': attribute type 6 has an invalid length. [ 369.637995][T12660] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1557'. [ 371.472062][T12704] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1568'. [ 371.502245][T12704] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 371.532682][T12704] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 371.582362][T12710] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1569'. [ 371.593590][T12710] vcan0: entered promiscuous mode [ 375.244556][T12779] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1586'. [ 375.873138][T12798] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1591'. [ 375.900250][T12798] macsec0: entered allmulticast mode [ 375.917082][T12798] veth1_macvtap: entered allmulticast mode [ 376.027482][T12798] netlink: 22 bytes leftover after parsing attributes in process `syz.3.1591'. [ 376.908937][T12826] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1597'. [ 377.472375][T12844] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1604'. [ 377.498408][T12844] macsec0: left promiscuous mode [ 377.514459][T12844] macsec0: entered allmulticast mode [ 377.534042][T12844] veth1_macvtap: entered allmulticast mode [ 377.640036][T12844] netlink: 22 bytes leftover after parsing attributes in process `syz.4.1604'. [ 377.889492][T12861] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1608'. [ 377.957407][T12861] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1608'. [ 377.980771][T12861] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1608'. [ 378.039638][T12861] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1608'. [ 379.121826][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.137934][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.350699][T12895] openvswitch: netlink: IP tunnel dst address not specified [ 380.542909][T12942] __nla_validate_parse: 29 callbacks suppressed [ 380.542931][T12942] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1631'. [ 380.588307][T12941] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1631'. [ 381.130960][T12948] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1632'. [ 381.159373][T12948] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 381.496938][T12974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1637'. [ 381.550565][T12966] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1635'. [ 381.955938][T12977] openvswitch: netlink: IPv6 tunnel dst address is zero [ 382.816551][T13020] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1652'. [ 385.178785][T13082] program syz.1.1666 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 385.222779][T13082] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 387.388248][T13134] : renamed from bridge_slave_0 (while UP) [ 387.416761][T13137] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1678'. [ 389.007472][T13181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1691'. [ 389.737966][ T29] audit: type=1800 audit(4294967319.570:16): pid=13211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1698" name="discovery_nqn" dev="configfs" ino=36765 res=0 errno=0 [ 391.238648][T13264] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1711'. [ 391.259645][T13264] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1711'. [ 391.521662][T13276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1714'. [ 392.044168][T13288] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1714'. [ 394.195264][T13323] netlink: 'syz.4.1727': attribute type 21 has an invalid length. [ 394.218075][T13323] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1727'. [ 394.258396][T13322] netlink: 334 bytes leftover after parsing attributes in process `syz.4.1727'. [ 394.288979][T13322] IPv6: NLM_F_CREATE should be specified when creating new route [ 394.598585][T13326] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1728'. [ 395.558863][T13333] netlink: 350 bytes leftover after parsing attributes in process `syz.4.1733'. [ 397.221584][T13368] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1742'. [ 398.345023][T13394] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1746'. [ 398.747809][T13407] tipc: Started in network mode [ 398.757313][T13407] tipc: Node identity ee00, cluster identity 4711 [ 398.787080][T13407] tipc: Node number set to 60928 [ 399.306318][T13416] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1753'. [ 400.635325][T13449] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1763'. [ 401.104410][T13456] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1765'. [ 404.629218][T13549] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1788'. [ 404.895145][T13546] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec ASAN_OPTIONS=handle_segv=0 allow_user_segv_handler=1 detect_leaks=0 GLIBC_TUNABLES=glibc.pthread.rseq=0 ./syz-executor"[13546] [ 406.647005][T13604] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1800'. [ 406.989032][T13611] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1802'. [ 408.597229][T13633] 0}^: entered promiscuous mode [ 409.463541][T13645] cifs: Unknown parameter 'T.ŸÜÛæ¨Å¼c[ŸÐê€$âæµÈ)ü±UóÑnEó-Ê™¾l®öÚ-ºŒ -¾_€™¯Ôåáª5Z äoåé¢mžÐfwYÍhº*/ÿxDlÝ©Š×ígÕkÇAí³ùÏ7ÍØØ9’ôXöa/fê_ÿAR£ˆ™‘ÈxM ‚v¬—pÿ±$^;ôØq‡3±«£n졵-6©+e„k„¾ñÇ<°kœcÔ)n.üeMÍ÷Na¨t®ÐSMÎÆ1,' [ 410.833604][T13652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1814'. [ 410.843992][T13652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1814'. [ 413.028903][T13729] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1830'. [ 413.077057][T13728] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1828'. [ 413.137761][T13728] : renamed from wg0 (while UP) [ 414.284871][T13759] nfsd: Unknown parameter 'IPVS' [ 414.560074][T13772] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1842'. [ 421.443897][T13875] can: request_module (can-proto-5) failed. [ 423.612248][T13925] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1883'. [ 425.526937][T13930] kexec: Could not allocate control_code_buffer [ 431.177879][ T29] audit: type=1326 audit(4294967361.010:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14084 comm="syz.4.1923" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb337d85d19 code=0x0 [ 436.231433][T14205] netlink: 392 bytes leftover after parsing attributes in process `syz.3.1953'. [ 438.196442][T14261] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 438.651780][T14269] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1969'. [ 438.762593][T14271] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1969'. [ 440.565965][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.572429][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.607264][T14331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1984'. [ 442.710440][T14388] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2004'. [ 446.283118][T14462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2026'. [ 450.403564][T14565] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2050'. [ 451.122977][T14590] syz_tun: tun_chr_ioctl cmd 2147767507 [ 451.823066][T14609] size and base must be multiples of 4 kiB [ 451.842197][T14609] CPU: 0 UID: 0 PID: 14609 Comm: syz.1.2069 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 451.853051][T14609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 451.863141][T14609] Call Trace: [ 451.866428][T14609] [ 451.869377][T14609] dump_stack_lvl+0x16c/0x1f0 [ 451.874083][T14609] mtrr_add+0xdf/0x110 [ 451.878188][T14609] mtrr_ioctl+0x7cd/0xcd0 [ 451.882539][T14609] ? __pfx_mtrr_ioctl+0x10/0x10 [ 451.887424][T14609] ? lockdep_hardirqs_on+0x7c/0x110 [ 451.892660][T14609] ? __pfx_mtrr_ioctl+0x10/0x10 [ 451.897557][T14609] proc_reg_unlocked_ioctl+0x226/0x320 [ 451.903100][T14609] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 451.909486][T14609] __x64_sys_ioctl+0x190/0x200 [ 451.914416][T14609] do_syscall_64+0xcd/0x250 [ 451.918967][T14609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.924900][T14609] RIP: 0033:0x7f499a585d19 [ 451.929420][T14609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.949411][T14609] RSP: 002b:00007f499b35a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 451.957859][T14609] RAX: ffffffffffffffda RBX: 00007f499a775fa0 RCX: 00007f499a585d19 [ 451.965848][T14609] RDX: 0000000000000002 RSI: 00000000400c4d01 RDI: 0000000000000004 [ 451.973834][T14609] RBP: 00007f499a601a20 R08: 0000000000000000 R09: 0000000000000000 [ 451.981834][T14609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.989830][T14609] R13: 0000000000000000 R14: 00007f499a775fa0 R15: 00007ffeeb5d4668 [ 451.997834][T14609] [ 453.089763][T14669] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2083'. [ 453.396695][T14680] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2086'. [ 453.412525][T14680] netlink: 'syz.3.2086': attribute type 4 has an invalid length. [ 453.420596][T14680] netlink: 110 bytes leftover after parsing attributes in process `syz.3.2086'. [ 453.500203][T14685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2088'. [ 453.539291][T14685] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2088'. [ 455.055287][T14751] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2109'. [ 456.752204][T14798] delete_channel: no stack [ 456.756934][T14798] delete_channel: no stack [ 456.798382][T14798] delete_channel: no stack [ 456.803031][T14798] delete_channel: no stack [ 456.819618][T14798] delete_channel: no stack [ 456.828443][T14798] delete_channel: no stack [ 456.842569][T14798] delete_channel: no stack [ 456.858765][T14798] delete_channel: no stack [ 456.863817][T14798] delete_channel: no stack [ 456.873715][T14798] delete_channel: no stack [ 456.885990][T14798] delete_channel: no stack [ 456.896294][T14798] delete_channel: no stack [ 456.906719][T14798] delete_channel: no stack [ 456.918255][T14798] delete_channel: no stack [ 456.939672][T14798] delete_channel: no stack [ 456.944914][T14798] delete_channel: no stack [ 456.957767][T14798] delete_channel: no stack [ 456.964123][T14798] delete_channel: no stack [ 456.975473][T14798] delete_channel: no stack [ 456.991027][T14798] delete_channel: no stack [ 457.001116][T14798] delete_channel: no stack [ 457.016861][T14798] delete_channel: no stack [ 457.024416][T14798] delete_channel: no stack [ 457.042781][T14798] delete_channel: no stack [ 457.060867][T14798] delete_channel: no stack [ 457.070892][T14798] delete_channel: no stack [ 457.081012][T14798] delete_channel: no stack [ 457.107740][T14798] delete_channel: no stack [ 457.128911][T14798] delete_channel: no stack [ 457.144055][T14798] delete_channel: no stack [ 457.164048][T14798] delete_channel: no stack [ 457.188512][T14798] delete_channel: no stack [ 457.245178][T14791] delete_channel: no stack [ 458.093579][T14850] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2140'. [ 458.432232][T14873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2144'. [ 459.286275][T14904] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2154'. [ 461.369558][T14960] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2170'. [ 472.886883][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 472.904271][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 472.913080][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 472.921662][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 472.930111][ T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 472.937793][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 473.341818][T15161] chnl_net:caif_netlink_parms(): no params data found [ 473.740598][T15161] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.764393][T15161] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.804244][T15161] bridge_slave_0: entered allmulticast mode [ 473.825182][T15161] bridge_slave_0: entered promiscuous mode [ 473.870761][T15161] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.887429][T15161] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.907172][T15161] bridge_slave_1: entered allmulticast mode [ 473.927101][T15161] bridge_slave_1: entered promiscuous mode [ 474.046988][T15161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 474.071167][T15161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 474.224391][T15161] team0: Port device team_slave_0 added [ 474.271856][T15161] team0: Port device team_slave_1 added [ 474.391495][T15161] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 474.414821][T15161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 474.451441][T15161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 474.615326][T15161] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 474.633338][T15161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 474.691982][T15161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 474.770741][T15161] hsr_slave_0: entered promiscuous mode [ 474.788482][T15161] hsr_slave_1: entered promiscuous mode [ 474.798489][T15161] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 474.806508][T15161] Cannot create hsr debugfs directory [ 474.932571][T15202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2237'. [ 475.037953][ T5838] Bluetooth: hci1: command tx timeout [ 475.133641][T15161] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.239528][T15161] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.348549][T15161] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.509959][T15161] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.805874][T15161] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 475.835229][T15161] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 475.860687][T15161] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 475.926836][T15161] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 476.362464][T15161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 476.412326][T15161] 8021q: adding VLAN 0 to HW filter on device team0 [ 476.432805][T14503] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.440010][T14503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 476.495919][T14503] bridge0: port 2(bridge_slave_1) entered blocking state [ 476.503112][T14503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 476.647716][T15161] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 477.044540][T15161] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 477.131225][ T5838] Bluetooth: hci1: command tx timeout [ 477.252426][T15161] veth0_vlan: entered promiscuous mode [ 477.401221][T15161] veth1_vlan: entered promiscuous mode [ 477.425706][T15161] veth0_macvtap: entered promiscuous mode [ 477.435221][T15161] veth1_macvtap: entered promiscuous mode [ 477.451316][T15161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 477.462848][T15161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.478076][T15161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 477.498549][T15161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.512962][T15161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 477.524248][T15161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.534179][T15161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 477.554981][T15161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.572817][T15161] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 477.630043][T15161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.667899][T15161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.691355][T15161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.712248][T15161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.732477][T15161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.766321][T15161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.786891][T15161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.813518][T15161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.837792][T15161] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 477.963378][T15281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2256'. [ 477.977385][T15161] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.994270][T15161] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.012879][T15161] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.024547][T15161] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.276219][ T9393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.301596][ T9393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.371615][ T9054] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.397046][ T9054] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 479.198304][ T5838] Bluetooth: hci1: command tx timeout [ 480.763570][T15331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2265'. [ 481.076545][T15337] openvswitch: netlink: Key 23 has unexpected len 0 expected 2 [ 481.284249][ T5838] Bluetooth: hci1: command tx timeout [ 481.551324][T15357] syz_tun: tun_chr_ioctl cmd 1074812117 [ 486.942778][T15483] openvswitch: netlink: IP tunnel dst address not specified [ 487.220806][T15486] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2307'. [ 489.790716][T15559] can: request_module (can-proto-5) failed. [ 491.281488][T15607] svc: failed to register nfsdv3 RPC service (errno 111). [ 491.316678][T15607] svc: failed to register nfsaclv3 RPC service (errno 111). [ 492.576616][T15626] base or size exceeds the MTRR width [ 494.569481][T15678] netlink: 'syz.0.2354': attribute type 21 has an invalid length. [ 494.577512][T15678] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2354'. [ 502.001206][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.007708][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.114383][T15882] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2410'. [ 503.175418][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 503.208286][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 503.216946][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 503.232809][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 503.240757][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 503.248471][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 503.457469][T15885] chnl_net:caif_netlink_parms(): no params data found [ 503.570234][T15895] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2412'. [ 503.938143][T15885] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.945416][T15885] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.968346][T15885] bridge_slave_0: entered allmulticast mode [ 503.975520][T15885] bridge_slave_0: entered promiscuous mode [ 504.018117][T15885] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.025282][T15885] bridge0: port 2(bridge_slave_1) entered disabled state [ 504.064676][T15885] bridge_slave_1: entered allmulticast mode [ 504.089197][T15885] bridge_slave_1: entered promiscuous mode [ 504.165977][T15885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 504.203483][T15885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 505.412968][ T55] Bluetooth: hci3: command tx timeout [ 505.432160][T15885] team0: Port device team_slave_0 added [ 505.442454][T15885] team0: Port device team_slave_1 added [ 505.676870][T15885] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 505.694718][T15885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 505.776846][T15885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 505.807142][T15885] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 505.826304][T15885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 505.917662][T15885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.404111][T15944] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2425'. [ 507.129717][T15885] hsr_slave_0: entered promiscuous mode [ 507.162203][T15885] hsr_slave_1: entered promiscuous mode [ 507.169231][T15885] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 507.178397][T15885] Cannot create hsr debugfs directory [ 507.438182][ T55] Bluetooth: hci3: command tx timeout [ 507.502729][T15885] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.700910][T15885] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.836652][T15885] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.012518][T15885] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.237734][T15885] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 508.264446][T15885] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 508.277563][T15885] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 508.299702][T15885] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 508.413963][T15885] 8021q: adding VLAN 0 to HW filter on device bond0 [ 508.454917][T15885] 8021q: adding VLAN 0 to HW filter on device team0 [ 508.484026][ T7481] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.491240][ T7481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 508.532677][ T9399] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.539901][ T9399] bridge0: port 2(bridge_slave_1) entered forwarding state [ 508.840420][T15995] ptrace attach of "./syz-executor exec"[15161] was attempted by ""[15995] [ 508.901387][T15885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 508.937503][T15885] veth0_vlan: entered promiscuous mode [ 508.983679][T15885] veth1_vlan: entered promiscuous mode [ 509.022581][T15885] veth0_macvtap: entered promiscuous mode [ 509.041799][T15885] veth1_macvtap: entered promiscuous mode [ 509.068362][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 509.082505][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.103084][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 509.124032][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.139438][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 509.159792][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.170902][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 509.181741][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.193106][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 509.204382][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.254135][T15885] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 509.298407][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 509.310191][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.329998][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 509.342480][T16004] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2442'. [ 509.352339][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.362844][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 509.374285][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.386673][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 509.404159][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.415516][T15885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 509.447127][T15885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 509.469489][T15885] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 509.482964][T16004] ipvlan0: entered allmulticast mode [ 509.497908][T16004] veth0_vlan: entered allmulticast mode [ 509.518246][ T55] Bluetooth: hci3: command tx timeout [ 509.527757][T15885] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.572100][T15885] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.578360][T16006] could not allocate digest TFM handle [ 509.616103][T15885] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.647990][T15885] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.831419][ T9392] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 509.859925][ T9392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 509.948911][ T9395] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 509.956794][ T9395] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 511.135665][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.183531][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.208249][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.263892][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.448880][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.468479][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.516511][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.547560][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.586931][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'. [ 511.598227][ T55] Bluetooth: hci3: command tx timeout [ 514.920268][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 514.932512][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 514.942386][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 514.954091][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 514.962201][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 514.971973][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 515.765180][T16141] chnl_net:caif_netlink_parms(): no params data found [ 516.328582][T16141] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.351680][T16141] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.368276][T16141] bridge_slave_0: entered allmulticast mode [ 516.376131][T16141] bridge_slave_0: entered promiscuous mode [ 516.384750][T16141] bridge0: port 2(bridge_slave_1) entered blocking state [ 516.391966][T16141] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.399661][T16141] bridge_slave_1: entered allmulticast mode [ 516.406767][T16141] bridge_slave_1: entered promiscuous mode [ 517.368812][ T5838] Bluetooth: hci0: command tx timeout [ 517.468794][T16141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 517.572155][T16141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 517.743147][T16183] netlink: 'syz.3.2485': attribute type 2 has an invalid length. [ 517.833340][T16141] team0: Port device team_slave_0 added [ 517.881146][T16141] team0: Port device team_slave_1 added [ 518.081569][T16141] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 518.114836][T16141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.140970][ C0] vkms_vblank_simulate: vblank timer overrun [ 518.173521][T16141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 518.229343][T16141] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 518.265751][T16141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.291768][ C0] vkms_vblank_simulate: vblank timer overrun [ 518.302758][T16141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 518.468913][T16141] hsr_slave_0: entered promiscuous mode [ 518.503205][T16141] hsr_slave_1: entered promiscuous mode [ 518.516570][T16141] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 518.548002][T16141] Cannot create hsr debugfs directory [ 518.864831][T16141] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.071769][T16141] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.350422][T16141] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.438204][ T5838] Bluetooth: hci0: command tx timeout [ 519.611506][T16141] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.038959][T16232] __nla_validate_parse: 56 callbacks suppressed [ 520.038984][T16232] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2500'. [ 520.053167][T16141] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 520.194398][T16232] hsr_slave_1 (unregistering): left promiscuous mode [ 520.295441][T16141] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 520.312998][T16141] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 520.331983][T16141] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 520.540083][T16141] 8021q: adding VLAN 0 to HW filter on device bond0 [ 520.620581][T16141] 8021q: adding VLAN 0 to HW filter on device team0 [ 520.654543][T16141] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 520.665154][T16141] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 520.691086][ T7480] bridge0: port 1(bridge_slave_0) entered blocking state [ 520.698364][ T7480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 520.739150][ T7480] bridge0: port 2(bridge_slave_1) entered blocking state [ 520.746325][ T7480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 521.111700][T16141] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 521.228878][T16141] veth0_vlan: entered promiscuous mode [ 521.256268][T16141] veth1_vlan: entered promiscuous mode [ 521.340398][T16141] veth0_macvtap: entered promiscuous mode [ 521.362076][T16141] veth1_macvtap: entered promiscuous mode [ 521.433754][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.475998][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.505446][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.518357][ T5838] Bluetooth: hci0: command tx timeout [ 521.531832][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.546083][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.561132][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.571554][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.583344][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.593883][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.644299][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.702038][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 521.728363][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.741049][T16141] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 521.781593][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.802766][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.813513][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.839382][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.853260][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.869144][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.880450][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.891880][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.902394][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.942564][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.970343][T16141] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.991741][T16141] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 522.018954][T16141] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 522.036496][T16141] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.045442][T16141] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.054358][T16141] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.063249][T16141] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.305836][ T9398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.324172][ T9398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.420688][ T9389] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.429843][ T9389] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.668080][T16291] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2467'. [ 522.877219][T16294] netlink: 'syz.4.2517': attribute type 11 has an invalid length. [ 523.420317][T16299] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2519'. [ 523.496045][T16299] bridge_slave_1: left allmulticast mode [ 523.505030][T16299] bridge_slave_1: left promiscuous mode [ 523.538805][T16299] bridge0: port 2(bridge_slave_1) entered disabled state [ 523.583680][T16303] netlink: 'syz.0.2521': attribute type 4 has an invalid length. [ 523.595826][T16299] bridge_slave_0: left allmulticast mode [ 523.614511][ T5838] Bluetooth: hci0: command tx timeout [ 523.627449][T16299] bridge_slave_0: left promiscuous mode [ 523.634579][T16299] bridge0: port 1(bridge_slave_0) entered disabled state [ 525.843347][T16354] netlink: 'syz.4.2535': attribute type 4 has an invalid length. [ 526.765192][T16369] Process accounting resumed [ 526.804951][T16369] bridge0: port 3(team0) entered blocking state [ 526.829614][T16369] bridge0: port 3(team0) entered disabled state [ 526.859440][T16369] team0: entered allmulticast mode [ 526.881436][T16369] team_slave_0: entered allmulticast mode [ 526.917777][T16369] team_slave_1: entered allmulticast mode [ 526.930628][T16369] team0: entered promiscuous mode [ 526.947248][T16369] team_slave_0: entered promiscuous mode [ 526.958934][T16369] team_slave_1: entered promiscuous mode [ 526.967132][T16369] bridge0: port 3(team0) entered blocking state [ 526.973577][T16369] bridge0: port 3(team0) entered forwarding state [ 527.080145][T16369] Process accounting resumed [ 527.734352][T16388] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2547'. [ 528.809793][T16409] netlink: 'syz.3.2552': attribute type 4 has an invalid length. [ 528.996271][T16416] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2553'. [ 529.027069][T16416] bridge_slave_1: left allmulticast mode [ 529.044917][T16416] bridge_slave_1: left promiscuous mode [ 529.071555][T16416] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.139055][T16416] bridge_slave_0: left allmulticast mode [ 529.145188][T16416] bridge_slave_0: left promiscuous mode [ 529.170231][T16416] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.916343][T16471] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2569'. [ 531.967059][T16471] team0: left allmulticast mode [ 531.996369][T16471] team_slave_0: left allmulticast mode [ 532.012193][T16471] team_slave_1: left allmulticast mode [ 532.038125][T16471] team0: left promiscuous mode [ 532.057992][T16471] team_slave_0: left promiscuous mode [ 532.085637][T16471] team_slave_1: left promiscuous mode [ 532.111990][T16471] bridge0: port 3(team0) entered disabled state [ 532.164447][T16471] bridge_slave_1: left allmulticast mode [ 532.170957][T16471] bridge_slave_1: left promiscuous mode [ 532.208232][T16471] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.271918][T16481] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2572'. [ 532.290397][T16471] bridge_slave_0: left allmulticast mode [ 532.367959][T16471] bridge_slave_0: left promiscuous mode [ 532.373773][T16471] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.509364][T16488] ima: policy update failed [ 533.547981][ T29] audit: type=1802 audit(4294967463.370:18): pid=16488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.2574" res=0 errno=0 [ 534.044094][T16513] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2580'. [ 534.129136][T16515] netlink: 326 bytes leftover after parsing attributes in process `syz.4.2582'. [ 535.021981][T16529] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2585'. [ 535.102013][T16528] tipc: Started in network mode [ 535.106963][T16528] tipc: Node identity ffffffff, cluster identity 4711 [ 535.157594][T16528] tipc: Node number set to 4294967295 [ 535.364735][T16529] bond0: (slave bond_slave_0): Releasing backup interface [ 536.365774][T16543] Process accounting resumed [ 537.883501][T16606] tipc: Started in network mode [ 537.898073][T16606] tipc: Node identity ffffffff, cluster identity 4711 [ 537.904915][T16606] tipc: Node number set to 4294967295 [ 538.003156][T16606] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2599'. [ 538.109930][T16581] cgroup: fork rejected by pids controller in /syz1 [ 538.421863][T16606] bond0: (slave bond_slave_0): Releasing backup interface [ 540.905033][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.055758][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.138347][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.177463][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.197384][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.225085][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.242781][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.252657][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.262772][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 541.273067][T16691] netlink: 338 bytes leftover after parsing attributes in process `syz.4.2611'. [ 544.155562][T16750] can: request_module (can-proto-0) failed. [ 546.666872][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 546.676893][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 546.686667][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 546.698291][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 546.706031][ T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 546.713540][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 547.884057][T16780] chnl_net:caif_netlink_parms(): no params data found [ 548.416539][T16780] bridge0: port 1(bridge_slave_0) entered blocking state [ 548.438483][T16780] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.445827][T16780] bridge_slave_0: entered allmulticast mode [ 548.466233][T16780] bridge_slave_0: entered promiscuous mode [ 548.489211][T16780] bridge0: port 2(bridge_slave_1) entered blocking state [ 548.496877][T16780] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.528783][T16780] bridge_slave_1: entered allmulticast mode [ 548.536289][T16780] bridge_slave_1: entered promiscuous mode [ 548.670138][T16780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.740351][T16780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 548.798260][ T5838] Bluetooth: hci2: command tx timeout [ 548.909638][T16780] team0: Port device team_slave_0 added [ 548.932228][T16780] team0: Port device team_slave_1 added [ 548.989672][T16780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 548.996673][T16780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 549.067651][T16780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 549.106326][T16780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 549.113380][T16780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 549.167199][T16780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 549.309337][T16780] hsr_slave_0: entered promiscuous mode [ 549.325560][T16780] hsr_slave_1: entered promiscuous mode [ 549.381874][T16780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 549.389742][T16780] Cannot create hsr debugfs directory [ 549.741924][T16780] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.949892][T16780] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.160962][T16780] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.446152][T16780] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.867170][T16780] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 550.882418][ T5838] Bluetooth: hci2: command tx timeout [ 550.965320][T16780] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 551.068756][T16780] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 551.137069][T16780] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 551.485972][T16780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 551.555622][T16780] 8021q: adding VLAN 0 to HW filter on device team0 [ 551.589112][ T9398] bridge0: port 1(bridge_slave_0) entered blocking state [ 551.596281][ T9398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 551.668197][ T9398] bridge0: port 2(bridge_slave_1) entered blocking state [ 551.675349][ T9398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 552.404114][T16780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 552.958558][ T5838] Bluetooth: hci2: command tx timeout [ 553.064653][T16780] veth0_vlan: entered promiscuous mode [ 553.109847][T16780] veth1_vlan: entered promiscuous mode [ 553.174418][T16780] veth0_macvtap: entered promiscuous mode [ 553.208346][T16780] veth1_macvtap: entered promiscuous mode [ 553.291981][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.308857][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.319270][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.330183][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.341564][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.388742][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.408164][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.428049][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.448061][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.468259][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.499615][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.539415][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.558799][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.587145][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.616475][T16780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 553.628520][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.639911][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.650322][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.661815][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.672209][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.682925][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.692843][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.703418][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.714369][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.724970][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.734964][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.745494][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.755708][T16780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.766949][T16780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.778434][T16780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 553.881236][T16780] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.896239][T16780] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.905325][T16780] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.914178][T16780] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.170060][ T9388] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 554.194090][ T9388] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 554.249577][ T9055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 554.258836][ T9055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 555.038708][ T5838] Bluetooth: hci2: command tx timeout [ 555.943085][T16893] FAULT_INJECTION: forcing a failure. [ 555.943085][T16893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 555.977571][T16893] CPU: 0 UID: 0 PID: 16893 Comm: syz.4.2656 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 555.988418][T16893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 555.998604][T16893] Call Trace: [ 556.001921][T16893] [ 556.004890][T16893] dump_stack_lvl+0x16c/0x1f0 [ 556.009615][T16893] should_fail_ex+0x497/0x5b0 [ 556.014343][T16893] _copy_from_user+0x2e/0xd0 [ 556.018985][T16893] kstrtouint_from_user+0xd7/0x1c0 [ 556.024140][T16893] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 556.029914][T16893] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 556.035583][T16893] proc_fail_nth_write+0x84/0x250 [ 556.040655][T16893] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 556.046330][T16893] ? ksys_write+0x12b/0x250 [ 556.050890][T16893] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 556.056572][T16893] vfs_write+0x24c/0x1150 [ 556.060954][T16893] ? __fget_files+0x1fc/0x3a0 [ 556.065689][T16893] ? __pfx___mutex_lock+0x10/0x10 [ 556.070769][T16893] ? __pfx_vfs_write+0x10/0x10 [ 556.076031][T16893] ? __fget_files+0x206/0x3a0 [ 556.080770][T16893] ksys_write+0x12b/0x250 [ 556.085141][T16893] ? __pfx_ksys_write+0x10/0x10 [ 556.090045][T16893] do_syscall_64+0xcd/0x250 [ 556.094592][T16893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.100533][T16893] RIP: 0033:0x7f897a3847cf [ 556.105050][T16893] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 556.124707][T16893] RSP: 002b:00007f897b11e030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 556.133188][T16893] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f897a3847cf [ 556.141200][T16893] RDX: 0000000000000001 RSI: 00007f897b11e0a0 RDI: 0000000000000007 [ 556.149206][T16893] RBP: 00007f897b11e090 R08: 0000000000000000 R09: 0000000000000000 [ 556.157224][T16893] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 556.165243][T16893] R13: 0000000000000000 R14: 00007f897a576080 R15: 00007ffcbc1174d8 [ 556.173278][T16893] [ 557.168524][T16909] __nla_validate_parse: 24 callbacks suppressed [ 557.168553][T16909] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2660'. [ 557.259186][T16875] Process accounting paused [ 557.280132][T16910] < [ 563.449169][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.455533][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 574.947295][T17165] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2733'. [ 576.703258][T17185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2739'. [ 577.269590][T17199] FAULT_INJECTION: forcing a failure. [ 577.269590][T17199] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 577.315258][T17199] CPU: 1 UID: 0 PID: 17199 Comm: syz.1.2732 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 577.326107][T17199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 577.336222][T17199] Call Trace: [ 577.339540][T17199] [ 577.342500][T17199] dump_stack_lvl+0x16c/0x1f0 [ 577.347304][T17199] should_fail_ex+0x497/0x5b0 [ 577.352035][T17199] _copy_to_user+0x32/0xd0 [ 577.356508][T17199] simple_read_from_buffer+0xd0/0x160 [ 577.362044][T17199] proc_fail_nth_read+0x198/0x270 [ 577.367135][T17199] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 577.372830][T17199] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 577.378510][T17199] vfs_read+0x1df/0xbe0 [ 577.382708][T17199] ? trace_contention_end+0xee/0x140 [ 577.388031][T17199] ? __pfx___io_uring_register+0x10/0x10 [ 577.393717][T17199] ? __pfx_vfs_read+0x10/0x10 [ 577.398442][T17199] ? __mutex_unlock_slowpath+0x164/0x690 [ 577.404160][T17199] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 577.411086][T17199] ksys_read+0x12b/0x250 [ 577.411125][T17199] ? __pfx_ksys_read+0x10/0x10 [ 577.411162][T17199] do_syscall_64+0xcd/0x250 [ 577.411205][T17199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.411235][T17199] RIP: 0033:0x7f0518f8472c [ 577.411256][T17199] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 577.454955][T17199] RSP: 002b:00007f0519e24030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 577.463420][T17199] RAX: ffffffffffffffda RBX: 00007f0519175fa0 RCX: 00007f0518f8472c [ 577.471515][T17199] RDX: 000000000000000f RSI: 00007f0519e240a0 RDI: 0000000000000003 [ 577.479528][T17199] RBP: 00007f0519e24090 R08: 0000000000000000 R09: 0000000000000000 [ 577.487533][T17199] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 577.495624][T17199] R13: 0000000000000000 R14: 00007f0519175fa0 R15: 00007fffc703f7b8 [ 577.503660][T17199] [ 578.157250][T17209] svc: failed to register nfsdv3 RPC service (errno 111). [ 578.180058][T17209] svc: failed to register nfsaclv3 RPC service (errno 111). [ 583.100972][T17292] bridge0: port 3(batadv0) entered blocking state [ 583.132270][T17292] bridge0: port 3(batadv0) entered disabled state [ 583.254433][T17292] batadv0: entered allmulticast mode [ 583.266308][T17292] batadv0: entered promiscuous mode [ 583.277106][T17292] bridge0: port 3(batadv0) entered blocking state [ 583.283773][T17292] bridge0: port 3(batadv0) entered forwarding state [ 583.508365][T14497] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 583.517673][T14497] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 583.577163][T17305] svc: failed to register nfsdv3 RPC service (errno 111). [ 583.595910][T17305] svc: failed to register nfsaclv3 RPC service (errno 111). [ 583.762401][T17308] ecryptfs_miscdev_write: Invalid packet size [192] [ 585.030497][T17333] netlink: 'syz.0.2769': attribute type 1 has an invalid length. [ 586.452808][T17375] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2778'. [ 586.490504][T17375] veth1_macvtap: left promiscuous mode [ 587.331177][T17388] FAULT_INJECTION: forcing a failure. [ 587.331177][T17388] name failslab, interval 1, probability 0, space 0, times 0 [ 587.344345][T17388] CPU: 0 UID: 0 PID: 17388 Comm: syz.4.2782 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 587.355173][T17388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 587.365269][T17388] Call Trace: [ 587.368569][T17388] [ 587.371525][T17388] dump_stack_lvl+0x16c/0x1f0 [ 587.376251][T17388] should_fail_ex+0x497/0x5b0 [ 587.380973][T17388] ? fs_reclaim_acquire+0xae/0x150 [ 587.386145][T17388] should_failslab+0xc2/0x120 [ 587.390952][T17388] __kmalloc_cache_noprof+0x68/0x420 [ 587.396321][T17388] ? security_capable+0x250/0x260 [ 587.401391][T17388] pagemap_read+0x29c/0x880 [ 587.406027][T17388] ? __pfx_pagemap_read+0x10/0x10 [ 587.411095][T17388] ? __pfx_pagemap_read+0x10/0x10 [ 587.416153][T17388] vfs_read+0x1df/0xbe0 [ 587.420354][T17388] ? __fget_files+0x1fc/0x3a0 [ 587.425070][T17388] ? __pfx___mutex_lock+0x10/0x10 [ 587.430126][T17388] ? __pfx_vfs_read+0x10/0x10 [ 587.434821][T17388] ? __fget_files+0x206/0x3a0 [ 587.439518][T17388] ksys_read+0x12b/0x250 [ 587.443777][T17388] ? __pfx_ksys_read+0x10/0x10 [ 587.448562][T17388] do_syscall_64+0xcd/0x250 [ 587.453088][T17388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 587.458997][T17388] RIP: 0033:0x7f897a385d19 [ 587.463447][T17388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.483070][T17388] RSP: 002b:00007f897b13f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 587.491495][T17388] RAX: ffffffffffffffda RBX: 00007f897a575fa0 RCX: 00007f897a385d19 [ 587.499472][T17388] RDX: 00000000000039b8 RSI: 0000000000000000 RDI: 0000000000000003 [ 587.507449][T17388] RBP: 00007f897b13f090 R08: 0000000000000000 R09: 0000000000000000 [ 587.515427][T17388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 587.523406][T17388] R13: 0000000000000000 R14: 00007f897a575fa0 R15: 00007ffcbc1174d8 [ 587.531403][T17388] [ 588.268836][T17370] Process accounting resumed [ 588.825885][T17405] netlink: 'syz.3.2787': attribute type 2 has an invalid length. [ 594.070691][T17515] FAULT_INJECTION: forcing a failure. [ 594.070691][T17515] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 594.084077][T17515] CPU: 0 UID: 0 PID: 17515 Comm: syz.4.2811 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 594.094978][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 594.105077][T17515] Call Trace: [ 594.108390][T17515] [ 594.111395][T17515] dump_stack_lvl+0x16c/0x1f0 [ 594.116111][T17515] should_fail_ex+0x497/0x5b0 [ 594.120838][T17515] _copy_to_user+0x32/0xd0 [ 594.125293][T17515] pagemap_read+0x536/0x880 [ 594.129819][T17515] ? __pfx_pagemap_read+0x10/0x10 [ 594.134887][T17515] ? __pfx_pagemap_read+0x10/0x10 [ 594.139952][T17515] vfs_read+0x1df/0xbe0 [ 594.144137][T17515] ? __fget_files+0x1fc/0x3a0 [ 594.148831][T17515] ? __pfx___mutex_lock+0x10/0x10 [ 594.153868][T17515] ? __pfx_vfs_read+0x10/0x10 [ 594.158587][T17515] ? __fget_files+0x206/0x3a0 [ 594.163304][T17515] ksys_read+0x12b/0x250 [ 594.167556][T17515] ? __pfx_ksys_read+0x10/0x10 [ 594.172356][T17515] do_syscall_64+0xcd/0x250 [ 594.176883][T17515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.182789][T17515] RIP: 0033:0x7f897a385d19 [ 594.187214][T17515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.206852][T17515] RSP: 002b:00007f897b13f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 594.215284][T17515] RAX: ffffffffffffffda RBX: 00007f897a575fa0 RCX: 00007f897a385d19 [ 594.223266][T17515] RDX: 00000000000039b8 RSI: 0000000000000000 RDI: 0000000000000003 [ 594.231240][T17515] RBP: 00007f897b13f090 R08: 0000000000000000 R09: 0000000000000000 [ 594.239221][T17515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 594.247198][T17515] R13: 0000000000000000 R14: 00007f897a575fa0 R15: 00007ffcbc1174d8 [ 594.255193][T17515] [ 595.796985][T17527] futex_wake_op: syz.4.2816 tries to shift op by 64; fix this program [ 596.287087][T17531] ptrace attach of "./syz-executor exec"[16780] was attempted by "./syz-executor exec ASAN_OPTIONS=handle_segv=0 allow_user_segv_handler=1 detect_leaks=0 GLIBC_TUNABLES=glibc.pthread.rseq=0 ./syz-executor"[17531] [ 596.480997][ T55] Bluetooth: hci1: command 0x0406 tx timeout [ 598.880456][T17572] ima: Unable to open file: / (-2) [ 598.965409][T17571] ima: policy update failed [ 598.999489][ T29] audit: type=1802 audit(4294967528.839:19): pid=17571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2827" res=0 errno=0 [ 599.572454][T17582] HSR: entered promiscuous mode [ 599.673319][T17582] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2830'. [ 600.379497][T17601] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.722522][T17609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2838'. [ 603.238359][T17642] Process accounting resumed [ 607.213023][T17684] ecryptfs_miscdev_write: Invalid packet size [0] [ 608.783197][T17696] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2864'. [ 615.236309][T17783] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2887'. [ 615.268045][T17783] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 615.287236][T17783] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 615.337370][T17783] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 615.368193][T17783] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 616.480679][T17793] netlink: zone id is out of range [ 616.496106][T17793] netlink: zone id is out of range [ 616.506237][T17793] netlink: zone id is out of range [ 616.516370][T17793] netlink: zone id is out of range [ 616.526858][T17793] netlink: zone id is out of range [ 616.538321][T17793] netlink: zone id is out of range [ 616.548251][T17793] netlink: zone id is out of range [ 616.558345][T17793] netlink: zone id is out of range [ 616.569553][T17793] netlink: zone id is out of range [ 616.579665][T17793] netlink: zone id is out of range [ 618.631460][T17832] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2901'. [ 618.676841][T17832] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 618.728578][T17832] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 618.799846][T17832] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 618.807351][T17832] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 620.302543][ T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 620.315209][ T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 620.332161][ T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 620.342089][ T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 620.352109][ T55] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 620.391805][ T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 622.069312][T17855] chnl_net:caif_netlink_parms(): no params data found [ 622.429333][T17855] bridge0: port 1(bridge_slave_0) entered blocking state [ 622.437158][T17855] bridge0: port 1(bridge_slave_0) entered disabled state [ 622.474431][T17855] bridge_slave_0: entered allmulticast mode [ 622.478737][T17890] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2915'. [ 622.489134][T17855] bridge_slave_0: entered promiscuous mode [ 622.519555][T17890] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 622.527094][T17890] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 622.584183][T17890] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 622.599627][T17890] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 622.639178][ T55] Bluetooth: hci4: command tx timeout [ 622.679873][T17890] bridge0: port 3(batadv0) entered disabled state [ 622.827670][T17890] batadv0 (unregistering): left allmulticast mode [ 622.838033][T17890] batadv0 (unregistering): left promiscuous mode [ 622.856814][T17890] bridge0: port 3(batadv0) entered disabled state [ 622.921334][T17855] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.948499][T17855] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.955859][T17855] bridge_slave_1: entered allmulticast mode [ 622.982890][T17855] bridge_slave_1: entered promiscuous mode [ 623.112152][T17855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 623.159592][T17855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 623.726301][T17855] team0: Port device team_slave_0 added [ 623.767205][T17855] team0: Port device team_slave_1 added [ 624.703414][T17855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 624.718115][ T55] Bluetooth: hci4: command tx timeout [ 624.733819][T17855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.812763][T17855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 624.877000][T17855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 624.899624][T17855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.899798][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.932869][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.996491][T17855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 625.952968][T17952] FAULT_INJECTION: forcing a failure. [ 625.952968][T17952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.966568][T17952] CPU: 0 UID: 0 PID: 17952 Comm: syz.0.2931 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 625.977377][T17952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 625.987476][T17952] Call Trace: [ 625.990806][T17952] [ 625.993762][T17952] dump_stack_lvl+0x16c/0x1f0 [ 625.998473][T17952] should_fail_ex+0x497/0x5b0 [ 626.003193][T17952] ? page_copy_sane+0xcd/0x2d0 [ 626.007999][T17952] copy_page_from_iter_atomic+0x5c3/0x1810 [ 626.013873][T17952] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 626.020179][T17952] ? fault_in_readable+0x1a7/0x200 [ 626.025334][T17952] ? __pfx_fault_in_readable+0x10/0x10 [ 626.030839][T17952] ? I_BDEV+0xd/0x20 [ 626.034777][T17952] ? inode_to_bdi+0x9e/0x160 [ 626.039428][T17952] iomap_file_buffered_write+0x633/0xc70 [ 626.045114][T17952] ? __pfx_iomap_file_buffered_write+0x10/0x10 [ 626.051382][T17952] ? find_held_lock+0x2d/0x110 [ 626.056184][T17952] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 626.062236][T17952] ? preempt_count_add+0x76/0x150 [ 626.067309][T17952] ? mnt_put_write_access_file+0xc1/0xf0 [ 626.073328][T17952] blkdev_write_iter+0x574/0xd40 [ 626.078307][T17952] do_iter_readv_writev+0x532/0x7f0 [ 626.083549][T17952] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 626.089305][T17952] ? bpf_lsm_file_permission+0x9/0x10 [ 626.094719][T17952] ? security_file_permission+0x71/0x210 [ 626.100396][T17952] vfs_writev+0x363/0xdd0 [ 626.104763][T17952] ? find_held_lock+0x2d/0x110 [ 626.109568][T17952] ? __pfx_vfs_writev+0x10/0x10 [ 626.114466][T17952] ? find_held_lock+0x2d/0x110 [ 626.119284][T17952] ? __pfx_lock_release+0x10/0x10 [ 626.124360][T17952] ? trace_lock_acquire+0x14e/0x1f0 [ 626.129611][T17952] ? __fget_files+0x206/0x3a0 [ 626.134333][T17952] ? do_writev+0x133/0x340 [ 626.138780][T17952] do_writev+0x133/0x340 [ 626.143053][T17952] ? __pfx_do_writev+0x10/0x10 [ 626.147859][T17952] do_syscall_64+0xcd/0x250 [ 626.152399][T17952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.158329][T17952] RIP: 0033:0x7fef93985d19 [ 626.162764][T17952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 626.182405][T17952] RSP: 002b:00007fef9471f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 626.190866][T17952] RAX: ffffffffffffffda RBX: 00007fef93b75fa0 RCX: 00007fef93985d19 [ 626.198883][T17952] RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000004 [ 626.206891][T17952] RBP: 00007fef9471f090 R08: 0000000000000000 R09: 0000000000000000 [ 626.214906][T17952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 626.222932][T17952] R13: 0000000000000000 R14: 00007fef93b75fa0 R15: 00007ffe59dbd9a8 [ 626.230959][T17952] [ 626.420532][T17855] hsr_slave_0: entered promiscuous mode [ 626.645319][T17855] hsr_slave_1: entered promiscuous mode [ 626.756153][T17855] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 626.779500][T17855] Cannot create hsr debugfs directory [ 626.799440][ T5838] Bluetooth: hci4: command tx timeout [ 626.958062][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 628.878715][ T55] Bluetooth: hci4: command tx timeout [ 629.663769][T17855] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 629.745765][T17855] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 629.939354][T17855] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 630.010185][T18006] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2946'. [ 630.028373][T17855] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 630.080287][T18006] veth1_macvtap: left promiscuous mode [ 630.573333][T17855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 630.702494][T17855] 8021q: adding VLAN 0 to HW filter on device team0 [ 630.747536][T14501] bridge0: port 1(bridge_slave_0) entered blocking state [ 630.754739][T14501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 630.839648][T14500] bridge0: port 2(bridge_slave_1) entered blocking state [ 630.846812][T14500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 630.898753][T18010] Process accounting resumed [ 631.210503][T18035] FAULT_INJECTION: forcing a failure. [ 631.210503][T18035] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 631.223850][T18035] CPU: 1 UID: 0 PID: 18035 Comm: syz.0.2955 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 631.234652][T18035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 631.244745][T18035] Call Trace: [ 631.248050][T18035] [ 631.251010][T18035] dump_stack_lvl+0x16c/0x1f0 [ 631.255716][T18035] should_fail_ex+0x497/0x5b0 [ 631.260438][T18035] ? page_copy_sane+0xcd/0x2d0 [ 631.265232][T18035] copy_page_from_iter_atomic+0x5c3/0x1810 [ 631.271079][T18035] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 631.277341][T18035] ? fault_in_readable+0x1a7/0x200 [ 631.282469][T18035] ? __pfx_fault_in_readable+0x10/0x10 [ 631.287950][T18035] ? I_BDEV+0xd/0x20 [ 631.291879][T18035] ? inode_to_bdi+0x9e/0x160 [ 631.296484][T18035] iomap_file_buffered_write+0x633/0xc70 [ 631.302141][T18035] ? __pfx_iomap_file_buffered_write+0x10/0x10 [ 631.308310][T18035] ? find_held_lock+0x2d/0x110 [ 631.313086][T18035] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 631.319096][T18035] ? preempt_count_add+0x76/0x150 [ 631.324133][T18035] ? mnt_put_write_access_file+0xc1/0xf0 [ 631.329781][T18035] blkdev_write_iter+0x574/0xd40 [ 631.334734][T18035] do_iter_readv_writev+0x532/0x7f0 [ 631.339944][T18035] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 631.345687][T18035] ? bpf_lsm_file_permission+0x9/0x10 [ 631.351082][T18035] ? security_file_permission+0x71/0x210 [ 631.356732][T18035] vfs_writev+0x363/0xdd0 [ 631.361069][T18035] ? find_held_lock+0x2d/0x110 [ 631.365853][T18035] ? __pfx_vfs_writev+0x10/0x10 [ 631.370715][T18035] ? find_held_lock+0x2d/0x110 [ 631.375499][T18035] ? __pfx_lock_release+0x10/0x10 [ 631.380557][T18035] ? trace_lock_acquire+0x14e/0x1f0 [ 631.385784][T18035] ? __fget_files+0x206/0x3a0 [ 631.390481][T18035] ? do_writev+0x133/0x340 [ 631.394910][T18035] do_writev+0x133/0x340 [ 631.399159][T18035] ? __pfx_do_writev+0x10/0x10 [ 631.403938][T18035] do_syscall_64+0xcd/0x250 [ 631.408452][T18035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.414356][T18035] RIP: 0033:0x7fef93985d19 [ 631.418791][T18035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.438415][T18035] RSP: 002b:00007fef9471f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 631.446844][T18035] RAX: ffffffffffffffda RBX: 00007fef93b75fa0 RCX: 00007fef93985d19 [ 631.454821][T18035] RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000004 [ 631.462795][T18035] RBP: 00007fef9471f090 R08: 0000000000000000 R09: 0000000000000000 [ 631.470775][T18035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 631.478760][T18035] R13: 0000000000000000 R14: 00007fef93b75fa0 R15: 00007ffe59dbd9a8 [ 631.486794][T18035] [ 631.758797][T17855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 632.215221][T17855] veth0_vlan: entered promiscuous mode [ 632.243655][T17855] veth1_vlan: entered promiscuous mode [ 632.363396][T17855] veth0_macvtap: entered promiscuous mode [ 632.416203][T17855] veth1_macvtap: entered promiscuous mode [ 632.454406][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.467410][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.487437][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.512892][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.525702][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.548354][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.618194][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.647033][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.682268][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 632.705950][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.796501][T17855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 632.873399][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.905547][T18073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2965'. [ 632.933546][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 632.963723][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 632.976149][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.001893][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 633.016121][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.028367][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 633.039936][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.050315][T17855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 633.061360][T17855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 633.079468][T17855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 633.096949][T18079] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2966'. [ 633.194733][T17855] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.217292][T17855] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.237311][T17855] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.256522][T17855] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 633.479618][T18079] team0: Port device team_slave_0 removed [ 633.798000][T14499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 633.805903][T14499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 633.905012][T14499] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 633.917630][T14499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 634.278503][T18109] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2971'. [ 634.918417][T18124] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2976'. [ 635.291350][T18135] FAULT_INJECTION: forcing a failure. [ 635.291350][T18135] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 635.304569][T18135] CPU: 0 UID: 0 PID: 18135 Comm: syz.4.2980 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 635.315372][T18135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 635.325463][T18135] Call Trace: [ 635.328766][T18135] [ 635.331716][T18135] dump_stack_lvl+0x16c/0x1f0 [ 635.336434][T18135] should_fail_ex+0x497/0x5b0 [ 635.341145][T18135] ? page_copy_sane+0xcd/0x2d0 [ 635.345953][T18135] copy_page_from_iter_atomic+0x5c3/0x1810 [ 635.351820][T18135] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 635.358102][T18135] ? fault_in_readable+0x1a7/0x200 [ 635.363263][T18135] ? __pfx_fault_in_readable+0x10/0x10 [ 635.368772][T18135] ? I_BDEV+0xd/0x20 [ 635.372716][T18135] ? inode_to_bdi+0x9e/0x160 [ 635.377348][T18135] iomap_file_buffered_write+0x633/0xc70 [ 635.383044][T18135] ? __pfx_iomap_file_buffered_write+0x10/0x10 [ 635.389251][T18135] ? find_held_lock+0x2d/0x110 [ 635.394053][T18135] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 635.400098][T18135] ? preempt_count_add+0x76/0x150 [ 635.405170][T18135] ? mnt_put_write_access_file+0xc1/0xf0 [ 635.410817][T18135] blkdev_write_iter+0x574/0xd40 [ 635.415769][T18135] do_iter_readv_writev+0x532/0x7f0 [ 635.420981][T18135] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 635.426714][T18135] ? bpf_lsm_file_permission+0x9/0x10 [ 635.432103][T18135] ? security_file_permission+0x71/0x210 [ 635.437749][T18135] vfs_writev+0x363/0xdd0 [ 635.442087][T18135] ? find_held_lock+0x2d/0x110 [ 635.446867][T18135] ? __pfx_vfs_writev+0x10/0x10 [ 635.451729][T18135] ? find_held_lock+0x2d/0x110 [ 635.456511][T18135] ? __pfx_lock_release+0x10/0x10 [ 635.461553][T18135] ? trace_lock_acquire+0x14e/0x1f0 [ 635.466772][T18135] ? __fget_files+0x206/0x3a0 [ 635.471471][T18135] ? do_writev+0x133/0x340 [ 635.475896][T18135] do_writev+0x133/0x340 [ 635.480145][T18135] ? __pfx_do_writev+0x10/0x10 [ 635.484923][T18135] do_syscall_64+0xcd/0x250 [ 635.489437][T18135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.495343][T18135] RIP: 0033:0x7f897a385d19 [ 635.499765][T18135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.519384][T18135] RSP: 002b:00007f897b13f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 635.527808][T18135] RAX: ffffffffffffffda RBX: 00007f897a575fa0 RCX: 00007f897a385d19 [ 635.535969][T18135] RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000004 [ 635.543945][T18135] RBP: 00007f897b13f090 R08: 0000000000000000 R09: 0000000000000000 [ 635.551923][T18135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 635.559902][T18135] R13: 0000000000000000 R14: 00007f897a575fa0 R15: 00007ffcbc1174d8 [ 635.567902][T18135] [ 635.634939][ T7489] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.956781][ T7489] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.267498][ T7489] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.493025][ T7489] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 637.129325][T18184] FAULT_INJECTION: forcing a failure. [ 637.129325][T18184] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 637.142537][T18184] CPU: 0 UID: 0 PID: 18184 Comm: syz.3.2995 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 637.153337][T18184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 637.163432][T18184] Call Trace: [ 637.166735][T18184] [ 637.169714][T18184] dump_stack_lvl+0x16c/0x1f0 [ 637.174442][T18184] should_fail_ex+0x497/0x5b0 [ 637.179162][T18184] ? page_copy_sane+0xcd/0x2d0 [ 637.183964][T18184] copy_page_from_iter_atomic+0x5c3/0x1810 [ 637.189813][T18184] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 637.196083][T18184] ? fault_in_readable+0x1a7/0x200 [ 637.201222][T18184] ? __pfx_fault_in_readable+0x10/0x10 [ 637.206739][T18184] ? I_BDEV+0xd/0x20 [ 637.210654][T18184] ? inode_to_bdi+0x9e/0x160 [ 637.215268][T18184] iomap_file_buffered_write+0x633/0xc70 [ 637.220929][T18184] ? __pfx_iomap_file_buffered_write+0x10/0x10 [ 637.227097][T18184] ? find_held_lock+0x2d/0x110 [ 637.231875][T18184] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 637.237893][T18184] ? preempt_count_add+0x76/0x150 [ 637.242933][T18184] ? mnt_put_write_access_file+0xc1/0xf0 [ 637.248580][T18184] blkdev_write_iter+0x574/0xd40 [ 637.253532][T18184] do_iter_readv_writev+0x532/0x7f0 [ 637.258741][T18184] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 637.264476][T18184] ? bpf_lsm_file_permission+0x9/0x10 [ 637.269901][T18184] ? security_file_permission+0x71/0x210 [ 637.275549][T18184] vfs_writev+0x363/0xdd0 [ 637.279886][T18184] ? find_held_lock+0x2d/0x110 [ 637.284766][T18184] ? __pfx_vfs_writev+0x10/0x10 [ 637.289622][T18184] ? find_held_lock+0x2d/0x110 [ 637.294494][T18184] ? __pfx_lock_release+0x10/0x10 [ 637.299536][T18184] ? trace_lock_acquire+0x14e/0x1f0 [ 637.304755][T18184] ? __fget_files+0x206/0x3a0 [ 637.309450][T18184] ? do_writev+0x133/0x340 [ 637.313873][T18184] do_writev+0x133/0x340 [ 637.318130][T18184] ? __pfx_do_writev+0x10/0x10 [ 637.322910][T18184] do_syscall_64+0xcd/0x250 [ 637.327428][T18184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 637.333333][T18184] RIP: 0033:0x7f3261585d19 [ 637.337762][T18184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 637.357382][T18184] RSP: 002b:00007f326242f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 637.365916][T18184] RAX: ffffffffffffffda RBX: 00007f3261775fa0 RCX: 00007f3261585d19 [ 637.373902][T18184] RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000004 [ 637.381886][T18184] RBP: 00007f326242f090 R08: 0000000000000000 R09: 0000000000000000 [ 637.389862][T18184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 637.397855][T18184] R13: 0000000000000000 R14: 00007f3261775fa0 R15: 00007ffe68c67878 [ 637.405894][T18184] [ 637.436162][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 639.066729][ T7489] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 639.090057][ T7489] bond0 (unregistering): Released all slaves [ 639.348446][ T7489] tipc: Left network mode [ 639.513341][T18234] netlink: 'syz.0.3002': attribute type 152 has an invalid length. [ 640.257864][ T7489] hsr_slave_0: left promiscuous mode [ 640.301138][ T7489] hsr_slave_1: left promiscuous mode [ 640.331327][ T7489] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 640.353919][ T7489] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 640.387662][ T7489] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 640.408798][ T7489] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 640.488671][ T7489] veth1_macvtap: left promiscuous mode [ 640.511038][ T7489] veth0_macvtap: left promiscuous mode [ 640.547213][ T7489] veth1_vlan: left promiscuous mode [ 640.578004][ T7489] veth0_vlan: left promiscuous mode [ 641.131897][T18282] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3015'. [ 641.908360][ T7489] team0 (unregistering): Port device team_slave_1 removed [ 641.965914][ T7489] team0 (unregistering): Port device team_slave_0 removed [ 642.423483][T18301] FAULT_INJECTION: forcing a failure. [ 642.423483][T18301] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 642.440457][T18301] CPU: 0 UID: 0 PID: 18301 Comm: syz.3.3019 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 642.451281][T18301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 642.462254][T18301] Call Trace: [ 642.465939][T18301] [ 642.468895][T18301] dump_stack_lvl+0x16c/0x1f0 [ 642.473605][T18301] should_fail_ex+0x497/0x5b0 [ 642.478318][T18301] _copy_from_user+0x2e/0xd0 [ 642.482959][T18301] memdup_user+0x71/0xd0 [ 642.487202][T18301] nsim_dev_trap_fa_cookie_write+0xa8/0x240 [ 642.493111][T18301] full_proxy_write+0xfb/0x1b0 [ 642.497893][T18301] ? __pfx_full_proxy_write+0x10/0x10 [ 642.503285][T18301] vfs_write+0x24c/0x1150 [ 642.507616][T18301] ? __fget_files+0x1fc/0x3a0 [ 642.512301][T18301] ? __pfx___mutex_lock+0x10/0x10 [ 642.517366][T18301] ? __pfx_vfs_write+0x10/0x10 [ 642.522137][T18301] ? __fget_files+0x206/0x3a0 [ 642.526839][T18301] ksys_write+0x12b/0x250 [ 642.531186][T18301] ? __pfx_ksys_write+0x10/0x10 [ 642.536073][T18301] do_syscall_64+0xcd/0x250 [ 642.540596][T18301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.546509][T18301] RIP: 0033:0x7f3261585d19 [ 642.550932][T18301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 642.570590][T18301] RSP: 002b:00007f326242f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 642.579046][T18301] RAX: ffffffffffffffda RBX: 00007f3261775fa0 RCX: 00007f3261585d19 [ 642.587034][T18301] RDX: 0000000000000009 RSI: 0000000020000040 RDI: 0000000000000003 [ 642.595028][T18301] RBP: 00007f326242f090 R08: 0000000000000000 R09: 0000000000000000 [ 642.603011][T18301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 642.611005][T18301] R13: 0000000000000000 R14: 00007f3261775fa0 R15: 00007ffe68c67878 [ 642.619027][T18301] [ 644.104248][T18344] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3029'. [ 644.375145][T18349] netlink: 324 bytes leftover after parsing attributes in process `syz.3.3031'. [ 645.731056][T18394] FAULT_INJECTION: forcing a failure. [ 645.731056][T18394] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 645.776843][T18394] CPU: 0 UID: 0 PID: 18394 Comm: syz.0.3039 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 645.787695][T18394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 645.797782][T18394] Call Trace: [ 645.801069][T18394] [ 645.804032][T18394] dump_stack_lvl+0x16c/0x1f0 [ 645.808746][T18394] should_fail_ex+0x497/0x5b0 [ 645.813457][T18394] _copy_to_user+0x32/0xd0 [ 645.817898][T18394] simple_read_from_buffer+0xd0/0x160 [ 645.823304][T18394] proc_fail_nth_read+0x198/0x270 [ 645.828346][T18394] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 645.833913][T18394] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 645.839473][T18394] vfs_read+0x1df/0xbe0 [ 645.843641][T18394] ? __fget_files+0x1fc/0x3a0 [ 645.848335][T18394] ? __pfx___mutex_lock+0x10/0x10 [ 645.853378][T18394] ? __pfx_vfs_read+0x10/0x10 [ 645.858073][T18394] ? __fget_files+0x206/0x3a0 [ 645.862776][T18394] ksys_read+0x12b/0x250 [ 645.867030][T18394] ? __pfx_ksys_read+0x10/0x10 [ 645.871813][T18394] do_syscall_64+0xcd/0x250 [ 645.876333][T18394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 645.882235][T18394] RIP: 0033:0x7fef9398472c [ 645.886652][T18394] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 645.906291][T18394] RSP: 002b:00007fef9471f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 645.914813][T18394] RAX: ffffffffffffffda RBX: 00007fef93b75fa0 RCX: 00007fef9398472c [ 645.922809][T18394] RDX: 000000000000000f RSI: 00007fef9471f0a0 RDI: 0000000000000004 [ 645.930787][T18394] RBP: 00007fef9471f090 R08: 0000000000000000 R09: 0000000000000000 [ 645.938764][T18394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 645.946736][T18394] R13: 0000000000000000 R14: 00007fef93b75fa0 R15: 00007ffe59dbd9a8 [ 645.954727][T18394] [ 647.023029][T18445] FAULT_INJECTION: forcing a failure. [ 647.023029][T18445] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 647.036942][T18445] CPU: 1 UID: 0 PID: 18445 Comm: syz.0.3047 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 647.048197][T18445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 647.058397][T18445] Call Trace: [ 647.061882][T18445] [ 647.064838][T18445] dump_stack_lvl+0x16c/0x1f0 [ 647.069539][T18445] should_fail_ex+0x497/0x5b0 [ 647.074257][T18445] ? page_copy_sane+0xcd/0x2d0 [ 647.079067][T18445] copy_page_from_iter_atomic+0x5c3/0x1810 [ 647.084942][T18445] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 647.091240][T18445] ? fault_in_readable+0x1a7/0x200 [ 647.096391][T18445] ? __pfx_fault_in_readable+0x10/0x10 [ 647.101883][T18445] ? I_BDEV+0xd/0x20 [ 647.105791][T18445] ? inode_to_bdi+0x9e/0x160 [ 647.110476][T18445] iomap_file_buffered_write+0x633/0xc70 [ 647.116123][T18445] ? __pfx_iomap_file_buffered_write+0x10/0x10 [ 647.122309][T18445] ? find_held_lock+0x2d/0x110 [ 647.127111][T18445] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 647.133138][T18445] ? preempt_count_add+0x76/0x150 [ 647.138204][T18445] ? mnt_put_write_access_file+0xc1/0xf0 [ 647.143881][T18445] blkdev_write_iter+0x574/0xd40 [ 647.148851][T18445] do_iter_readv_writev+0x532/0x7f0 [ 647.154077][T18445] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 647.159818][T18445] ? bpf_lsm_file_permission+0x9/0x10 [ 647.165298][T18445] ? security_file_permission+0x71/0x210 [ 647.170947][T18445] vfs_writev+0x363/0xdd0 [ 647.175286][T18445] ? find_held_lock+0x2d/0x110 [ 647.180069][T18445] ? __pfx_vfs_writev+0x10/0x10 [ 647.184927][T18445] ? find_held_lock+0x2d/0x110 [ 647.189729][T18445] ? __pfx_lock_release+0x10/0x10 [ 647.194804][T18445] ? trace_lock_acquire+0x14e/0x1f0 [ 647.200038][T18445] ? __fget_files+0x206/0x3a0 [ 647.204741][T18445] ? do_writev+0x133/0x340 [ 647.209179][T18445] do_writev+0x133/0x340 [ 647.213433][T18445] ? __pfx_do_writev+0x10/0x10 [ 647.218209][T18445] do_syscall_64+0xcd/0x250 [ 647.222730][T18445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 647.228632][T18445] RIP: 0033:0x7fef93985d19 [ 647.233062][T18445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 647.252698][T18445] RSP: 002b:00007fef9471f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 647.261131][T18445] RAX: ffffffffffffffda RBX: 00007fef93b75fa0 RCX: 00007fef93985d19 [ 647.269124][T18445] RDX: 0000000000000002 RSI: 0000000020000080 RDI: 0000000000000004 [ 647.277192][T18445] RBP: 00007fef9471f090 R08: 0000000000000000 R09: 0000000000000000 [ 647.285179][T18445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 647.293160][T18445] R13: 0000000000000000 R14: 00007fef93b75fa0 R15: 00007ffe59dbd9a8 [ 647.301155][T18445] [ 648.632618][T18495] FAULT_INJECTION: forcing a failure. [ 648.632618][T18495] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 648.676449][T18495] CPU: 0 UID: 0 PID: 18495 Comm: syz.3.3058 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 648.687284][T18495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 648.697379][T18495] Call Trace: [ 648.700696][T18495] [ 648.703658][T18495] dump_stack_lvl+0x16c/0x1f0 [ 648.708378][T18495] should_fail_ex+0x497/0x5b0 [ 648.713107][T18495] _copy_to_user+0x32/0xd0 [ 648.717576][T18495] simple_read_from_buffer+0xd0/0x160 [ 648.723004][T18495] proc_fail_nth_read+0x198/0x270 [ 648.728086][T18495] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 648.733706][T18495] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 648.739309][T18495] vfs_read+0x1df/0xbe0 [ 648.743517][T18495] ? __fget_files+0x1fc/0x3a0 [ 648.748242][T18495] ? __pfx___mutex_lock+0x10/0x10 [ 648.753312][T18495] ? __pfx_vfs_read+0x10/0x10 [ 648.758041][T18495] ? __fget_files+0x206/0x3a0 [ 648.762771][T18495] ksys_read+0x12b/0x250 [ 648.767053][T18495] ? __pfx_ksys_read+0x10/0x10 [ 648.771870][T18495] do_syscall_64+0xcd/0x250 [ 648.776419][T18495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.782357][T18495] RIP: 0033:0x7f326158472c [ 648.786819][T18495] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 648.806751][T18495] RSP: 002b:00007f326242f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 648.815215][T18495] RAX: ffffffffffffffda RBX: 00007f3261775fa0 RCX: 00007f326158472c [ 648.823275][T18495] RDX: 000000000000000f RSI: 00007f326242f0a0 RDI: 0000000000000005 [ 648.831291][T18495] RBP: 00007f326242f090 R08: 0000000000000000 R09: 0000000000000000 [ 648.839311][T18495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 648.847323][T18495] R13: 0000000000000000 R14: 00007f3261775fa0 R15: 00007ffe68c67878 [ 648.855353][T18495] [ 649.321190][T18511] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3061'. [ 650.344550][T18545] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3069'. [ 650.482213][ T29] audit: type=1804 audit(4294967580.319:20): pid=18544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3068" name="/file0" dev="rootfs" ino=60587 res=1 errno=0 [ 651.023686][T18568] netlink: 'syz.5.3073': attribute type 19 has an invalid length. [ 651.058931][T18568] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3073'. [ 653.273357][T18606] netlink: 208 bytes leftover after parsing attributes in process `syz.5.3079'. [ 655.450644][T18664] netlink: 'syz.4.3092': attribute type 2 has an invalid length. [ 655.901470][ T7497] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.191391][ T7497] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.396726][ T7497] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.667540][ T7497] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.925694][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 656.943597][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 656.955892][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 657.019798][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 657.029051][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 657.039651][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 657.124184][ T7497] bridge_slave_1: left allmulticast mode [ 657.157931][ T7497] bridge_slave_1: left promiscuous mode [ 657.163741][ T7497] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.277480][ T7497] bridge_slave_0: left allmulticast mode [ 657.290240][ T7497] bridge_slave_0: left promiscuous mode [ 657.316672][ T7497] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.595745][T18681] Invalid ELF header magic: != ELF [ 659.118437][ T5838] Bluetooth: hci3: command tx timeout [ 659.467962][ T7497] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 659.480718][ T7497] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 659.491571][ T7497] bond0 (unregistering): Released all slaves [ 659.838532][T18724] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3105'. [ 660.141547][ T7497] hsr_slave_0: left promiscuous mode [ 660.176200][ T7497] hsr_slave_1: left promiscuous mode [ 660.185403][ T7497] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 660.198936][ T7497] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 660.218752][ T7497] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 660.226245][ T7497] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 660.300840][ T7497] veth1_macvtap: left promiscuous mode [ 660.309909][ T7497] veth0_macvtap: left promiscuous mode [ 660.323191][ T7497] veth1_vlan: left promiscuous mode [ 660.330010][ T7497] veth0_vlan: left promiscuous mode [ 660.416774][T18750] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3109'. [ 660.431636][T18750] ksmbd: Unknown IPC event: 0, ignore. [ 661.217933][ T5838] Bluetooth: hci3: command tx timeout [ 661.996070][T18779] Process accounting paused [ 662.133179][ T7497] team0 (unregistering): Port device team_slave_1 removed [ 662.260463][ T7497] team0 (unregistering): Port device team_slave_0 removed [ 663.259037][T18798] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 663.265192][T18798] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 663.278261][ T5838] Bluetooth: hci3: command tx timeout [ 663.336565][T18798] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 663.358191][T18798] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 663.384937][T18798] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 663.418062][T18798] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 663.459081][T18798] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 663.500484][T18798] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 663.506539][T18798] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 663.530520][T18692] chnl_net:caif_netlink_parms(): no params data found [ 663.551929][T18798] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 663.690043][T18797] warn_alloc: 1 callbacks suppressed [ 663.690063][T18797] syz.4.3121: vmalloc error: size 3411968, failed to allocated page array size 6664, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 663.777638][T18797] CPU: 0 UID: 0 PID: 18797 Comm: syz.4.3121 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 663.788494][T18797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 663.798595][T18797] Call Trace: [ 663.802349][T18797] [ 663.805315][T18797] dump_stack_lvl+0x16c/0x1f0 [ 663.810046][T18797] warn_alloc+0x24d/0x3a0 [ 663.814429][T18797] ? __pfx_warn_alloc+0x10/0x10 [ 663.819339][T18797] ? __get_vm_area_node+0x1b0/0x2f0 [ 663.824574][T18797] ? __get_vm_area_node+0x1dc/0x2f0 [ 663.829826][T18797] __vmalloc_node_range_noprof+0x1105/0x1530 [ 663.835873][T18797] ? ip_set_sockfn_get+0x185/0xc50 [ 663.841053][T18797] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 663.847444][T18797] ? __get_vm_area_node+0x1b0/0x2f0 [ 663.852773][T18797] ? __get_vm_area_node+0x1dc/0x2f0 [ 663.857996][T18797] __vmalloc_node_range_noprof+0xd85/0x1530 [ 663.863910][T18797] ? ip_set_sockfn_get+0x185/0xc50 [ 663.869033][T18797] ? __pfx___lock_acquire+0x10/0x10 [ 663.874311][T18797] ? ip_set_sockfn_get+0x185/0xc50 [ 663.879442][T18797] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 663.885788][T18797] ? apparmor_capable+0x114/0x1d0 [ 663.890829][T18797] ? ip_set_sockfn_get+0x185/0xc50 [ 663.895955][T18797] vmalloc_noprof+0x6b/0x90 [ 663.900472][T18797] ? ip_set_sockfn_get+0x185/0xc50 [ 663.905599][T18797] ip_set_sockfn_get+0x185/0xc50 [ 663.910554][T18797] ? __pfx_lock_release+0x10/0x10 [ 663.915603][T18797] ? __pfx_ip_set_sockfn_get+0x10/0x10 [ 663.921074][T18797] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 663.927086][T18797] nf_getsockopt+0x79/0xe0 [ 663.931538][T18797] ip_getsockopt+0x18e/0x1e0 [ 663.936147][T18797] ? __pfx_ip_getsockopt+0x10/0x10 [ 663.941268][T18797] ? __schedule+0xe60/0x5ad0 [ 663.945871][T18797] ? __pfx___lock_acquire+0x10/0x10 [ 663.951106][T18797] ipv6_getsockopt+0x230/0x280 [ 663.955893][T18797] ? __pfx_ipv6_getsockopt+0x10/0x10 [ 663.961187][T18797] ? __pfx_mark_lock+0x10/0x10 [ 663.965977][T18797] sctp_getsockopt+0x1d2/0x7ae0 [ 663.970843][T18797] ? hlock_class+0x4e/0x130 [ 663.975356][T18797] ? mark_lock+0xb5/0xc60 [ 663.979700][T18797] ? aa_label_sk_perm+0x19d/0x5a0 [ 663.984751][T18797] ? __pfx_sctp_getsockopt+0x10/0x10 [ 663.990051][T18797] ? __lock_acquire+0x15a9/0x3c40 [ 663.995101][T18797] ? __pfx___lock_acquire+0x10/0x10 [ 664.000414][T18797] ? find_held_lock+0x2d/0x110 [ 664.005194][T18797] ? __might_fault+0x13b/0x190 [ 664.009984][T18797] ? __pfx_lock_release+0x10/0x10 [ 664.015026][T18797] ? trace_lock_acquire+0x14e/0x1f0 [ 664.020268][T18797] ? lock_acquire+0x2f/0xb0 [ 664.024794][T18797] ? __might_fault+0xe3/0x190 [ 664.029500][T18797] ? __might_fault+0xe3/0x190 [ 664.034198][T18797] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 664.040115][T18797] ? do_sock_getsockopt+0x3fe/0x870 [ 664.045333][T18797] do_sock_getsockopt+0x3fe/0x870 [ 664.050382][T18797] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 664.055953][T18797] ? lock_acquire+0x2f/0xb0 [ 664.060463][T18797] ? __fget_files+0x40/0x3a0 [ 664.065065][T18797] ? __fget_files+0x206/0x3a0 [ 664.069754][T18797] __sys_getsockopt+0x12f/0x260 [ 664.074624][T18797] __x64_sys_getsockopt+0xbd/0x160 [ 664.079749][T18797] ? do_syscall_64+0x91/0x250 [ 664.084440][T18797] ? lockdep_hardirqs_on+0x7c/0x110 [ 664.089654][T18797] do_syscall_64+0xcd/0x250 [ 664.094205][T18797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.100116][T18797] RIP: 0033:0x7f897a385d19 [ 664.104541][T18797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.124334][T18797] RSP: 002b:00007f897b11e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 664.132848][T18797] RAX: ffffffffffffffda RBX: 00007f897a576080 RCX: 00007f897a385d19 [ 664.140838][T18797] RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000008 [ 664.148825][T18797] RBP: 00007f897a401a20 R08: 0000000020000040 R09: 0000000000000000 [ 664.156806][T18797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.164784][T18797] R13: 0000000000000000 R14: 00007f897a576080 R15: 00007ffcbc1174d8 [ 664.172784][T18797] [ 664.254200][T18797] Mem-Info: [ 664.314305][T18797] active_anon:16028 inactive_anon:7 isolated_anon:0 [ 664.314305][T18797] active_file:1818 inactive_file:53542 isolated_file:0 [ 664.314305][T18797] unevictable:769 dirty:805 writeback:0 [ 664.314305][T18797] slab_reclaimable:11676 slab_unreclaimable:108654 [ 664.314305][T18797] mapped:26657 shmem:1455 pagetables:910 [ 664.314305][T18797] sec_pagetables:0 bounce:0 [ 664.314305][T18797] kernel_misc_reclaimable:0 [ 664.314305][T18797] free:1242924 free_pcp:14991 free_cma:0 [ 664.361555][T18797] Node 0 active_anon:64112kB inactive_anon:28kB active_file:7272kB inactive_file:214032kB unevictable:1540kB isolated(anon):0kB isolated(file):0kB mapped:106628kB dirty:3220kB writeback:0kB shmem:4284kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12996kB pagetables:3640kB sec_pagetables:0kB all_unreclaimable? no [ 664.394230][T18797] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 664.425135][T18797] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 664.453850][T18797] lowmem_reserve[]: 0 2465 2466 0 0 [ 664.460506][T18797] Node 0 DMA32 free:1100884kB boost:76944kB min:111144kB low:119692kB high:128240kB reserved_highatomic:0KB active_anon:63900kB inactive_anon:28kB active_file:7272kB inactive_file:213220kB unevictable:1540kB writepending:3220kB present:3129332kB managed:2551344kB mlocked:0kB bounce:0kB free_pcp:5804kB local_pcp:4544kB free_cma:0kB [ 664.471578][T18692] bridge0: port 1(bridge_slave_0) entered blocking state [ 664.504967][T18692] bridge0: port 1(bridge_slave_0) entered disabled state [ 664.513320][T18692] bridge_slave_0: entered allmulticast mode [ 664.520668][T18692] bridge_slave_0: entered promiscuous mode [ 664.531349][T18797] lowmem_reserve[]: 0 0 0 0 0 [ 664.537347][T18797] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:812kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 664.566012][T18797] lowmem_reserve[]: 0 0 0 0 0 [ 664.573015][T18797] Node 1 Normal free:3855280kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:54284kB local_pcp:32556kB free_cma:0kB [ 664.603011][T18692] bridge0: port 2(bridge_slave_1) entered blocking state [ 664.617253][T18692] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.633266][T18797] lowmem_reserve[]: 0 0 0 0 0 [ 664.650311][T18692] bridge_slave_1: entered allmulticast mode [ 664.653610][T18797] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 664.671243][T18692] bridge_slave_1: entered promiscuous mode [ 664.691753][T18797] Node 0 DMA32: 3498*4kB (UME) 3090*8kB (ME) 2697*16kB (UME) 2184*32kB (UME) 1312*64kB (UME) 669*128kB (UME) 360*256kB (UM) 166*512kB (UME) 164*1024kB (UM) 20*2048kB (UM) 97*4096kB (UM) = 1104712kB [ 664.732141][T18797] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 664.747079][T18797] Node 1 Normal: 4223*4kB (UM) 111*8kB (UME) 25*16kB (UME) 175*32kB (UME) 80*64kB (UME) 44*128kB (UME) 23*256kB (UME) 13*512kB (UM) 11*1024kB (UME) 8*2048kB (UME) 923*4096kB (UM) = 3855332kB [ 664.780482][T18797] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 664.824568][T18797] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 664.838693][T18692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 664.874926][T18797] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 664.896474][T18797] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 664.911466][T18797] 56825 total pagecache pages [ 664.953741][T18797] 7 pages in swap cache [ 664.958765][T18797] Free swap = 124428kB [ 664.963138][T18797] Total swap = 124996kB [ 664.977975][T18797] 2097051 pages RAM [ 664.981849][T18797] 0 pages HighMem/MovableOnly [ 664.996844][T18797] 427365 pages reserved [ 665.006970][T18797] 0 pages cma reserved [ 665.025753][T18692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 665.288133][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 665.315938][T18692] team0: Port device team_slave_0 added [ 665.359404][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 665.393769][T18692] team0: Port device team_slave_1 added [ 665.438138][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 665.466931][T18692] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 665.476972][T18692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 665.521200][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 665.529256][T18692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 665.562530][T18692] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 665.598061][T18692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 665.698033][T18692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 665.857450][T18692] hsr_slave_0: entered promiscuous mode [ 665.871831][T18692] hsr_slave_1: entered promiscuous mode [ 665.912219][T18692] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 665.927911][T18692] Cannot create hsr debugfs directory [ 666.681808][T18692] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 666.842663][T18692] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 666.999629][T18692] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 667.089586][T18692] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 667.368949][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 667.440736][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 667.525200][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 667.566194][T18692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 667.598168][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 667.632066][T18692] 8021q: adding VLAN 0 to HW filter on device team0 [ 667.756146][ T7497] bridge0: port 1(bridge_slave_0) entered blocking state [ 667.763384][ T7497] bridge0: port 1(bridge_slave_0) entered forwarding state [ 667.819705][ T7497] bridge0: port 2(bridge_slave_1) entered blocking state [ 667.826990][ T7497] bridge0: port 2(bridge_slave_1) entered forwarding state [ 668.489928][T18692] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 669.240151][T18692] veth0_vlan: entered promiscuous mode [ 669.260878][T18945] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3139'. [ 669.598323][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 669.678931][T18692] veth1_vlan: entered promiscuous mode [ 669.690227][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 669.787625][T18692] veth0_macvtap: entered promiscuous mode [ 669.831545][T18692] veth1_macvtap: entered promiscuous mode [ 669.876230][T18692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 669.919808][T18692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.943628][T18692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 669.961497][T18692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.979316][T18692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 670.014313][T18692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.040823][T18692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 670.059803][T18692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.105492][T18692] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 670.164917][T18692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.187923][T18692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.217994][T18692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.233172][T18692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.255008][T18692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.275792][T18692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.295120][T18692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 670.315430][T18692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 670.336767][T18692] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 670.358258][T18692] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.367036][T18692] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.375871][T18692] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 670.387147][T18692] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 671.016279][T14499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 671.075300][T14499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 671.323113][T14499] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 671.351084][T14499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 674.382672][T19078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3156'. [ 677.034994][T19184] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3177'. [ 677.077550][T19184] veth0_macvtap: left promiscuous mode [ 678.114277][T19217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3180'. [ 678.189651][T19223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3184'. [ 678.376198][T19223] mac80211_hwsim hwsim31 wlan0: entered allmulticast mode [ 680.775078][T19302] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3198'. [ 680.808247][T19302] ipvlan0: entered allmulticast mode [ 680.813612][T19302] veth0_vlan: entered allmulticast mode [ 681.252429][T19319] netlink: 'syz.4.3199': attribute type 8 has an invalid length. [ 681.290699][T19319] netlink: 'syz.4.3199': attribute type 9 has an invalid length. [ 681.328294][T19319] netlink: 162 bytes leftover after parsing attributes in process `syz.4.3199'. [ 683.100070][T19386] Invalid ELF header magic: != ELF [ 685.830911][T19422] net_ratelimit: 28 callbacks suppressed [ 685.830933][T19422] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 686.346047][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.353151][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.489392][T19441] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3223'. [ 688.245259][T19476] ptrace attach of "./syz-executor exec"[18692] was attempted by "./syz-executor exec ASAN_OPTIONS=handle_segv=0 allow_user_segv_handler=1 detect_leaks=0 GLIBC_TUNABLES=glibc.pthread.rseq=0 ./syz-executor"[19476] [ 691.179307][T19552] netlink: 'syz.3.3253': attribute type 21 has an invalid length. [ 691.203816][T19552] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3253'. [ 694.401804][T19637] svc: failed to register nfsdv3 RPC service (errno 111). [ 694.433799][T19637] svc: failed to register nfsaclv3 RPC service (errno 111). [ 694.677904][T19644] netlink: 'syz.6.3270': attribute type 21 has an invalid length. [ 694.713746][T19644] netlink: 334 bytes leftover after parsing attributes in process `syz.6.3270'. [ 694.871389][T19649] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3271'. [ 694.948863][ T29] audit: type=1326 audit(4294967624.786:21): auid=4294967295 uid=8 gid=0 ses=4294967295 subj=unconfined pid=19648 comm="syz.4.3271" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f897a385d19 code=0x0 [ 699.267636][T19813] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3305'. [ 699.346257][ T29] audit: type=1326 audit(4294967629.186:22): auid=4294967295 uid=8 gid=0 ses=4294967295 subj=unconfined pid=19812 comm="syz.6.3305" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa2ff785d19 code=0x0 [ 700.015407][T19840] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3311'. [ 700.102085][T19840] geneve1: entered allmulticast mode [ 700.615276][T19850] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3313'. [ 700.763838][T19863] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 700.977788][T19871] netlink: 74 bytes leftover after parsing attributes in process `syz.0.3317'. [ 701.627417][T19892] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3321'. [ 701.763108][ T29] audit: type=1326 audit(4294967631.546:23): auid=4294967295 uid=8 gid=0 ses=4294967295 subj=unconfined pid=19891 comm="syz.3.3321" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3261585d19 code=0x0 [ 702.197699][T19901] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3326'. [ 704.019911][ T5838] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 706.906057][T19996] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3350'. [ 708.508292][T20026] HSR: entered promiscuous mode [ 708.610168][T20028] delete_channel: no stack [ 708.619545][T20028] delete_channel: no stack [ 709.217266][T20049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3367'. [ 710.247537][T20075] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3373'. [ 711.739565][T20111] netlink: 'syz.3.3383': attribute type 3 has an invalid length. [ 711.765873][T20111] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3383'. [ 712.044450][T20128] netlink: 326 bytes leftover after parsing attributes in process `syz.0.3385'. [ 712.608704][T20146] netlink: 'syz.4.3391': attribute type 1 has an invalid length. [ 712.660762][T20146] netlink: 'syz.4.3391': attribute type 1 has an invalid length. [ 712.927113][T20154] netlink: 350 bytes leftover after parsing attributes in process `syz.6.3392'. [ 714.485046][T20198] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3401'. [ 714.555489][T20200] netlink: 7 bytes leftover after parsing attributes in process `syz.4.3401'. [ 716.505987][T20234] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3406'. [ 718.429398][T20249] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3411'. [ 718.504336][T20243] netlink: 'syz.6.3408': attribute type 8 has an invalid length. [ 723.003805][T20363] [ 723.006188][T20363] ====================================================== [ 723.013223][T20363] WARNING: possible circular locking dependency detected [ 723.020266][T20363] 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 Not tainted [ 723.027402][T20363] ------------------------------------------------------ [ 723.034439][T20363] syz.4.3439/20363 is trying to acquire lock: [ 723.040514][T20363] ffffffff8fabdf48 (rtnl_mutex){+.+.}-{4:4}, at: do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.049772][T20363] [ 723.049772][T20363] but task is already holding lock: [ 723.057138][T20363] ffff8880339566a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x101/0xc00 [ 723.067518][T20363] [ 723.067518][T20363] which lock already depends on the new lock. [ 723.067518][T20363] [ 723.077916][T20363] [ 723.077916][T20363] the existing dependency chain (in reverse order) is: [ 723.086924][T20363] [ 723.086924][T20363] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 723.095539][T20363] __mutex_lock+0x19b/0xa60 [ 723.100574][T20363] smc_switch_to_fallback+0x2d/0xa00 [ 723.106397][T20363] smc_sendmsg+0x13d/0x520 [ 723.111346][T20363] ____sys_sendmsg+0x9ae/0xb40 [ 723.116642][T20363] ___sys_sendmsg+0x135/0x1e0 [ 723.121852][T20363] __sys_sendmsg+0x16e/0x220 [ 723.126977][T20363] do_syscall_64+0xcd/0x250 [ 723.132010][T20363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.138437][T20363] [ 723.138437][T20363] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 723.146100][T20363] lock_sock_nested+0x3a/0xf0 [ 723.151317][T20363] sockopt_lock_sock+0x54/0x70 [ 723.156612][T20363] do_ip_setsockopt+0x101/0x38c0 [ 723.162072][T20363] ip_setsockopt+0x59/0xf0 [ 723.167008][T20363] tcp_setsockopt+0xa4/0x100 [ 723.172122][T20363] do_sock_setsockopt+0x222/0x480 [ 723.177771][T20363] __sys_setsockopt+0x1a0/0x230 [ 723.183155][T20363] __x64_sys_setsockopt+0xbd/0x160 [ 723.188800][T20363] do_syscall_64+0xcd/0x250 [ 723.193842][T20363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.200270][T20363] [ 723.200270][T20363] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 723.207486][T20363] __lock_acquire+0x249e/0x3c40 [ 723.212879][T20363] lock_acquire.part.0+0x11b/0x380 [ 723.218519][T20363] __mutex_lock+0x19b/0xa60 [ 723.223560][T20363] do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.229291][T20363] ipv6_setsockopt+0xcb/0x170 [ 723.234493][T20363] tcp_setsockopt+0xa4/0x100 [ 723.239613][T20363] smc_setsockopt+0x1b4/0xc00 [ 723.244821][T20363] do_sock_setsockopt+0x222/0x480 [ 723.250384][T20363] __sys_setsockopt+0x1a0/0x230 [ 723.255761][T20363] __x64_sys_setsockopt+0xbd/0x160 [ 723.261402][T20363] do_syscall_64+0xcd/0x250 [ 723.266436][T20363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.272858][T20363] [ 723.272858][T20363] other info that might help us debug this: [ 723.272858][T20363] [ 723.283079][T20363] Chain exists of: [ 723.283079][T20363] rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock [ 723.283079][T20363] [ 723.296644][T20363] Possible unsafe locking scenario: [ 723.296644][T20363] [ 723.304090][T20363] CPU0 CPU1 [ 723.309447][T20363] ---- ---- [ 723.314808][T20363] lock(&smc->clcsock_release_lock); [ 723.320269][T20363] lock(sk_lock-AF_INET); [ 723.327207][T20363] lock(&smc->clcsock_release_lock); [ 723.335102][T20363] lock(rtnl_mutex); [ 723.339084][T20363] [ 723.339084][T20363] *** DEADLOCK *** [ 723.339084][T20363] [ 723.347304][T20363] 1 lock held by syz.4.3439/20363: [ 723.352425][T20363] #0: ffff8880339566a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x101/0xc00 [ 723.362982][T20363] [ 723.362982][T20363] stack backtrace: [ 723.368868][T20363] CPU: 0 UID: 0 PID: 20363 Comm: syz.4.3439 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 723.379632][T20363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 723.389689][T20363] Call Trace: [ 723.392968][T20363] [ 723.395895][T20363] dump_stack_lvl+0x116/0x1f0 [ 723.400580][T20363] print_circular_bug+0x41c/0x610 [ 723.405625][T20363] check_noncircular+0x31a/0x400 [ 723.410573][T20363] ? __pfx_check_noncircular+0x10/0x10 [ 723.416048][T20363] ? lockdep_lock+0xc6/0x200 [ 723.420649][T20363] ? __pfx_lockdep_lock+0x10/0x10 [ 723.425699][T20363] ? __pfx_mark_lock+0x10/0x10 [ 723.430480][T20363] __lock_acquire+0x249e/0x3c40 [ 723.435483][T20363] ? __pfx___lock_acquire+0x10/0x10 [ 723.441149][T20363] ? __lock_acquire+0x15a9/0x3c40 [ 723.446193][T20363] lock_acquire.part.0+0x11b/0x380 [ 723.451308][T20363] ? do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.456694][T20363] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 723.462335][T20363] ? rcu_is_watching+0x12/0xc0 [ 723.467109][T20363] ? trace_lock_acquire+0x14e/0x1f0 [ 723.472315][T20363] ? do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.477694][T20363] ? lock_acquire+0x2f/0xb0 [ 723.482196][T20363] ? do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.487573][T20363] __mutex_lock+0x19b/0xa60 [ 723.492089][T20363] ? do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.497495][T20363] ? __pfx_mark_lock+0x10/0x10 [ 723.502278][T20363] ? do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.507658][T20363] ? __pfx___mutex_lock+0x10/0x10 [ 723.512689][T20363] ? __pfx_register_lock_class+0x10/0x10 [ 723.518327][T20363] ? finish_task_switch.isra.0+0x217/0xcc0 [ 723.524140][T20363] ? __switch_to+0x749/0x1190 [ 723.528830][T20363] ? hlock_class+0x4e/0x130 [ 723.533346][T20363] ? do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.538725][T20363] ? rtnl_lock+0x9/0x20 [ 723.542893][T20363] do_ipv6_setsockopt+0x1f4d/0x4660 [ 723.548108][T20363] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 723.553665][T20363] ? lock_acquire.part.0+0x11b/0x380 [ 723.558962][T20363] ? __mutex_trylock_common+0xea/0x250 [ 723.564424][T20363] ? __pfx___mutex_trylock_common+0x10/0x10 [ 723.570322][T20363] ? smc_setsockopt+0x101/0xc00 [ 723.575184][T20363] ? rcu_is_watching+0x12/0xc0 [ 723.579953][T20363] ? trace_contention_end+0xee/0x140 [ 723.585241][T20363] ? __mutex_lock+0x1cc/0xa60 [ 723.589927][T20363] ? __pfx___futex_wait+0x10/0x10 [ 723.595304][T20363] ? smc_setsockopt+0x101/0xc00 [ 723.600172][T20363] ? __pfx___mutex_lock+0x10/0x10 [ 723.605215][T20363] ? ipv6_setsockopt+0xcb/0x170 [ 723.610071][T20363] ipv6_setsockopt+0xcb/0x170 [ 723.614755][T20363] tcp_setsockopt+0xa4/0x100 [ 723.619358][T20363] smc_setsockopt+0x1b4/0xc00 [ 723.624048][T20363] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 723.629957][T20363] ? __pfx_smc_setsockopt+0x10/0x10 [ 723.635171][T20363] ? __pfx_smc_setsockopt+0x10/0x10 [ 723.640382][T20363] do_sock_setsockopt+0x222/0x480 [ 723.645427][T20363] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 723.650990][T20363] ? lock_acquire+0x2f/0xb0 [ 723.655500][T20363] __sys_setsockopt+0x1a0/0x230 [ 723.660361][T20363] __x64_sys_setsockopt+0xbd/0x160 [ 723.665567][T20363] ? do_syscall_64+0x91/0x250 [ 723.670259][T20363] ? lockdep_hardirqs_on+0x7c/0x110 [ 723.675467][T20363] do_syscall_64+0xcd/0x250 [ 723.679980][T20363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.685884][T20363] RIP: 0033:0x7f897a385d19 [ 723.690301][T20363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 723.710351][T20363] RSP: 002b:00007f897b11e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 723.718769][T20363] RAX: ffffffffffffffda RBX: 00007f897a576080 RCX: 00007f897a385d19 [ 723.726742][T20363] RDX: 000000000000001b RSI: 0000000000000029 RDI: 0400000000000003 [ 723.734806][T20363] RBP: 00007f897a401a20 R08: 000000000000056b R09: 0000000000000000 [ 723.742788][T20363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 723.750764][T20363] R13: 0000000000000000 R14: 00007f897a576080 R15: 00007ffcbc1174d8 [ 723.758753][T20363]