last executing test programs: 18m13.122297727s ago: executing program 32 (id=1992): close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/controlC0\x00', 0x1, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0xf, 0x8000) io_uring_setup$auto(0x4a, 0x0) mount$auto(0x0, 0x0, 0x0, 0x1, 0x0) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x9, 0x1, 0x8, 0x80000000000, 0x9, 0x6, 0x7f, 0x7fffffff, 0x8, 0x401, 0x4, 0x3ae, 0x5, 0xeef9, 0x7f, 0x6]}, 0x0, 0x0) 16m0.964656251s ago: executing program 33 (id=3060): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(0x3, 0x7, 0x2688, 0xe, 0x0, 0x7) 2m14.387324506s ago: executing program 34 (id=6164): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x96b}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x15c0}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4) 2m11.490825871s ago: executing program 35 (id=6192): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000002f40)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) 2m7.397796385s ago: executing program 1 (id=6297): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) fchmod$auto(0x0, 0x9b9a) 2m4.120444879s ago: executing program 1 (id=6322): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0xc3100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/49, 0x31) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/8250/parameters/share_irqs\x00', 0x5c1200, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/rose12/queues/rx-0/rps_cpus\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)='\t', 0x1) 2m3.627941005s ago: executing program 1 (id=6326): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x2000000, 0x20009, 0x4000000000dd, 0xeb1, 0x401, 0x2) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf25"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setpriority$auto(0x4000000001, 0x100000001, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x9, 0x4, 0x4, 0x7, 0xcb2a, 0x9]}, &(0x7f0000000100)={[0xffff, 0x3, 0xfffffffffffff31a, 0x7, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0x7, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000180)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x6, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x4, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200)) r0 = socket(0x15, 0x6, 0x80) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), 0xffffffffffffffff) setregid$auto(0x5, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) process_mrelease$auto(0x4, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="18000000fe6961fb165b97f8a44f4397aa4f91f95745316f0628ea6cff6b0df47a3c0ee221a985409a5d495432d0fdb924dacd62153319e2f7ce20b64455297315952478", @ANYRES16=r1, @ANYBLOB="100029bd7000fedbdf251f00000004000b00"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x7, 0xfffff000) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r2, 0x1002, 0x0, 0x0, 0x0, 0x2) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00T\x00'/40, 0x9) 2m1.937002986s ago: executing program 1 (id=6341): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="8c040000", @ANYBLOB="040026bd7000fcdbdf"], 0x48c}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x59e, 0x0, 0x5, 0xe40}, 0x207}, 0x40, 0xeff) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 2m0.963891363s ago: executing program 1 (id=6351): close_range$auto(0x0, 0xfffffffffffff000, 0x2) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') ioctl$NS_GET_PARENT(r0, 0xb701, 0x0) socket(0x1d, 0x2, 0x7) socket(0x2b, 0x1, 0x1) connect$auto(0x3, 0xfffffffffffffffe, 0x0) 2m0.881403091s ago: executing program 1 (id=6353): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x101200, 0x0) readv$auto(0x3, &(0x7f0000000040)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chroot$auto(&(0x7f0000000080)='}[,&*}\x00') pivot_root$auto(&(0x7f0000000300)='.\x00\xaf\xeb)\xae$\xfc\x00\xf8\x05AC\x9f\xbbR\xec\xc6c\x85\xc8\xa7\xe84sF\xe3U\x94\x99\x8fR\xd0\x98\f\xa5\xb1S\x7f\xc3\xa5\xc0\x97\x10qa\r\x02\xd2\xc8\xd2\x8e\xc7\x80\x11\x06#\xf5\x18|\xdc\x81Ai\xb6\x96iaR\xdbA\x04\x10\x99\xe6\xdb\xae`G\x1d9`T\xd8\xc6\xea\xf7\x96\xb5\xe9\x164e\xb1 S\x8f\x12_\x15y\x91F\xc89\xb1\xd24?\x89.,Z\xba,\"v\xde\xc4\xe0\x84\xca|\"\x96V\xd5P\xe4\xb9\xea\x88\x15\xacs\xc6\x83\xd6\x81\xd7\x11\x88\x9c\xdd\x8a\x0e\xea\x19|\x7f\xe3A8x\xce\xc1!q\xbbi\\\xd8\xa9\xe0\xed\x9e\x19\xc0IC9^\xfcJG\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000280)='.\x00') 1m56.053619862s ago: executing program 7 (id=6384): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2b, 0x1, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r0, 0x2, &(0x7f00000000c0), 0x1) io_uring_register$auto(0x2, 0x2, &(0x7f0000000000), 0x100002) 1m55.954983974s ago: executing program 7 (id=6385): setreuid$auto(0x0, 0xee00) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) r0 = geteuid() setreuid$auto(r0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), 0xffffffffffffffff) setrlimit$auto(0x6, &(0x7f0000000000)={0x1, 0x7}) setuid$auto(r0) 1m55.843646697s ago: executing program 7 (id=6386): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(0x0, 0x0, 0x18) getdents$auto(0x0, 0x0, 0x700) socket(0x2, 0x1, 0x0) ioctl$auto(0x1, 0x8941, 0x8) 1m55.738782794s ago: executing program 7 (id=6387): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0x80842, 0x91) read$auto(r1, 0x0, 0x1) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) ioctl$auto(0x3, 0x4008af03, 0x0) close_range$auto(0x2, 0x8, 0x0) 1m55.635016656s ago: executing program 7 (id=6388): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) rseq$auto(&(0x7f0000000300)={0x0, 0x9, 0x0, 0x4, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x3) shmdt$auto(0x0) madvise$auto(0x0, 0x3, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 1m55.296844566s ago: executing program 7 (id=6389): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0xec, 0x9) 1m55.00351452s ago: executing program 36 (id=6389): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x2, 0x9}, 0x7}, 0xec, 0x9) 1m45.693590445s ago: executing program 37 (id=6353): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x101200, 0x0) readv$auto(0x3, &(0x7f0000000040)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chroot$auto(&(0x7f0000000080)='}[,&*}\x00') pivot_root$auto(&(0x7f0000000300)='.\x00\xaf\xeb)\xae$\xfc\x00\xf8\x05AC\x9f\xbbR\xec\xc6c\x85\xc8\xa7\xe84sF\xe3U\x94\x99\x8fR\xd0\x98\f\xa5\xb1S\x7f\xc3\xa5\xc0\x97\x10qa\r\x02\xd2\xc8\xd2\x8e\xc7\x80\x11\x06#\xf5\x18|\xdc\x81Ai\xb6\x96iaR\xdbA\x04\x10\x99\xe6\xdb\xae`G\x1d9`T\xd8\xc6\xea\xf7\x96\xb5\xe9\x164e\xb1 S\x8f\x12_\x15y\x91F\xc89\xb1\xd24?\x89.,Z\xba,\"v\xde\xc4\xe0\x84\xca|\"\x96V\xd5P\xe4\xb9\xea\x88\x15\xacs\xc6\x83\xd6\x81\xd7\x11\x88\x9c\xdd\x8a\x0e\xea\x19|\x7f\xe3A8x\xce\xc1!q\xbbi\\\xd8\xa9\xe0\xed\x9e\x19\xc0IC9^\xfcJG\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000280)='.\x00') 1m43.424700597s ago: executing program 6 (id=6439): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_MACSEC_CMD_ADD_RXSA(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2cb8}, 0x1, 0x0, 0x0, 0x40}, 0x2404c084) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xa005) sendmmsg$auto(0x3, 0x0, 0x3, 0x8) 1m43.209650633s ago: executing program 6 (id=6442): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0xd, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) open(0x0, 0x22240, 0x154) ioctl$sock_SIOCGIFINDEX(r0, 0x40086602, 0x0) lstat$auto(0x0, 0x0) 1m42.950727999s ago: executing program 6 (id=6444): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'macvtap0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x1400c034) sendto$auto(0xffffffffffffffff, 0x0, 0x401, 0x101, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x3a) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e21, @local}, 0x68) 1m42.809771202s ago: executing program 6 (id=6445): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) r0 = socket(0x2, 0x3, 0xa) connect$auto(r0, &(0x7f00000000c0), 0x55) sendto$auto(r0, 0x0, 0x3, 0x10000, &(0x7f0000000040), 0x0) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x8) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) recvmmsg$auto(0x3, 0x0, 0xff, 0xba, 0x0) 1m42.108877416s ago: executing program 6 (id=6456): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x181000, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) write$auto(r0, 0x0, 0x8) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') rmdir$auto(&(0x7f0000000080)='./file0\x00') 1m41.972758488s ago: executing program 6 (id=6450): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdf3) 1m26.802648226s ago: executing program 38 (id=6450): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdf3) 1m18.943184617s ago: executing program 5 (id=6570): mmap$auto(0x0, 0x20009, 0x4000000000db, 0xebd, 0x3, 0xfffffffffffffffc) io_uring_setup$auto(0x6, 0x0) lsm_set_self_attr$auto(0x1, 0x0, 0x80, 0x0) r0 = openat$auto_proc_gid_map_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/gid_map\x00', 0x200003, 0x0) setsockopt$auto(r0, 0x80, 0x0, &(0x7f00000003c0)='\x00', 0x2bd) socket(0xa, 0x2, 0x3a) close_range$auto(0x2, 0x8, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x5, 0x7, 0x47, 0x32b, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x2, 0x4, 0xb4, 0x9, 0x2, 0xfffe, 0x80, 0x7, 0x0, 0x7, 0x0, 0x200, 0x0, 0xc00000, [0x5, 0x0, 0x0, 0x50100000000000, 0x0, 0xfffffffffffffffc, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1, 0x0, 0xffffffffffffffff, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x400000000005b8, 0x0, 0x0, 0x0, 0x4000000000, 0x6, 0xffffffffffffffff, 0x0, 0x1e, 0xfffffffffffffffc, 0x3, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2, 0x6, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x541641, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) ioprio_set$auto(0x2, 0x0, 0x8) acct$auto(&(0x7f0000000040)='\x00') acct$auto(0x0) getsockopt$auto(r1, 0x10d, 0xc, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x34, 0x0, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_AUTH_DATA={0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x6}, @NL80211_ATTR_MAC_ADDRS={0xd, 0xa6, 0x0, 0x1, [@generic="718ce3bd84b5df0a0c"]}, @NL80211_ATTR_HW_TIMESTAMP_ENABLED={0x4}]}, 0x34}}, 0x4c090) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) clock_gettime$auto(0x0, &(0x7f0000000000)={0x6, 0x10001}) capget$auto(&(0x7f0000000040)={0x5, 0xffffffffffffffff}, &(0x7f0000000080)={0x3, 0x8, 0xc0000}) 1m18.130399097s ago: executing program 5 (id=6573): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pwrite64$auto(0xffffffffffffffff, 0x0, 0x52, 0x3) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x8000, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x0, 0x200007, 0x19) fsconfig$auto(0x3, 0x3, 0xfffffffffffffffd, 0x0, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x0, 0x0) unlinkat$auto(0xffffffffffffff9c, 0x0, 0x0) open(0x0, 0x261c2, 0x84) getrandom$auto(0x0, 0x6000000, 0x3) madvise$auto(0x0, 0x2017, 0x15) 1m15.923506952s ago: executing program 2 (id=6579): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x24, 0x940, 0x1ffde, 0x3, 0x6, 0x8000002, 0x9, 0x5, 0x2, 0x4, 0xb0, 0x7, 0x32, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x243efbdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe6e]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00'], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8000) mprotect$auto(0x8, 0xac, 0xe1e0058000000000) r0 = socket(0x25, 0x2, 0xfffffffc) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/set_event\x00', 0x20001, 0x0) write$auto(r1, &(0x7f0000000040)='nbd\x00', 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0xa, 0x801, 0x106) mmap$auto(0x0, 0x8, 0x2, 0xfffffffffffffffc, 0x5, 0x0) mmap$auto(0x6, 0x40000b, 0x8, 0x9b72, 0x2, 0x8001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x6, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0xd2d2, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r2 = gettid() process_vm_readv$auto(r2, &(0x7f0000000040)={0x0, 0x2}, 0x4, &(0x7f00000000c0)={0x0, 0x100000000000002}, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x4f, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20000000}, 0x50020) stat$auto(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x3, 0x800000004, 0x8000, 0xee00, 0xffffffffffffffff, 0x0, 0x6, 0x4ff, 0x7, 0x800, 0xc, 0xa58, 0x3, 0x2, 0xce, 0x8}) 1m15.784650673s ago: executing program 5 (id=6580): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timerfd_create$auto(0x9, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000001ac0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'macvlan1\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_GATEWAYS(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001c00)={&(0x7f0000000080)={0x1c, r3, 0x1301, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40080}, 0x20008800) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000280)={0x14, r1, 0xf4bb5e4a5272e121, 0x70bf27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x40) semctl$auto(0x1ff, 0x2, 0x13, 0x4) read$auto(0x3, 0x0, 0x80) ioctl$auto(0x3, 0x40085400, 0x5) r5 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000080), 0x20540, 0x0) ioctl$auto(r5, 0x40046103, 0x81) mmap$auto(0x40, 0x497, 0x400, 0x10, 0xb9e1, 0x8) madvise$auto(0xfffffffffffffffc, 0x201, 0x19) madvise$auto(0x0, 0x2003f0, 0x15) 1m15.183691877s ago: executing program 2 (id=6582): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0x400000080000002, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0xc0, &(0x7f0000000000)={{0x0, 0x22, 0x0, 0xa, 0x0, 0x989, 0x1}, 0x3}, 0x9a6, 0xfffffffe) io_uring_setup$auto(0x3ff, 0x0) socket(0xa, 0x3, 0x3a) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) 1m14.627583413s ago: executing program 8 (id=6585): syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x10, 0x2, 0xf) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto(0xc8, 0x400454d9, 0x5c8d) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x7f, 0x8000) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) pselect6$auto(0x4, 0x0, &(0x7f0000000180)={[0x33e59eb6, 0x9, 0x2da0000, 0xff, 0x101, 0x200000001c00000, 0xa1, 0x4, 0xfffffffffffffffe, 0x8, 0x4, 0x9, 0x1, 0x0, 0xe, 0x80000001]}, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) io_uring_setup$auto(0x6, 0x0) clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) 1m14.59712816s ago: executing program 2 (id=6586): mmap$auto(0x2000000, 0x20009, 0x4000000000dd, 0xeb1, 0x401, 0x2) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf25"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setpriority$auto(0x4000000001, 0x100000001, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x9, 0x4, 0x4, 0x7, 0xcb2a, 0x9]}, &(0x7f0000000100)={[0xffff, 0x3, 0xfffffffffffff31a, 0x7, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0x7, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000180)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x6, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x4, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200)) r0 = socket(0x15, 0x6, 0x80) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), 0xffffffffffffffff) setregid$auto(0x5, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) process_mrelease$auto(0x4, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="18000000fe6961fb165b97f8a44f4397aa4f91f95745316f0628ea6cff6b0df47a3c0ee221a985409a5d495432d0fdb924dacd62153319e2f7ce20b64455297315952478", @ANYRES16=r1, @ANYBLOB="100029bd7000fedbdf251f00000004000b00"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x7, 0xfffff000) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r2, 0x1002, 0x0, 0x0, 0x0, 0x2) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00T\x00'/40, 0x9) 1m14.114743848s ago: executing program 5 (id=6588): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x100000000000038, 0x0) fsopen$auto(0x0, 0x1) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x80000001, 0x8) r0 = gettid() process_vm_writev$auto(r0, &(0x7f0000002980)={0x0, 0x7ff}, 0x3, &(0x7f0000002a40)={0x0, 0x100000004007}, 0x4, 0x0) madvise$auto(0x0, 0x2002003f0, 0x15) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x28004) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) fcntl$auto(r2, 0x5, 0x2) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 1m12.951123596s ago: executing program 8 (id=6589): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf25"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setpriority$auto(0x4000000001, 0x100000001, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x9, 0x4, 0x4, 0x7, 0xcb2a, 0x9]}, &(0x7f0000000100)={[0xffff, 0x3, 0xfffffffffffff31a, 0x7, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0x7, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000180)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x6, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x4, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200)) r0 = socket(0x15, 0x6, 0x80) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), 0xffffffffffffffff) setregid$auto(0x5, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) process_mrelease$auto(0x4, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="18000000fe6961fb165b97f8a44f4397aa4f91f95745316f0628ea6cff6b0df47a3c0ee221a985409a5d495432d0fdb924dacd62153319e2f7ce20b64455297315952478", @ANYRES16=r1, @ANYBLOB="100029bd7000fedbdf251f00000004000b00"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x7, 0xfffff000) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r2, 0x1002, 0x0, 0x0, 0x0, 0x2) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00T\x00'/40, 0x9) 1m12.339370532s ago: executing program 2 (id=6591): socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x163340, 0x6a) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x4, @multicast2}, 0x55) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) timer_settime$auto(0x0, 0x8, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) 1m12.338905489s ago: executing program 5 (id=6592): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x6, 0x0) socket(0x29, 0x2, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x400, 0x0, 0xdd0, 0x697b}, 0xed71388}, 0x9a6, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) eventfd$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) 1m12.127479655s ago: executing program 5 (id=6593): mmap$auto(0x0, 0x400008, 0x9, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x141200, 0x0) r0 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x1c, r0, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@HWSIM_ATTR_RADIO_NAME={0x7, 0x11, '..\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioperm$auto(0x7, 0x6, 0x2) unshare$auto(0x20000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r3, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) rt_sigaction$auto(0x3, 0x0, 0x0, 0x8) pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00') r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000002f40)=ANY=[@ANYBLOB="060000e3", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2506000000"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) 1m11.909136163s ago: executing program 2 (id=6594): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6nA6\x1a\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\xcf\x00'/236, 0x4, 0x0) mmap$auto(0x0, 0x1000, 0xe2, 0x9b72, 0x7, 0x28000) getcwd$auto(0x0, 0xffffffffffffffff) mount_setattr$auto(0x5, 0x0, 0x8000, &(0x7f0000000640)={0x0, 0x4, 0x100000}, 0x283) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, 0x0, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) 1m11.088086116s ago: executing program 2 (id=6597): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) timer_create$auto(0xfffffff9, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x55) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x0) r1 = socket(0x23, 0x80805, 0x0) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000180), r1) listen$auto(0x3, 0x81) 1m10.687298769s ago: executing program 8 (id=6599): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/cifs/smbd_max_receive_size\x00', 0x103742, 0x0) write$auto(r0, 0x0, 0x9) pipe2$auto(&(0x7f0000000180)=r0, 0x67) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000140), r1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x300, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) r4 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000100), r3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRESDEC=r4, @ANYRES32=r1, @ANYRESHEX=r2, @ANYRESDEC=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x4c004}, 0xc010) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) 1m8.568538582s ago: executing program 8 (id=6603): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) r0 = open(&(0x7f0000000080)='./file0\x00', 0xeee00, 0x31) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) lseek$auto(r0, 0x7fffffffffffffff, 0x3) keyctl$auto(0x1, 0x5, 0x0, 0x81, 0x6) fcntl$auto(0x0, 0x407, 0x1) truncate$auto(&(0x7f00000000c0)='./file0\x00', 0x0) socket(0x24, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) inotify_init1$auto(0x3000000000000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x0, 0x80000000000) setresgid$auto(0x9, 0x100000001, 0x6) keyctl$auto(0x4, 0xfffffffd, 0x2, 0x0, 0x8) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) 1m7.910479993s ago: executing program 8 (id=6604): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6nA6\x1a\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\xcf\x00'/236, 0x4, 0x0) mmap$auto(0x0, 0x1000, 0xe2, 0x9b72, 0x7, 0x28000) getcwd$auto(0x0, 0xffffffffffffffff) mount_setattr$auto(0x5, 0x0, 0x8000, &(0x7f0000000640)={0x0, 0x4, 0x100000}, 0x283) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfffffdef) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x2c, r2, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0) r3 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_DP_CMD_DEL(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002abd7000fedbdf2502"], 0x38}, 0x1, 0x0, 0x0, 0x20040011}, 0x20000000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fcntl$auto(0xffffffffffffffff, 0x401, 0x5) sendmsg$auto_OVS_METER_CMD_SET(0xffffffffffffffff, 0x0, 0x40) write$auto(0x3, 0x0, 0xfffffdef) unshare$auto(0x40000080) 1m6.798709534s ago: executing program 8 (id=6608): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x401) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) io_uring_setup$auto(0x3bd, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) socket$nl_generic(0x10, 0x3, 0x10) stat$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)={0x4, 0x0, 0x0, 0x5, 0xffffffffffffffff, 0xee00, 0x0, 0xffffffffffffff02, 0x8, 0xfffffffffffffff9, 0x200, 0x101, 0x5, 0x9, 0x7, 0x9c, 0xd}) sendmsg$auto_NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) close_range$auto(0x2, 0x8, 0x0) syz_open_procfs$namespace(0x0, 0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4000008000) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = socket(0x2, 0x1, 0x106) setsockopt$auto(r1, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfdf3) shutdown$auto(0x200000003, 0x2) socket$nl_generic(0x10, 0x3, 0x10) 56.882040997s ago: executing program 39 (id=6593): mmap$auto(0x0, 0x400008, 0x9, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/shm\x00', 0x141200, 0x0) r0 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x1c, r0, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@HWSIM_ATTR_RADIO_NAME={0x7, 0x11, '..\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioperm$auto(0x7, 0x6, 0x2) unshare$auto(0x20000) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r3, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) rt_sigaction$auto(0x3, 0x0, 0x0, 0x8) pivot_root$auto(&(0x7f0000000040)='..\x00', &(0x7f0000000080)='.\x00') r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000002f40)=ANY=[@ANYBLOB="060000e3", @ANYRES16=r4, @ANYBLOB="01002bbd7000fcdbdf2506000000"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) 55.901041837s ago: executing program 40 (id=6597): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) timer_create$auto(0xfffffff9, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x55) sendmsg$auto_OVS_DP_CMD_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x0) r1 = socket(0x23, 0x80805, 0x0) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000180), r1) listen$auto(0x3, 0x81) 51.616052181s ago: executing program 41 (id=6608): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x401) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) io_uring_setup$auto(0x3bd, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa101, 0x0) socket$nl_generic(0x10, 0x3, 0x10) stat$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000200)={0x4, 0x0, 0x0, 0x5, 0xffffffffffffffff, 0xee00, 0x0, 0xffffffffffffff02, 0x8, 0xfffffffffffffff9, 0x200, 0x101, 0x5, 0x9, 0x7, 0x9c, 0xd}) sendmsg$auto_NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) close_range$auto(0x2, 0x8, 0x0) syz_open_procfs$namespace(0x0, 0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x4000008000) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = socket(0x2, 0x1, 0x106) setsockopt$auto(r1, 0x1, 0x21, 0x0, 0x9) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) write$auto(0x3, 0x0, 0xfdf3) shutdown$auto(0x200000003, 0x2) socket$nl_generic(0x10, 0x3, 0x10) 13.8100326s ago: executing program 3 (id=6769): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1c8300, 0x0) ioctl$auto(r0, 0x8004510b, 0x3) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x1e8300, 0x0) ioctl$auto(r1, 0x80045105, 0x3) 13.130083043s ago: executing program 3 (id=6770): close_range$auto(0x2, 0x8, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x11, 0x80003, 0x304) setsockopt$auto(r0, 0x107, 0x5, 0x0, 0x24) 12.181650194s ago: executing program 3 (id=6775): mknod$auto(&(0x7f0000000040)=':,\x00', 0xc9, 0xc8) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/nfsfs/servers\x00', 0x400, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) mount$auto(&(0x7f0000000000)='pimreg\x00', &(0x7f0000000040)='\x00', 0x0, 0x1000, 0x0) mount$auto(&(0x7f0000000000)='pimreg\x00', &(0x7f0000000040)='\x00', 0x0, 0x10dfd057, 0x0) 11.308910844s ago: executing program 3 (id=6777): openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f00000004c0), 0x101202, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/arp\x00', 0x60000, 0x0) select$auto(0xb, &(0x7f0000000100)={[0x7f, 0x31, 0xffffffffffffffff, 0x80000000, 0x7, 0x6, 0x81, 0x67e, 0x8, 0x2, 0x5, 0x10001, 0x334, 0x679, 0xfffffffffffffffe, 0x8]}, 0x0, 0x0, 0x0) 10.460318916s ago: executing program 3 (id=6782): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x1a9382, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x2000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) write$auto(0x3, 0x0, 0xfffffdef) write$auto(r0, 0x0, 0xfffffdef) 10.182403929s ago: executing program 9 (id=6784): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/fib_multipath_hash_policy\x00', 0x2000, 0x0) mprotect$auto(0x1ffff000, 0x8000000001000001, 0xd) r0 = openat$auto_fops_init_pkru_pkeys(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$auto_fops_init_pkru_pkeys(r0, 0x0, 0x2b) 9.972553683s ago: executing program 9 (id=6785): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x0, 0x5, 0x0) r0 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r0, 0x0, 0x0) 9.575581338s ago: executing program 3 (id=6787): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x96b}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x15c0}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4) 9.255033739s ago: executing program 9 (id=6789): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x6, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x6, 0x8000) syslog$auto(0x4, &(0x7f0000000040)='..\x00', 0x7) 8.094614054s ago: executing program 9 (id=6791): mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/set_event_pid\x00', 0xa0201, 0x0) write$auto(0x4, 0x0, 0x100082) 7.32807715s ago: executing program 9 (id=6795): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x64, r1, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x80}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0xfffffffe}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @ipv4={'\x00', '\xff\xff', @remote}}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @remote}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) 7.177408823s ago: executing program 9 (id=6798): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000002f40)={0x14, r1, 0x1, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) 4.045724065s ago: executing program 4 (id=6812): rt_sigaction$auto(0x1, 0x0, &(0x7f0000000340)={0x0, 0x2, 0x0, {0x7}}, 0x8) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) ioperm$auto(0x7, 0x6, 0x2) futex_wait$auto(0x0, 0x0, 0x7f, 0x2, 0x0, 0x1) futex_wake$auto(0x0, 0x8, 0x7, 0x2) 3.874090665s ago: executing program 4 (id=6813): mmap$auto(0x0, 0x9, 0x72, 0x8b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) settimeofday$auto(0x0, 0x0) 2.446852653s ago: executing program 4 (id=6815): mmap$auto(0x0, 0x4020005, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x7fff, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(r0, 0x8, 0x0) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000007480)='/dev/cec12\x00', 0x400, 0x0) ioctl$auto_CEC_RECEIVE(r1, 0xc0386106, 0x0) 1.53749214s ago: executing program 4 (id=6816): r0 = socket(0x10, 0x2, 0x6) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) setresuid$auto(0x0, 0x0, 0xee00) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) 1.416750381s ago: executing program 4 (id=6818): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) setpriority$auto(0x4000000001, 0x100000001, 0x6) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x9, 0x4, 0x4, 0x7, 0xcb2a, 0x9]}, &(0x7f0000000100)={[0xffff, 0x3, 0xfffffffffffff31a, 0x7, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0x7, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000180)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x6, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x4, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200)) r0 = socket(0x15, 0x6, 0x80) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000380), 0xffffffffffffffff) setregid$auto(0x5, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) process_mrelease$auto(0x4, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x18, r1, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x7, 0xfffff000) ppoll$auto(&(0x7f0000000280)={0xffffffffffffffff, 0x6, 0x9}, 0x9, 0x0, &(0x7f0000000300)={0x7ff}, 0x8) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r3, 0x1002, 0x0, 0x0, 0x0, 0x2) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00T\x00'/40, 0x9) fallocate$auto(0x3, 0x0, 0xe, 0x8ec8) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) sendmsg$auto_NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040800}, 0x40850) 1.022794648s ago: executing program 0 (id=6820): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/hotplug/target\x00', 0xc3100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/49, 0x31) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/8250/parameters/share_irqs\x00', 0x5c1200, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/net/rose12/queues/rx-0/rps_cpus\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)='\t', 0x1) 868.848394ms ago: executing program 0 (id=6821): socket(0x10, 0x2, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/bond0/bonding/downdelay\x00', 0x22100, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 700.755878ms ago: executing program 0 (id=6822): mmap$auto(0x6, 0x1, 0x6, 0xff, 0x400, 0x7) mmap$auto(0x80000, 0x2020009, 0x2, 0xebd, 0xfffffffffffffffa, 0x8001) r0 = socket(0xa, 0x1, 0x84) socket(0xa, 0x1, 0x0) listen$auto(0x3, 0x81) close_range$auto(r0, 0x8, 0x0) 573.878868ms ago: executing program 0 (id=6823): close_range$auto(0x0, 0xfffffffffffff000, 0x2) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') ioctl$NS_GET_PARENT(r0, 0xb701, 0x0) socket(0x1d, 0x2, 0x7) socket(0x2b, 0x1, 0x1) connect$auto(0x3, 0xfffffffffffffffe, 0x0) 424.507553ms ago: executing program 0 (id=6824): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) ppoll$auto(&(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x9}, 0x3, 0x0, &(0x7f0000000180), 0x8) close_range$auto(0x2, 0x8, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x19, 0x4, 0x4, 0x9, 0x8, 0xc, 0x66b, 0x4, 0x7ff}, 0x6f4) write$auto(r0, 0x0, 0x0) 192.197801ms ago: executing program 0 (id=6825): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mprotect$auto(0x0, 0x4, 0x6) 0s ago: executing program 4 (id=6826): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x53, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) kernel console output (not intermixed with test programs): z.3.3989'. [ 618.158007][T17126] HfR: left promiscuous mode [ 618.590547][T17144] netlink: 'syz.5.3994': attribute type 2 has an invalid length. [ 619.695665][T17163] netlink: 326 bytes leftover after parsing attributes in process `syz.1.3998'. [ 620.197817][T17180] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4004'. [ 620.306522][T17171] can0: slcan on ptm0. [ 620.429198][T17168] can0 (unregistered): slcan off ptm0. [ 624.581688][T17281] netlink: 'syz.5.4032': attribute type 2 has an invalid length. [ 624.630456][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.638880][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.317331][T17294] openvswitch: HfR: Dropping previously announced user features [ 625.388843][T17294] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4026'. [ 625.512768][T17294] HfR: left promiscuous mode [ 625.896414][T17299] ima: policy update failed [ 625.901765][ T29] audit: type=1802 audit(4294967301.430:14): pid=17299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.4028" res=0 errno=0 [ 628.429428][T17340] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4041'. [ 628.472469][T17337] HfR: entered promiscuous mode [ 628.507209][T17340] HfR: left promiscuous mode [ 630.749286][T17371] ubi0: attaching mtd0 [ 630.754683][T17371] ubi0: scanning is finished [ 630.803446][T17371] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 630.811114][T17339] kexec: Could not allocate control_code_buffer [ 631.130842][T17371] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 632.351534][T17394] ima: policy update failed [ 632.356209][ T29] audit: type=1802 audit(4294967307.880:15): pid=17394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.4057" res=0 errno=0 [ 632.458587][T17390] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4053'. [ 632.686900][T17412] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4060'. [ 633.905756][T17434] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4068'. [ 634.452621][T17451] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4081'. [ 634.514153][T17446] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4072'. [ 635.853911][T17444] Invalid ELF header magic: != ELF [ 635.982600][T17476] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4079'. [ 638.824921][T17538] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4098'. [ 639.054347][T17543] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4099'. [ 639.315317][T17550] syz.1.4102 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 639.943763][T17565] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4108'. [ 639.973443][T17565] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 640.026464][T17567] netlink: 'syz.3.4108': attribute type 46 has an invalid length. [ 640.149076][T17565] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 640.256010][T17571] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4110'. [ 640.553730][T17576] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4112'. [ 640.713918][T17531] Invalid ELF header magic: != ELF [ 643.356874][T17636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4130'. [ 643.711381][T17646] netlink: 'syz.3.4133': attribute type 2 has an invalid length. [ 644.001980][T17652] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4135'. [ 644.036396][T17652] Process accounting resumed [ 644.052492][T17652] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17652 comm: syz.0.4135) [ 644.605227][T17667] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4141'. [ 645.016506][T17657] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17657 comm: syz.0.4137) [ 645.182701][T17678] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4145'. [ 645.275746][T17685] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17685 comm: syz.0.4147) [ 645.532146][T17690] ima: policy update failed [ 645.560489][ T29] audit: type=1802 audit(4294967321.090:16): pid=17690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.4148" res=0 errno=0 [ 645.692022][T17694] Process accounting resumed [ 645.797618][T17707] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4152'. [ 646.053689][T17722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4156'. [ 646.195149][T17724] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4157'. [ 646.431620][T17692] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17692 comm: syz.0.4149) [ 646.808144][T17732] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 646.841673][T17732] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 646.852586][T17732] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 646.861557][T17732] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 646.889790][T17732] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 646.934667][T17743] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17743 comm: syz.0.4161) [ 647.063456][T17749] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4163'. [ 647.161975][T17749] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17749 comm: syz.0.4163) [ 648.160341][T17753] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17753 comm: syz.0.4166) [ 648.411978][T17782] Invalid ELF header magic: != ELF [ 648.857647][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 648.857776][T16025] Bluetooth: hci1: command 0x0406 tx timeout [ 648.865930][ T5831] Bluetooth: hci0: command 0x0406 tx timeout [ 648.939106][T17791] Bluetooth: hci3: command 0x0406 tx timeout [ 649.137454][T17797] netlink: 'syz.3.4176': attribute type 2 has an invalid length. [ 650.086801][T17815] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 650.810386][T17825] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4185'. [ 651.016887][T17791] Bluetooth: hci3: command 0x0406 tx timeout [ 651.257383][T17775] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17775 comm: syz.0.4171) [ 651.356726][ T29] audit: type=1804 audit(4294967326.870:17): pid=17837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4190" name="/newroot/sys/kernel/tracing/free_buffer" dev="tracefs" ino=142 res=1 errno=0 [ 651.454894][T17836] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17836 comm: syz.0.4190) [ 651.878422][T17841] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17841 comm: syz.0.4191) [ 652.156197][T17844] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17844 comm: syz.0.4192) [ 652.652055][T17853] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4195'. [ 653.094153][T17847] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17847 comm: syz.0.4193) [ 653.282215][T17862] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4197'. [ 653.722558][T17860] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17860 comm: syz.0.4198) [ 654.847346][T17878] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17878 comm: syz.0.4203) [ 655.075607][T17906] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 17906 comm: syz.0.4210) [ 655.843076][T17902] Process accounting resumed [ 655.915861][T17923] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4217'. [ 656.123133][T17930] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4219'. [ 657.183771][T17960] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4228'. [ 657.758552][T17970] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4231'. [ 659.612149][T18008] netlink: 'syz.5.4244': attribute type 2 has an invalid length. [ 660.023905][T18014] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4245'. [ 661.689962][T18035] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4252'. [ 662.157655][T18044] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4255'. [ 663.846332][T18090] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4270'. [ 664.441321][T18111] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4277'. [ 664.559276][T18115] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4278'. [ 665.937941][T18148] can0: slcan on pty48. [ 666.248230][T18148] can0 (unregistered): slcan off pty48. [ 666.268496][T18154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4290'. [ 667.311732][T18169] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4295'. [ 669.563853][T18226] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 669.581753][T18226] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 669.936487][T18242] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4315'. [ 670.552633][T18250] ima: policy update failed [ 670.557362][ T29] audit: type=1802 audit(4294967346.090:18): pid=18250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.4317" res=0 errno=0 [ 671.654094][T18276] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4323'. [ 673.563227][T18317] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4336'. [ 673.888188][T18318] ima: policy update failed [ 673.893735][ T29] audit: type=1802 audit(4294967349.420:19): pid=18318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.4337" res=0 errno=0 [ 676.203707][T18343] Process accounting paused [ 676.679106][T18359] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4346'. [ 676.849112][T18360] ima: policy update failed [ 676.853788][ T29] audit: type=1802 audit(4294967352.380:20): pid=18360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.4347" res=0 errno=0 [ 679.807570][T18407] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4358'. [ 680.660017][T18425] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4363'. [ 680.717151][T18425] mac80211_hwsim hwsim3 ›: entered promiscuous mode [ 680.735486][T18425] mac80211_hwsim hwsim3 ›: entered allmulticast mode [ 682.157900][T18443] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4375'. [ 683.448603][T18461] Invalid ELF header magic: != ELF [ 683.968332][T18468] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4376'. [ 686.067172][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.073538][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.193183][T18504] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4386'. [ 686.481923][T18498] Process accounting paused [ 688.380466][T18533] ima: policy update failed [ 688.385154][ T29] audit: type=1802 audit(4294967363.910:21): pid=18533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.4394" res=0 errno=0 [ 689.892529][T18568] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4400'. [ 689.928666][T18567] HfR: entered promiscuous mode [ 689.936791][T18568] HfR: left promiscuous mode [ 691.300793][T18582] ima: policy update failed [ 691.315260][ T29] audit: type=1802 audit(4294967366.830:22): pid=18582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.4404" res=0 errno=0 [ 693.184721][T18616] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4413'. [ 693.476157][T18610] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4412'. [ 697.081342][T18695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4438'. [ 697.157211][T18695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4438'. [ 697.341914][T18699] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4439'. [ 697.558814][T18701] netlink: 'syz.0.4440': attribute type 15 has an invalid length. [ 697.590318][T18701] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4440'. [ 697.657099][T18706] netlink: 'syz.0.4440': attribute type 15 has an invalid length. [ 697.665356][T18706] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4440'. [ 698.725803][T18727] capability: warning: `syz.1.4455' uses 32-bit capabilities (legacy support in use) [ 698.980541][T18731] Invalid ELF header magic: != ELF getty: ttyS0: read error: Resource temporarily unavailable [ 700.670234][T18761] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4454'. [ 701.766415][T18789] Invalid ELF header magic: != ELF [ 703.075236][T18803] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4468'. [ 704.785694][T18851] kfence: disabled [ 704.857918][T18845] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4486'. [ 704.916808][T18852] Invalid ELF header magic: != ELF [ 706.520331][T18879] Process accounting resumed [ 707.656354][T18916] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4499'. [ 707.941963][T18918] kernel read not supported for file /#)-\&[} (pid: 18918 comm: syz.0.4500) [ 707.951215][ T29] audit: type=1800 audit(4294967383.480:23): pid=18918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4500" name="#)-\&[}" dev="mqueue" ino=43911 res=0 errno=0 [ 711.247060][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 711.255373][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 711.263907][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 711.556009][T18997] ima: policy update failed [ 711.573984][ T29] audit: type=1802 audit(4294967387.100:24): pid=18997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.4521" res=0 errno=0 syzkaller syzkaller login: [ 713.452744][T19041] Process accounting resumed [ 713.478132][T19041] bridge0: port 3(team0) entered blocking state [ 713.490852][T19041] bridge0: port 3(team0) entered disabled state [ 713.501031][T19041] team0: entered allmulticast mode [ 713.506193][T19041] team_slave_0: entered allmulticast mode [ 713.518987][T19041] team_slave_1: entered allmulticast mode [ 713.529443][T19044] ima: policy update failed [ 713.532276][T19041] team0: entered promiscuous mode [ 713.537749][ T29] audit: type=1802 audit(4294967389.070:25): pid=19044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.4533" res=0 errno=0 [ 713.541375][T19041] team_slave_0: entered promiscuous mode [ 713.587209][T19041] team_slave_1: entered promiscuous mode [ 713.628163][T19029] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4527'. [ 713.905975][T19056] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4536'. [ 715.291869][T19083] ima: policy update failed [ 715.296550][ T29] audit: type=1802 audit(4294967390.820:26): pid=19083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.4544" res=0 errno=0 [ 715.917340][T19102] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 715.948569][T19102] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 716.830798][T19116] Invalid ELF header magic: != ELF [ 717.899218][T19124] Invalid ELF header magic: != ELF [ 719.429214][T19150] Invalid ELF header magic: != ELF [ 719.748437][T17791] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 722.081914][ T51] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 725.905900][ T29] audit: type=1800 audit(4294967401.430:27): pid=19212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4577" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 733.824739][T19287] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4595'. [ 736.017913][T19329] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4604'. [ 736.107027][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 736.115935][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 736.125750][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 736.135428][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 736.146002][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 736.156091][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 736.164750][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 736.434289][T19340] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4605'. [ 736.724693][T19319] Process accounting paused [ 737.553618][T19357] netlink: 330 bytes leftover after parsing attributes in process `syz.5.4612'. [ 740.462721][T19415] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4625'. [ 741.998341][T19435] Process accounting resumed [ 742.580956][T19448] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4633'. [ 747.485127][T19534] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4653'. [ 747.533688][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.540139][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.600527][T19579] ima: policy update failed [ 750.630311][ T29] audit: type=1802 audit(4294967426.130:28): pid=19579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.4667" res=0 errno=0 [ 753.067973][T19629] netlink: 'syz.3.4681': attribute type 2 has an invalid length. [ 754.673285][T19660] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4688'. [ 754.697423][T19660] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 754.726834][T19660] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 756.528223][ T29] audit: type=1800 audit(4294967432.060:29): pid=19684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.4693" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 756.553792][T19691] netlink: 'syz.3.4694': attribute type 2 has an invalid length. [ 761.525138][T19763] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4713'. [ 761.586144][T19763] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 762.087137][T19769] ubi0: attaching mtd0 [ 762.091267][T19769] ubi0 error: ubi_attach_mtd_dev: bad VID header (150994944) or data offsets (150995008) [ 762.182809][T19769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4716'. [ 764.093845][T19810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4727'. [ 766.855633][T19847] Process accounting resumed [ 769.414192][T19907] openvswitch: netlink: Duplicate key (type 15). [ 772.413883][T19937] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4754'. [ 773.355743][T19950] [U]  [ 778.296172][T20038] sg_write: process 3329 (syz.3.4780) changed security contexts after opening file descriptor, this is not allowed. [ 779.518337][T20060] openvswitch: netlink: Key type 261 is out of range max 32 [ 780.287659][T20048] kexec: Could not allocate control_code_buffer [ 785.581930][T20144] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4804'. [ 787.111706][T20176] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4813'. [ 788.772668][T20215] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4824'. [ 788.810714][T20215] HfR: entered promiscuous mode [ 788.840788][T20215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4824'. [ 789.190619][T20224] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 789.200417][T20224] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 794.793848][T20352] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 794.826741][T20352] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 796.647713][T20384] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4864'. [ 798.865372][T20362] Process accounting paused [ 800.682987][T20447] nbd: must specify at least one socket [ 805.094445][T20547] usb usb15: usbfs: interface 0 claimed by hub while 'syz.5.4902' sets config #0 [ 807.981806][T20597] netlink: 'syz.3.4913': attribute type 2 has an invalid length. [ 808.938790][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.948322][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.976763][T20645] netlink: 'syz.1.4926': attribute type 2 has an invalid length. [ 811.834505][T20665] netlink: 'syz.3.4931': attribute type 2 has an invalid length. [ 812.872712][T20689] nbd: must specify at least one socket [ 813.660040][T20704] netlink: 'syz.0.4941': attribute type 2 has an invalid length. [ 814.586300][T20725] netlink: 'syz.5.4945': attribute type 2 has an invalid length. [ 815.564483][T20749] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4952'. [ 817.136201][T20794] netlink: 'syz.1.4961': attribute type 2 has an invalid length. [ 818.292825][T20840] netlink: 'syz.1.4966': attribute type 2 has an invalid length. [ 820.924547][T20876] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 821.032977][T20876] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 822.056844][T20902] netlink: 'syz.1.4978': attribute type 2 has an invalid length. [ 825.817257][T20987] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 825.892844][T20987] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 831.025756][T21102] netlink: 'syz.5.5018': attribute type 2 has an invalid length. [ 832.933420][T21125] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5024'. [ 833.000118][T21125] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 834.133360][T21144] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5028'. [ 834.215833][T21144] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 834.447908][T21152] netlink: 'syz.3.5030': attribute type 2 has an invalid length. [ 848.403354][T21368] netlink: 'syz.3.5071': attribute type 2 has an invalid length. [ 852.415399][T21427] [U]  [ 852.928093][T21451] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5089'. [ 853.932519][T21457] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5091'. [ 861.497325][T21552] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 861.528893][T21552] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 863.859718][T21606] openvswitch: netlink: Duplicate key (type 15). [ 864.996350][T21615] binder: 21614:21615 ioctl c0105512 1 returned -22 [ 866.412241][T21634] [U]  [ 870.378476][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.384849][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.667988][T21791] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 875.726709][T21791] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 877.877064][T21817] [U]  [ 889.857052][T22010] nbd: must specify at least one socket [ 899.676887][T22095] [U]  [ 900.296979][T22100] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 900.376629][T22100] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 901.906014][T22124] syz.5.5234 (22124) used greatest stack depth: 20336 bytes left [ 916.379838][T22269] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 916.410224][T22269] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 931.819408][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.825752][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 948.140279][T22723] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5357'. [ 948.867013][T22720] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5355'. [ 948.984897][T22720] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 954.196451][T22830] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5378'. [ 954.475716][T22834] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5377'. [ 958.453722][T22824] syz.0.5376: vmalloc error: size 3411968, failed to allocated page array size 6664, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 958.471657][T22824] CPU: 0 UID: 0 PID: 22824 Comm: syz.0.5376 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0 [ 958.482457][T22824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 958.492538][T22824] Call Trace: [ 958.495898][T22824] [ 958.498853][T22824] dump_stack_lvl+0x16c/0x1f0 [ 958.503665][T22824] warn_alloc+0x24d/0x3a0 [ 958.508078][T22824] ? __pfx_warn_alloc+0x10/0x10 [ 958.512988][T22824] ? __get_vm_area_node+0x1b0/0x2f0 [ 958.518226][T22824] ? __get_vm_area_node+0x1dc/0x2f0 [ 958.523469][T22824] __vmalloc_node_range_noprof+0x1105/0x1530 [ 958.529499][T22824] ? ip_set_sockfn_get+0x185/0xc50 [ 958.534741][T22824] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 958.541109][T22824] ? __get_vm_area_node+0x1b0/0x2f0 [ 958.546338][T22824] ? __get_vm_area_node+0x1dc/0x2f0 [ 958.551579][T22824] __vmalloc_node_range_noprof+0xd85/0x1530 [ 958.557511][T22824] ? ip_set_sockfn_get+0x185/0xc50 [ 958.562670][T22824] ? __pfx___lock_acquire+0x10/0x10 [ 958.567969][T22824] ? ip_set_sockfn_get+0x185/0xc50 [ 958.573122][T22824] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 958.579493][T22824] ? apparmor_capable+0x114/0x1d0 [ 958.584687][T22824] ? ip_set_sockfn_get+0x185/0xc50 [ 958.589831][T22824] vmalloc_noprof+0x6b/0x90 [ 958.594375][T22824] ? ip_set_sockfn_get+0x185/0xc50 [ 958.599525][T22824] ip_set_sockfn_get+0x185/0xc50 [ 958.604538][T22824] ? __pfx_lock_release+0x10/0x10 [ 958.609607][T22824] ? __pfx_ip_set_sockfn_get+0x10/0x10 [ 958.615104][T22824] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 958.621237][T22824] nf_getsockopt+0x79/0xe0 [ 958.625708][T22824] ip_getsockopt+0x18e/0x1e0 [ 958.630402][T22824] ? __pfx_ip_getsockopt+0x10/0x10 [ 958.635546][T22824] ? __schedule+0xe60/0x5ad0 [ 958.640238][T22824] ? __pfx___lock_acquire+0x10/0x10 [ 958.645487][T22824] ipv6_getsockopt+0x230/0x280 [ 958.650369][T22824] ? __pfx_ipv6_getsockopt+0x10/0x10 [ 958.655692][T22824] ? __pfx_mark_lock+0x10/0x10 [ 958.660506][T22824] sctp_getsockopt+0x1d2/0x7ae0 [ 958.665487][T22824] ? hlock_class+0x4e/0x130 [ 958.670041][T22824] ? mark_lock+0xb5/0xc60 [ 958.674410][T22824] ? aa_label_sk_perm+0x19d/0x5a0 [ 958.679522][T22824] ? __pfx_sctp_getsockopt+0x10/0x10 [ 958.684844][T22824] ? __lock_acquire+0x15a9/0x3c40 [ 958.689937][T22824] ? __pfx___lock_acquire+0x10/0x10 [ 958.695198][T22824] ? find_held_lock+0x2d/0x110 [ 958.700006][T22824] ? __might_fault+0x13b/0x190 [ 958.704830][T22824] ? __pfx_lock_release+0x10/0x10 [ 958.709900][T22824] ? trace_lock_acquire+0x14e/0x1f0 [ 958.715148][T22824] ? lock_acquire+0x2f/0xb0 [ 958.719691][T22824] ? __might_fault+0xe3/0x190 [ 958.724411][T22824] ? __might_fault+0xe3/0x190 [ 958.729137][T22824] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 958.735145][T22824] ? do_sock_getsockopt+0x3fe/0x870 [ 958.740410][T22824] do_sock_getsockopt+0x3fe/0x870 [ 958.745467][T22824] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 958.751047][T22824] ? lock_acquire+0x2f/0xb0 [ 958.755582][T22824] ? __fget_files+0x40/0x3a0 [ 958.760241][T22824] ? __fget_files+0x206/0x3a0 [ 958.764961][T22824] __sys_getsockopt+0x12f/0x260 [ 958.769864][T22824] __x64_sys_getsockopt+0xbd/0x160 [ 958.775098][T22824] ? do_syscall_64+0x91/0x250 [ 958.779874][T22824] ? lockdep_hardirqs_on+0x7c/0x110 [ 958.785108][T22824] do_syscall_64+0xcd/0x250 [ 958.789770][T22824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 958.795781][T22824] RIP: 0033:0x7fc645385d29 [ 958.800223][T22824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 958.819865][T22824] RSP: 002b:00007fc646106038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 958.828376][T22824] RAX: ffffffffffffffda RBX: 00007fc645575fa0 RCX: 00007fc645385d29 [ 958.836372][T22824] RDX: 0000000000000053 RSI: 0000000000000000 RDI: 0000000000000007 [ 958.844370][T22824] RBP: 00007fc645401a20 R08: 0000000020000040 R09: 0000000000000000 [ 958.852368][T22824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 958.860367][T22824] R13: 0000000000000000 R14: 00007fc645575fa0 R15: 00007ffde2fa8358 [ 958.868384][T22824] [ 958.882511][T22824] Mem-Info: [ 958.885662][T22824] active_anon:83505 inactive_anon:11 isolated_anon:15 [ 958.885662][T22824] active_file:8101 inactive_file:49901 isolated_file:0 [ 958.885662][T22824] unevictable:1793 dirty:362 writeback:0 [ 958.885662][T22824] slab_reclaimable:11471 slab_unreclaimable:98887 [ 958.885662][T22824] mapped:65306 shmem:61699 pagetables:1040 [ 958.885662][T22824] sec_pagetables:0 bounce:0 [ 958.885662][T22824] kernel_misc_reclaimable:0 [ 958.885662][T22824] free:1186924 free_pcp:13376 free_cma:0 [ 959.110052][T22824] Node 0 active_anon:328280kB inactive_anon:44kB active_file:32404kB inactive_file:199608kB unevictable:5636kB isolated(anon):60kB isolated(file):0kB mapped:267648kB dirty:956kB writeback:0kB shmem:239640kB shmem_thp:2048kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10832kB pagetables:4280kB sec_pagetables:0kB all_unreclaimable? no [ 959.206636][T22824] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 959.276591][T22824] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 959.371878][T22824] lowmem_reserve[]: 0 2465 2466 0 0 [ 959.392112][T22824] Node 0 DMA32 free:863516kB boost:76944kB min:111144kB low:119692kB high:128240kB reserved_highatomic:0KB active_anon:319700kB inactive_anon:44kB active_file:32340kB inactive_file:198844kB unevictable:5636kB writepending:1060kB present:3129332kB managed:2551336kB mlocked:0kB bounce:0kB free_pcp:25548kB local_pcp:24308kB free_cma:0kB [ 959.536615][T22824] lowmem_reserve[]: 0 0 0 0 0 [ 959.541419][T22824] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:828kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 959.646631][T22824] lowmem_reserve[]: 0 0 0 0 0 [ 959.686815][T22824] Node 1 Normal free:3867768kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:14336KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:42324kB local_pcp:21076kB free_cma:0kB [ 959.800112][T22824] lowmem_reserve[]: 0 0 0 0 0 [ 959.854493][T22824] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB [ 959.897387][T22824] Node 0 DMA32: 1168*4kB (ME) 2974*8kB (ME) 1629*16kB (ME) 855*32kB (UME) 344*64kB (UME) 119*128kB (ME) 50*256kB (ME) 32*512kB (ME) 9*1024kB (UM) 42*2048kB (UME) 155*4096kB (UM) = 878432kB [ 959.995067][T22824] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 960.076545][T22824] Node 1 Normal: 242*4kB (UM) 82*8kB (UME) 34*16kB (UM) 200*32kB (UM) 106*64kB (UM) 37*128kB (UM) 24*256kB (UME) 17*512kB (UME) 11*1024kB (UME) 12*2048kB (UMEH) 927*4096kB (UMH) = 3867768kB [ 960.167492][T22824] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 960.203999][T22824] Node 0 hugepages_total=4 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 960.256553][T22824] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 960.311114][T22824] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 960.370928][T22824] 112562 total pagecache pages [ 960.375724][T22824] 1959 pages in swap cache [ 960.391228][T22824] Free swap = 107968kB [ 960.395413][T22824] Total swap = 124996kB [ 960.436374][T22824] 2097051 pages RAM [ 960.461109][T22824] 0 pages HighMem/MovableOnly [ 960.486624][T22824] 427367 pages reserved [ 960.490804][T22824] 0 pages cma reserved [ 967.456266][T23040] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5414'. [ 969.677149][T23077] [U]  [ 969.912531][T23083] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 969.936708][T23083] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 969.953198][T23083] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 969.966732][T23083] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 969.987204][T23084] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5423'. [ 969.996209][T23084] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 970.016934][T23084] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 971.976865][ T5141] Bluetooth: hci3: command 0x0406 tx timeout [ 971.982938][ T5141] Bluetooth: hci2: command 0x0406 tx timeout [ 971.990307][ T5141] Bluetooth: hci1: command 0x0406 tx timeout [ 971.996351][ T5141] Bluetooth: hci0: command 0x0406 tx timeout [ 972.865654][T23121] [U]  [ 990.001536][T23363] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5472'. [ 992.207445][T23385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5487'. [ 992.261223][T23385] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5487'. [ 993.258414][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.264848][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 996.030180][T23451] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5491'. [ 1001.813435][T23517] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1001.908697][T23517] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1003.416713][T23542] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5506'. [ 1008.612911][T23601] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5518'. [ 1008.656605][T23601] hsr_slave_0: entered promiscuous mode [ 1008.673802][T23601] hsr_slave_0: entered allmulticast mode [ 1009.754512][T23608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5519'. [ 1014.877281][T23651] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5526'. [ 1014.922414][T23651] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 1015.535586][T23691] erspan0: entered allmulticast mode [ 1016.065764][T23694] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5533'. [ 1019.994383][T23751] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1020.026531][T23751] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1030.266611][T23867] erspan0: entered allmulticast mode [ 1032.933479][T23886] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5569'. [ 1033.465054][T23896] RDS: rds_bind could not find a transport for ::ffff:172.20.20.55, load rds_tcp or rds_rdma? [ 1038.383787][T23925] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5584'. [ 1049.236821][T23961] syz.1.5583 (23961) used greatest stack depth: 19648 bytes left [ 1051.556807][T23994] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5592'. [ 1052.153159][T24009] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5594'. [ 1052.187639][T24009] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1054.699904][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.706301][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.101707][T24027] Invalid ELF header magic: != ELF [ 1056.986202][T24084] netlink: 338 bytes leftover after parsing attributes in process `syz.3.5611'. [ 1057.007974][T24084] netlink: 338 bytes leftover after parsing attributes in process `syz.3.5611'. [ 1062.596255][T24135] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5621'. [ 1063.324921][T24135] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode [ 1064.021216][T24164] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5626'. [ 1064.336904][T24171] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[24171] [ 1068.566427][T24206] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5635'. [ 1068.623066][T24206] mac80211_hwsim hwsim4 wlan1: entered allmulticast mode [ 1072.208401][T24251] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5644'. [ 1076.537244][T24280] Invalid ELF header magic: != ELF [ 1078.382679][T24317] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5655'. [ 1078.487452][T24317] bridge0: port 1(bridge_slave_0) entered disabled state [ 1079.127741][T24317] bridge_slave_0 (unregistering): left allmulticast mode [ 1079.134970][T24317] bridge_slave_0 (unregistering): left promiscuous mode [ 1079.164863][T24317] bridge0: port 1(bridge_slave_0) entered disabled state [ 1080.826799][T23795] syz.1.5549 (23795) used greatest stack depth: 18768 bytes left [ 1081.400372][T23857] syz.1.5563 (23857) used greatest stack depth: 17680 bytes left [ 1081.548353][T24345] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5661'. [ 1085.309995][T24373] Invalid ELF header magic: != ELF [ 1085.898178][T24374] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5665'. [ 1086.229646][T24374] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 1089.199053][T24433] HfR: entered promiscuous mode [ 1089.231301][T24433] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5676'. [ 1094.702770][ T29] audit: type=1107 audit(2143.990:30): pid=24489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1097.370410][T24526] HfR: entered promiscuous mode [ 1097.395942][T24533] kernel read not supported for file /#)-\&[} (pid: 24533 comm: syz.5.5697) [ 1097.397148][ T29] audit: type=1804 audit(2146.680:31): pid=24533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.5697" name="#)-\&[}" dev="mqueue" ino=77833 res=1 errno=0 [ 1097.520517][ T29] audit: type=1804 audit(2146.810:32): pid=24535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.5697" name="#)-\&[}" dev="mqueue" ino=77833 res=1 errno=0 [ 1097.585245][ T29] audit: type=1804 audit(2146.810:33): pid=24535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.5697" name="#)-\&[}" dev="mqueue" ino=77833 res=1 errno=0 [ 1097.650009][ T29] audit: type=1800 audit(2146.820:34): pid=24533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.5697" name="#)-\&[}" dev="mqueue" ino=77833 res=0 errno=0 [ 1105.386704][T24606] kernel read not supported for file /#)-\&[} (pid: 24606 comm: syz.1.5712) [ 1105.820210][T24609] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5713'. [ 1105.886661][ T29] audit: type=1800 audit(2155.130:35): pid=24606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5712" name="#)-\&[}" dev="mqueue" ino=77985 res=0 errno=0 [ 1106.165763][T24614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5714'. [ 1107.392522][T24620] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5716'. [ 1109.432652][ T29] audit: type=1107 audit(2158.720:36): pid=24662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1111.186570][T24689] kernel read not supported for file /#)-\&[} (pid: 24689 comm: syz.3.5727) [ 1111.186621][ T29] audit: type=1804 audit(2160.480:37): pid=24689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.5727" name="#)-\&[}" dev="mqueue" ino=77394 res=1 errno=0 [ 1111.242064][ T29] audit: type=1800 audit(2160.480:38): pid=24689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5727" name="#)-\&[}" dev="mqueue" ino=77394 res=0 errno=0 [ 1111.321891][ T29] audit: type=1804 audit(2160.530:39): pid=24689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.5727" name="#)-\&[}" dev="mqueue" ino=77394 res=1 errno=0 [ 1111.444878][ T29] audit: type=1804 audit(2160.530:40): pid=24689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.5727" name="#)-\&[}" dev="mqueue" ino=77394 res=1 errno=0 [ 1112.667864][T23107] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 1113.249510][T24724] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5735'. [ 1113.355512][T24724] netlink: 'syz.5.5735': attribute type 46 has an invalid length. [ 1116.139726][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.146070][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 1122.109680][T24830] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5756'. [ 1132.002827][T24928] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5775'. [ 1134.852293][T24971] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5783'. [ 1135.079222][T24971] team0: Port device team_slave_1 removed [ 1136.052440][T24997] Invalid ELF header magic: != ELF [ 1137.008864][T25012] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 1137.406069][T24998] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5788'. [ 1137.497391][T24998] geneve1: entered allmulticast mode [ 1149.385032][T25132] kexec: Could not allocate control_code_buffer [ 1151.697522][T25192] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5827'. [ 1152.187793][T25203] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5829'. [ 1152.208181][T25203] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5829'. [ 1155.585776][T25258] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5842'. [ 1157.328577][T25292] tipc: Started in network mode [ 1157.334141][T25292] tipc: Node identity ee00, cluster identity 4711 [ 1157.348265][T25292] tipc: Node number set to 60928 [ 1160.256721][T25343] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5858'. [ 1160.471508][T25337] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5856'. [ 1163.965800][T25400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5869'. [ 1163.985143][T25400] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1164.015820][T25400] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1164.108608][T25400] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1164.144749][T25400] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1165.037648][T25416] erspan0: entered allmulticast mode [ 1166.307132][T25412] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5872'. [ 1168.257322][T25451] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5881'. [ 1173.262641][T25509] Process accounting resumed [ 1173.282120][T25509] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5891'. [ 1174.437015][T25520] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1174.496547][T25520] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1175.298794][T25539] Invalid ELF header magic: != ELF [ 1176.347969][T25559] netlink: 'syz.1.5898': attribute type 1 has an invalid length. [ 1177.579936][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.586277][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.189183][T25572] ptrace attach of "./syz-executor exec"[5824] was attempted by ""[25572] [ 1178.457528][T25592] kernel read not supported for file /#)-\&[} (pid: 25592 comm: syz.3.5904) [ 1178.536916][ T29] audit: type=1800 audit(2227.820:41): pid=25592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5904" name="#)-\&[}" dev="mqueue" ino=77394 res=0 errno=0 [ 1184.249286][T25659] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5920'. [ 1190.282707][T25738] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5935'. [ 1190.869015][T25752] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5937'. [ 1191.356691][T25752] hsr_slave_1 (unregistering): left promiscuous mode [ 1195.964359][T25813] netlink: 'syz.1.5948': attribute type 1 has an invalid length. [ 1195.987082][T25815] Process accounting resumed [ 1196.006179][T25813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5948'. [ 1196.025583][T25815] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5949'. [ 1196.035661][T25815] mac80211_hwsim hwsim16 ›: entered promiscuous mode [ 1196.063739][T25815] mac80211_hwsim hwsim16 ›: entered allmulticast mode [ 1196.826377][T25829] tipc: Started in network mode [ 1196.834361][T25829] tipc: Node identity ee00, cluster identity 4711 [ 1196.847664][T25829] tipc: Node number set to 60928 [ 1199.347305][T25890] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5965'. [ 1199.523009][T25888] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5966'. [ 1200.957301][T25917] nbd: socks must be embedded in a SOCK_ITEM attr [ 1200.980986][T25917] block nbd2: shutting down sockets [ 1204.657443][T25939] kexec: Could not allocate control_code_buffer [ 1205.630712][T25961] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5978'. [ 1208.179438][T25990] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5984'. [ 1208.525299][T25990] team0: Port device team_slave_0 removed [ 1211.333786][T26030] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5994'. [ 1211.367811][T26030] veth1_macvtap: left promiscuous mode [ 1211.401840][T26030] macsec0: entered promiscuous mode [ 1211.589029][T26041] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5997'. [ 1211.624177][T26041] bridge0: port 3(team0) entered disabled state [ 1213.465015][T26070] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6002'. [ 1218.507489][T26114] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6012'. [ 1221.368896][T26183] Process accounting resumed [ 1221.387021][T26183] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6025'. [ 1226.822351][T26213] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6033'. [ 1227.580663][T26246] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6042'. [ 1227.790576][T26241] Process accounting resumed [ 1229.990908][T26280] Process accounting resumed [ 1230.029171][T26280] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6054'. [ 1234.627604][T26353] Process accounting resumed [ 1234.635002][T26353] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6079'. [ 1238.229072][T26401] Process accounting resumed [ 1238.249426][T26401] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6092'. [ 1239.024121][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.035037][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 1245.120108][T26551] Process accounting resumed [ 1245.170042][T26551] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6144'. [ 1245.405269][T26555] svc: failed to register nfsdv3 RPC service (errno 101). [ 1245.440215][T26555] svc: failed to register nfsaclv3 RPC service (errno 101). [ 1246.758502][T26600] Process accounting resumed [ 1247.042624][T26612] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 1247.631926][T26628] Process accounting resumed [ 1249.141029][T26667] Process accounting resumed [ 1249.151212][T26667] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6186'. [ 1250.893624][T26707] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6199'. [ 1257.934891][T26815] Process accounting resumed [ 1257.944646][T26815] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6236'. [ 1259.786136][T26866] Process accounting resumed [ 1259.793824][T26866] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6256'. [ 1259.963059][T26872] Process accounting resumed [ 1259.995132][T26872] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6258'. [ 1260.076009][T26874] netlink: 350 bytes leftover after parsing attributes in process `syz.5.6259'. [ 1262.444591][T26906] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1262.456048][T26906] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1262.463980][T26906] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1262.472882][T26906] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1262.483095][T26906] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1262.490631][T26906] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1262.838024][T26905] chnl_net:caif_netlink_parms(): no params data found [ 1263.037841][T26905] bridge0: port 1(bridge_slave_0) entered blocking state [ 1263.045074][T26905] bridge0: port 1(bridge_slave_0) entered disabled state [ 1263.066919][T26905] bridge_slave_0: entered allmulticast mode [ 1263.086571][T26905] bridge_slave_0: entered promiscuous mode [ 1263.105927][T26905] bridge0: port 2(bridge_slave_1) entered blocking state [ 1263.151051][T26905] bridge0: port 2(bridge_slave_1) entered disabled state [ 1263.158825][T26905] bridge_slave_1: entered allmulticast mode [ 1263.186188][T26905] bridge_slave_1: entered promiscuous mode [ 1263.362928][T26905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1263.389321][T26905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1263.513058][T26905] team0: Port device team_slave_0 added [ 1263.532109][T26905] team0: Port device team_slave_1 added [ 1263.589917][T26905] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1263.600591][T26905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1263.665369][T26905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1263.688529][T26905] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1263.703617][T26905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1263.732446][T26905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1263.799045][T26905] hsr_slave_0: entered promiscuous mode [ 1263.811182][T26905] hsr_slave_1: entered promiscuous mode [ 1263.821907][T26905] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1263.829891][T26905] Cannot create hsr debugfs directory [ 1264.119299][T26932] Process accounting resumed [ 1264.139715][T26932] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6277'. [ 1264.149305][T26905] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1264.167001][T26905] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1264.184908][T26905] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1264.208588][T26905] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1264.375677][T26905] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1264.393936][T26905] 8021q: adding VLAN 0 to HW filter on device team0 [ 1264.412497][T17880] bridge0: port 1(bridge_slave_0) entered blocking state [ 1264.419661][T17880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1264.472301][T17880] bridge0: port 2(bridge_slave_1) entered blocking state [ 1264.479448][T17880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1264.624031][T23107] Bluetooth: hci4: command tx timeout [ 1264.744546][T26905] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1264.787485][T26905] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1265.342961][T26905] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1265.763953][T26906] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1265.778365][T26906] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1265.787562][T26906] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1265.801175][T26905] veth0_vlan: entered promiscuous mode [ 1265.807215][T26906] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1265.816165][T26906] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1265.828484][T26906] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1265.858391][T26905] veth1_vlan: entered promiscuous mode [ 1265.903270][T26905] veth0_macvtap: entered promiscuous mode [ 1265.929759][T26905] veth1_macvtap: entered promiscuous mode [ 1265.974198][T26905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1265.995922][T26905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1266.012329][T26905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1266.023858][T26905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1266.034905][T26905] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1266.064890][T26905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1266.085846][T26905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1266.106409][T26905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1266.126666][T26905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1266.146664][T26905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1266.166458][T26905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1266.187574][T26905] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1266.235173][T26905] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.249213][T26905] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.258573][T26905] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.267603][T26905] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.461588][T23624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1266.483500][ T2909] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1266.500217][ T2909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1266.536695][T23624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1266.555437][T26964] chnl_net:caif_netlink_parms(): no params data found [ 1266.697631][T23107] Bluetooth: hci4: command tx timeout [ 1266.712812][T26964] bridge0: port 1(bridge_slave_0) entered blocking state [ 1266.721191][T26964] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.728611][T26964] bridge_slave_0: entered allmulticast mode [ 1266.735568][T26964] bridge_slave_0: entered promiscuous mode [ 1266.743314][T26964] bridge0: port 2(bridge_slave_1) entered blocking state [ 1266.750485][T26964] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.757711][T26964] bridge_slave_1: entered allmulticast mode [ 1266.765126][T26964] bridge_slave_1: entered promiscuous mode [ 1266.829178][T26964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1266.861011][T26964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1266.982091][T26964] team0: Port device team_slave_0 added [ 1266.992883][T26964] team0: Port device team_slave_1 added [ 1267.087075][T26964] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1267.094067][T26964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1267.166570][T26964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1267.199783][T26964] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1267.216607][T26964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1267.286480][T26964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1267.384686][T26964] hsr_slave_0: entered promiscuous mode [ 1267.404536][T26964] hsr_slave_1: entered promiscuous mode [ 1267.452197][T26964] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1267.460209][T26964] Cannot create hsr debugfs directory [ 1267.850955][T26964] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1267.896537][T23107] Bluetooth: hci5: command tx timeout [ 1267.905836][T26964] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1267.927593][T26964] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1267.947184][T26964] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1268.089577][T26964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1268.171842][T26964] 8021q: adding VLAN 0 to HW filter on device team0 [ 1268.198896][ T2909] bridge0: port 1(bridge_slave_0) entered blocking state [ 1268.207569][ T2909] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1268.255434][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state [ 1268.262583][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1268.357966][T26964] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1268.776779][T23107] Bluetooth: hci4: command tx timeout [ 1268.869255][T26964] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1269.346014][T26964] veth0_vlan: entered promiscuous mode [ 1269.356229][T26964] veth1_vlan: entered promiscuous mode [ 1269.408194][T26964] veth0_macvtap: entered promiscuous mode [ 1269.417066][T26964] veth1_macvtap: entered promiscuous mode [ 1269.431764][T26964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1269.442302][T26964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.452337][T26964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1269.462962][T26964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.473339][T26964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1269.484335][T26964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.495621][T26964] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1269.505680][T26964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1269.516214][T26964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.526062][T26964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1269.536546][T26964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.546416][T26964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1269.556911][T26964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.566946][T26964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1269.577976][T26964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1269.589484][T26964] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1269.660529][T26964] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1269.669734][T26964] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1269.679184][T26964] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1269.688407][T26964] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1269.778958][T27032] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6299'. [ 1269.844940][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1269.856930][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1269.912992][ T2909] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1269.943240][ T2909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1269.976935][T23107] Bluetooth: hci5: command tx timeout [ 1270.896452][T23107] Bluetooth: hci4: command tx timeout [ 1272.067411][T23107] Bluetooth: hci5: command tx timeout [ 1273.766732][T27128] Process accounting resumed [ 1273.774752][T27128] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6331'. [ 1273.783888][T27130] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1273.792661][T27128] mac80211_hwsim hwsim30 wlan0: entered promiscuous mode [ 1273.801264][T27128] mac80211_hwsim hwsim30 wlan0: entered allmulticast mode [ 1274.145014][T23107] Bluetooth: hci5: command tx timeout [ 1274.519400][T27148] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6339'. [ 1274.572077][T27148] veth1_macvtap: left promiscuous mode [ 1274.844409][T27157] Process accounting resumed [ 1274.850168][T27159] Process accounting resumed [ 1274.867979][T27159] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6344'. [ 1275.906723][T27188] : renamed from lo [ 1277.832185][T27201] kexec: Could not allocate control_code_buffer [ 1279.781213][T27255] syz.6.6376(27255): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1281.362564][ T2909] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1281.471201][ T2909] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1281.559944][ T2909] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1281.689283][ T2909] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1281.906106][ T2909] bridge_slave_1: left allmulticast mode [ 1281.912708][ T2909] bridge_slave_1: left promiscuous mode [ 1281.924013][ T2909] bridge0: port 2(bridge_slave_1) entered disabled state [ 1281.924240][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1281.945636][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1281.955067][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1281.964930][ T2909] bridge_slave_0: left allmulticast mode [ 1281.977971][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1281.978999][ T2909] bridge_slave_0: left promiscuous mode [ 1282.000982][ T5831] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1282.009038][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1282.011513][ T2909] bridge0: port 1(bridge_slave_0) entered disabled state [ 1282.679582][ T2909] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1282.692989][ T2909] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1282.705072][ T2909] bond0 (unregistering): Released all slaves [ 1283.225682][ T2909] hsr_slave_0: left promiscuous mode [ 1283.237140][ T2909] hsr_slave_1: left promiscuous mode [ 1283.251721][ T2909] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1283.266976][ T2909] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1283.278688][ T2909] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1283.305103][ T2909] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1283.417809][ T2909] veth1_macvtap: left promiscuous mode [ 1283.424178][ T2909] veth0_macvtap: left promiscuous mode [ 1283.430524][ T2909] veth1_vlan: left promiscuous mode [ 1283.436135][ T2909] veth0_vlan: left promiscuous mode [ 1283.575277][T27341] sctp: [Deprecated]: syz.6.6396 (pid 27341) Use of int in max_burst socket option. [ 1283.575277][T27341] Use struct sctp_assoc_value instead [ 1284.060563][T23107] Bluetooth: hci5: command tx timeout [ 1284.152347][T27352] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6400'. [ 1284.234273][ T2909] team0 (unregistering): Port device team_slave_1 removed [ 1284.287722][ T2909] team0 (unregistering): Port device team_slave_0 removed [ 1284.884092][T27296] chnl_net:caif_netlink_parms(): no params data found [ 1285.193807][T27296] bridge0: port 1(bridge_slave_0) entered blocking state [ 1285.202457][T27296] bridge0: port 1(bridge_slave_0) entered disabled state [ 1285.210415][T27296] bridge_slave_0: entered allmulticast mode [ 1285.221584][T27296] bridge_slave_0: entered promiscuous mode [ 1285.240970][T27296] bridge0: port 2(bridge_slave_1) entered blocking state [ 1285.275609][T27296] bridge0: port 2(bridge_slave_1) entered disabled state [ 1285.293096][T27296] bridge_slave_1: entered allmulticast mode [ 1285.316893][T27296] bridge_slave_1: entered promiscuous mode [ 1285.407880][T27296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1285.445208][T27296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1285.551184][T27296] team0: Port device team_slave_0 added [ 1285.574603][T27296] team0: Port device team_slave_1 added [ 1285.642060][T27296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1285.660962][T27296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1285.720585][T27296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1285.738352][T27296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1285.745593][T27296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1285.775349][T27296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1285.920736][T27296] hsr_slave_0: entered promiscuous mode [ 1285.937595][T27296] hsr_slave_1: entered promiscuous mode [ 1285.943853][T27296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1285.966850][T27296] Cannot create hsr debugfs directory [ 1286.104430][T27389] size and base must be multiples of 4 kiB [ 1286.119346][T27389] CPU: 0 UID: 0 PID: 27389 Comm: syz.6.6405 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0 [ 1286.130162][T27389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1286.140245][T27389] Call Trace: [ 1286.143555][T27389] [ 1286.146518][T27389] dump_stack_lvl+0x16c/0x1f0 [ 1286.151259][T27389] mtrr_add+0xdf/0x110 [ 1286.155419][T27389] mtrr_ioctl+0x7cd/0xcd0 [ 1286.159795][T27389] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1286.164694][T27389] ? __pfx_lock_release+0x10/0x10 [ 1286.169766][T27389] ? __fget_files+0x206/0x3a0 [ 1286.174485][T27389] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1286.177547][T23107] Bluetooth: hci5: command tx timeout [ 1286.179361][T27389] proc_reg_unlocked_ioctl+0x226/0x320 [ 1286.190213][T27389] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1286.196242][T27389] __x64_sys_ioctl+0x190/0x200 [ 1286.201083][T27389] do_syscall_64+0xcd/0x250 [ 1286.205627][T27389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.211557][T27389] RIP: 0033:0x7f5f91985d29 [ 1286.216005][T27389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1286.235644][T27389] RSP: 002b:00007f5f92735038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1286.244092][T27389] RAX: ffffffffffffffda RBX: 00007f5f91b75fa0 RCX: 00007f5f91985d29 [ 1286.252092][T27389] RDX: 0000000000000002 RSI: 00000000400c4d01 RDI: 0000000000000004 [ 1286.260093][T27389] RBP: 00007f5f91a01a20 R08: 0000000000000000 R09: 0000000000000000 [ 1286.268092][T27389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1286.276093][T27389] R13: 0000000000000000 R14: 00007f5f91b75fa0 R15: 00007ffe7ddf7968 [ 1286.284110][T27389] [ 1286.469176][T27296] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1286.484000][T27296] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1286.538100][T27296] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1286.558719][T27296] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1286.778309][T27296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1286.819468][T27296] 8021q: adding VLAN 0 to HW filter on device team0 [ 1286.863845][T23624] bridge0: port 1(bridge_slave_0) entered blocking state [ 1286.871063][T23624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1286.927647][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state [ 1286.934772][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1287.032182][T27296] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1287.491183][T27296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1288.112847][T27296] veth0_vlan: entered promiscuous mode [ 1288.131302][T27296] veth1_vlan: entered promiscuous mode [ 1288.189068][T27296] veth0_macvtap: entered promiscuous mode [ 1288.212593][T27296] veth1_macvtap: entered promiscuous mode [ 1288.227849][T23107] Bluetooth: hci5: command tx timeout [ 1288.265019][T27296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1288.312891][T27296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1288.345011][T27296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1288.361899][T27296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1288.373394][T27296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1288.393234][T27296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1288.404443][T27296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1288.441022][T27296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1288.453020][T27296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1288.479192][T27296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1288.496462][T27296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1288.506289][T27296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1288.523890][T27296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1288.534861][T27296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1288.545880][T27296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1288.560321][T27296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1288.570545][T27296] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1288.580555][T27296] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1288.606418][T27296] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1288.617009][T27296] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1288.829028][T23626] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1288.854999][T23626] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1288.973327][T23622] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1288.994230][T23622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1289.768371][T27479] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6415'. [ 1290.306816][T23107] Bluetooth: hci5: command tx timeout [ 1291.522278][ T5831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1291.534928][ T5831] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1291.543230][ T5831] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1291.552844][ T5831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1291.563588][ T5831] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1291.572427][ T5831] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1291.841110][T27541] chnl_net:caif_netlink_parms(): no params data found [ 1291.879428][T27550] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6428'. [ 1292.020784][T27541] bridge0: port 1(bridge_slave_0) entered blocking state [ 1292.043237][T27541] bridge0: port 1(bridge_slave_0) entered disabled state [ 1292.068654][T27541] bridge_slave_0: entered allmulticast mode [ 1292.093180][T27541] bridge_slave_0: entered promiscuous mode [ 1292.118551][T27541] bridge0: port 2(bridge_slave_1) entered blocking state [ 1292.130611][T27541] bridge0: port 2(bridge_slave_1) entered disabled state [ 1292.145396][T27541] bridge_slave_1: entered allmulticast mode [ 1292.152979][T27541] bridge_slave_1: entered promiscuous mode [ 1292.182619][T27560] netlink: 334 bytes leftover after parsing attributes in process `syz.5.6431'. [ 1292.233174][T27541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1292.263576][T27541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1292.385806][T27541] team0: Port device team_slave_0 added [ 1292.420971][T27541] team0: Port device team_slave_1 added [ 1292.462353][T27541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1292.473358][T27541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1292.535351][T27541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1292.566453][T27541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1292.573423][T27541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1292.613028][T27541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1292.698054][T27541] hsr_slave_0: entered promiscuous mode [ 1292.716226][T27541] hsr_slave_1: entered promiscuous mode [ 1292.729249][T27541] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1292.743891][T27541] Cannot create hsr debugfs directory [ 1293.044333][T27582] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6438'. [ 1293.072746][T27582] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6438'. [ 1293.190929][T27541] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1293.228225][T27541] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1293.238814][T27541] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1293.264278][T27541] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1293.294584][T27589] netlink: 334 bytes leftover after parsing attributes in process `syz.5.6441'. [ 1293.455501][T27541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1293.474076][T27541] 8021q: adding VLAN 0 to HW filter on device team0 [ 1293.569574][T23626] bridge0: port 1(bridge_slave_0) entered blocking state [ 1293.576734][T23626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1293.606323][T23626] bridge0: port 2(bridge_slave_1) entered blocking state [ 1293.613467][T23626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1293.657708][T23107] Bluetooth: hci6: command tx timeout [ 1293.678428][T27541] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1293.696265][T27541] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1294.112376][T27541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1294.658779][T27541] veth0_vlan: entered promiscuous mode [ 1294.683457][T27541] veth1_vlan: entered promiscuous mode [ 1294.710595][T27541] veth0_macvtap: entered promiscuous mode [ 1294.726768][T27541] veth1_macvtap: entered promiscuous mode [ 1294.753464][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1294.769007][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.782957][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1294.793549][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.803453][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1294.817512][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.836489][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1294.847462][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.859617][T27541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1294.873423][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1294.884488][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.899782][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1294.910753][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.921340][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1294.932333][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.943644][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1294.954530][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.965041][T27541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1294.975951][T27541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1294.994435][T27541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1295.014887][T27541] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1295.024105][T27541] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1295.033073][T27541] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1295.043440][T27541] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1295.137482][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1295.164516][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1295.204893][ T2909] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1295.222334][ T2909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1295.736608][T23107] Bluetooth: hci6: command tx timeout [ 1296.000150][T27659] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6459'. [ 1296.030753][T27659] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1296.053683][T27659] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1296.081853][T27659] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1296.110938][T27659] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1296.426256][T27676] netlink: 4384 bytes leftover after parsing attributes in process `syz.8.6466'. [ 1297.823950][T23107] Bluetooth: hci6: command tx timeout [ 1298.457207][T27720] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1299.912058][T23107] Bluetooth: hci6: command tx timeout [ 1300.461240][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.468662][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.792524][T27800] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 1302.932964][T27818] smc: net device syz_tun applied user defined pnetid ETHTOOL [ 1305.724146][T27935] mmap: syz.5.6522 (27935): VmData 37601280 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data. [ 1308.920365][T28014] delete_channel: no stack [ 1310.232148][T28041] Process accounting resumed [ 1310.253840][T28041] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6547'. [ 1310.347144][ T5831] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1310.362427][ T5831] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1310.371121][ T5831] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1310.382790][ T5831] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1310.391586][ T5831] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1310.399941][ T5831] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1311.172511][T28043] chnl_net:caif_netlink_parms(): no params data found [ 1311.967861][T28043] bridge0: port 1(bridge_slave_0) entered blocking state [ 1311.974996][T28043] bridge0: port 1(bridge_slave_0) entered disabled state [ 1312.005573][T28043] bridge_slave_0: entered allmulticast mode [ 1312.024498][T28043] bridge_slave_0: entered promiscuous mode [ 1312.047102][T28043] bridge0: port 2(bridge_slave_1) entered blocking state [ 1312.054351][T28043] bridge0: port 2(bridge_slave_1) entered disabled state [ 1312.072291][T28043] bridge_slave_1: entered allmulticast mode [ 1312.087674][T28043] bridge_slave_1: entered promiscuous mode [ 1312.258893][T28043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1312.290084][T28043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1312.382387][T28043] team0: Port device team_slave_0 added [ 1312.413171][T28043] team0: Port device team_slave_1 added [ 1312.456626][T23107] Bluetooth: hci7: command tx timeout [ 1312.501393][T28043] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1312.509051][T28043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1312.586495][T28043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1312.606605][T28043] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1312.613584][T28043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1312.640280][T28043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1312.819915][T28043] hsr_slave_0: entered promiscuous mode [ 1312.857704][T28043] hsr_slave_1: entered promiscuous mode [ 1312.896770][T28043] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1312.904681][T28043] Cannot create hsr debugfs directory [ 1313.200786][T28043] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1313.503206][T28043] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1313.698724][T28043] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1313.941962][T28043] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1314.301063][T28043] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1314.380732][T28043] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1314.409676][T28043] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1314.438869][T28043] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1314.538338][T23107] Bluetooth: hci7: command tx timeout [ 1314.945826][T28043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1315.013066][T28043] 8021q: adding VLAN 0 to HW filter on device team0 [ 1315.045276][T23626] bridge0: port 1(bridge_slave_0) entered blocking state [ 1315.052480][T23626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1315.057225][T28094] nfs: Bad value for 'source' [ 1315.163503][T23626] bridge0: port 2(bridge_slave_1) entered blocking state [ 1315.170669][T23626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1315.391651][T28098] netlink: 28 bytes leftover after parsing attributes in process `syz.8.6561'. [ 1316.293460][T28111] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6566'. [ 1316.319362][T28098] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1316.353341][T28098] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1316.388134][T28098] bond0 (unregistering): Released all slaves [ 1316.617636][T23107] Bluetooth: hci7: command tx timeout [ 1316.683631][T28043] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1316.717211][T28119] lo: entered allmulticast mode [ 1316.736129][T28119] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6567'. [ 1316.961959][T28043] veth0_vlan: entered promiscuous mode [ 1317.007088][T28043] veth1_vlan: entered promiscuous mode [ 1317.058411][T28118] lo: left allmulticast mode [ 1317.075687][T28043] veth0_macvtap: entered promiscuous mode [ 1317.107988][T28043] veth1_macvtap: entered promiscuous mode [ 1317.167595][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.195685][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.211558][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.224917][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.244102][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.294581][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.304980][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1317.315602][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.327448][T28043] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1317.347185][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1317.357916][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.368321][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1317.379408][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.389477][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1317.400358][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.410509][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1317.421092][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.431039][T28043] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1317.441512][T28043] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1317.452933][T28043] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1317.463587][T28043] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1317.472836][T28043] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1317.482108][T28043] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1317.491038][T28043] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1317.715285][T23624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1317.757864][T28129] Process accounting resumed [ 1317.762748][T23624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1317.838693][T17880] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1317.856615][T17880] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1318.389888][T28137] netlink: 322 bytes leftover after parsing attributes in process `syz.8.6572'. [ 1318.696555][T23107] Bluetooth: hci7: command tx timeout [ 1319.245200][T28149] lo: entered allmulticast mode [ 1319.340318][T28152] lo: left allmulticast mode [ 1321.581415][T28178] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1325.047231][T28225] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6594'. [ 1325.949985][T28240] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6598'. [ 1325.967766][T28240] team_slave_0: entered allmulticast mode [ 1326.129713][T28244] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6599'. [ 1326.165868][T28246] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6600'. [ 1329.060052][T28263] HfR: entered promiscuous mode [ 1329.099003][T28263] netlink: 12 bytes leftover after parsing attributes in process `syz.8.6604'. [ 1329.134527][T28263] HfR: left promiscuous mode [ 1330.714955][T28276] blktrace: Concurrent blktraces are not allowed on sg0 [ 1330.745272][T28276] netlink: 338 bytes leftover after parsing attributes in process `syz.9.6609'. [ 1330.793184][T28276] netlink: 338 bytes leftover after parsing attributes in process `syz.9.6609'. [ 1330.835822][T28276] relay: one or more items not logged [item size (48) > sub-buffer size (28)] [ 1331.565025][T28286] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1336.807622][T28310] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6617'. [ 1336.906050][T28310] smc: removing net device syz_tun with user defined pnetid ETHTOOL [ 1338.606038][T28319] netlink: 342 bytes leftover after parsing attributes in process `syz.9.6620'. [ 1339.981671][ T5831] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1339.995572][ T5831] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1340.006175][ T5831] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1340.014941][ T5831] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1340.023921][ T5831] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 1340.033323][ T5831] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1340.239423][T28328] chnl_net:caif_netlink_parms(): no params data found [ 1340.335390][T28328] bridge0: port 1(bridge_slave_0) entered blocking state [ 1340.347169][T28328] bridge0: port 1(bridge_slave_0) entered disabled state [ 1340.354373][T28328] bridge_slave_0: entered allmulticast mode [ 1340.361919][T28328] bridge_slave_0: entered promiscuous mode [ 1340.370232][T28328] bridge0: port 2(bridge_slave_1) entered blocking state [ 1340.378237][T28328] bridge0: port 2(bridge_slave_1) entered disabled state [ 1340.385417][T28328] bridge_slave_1: entered allmulticast mode [ 1340.393672][T28328] bridge_slave_1: entered promiscuous mode [ 1340.431468][T28328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1340.445323][T28328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1340.480582][T28328] team0: Port device team_slave_0 added [ 1340.488823][T28328] team0: Port device team_slave_1 added [ 1340.520498][T28328] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1340.527927][T28328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1340.554822][T28328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1340.568508][T28328] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1340.575481][T28328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1340.601412][ C0] vkms_vblank_simulate: vblank timer overrun [ 1340.611237][T28328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1340.684027][T28328] hsr_slave_0: entered promiscuous mode [ 1340.707447][T28328] hsr_slave_1: entered promiscuous mode [ 1340.714431][T28328] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1340.755348][T28328] Cannot create hsr debugfs directory [ 1341.002137][T28328] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1341.021719][ T5831] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1341.039872][ T5831] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1341.051889][ T5831] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1341.065215][ T5831] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1341.073732][ T5831] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1341.081290][ T5831] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1341.125697][T28328] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1341.218042][T28328] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1341.322285][T28328] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1341.462756][T28342] chnl_net:caif_netlink_parms(): no params data found [ 1341.630408][T28342] bridge0: port 1(bridge_slave_0) entered blocking state [ 1341.648351][T28342] bridge0: port 1(bridge_slave_0) entered disabled state [ 1341.674794][T28342] bridge_slave_0: entered allmulticast mode [ 1341.684568][T28342] bridge_slave_0: entered promiscuous mode [ 1341.712754][T28342] bridge0: port 2(bridge_slave_1) entered blocking state [ 1341.730387][T28342] bridge0: port 2(bridge_slave_1) entered disabled state [ 1341.756301][T28342] bridge_slave_1: entered allmulticast mode [ 1341.763980][T28342] bridge_slave_1: entered promiscuous mode [ 1341.777812][T28328] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1341.807498][T28328] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1341.853007][T28328] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1341.877217][T28342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1341.899214][T28342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1341.916597][T28328] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1341.987837][T28342] team0: Port device team_slave_0 added [ 1341.999299][T28342] team0: Port device team_slave_1 added [ 1342.046977][T28342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1342.063123][T28342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1342.089823][T23107] Bluetooth: hci8: command tx timeout [ 1342.116555][T28342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1342.146657][T28342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1342.156646][T28342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1342.196485][T28342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1342.284508][T28342] hsr_slave_0: entered promiscuous mode [ 1342.291432][T28342] hsr_slave_1: entered promiscuous mode [ 1342.301096][T28342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1342.309301][T28342] Cannot create hsr debugfs directory [ 1342.502739][T28328] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1342.554035][T28328] 8021q: adding VLAN 0 to HW filter on device team0 [ 1342.606314][T28342] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1342.636059][T23624] bridge0: port 1(bridge_slave_0) entered blocking state [ 1342.643192][T23624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1342.669796][T23624] bridge0: port 2(bridge_slave_1) entered blocking state [ 1342.676934][T23624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1342.765145][T28342] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1342.820587][T28328] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1342.840059][T28328] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1342.904285][T28342] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1343.048795][T28342] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1343.088461][T28328] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1343.177100][T23107] Bluetooth: hci9: command tx timeout [ 1343.368847][T28342] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1343.417039][T28342] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1343.449072][T28342] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1343.474773][T28328] veth0_vlan: entered promiscuous mode [ 1343.508702][T28342] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1343.529219][T28328] veth1_vlan: entered promiscuous mode [ 1343.590144][T28328] veth0_macvtap: entered promiscuous mode [ 1343.626356][T28328] veth1_macvtap: entered promiscuous mode [ 1343.671238][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1343.682645][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.693463][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1343.705181][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.716872][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1343.727459][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.738090][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1343.748794][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.761184][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1343.771735][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.793893][T28328] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1343.807942][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1343.819690][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.830201][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1343.849909][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.871682][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1343.894649][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.914188][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1343.932566][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.952677][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1343.963301][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1343.973627][T28328] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1344.001704][T28328] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1344.021491][T28328] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1344.058851][T28342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1344.075274][T28342] 8021q: adding VLAN 0 to HW filter on device team0 [ 1344.110305][T28342] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1344.120872][T28342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1344.136144][ T5883] bridge0: port 1(bridge_slave_0) entered blocking state [ 1344.143284][ T5883] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1344.151183][T23107] Bluetooth: hci8: command tx timeout [ 1344.175700][ T5883] bridge0: port 2(bridge_slave_1) entered blocking state [ 1344.182907][ T5883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1344.254350][T28328] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1344.273972][T28328] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1344.285701][T28328] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1344.303885][T28328] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1344.543052][T23624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1344.565359][T23624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1344.568228][T28342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1344.690445][T28342] veth0_vlan: entered promiscuous mode [ 1344.733034][T23626] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1344.735785][T28342] veth1_vlan: entered promiscuous mode [ 1344.746925][T23626] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1344.806904][T28342] veth0_macvtap: entered promiscuous mode [ 1344.830808][T28342] veth1_macvtap: entered promiscuous mode [ 1344.872332][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1344.897022][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1344.936755][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1344.966541][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1344.996525][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1345.017259][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.046633][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1345.076697][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.106391][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1345.137201][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.161158][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1345.192067][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.217729][T28342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1345.243274][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.258289][T23107] Bluetooth: hci9: command tx timeout [ 1345.288622][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.315578][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.360149][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.390882][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.424600][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.424917][ T5831] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1345.435119][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.456360][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.457803][ T5831] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1345.466640][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.505578][ T5831] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1345.515450][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.539978][ T5831] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1345.548122][ T5831] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 1345.555543][ T5831] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1345.558748][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.611151][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.633169][T28342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1345.644065][T28342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1345.655872][T28342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1345.753298][T28342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1345.766426][T28342] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1345.775162][T28342] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1345.814447][T28342] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1346.217049][ T5831] Bluetooth: hci8: command tx timeout [ 1346.310525][ T2909] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1346.356638][ T2909] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1346.458087][T28401] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6632'. [ 1346.484240][T28401] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6632'. [ 1346.494201][T28401] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6632'. [ 1346.504206][T28401] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6632'. [ 1346.513959][T28401] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6632'. [ 1346.551852][ T2909] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1346.568867][ T2909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1346.598580][T28391] chnl_net:caif_netlink_parms(): no params data found [ 1346.948281][T28391] bridge0: port 1(bridge_slave_0) entered blocking state [ 1346.955483][T28391] bridge0: port 1(bridge_slave_0) entered disabled state [ 1346.981115][T28391] bridge_slave_0: entered allmulticast mode [ 1347.017591][T28391] bridge_slave_0: entered promiscuous mode [ 1347.035891][T28391] bridge0: port 2(bridge_slave_1) entered blocking state [ 1347.044387][T28391] bridge0: port 2(bridge_slave_1) entered disabled state [ 1347.066692][T28391] bridge_slave_1: entered allmulticast mode [ 1347.076642][T28391] bridge_slave_1: entered promiscuous mode [ 1347.125442][T28391] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1347.169389][T28391] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1347.315085][T28391] team0: Port device team_slave_0 added [ 1347.336880][ T5831] Bluetooth: hci9: command tx timeout [ 1347.419082][T28391] team0: Port device team_slave_1 added [ 1347.540688][T28391] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1347.570013][T28391] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1347.656948][ T5831] Bluetooth: hci10: command tx timeout [ 1347.666682][T28391] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1347.713688][T28391] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1347.721321][T28391] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1347.756188][T28391] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1348.054916][T28391] hsr_slave_0: entered promiscuous mode [ 1348.067261][T28391] hsr_slave_1: entered promiscuous mode [ 1348.075562][T28391] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1348.096285][T28391] Cannot create hsr debugfs directory [ 1348.296707][ T5831] Bluetooth: hci8: command tx timeout [ 1348.517700][T28391] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1348.814554][T28391] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1349.095435][T28391] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1349.132641][T28440] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1349.158014][T28440] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1349.347004][T28391] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1349.416638][ T5831] Bluetooth: hci9: command tx timeout [ 1349.747414][ T5831] Bluetooth: hci10: command tx timeout [ 1349.870699][T28391] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1349.910487][T28448] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6640'. [ 1350.066254][T28448] bridge0: port 1(bridge_slave_0) entered disabled state [ 1350.154475][T28448] bridge_slave_0 (unregistering): left allmulticast mode [ 1350.213493][T28448] bridge_slave_0 (unregistering): left promiscuous mode [ 1350.256036][T28448] bridge0: port 1(bridge_slave_0) entered disabled state [ 1350.396425][T28391] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1350.419516][T28391] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1350.507256][T28391] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1350.639795][T28391] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1350.656824][T28391] 8021q: adding VLAN 0 to HW filter on device team0 [ 1350.724577][T23622] bridge0: port 1(bridge_slave_0) entered blocking state [ 1350.731757][T23622] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1350.788499][T23622] bridge0: port 2(bridge_slave_1) entered blocking state [ 1350.795630][T23622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1350.884311][T28391] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1350.907708][T28391] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1351.065461][T28458] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6642'. [ 1351.177972][T28460] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6642'. [ 1351.308927][T28460] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6642'. [ 1351.376276][T28391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1351.526208][T28391] veth0_vlan: entered promiscuous mode [ 1351.558423][T28460] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6642'. [ 1351.569989][T28391] veth1_vlan: entered promiscuous mode [ 1351.644354][T28460] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6642'. [ 1351.687257][T28391] veth0_macvtap: entered promiscuous mode [ 1351.696191][T28391] veth1_macvtap: entered promiscuous mode [ 1351.735117][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1351.745992][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1351.756021][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1351.776448][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1351.799742][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1351.812864][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1351.824323][ T5831] Bluetooth: hci10: command tx timeout [ 1351.841758][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1351.856364][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1351.866679][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1351.878510][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1351.888481][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1351.900554][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1351.910633][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1351.921222][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1351.944831][T28451] kexec: Could not allocate control_code_buffer [ 1351.957596][T28391] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1351.982895][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.006398][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.032628][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.054007][ T29] audit: type=1800 audit(4294967414.239:42): pid=28469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6644" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1352.061370][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.133363][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.186379][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.196225][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.246588][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.261157][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.271792][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.286464][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.315974][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.336685][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.366732][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.396526][T28391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1352.426635][T28391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1352.469617][T28391] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1352.552776][T28391] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.579458][T28391] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.596569][T28391] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.605341][T28391] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1352.928379][T23622] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1352.949543][T23622] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1353.019427][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1353.041927][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1353.523239][T28482] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6648'. [ 1353.734856][T28501] Process accounting resumed [ 1353.759004][T28501] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6650'. [ 1353.776795][T28501] mac80211_hwsim hwsim42 wlan0: entered promiscuous mode [ 1353.786729][T28501] mac80211_hwsim hwsim42 wlan0: entered allmulticast mode [ 1353.896594][ T5831] Bluetooth: hci10: command tx timeout [ 1354.187147][T28505] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6651'. [ 1354.315325][T28505] bridge0: port 1(bridge_slave_0) entered disabled state [ 1354.540018][T28505] bridge_slave_0 (unregistering): left allmulticast mode [ 1354.548056][T28505] bridge_slave_0 (unregistering): left promiscuous mode [ 1354.566190][T28505] bridge0: port 1(bridge_slave_0) entered disabled state [ 1357.665568][T28557] Process accounting resumed [ 1357.699535][T28557] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6660'. [ 1357.749725][T28557] mac80211_hwsim hwsim46 wlan0: entered promiscuous mode [ 1357.814121][T28557] mac80211_hwsim hwsim46 wlan0: entered allmulticast mode [ 1361.267206][T28584] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6666'. [ 1361.387269][T28584] netdevsim netdevsim4 netdevsim2: entered allmulticast mode [ 1361.450769][ T29] audit: type=1800 audit(4294967423.619:43): pid=28594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.6668" name="features" dev="configfs" ino=93848 res=0 errno=0 [ 1361.668810][T28597] tipc: Started in network mode [ 1361.688649][T28597] tipc: Node identity ee00, cluster identity 4711 [ 1361.695110][T28597] tipc: Node number set to 60928 [ 1361.916526][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.922851][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.253636][T28603] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1362.275496][T28603] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1363.168361][T28621] erspan0: entered allmulticast mode [ 1365.082862][T28625] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6675'. [ 1365.128115][T28625] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 1365.443460][T28644] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6678'. [ 1366.755452][T28694] binder: 28692:28694 ioctl 40046205 800000000000003 returned -22 [ 1366.838988][T28696] netlink: 22 bytes leftover after parsing attributes in process `syz.0.6695'. [ 1366.958250][T28699] Process accounting resumed [ 1366.982347][T28699] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6696'. [ 1369.568848][T28733] nbd: must specify at least one socket [ 1371.688106][ T29] audit: type=1800 audit(4294967433.879:44): pid=28766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.6712" name="features" dev="configfs" ino=95350 res=0 errno=0 [ 1372.068389][T28773] zero sized request [ 1373.681636][T28803] ubi0: attaching mtd0 [ 1373.705967][T28803] ubi0: scanning is finished [ 1373.719079][T28803] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1373.967864][T28803] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1377.846566][ T29] audit: type=1800 audit(4294967440.029:45): pid=28851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6742" name="discovery_nqn" dev="configfs" ino=95652 res=0 errno=0 [ 1378.767304][T28861] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1379.375122][T28879] ACPI: Can not change Invalid GPE/Fixed Event status [ 1379.937077][T28847] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6739'. [ 1380.063231][T28847] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 1380.229008][T28892] Process accounting resumed [ 1380.285251][T28894] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6754'. [ 1380.942729][T28899] could not allocate digest TFM handle [ 1381.060478][T28902] could not allocate digest TFM handle [ 1381.247738][T28916] binder: 28915:28916 ioctl c0306201 9 returned -14 [ 1381.308763][T28918] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1381.967470][T28927] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1381.991731][T28927] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1382.015892][T28927] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1382.039205][T28927] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1382.085434][T28927] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1382.109856][T28927] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1382.140426][T28927] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1382.228418][T28927] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1382.244690][T28927] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1382.314723][T28927] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1382.429884][T28927] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1382.471109][T28927] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1383.397211][T28927] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1383.766859][T28927] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 1383.816798][T28927] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 1383.986398][ T5831] Bluetooth: hci0: command 0x0406 tx timeout [ 1384.056609][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 1384.062672][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 1384.068939][T23107] Bluetooth: hci1: command 0x0406 tx timeout [ 1384.146384][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 1384.293732][T28927] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 1384.301449][T26906] Bluetooth: hci5: command 0x0c1a tx timeout [ 1384.456884][T26906] Bluetooth: hci6: command 0x0c1a tx timeout [ 1384.473203][T28954] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1384.937434][T28927] Bluetooth: hci8: Opcode 0x0c1a failed: -4 [ 1384.970084][T28927] Bluetooth: hci8: Opcode 0x0406 failed: -4 [ 1385.187322][T28927] Bluetooth: hci8: Opcode 0x0406 failed: -4 [ 1385.283648][T28927] Bluetooth: hci9: Opcode 0x0c1a failed: -4 [ 1385.296484][T28927] Bluetooth: hci9: Opcode 0x0406 failed: -4 [ 1385.353828][T28927] Bluetooth: hci9: Opcode 0x0406 failed: -4 [ 1385.624903][T28927] Bluetooth: hci10: Opcode 0x0c1a failed: -4 [ 1385.731617][T28927] Bluetooth: hci10: Opcode 0x0406 failed: -4 [ 1385.817917][T26906] Bluetooth: hci7: command 0x0c1a tx timeout [ 1385.840134][T28927] Bluetooth: hci10: Opcode 0x0406 failed: -4 [ 1385.951441][T28976] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1386.216719][T26906] Bluetooth: hci4: command 0x0c1a tx timeout [ 1386.376483][T26906] Bluetooth: hci5: command 0x0c1a tx timeout [ 1386.536629][T26906] Bluetooth: hci6: command 0x0c1a tx timeout [ 1386.949568][T28991] Process accounting resumed [ 1387.061128][T26906] Bluetooth: hci8: command 0x0c1a tx timeout [ 1387.339287][T26906] Bluetooth: hci9: command 0x0c1a tx timeout [ 1387.666540][T26906] Bluetooth: hci10: command 0x0c1a tx timeout [ 1387.896900][T26906] Bluetooth: hci7: command 0x0c1a tx timeout [ 1388.296535][T26906] Bluetooth: hci4: command 0x0c1a tx timeout [ 1388.456775][T26906] Bluetooth: hci5: command 0x0c1a tx timeout [ 1388.626654][T26906] Bluetooth: hci6: command 0x0c1a tx timeout [ 1389.102988][T26906] Bluetooth: hci8: command 0x0c1a tx timeout [ 1389.438437][T26906] Bluetooth: hci9: command 0x0c1a tx timeout [ 1389.747220][ T5831] Bluetooth: hci10: command 0x0c1a tx timeout [ 1389.919056][T29030] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1389.976732][ T5831] Bluetooth: hci7: command 0x0c1a tx timeout [ 1391.177097][ T5831] Bluetooth: hci8: command 0x0c1a tx timeout [ 1391.352078][T29052] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1391.371913][T29052] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1391.496491][ T5831] Bluetooth: hci9: command 0x0c1a tx timeout [ 1391.817265][ T5831] Bluetooth: hci10: command 0x0c1a tx timeout [ 1394.278396][T29079] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1394.288572][T29079] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1395.362437][T29091] mkiss: ax0: crc mode is auto. [ 1396.456642][ T30] INFO: task syz.3.6192:26690 blocked for more than 143 seconds. [ 1396.464417][ T30] Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0 [ 1396.483103][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1396.493385][ T30] task:syz.3.6192 state:D stack:27672 pid:26690 tgid:26689 ppid:5828 flags:0x00000004 [ 1396.505374][ T30] Call Trace: [ 1396.509264][ T30] [ 1396.512234][ T30] __schedule+0xe58/0x5ad0 [ 1396.517131][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1396.523664][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1396.529389][ T30] ? __pfx___schedule+0x10/0x10 [ 1396.534277][ T30] ? schedule+0x298/0x350 [ 1396.539056][ T30] ? __pfx_lock_release+0x10/0x10 [ 1396.544421][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1396.550995][ T30] ? lock_acquire+0x2f/0xb0 [ 1396.555608][ T30] ? schedule+0x1fd/0x350 [ 1396.560427][ T30] schedule+0xe7/0x350 [ 1396.564536][ T30] schedule_preempt_disabled+0x13/0x30 [ 1396.570468][ T30] __mutex_lock+0x62b/0xa60 [ 1396.575012][ T30] ? ____sys_sendmsg+0x9ae/0xb40 [ 1396.580474][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1396.586940][ T30] ? nfsd_nl_listener_set_doit+0xe3/0x1b40 [ 1396.592900][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1396.598376][ T30] ? __nla_validate_parse+0x605/0x2b10 [ 1396.604053][ T30] ? nfsd_nl_listener_set_doit+0xe3/0x1b40 [ 1396.610657][ T30] nfsd_nl_listener_set_doit+0xe3/0x1b40 [ 1396.616779][ T30] ? __pfx___nla_validate_parse+0x10/0x10 [ 1396.624488][ T30] ? rcu_is_watching+0x12/0xc0 [ 1396.629781][ T30] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 1396.635982][ T30] ? __nla_parse+0x40/0x60 [ 1396.646415][ T30] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1396.663077][ T30] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1396.675963][ T30] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1396.686617][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1396.692820][ T30] ? __pfx_mark_lock+0x10/0x10 [ 1396.699068][ T30] ? __pfx_stack_trace_save+0x10/0x10 [ 1396.704592][ T30] ? genl_get_cmd+0x195/0x580 [ 1396.710881][ T30] ? bpf_lsm_capable+0x9/0x10 [ 1396.715710][ T30] ? security_capable+0x7e/0x260 [ 1396.736385][ T30] genl_rcv_msg+0x565/0x800 [ 1396.746614][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1396.756702][ T30] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 1396.773070][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1396.778770][ T30] netlink_rcv_skb+0x165/0x410 [ 1396.783579][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1396.795700][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1396.805644][ T30] ? down_read+0xc9/0x330 [ 1396.812139][ T30] ? __pfx_down_read+0x10/0x10 [ 1396.831465][ T30] ? netlink_deliver_tap+0x1ae/0xca0 [ 1396.846424][ T30] genl_rcv+0x28/0x40 [ 1396.850699][ T30] netlink_unicast+0x53c/0x7f0 [ 1396.876398][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1396.886624][ T30] ? __phys_addr_symbol+0x30/0x80 [ 1396.897368][ T30] ? __check_object_size+0x488/0x710 [ 1396.912904][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1396.917769][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1396.923104][ T30] ____sys_sendmsg+0x9ae/0xb40 [ 1396.946456][ T30] ? copy_msghdr_from_user+0x10b/0x160 [ 1396.956462][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1396.961843][ T30] ___sys_sendmsg+0x135/0x1e0 [ 1396.969173][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1396.974425][ T30] ? __pfx_lock_release+0x10/0x10 [ 1396.982550][ T30] ? trace_lock_acquire+0x14e/0x1f0 [ 1396.990691][ T30] ? __fget_files+0x206/0x3a0 [ 1397.004111][ T30] __sys_sendmsg+0x16e/0x220 [ 1397.011192][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 1397.025806][ T30] ? __x64_sys_futex+0x1e1/0x4c0 [ 1397.033797][ T30] do_syscall_64+0xcd/0x250 [ 1397.038894][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1397.044903][ T30] RIP: 0033:0x7f128c785d29 [ 1397.051357][ T30] RSP: 002b:00007f128d586038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1397.061954][ T30] RAX: ffffffffffffffda RBX: 00007f128c975fa0 RCX: 00007f128c785d29 [ 1397.070399][ T30] RDX: 0000000020000000 RSI: 0000000020005380 RDI: 0000000000000003 [ 1397.078739][ T30] RBP: 00007f128c801a20 R08: 0000000000000000 R09: 0000000000000000 [ 1397.087116][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1397.095193][ T30] R13: 0000000000000000 R14: 00007f128c975fa0 R15: 00007ffdb5ecd068 [ 1397.104250][ T30] [ 1397.107708][ T30] [ 1397.107708][ T30] Showing all locks held in the system: [ 1397.115517][ T30] 1 lock held by khungtaskd/30: [ 1397.121009][ T30] #0: ffffffff8ddbad40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 [ 1397.133809][ T30] 2 locks held by kworker/u9:1/5141: [ 1397.139483][ T30] #0: ffff88802561f948 ((wq_completion)nbd1-recv){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 1397.150612][ T30] #1: ffffc900104afd80 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 1397.164041][ T30] 2 locks held by kworker/u9:2/17791: [ 1397.175128][ T30] #0: ffff888025687948 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_one_work+0x12cd/0x1b30 [ 1397.197526][ T30] #1: ffffc90010227d80 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 1397.219302][ T30] 2 locks held by getty/19003: [ 1397.224096][ T30] #0: ffff888034eca0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1397.246356][ T30] #1: ffffc900051292f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 [ 1397.264338][ T30] 2 locks held by kworker/u8:8/23622: [ 1397.276426][ T30] 2 locks held by syz.0.6164/26614: [ 1397.281659][ T30] #0: ffffffff8fb5e010 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1397.301358][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x694/0xbe0 [ 1397.312462][ T30] 2 locks held by syz.3.6192/26690: [ 1397.318263][ T30] #0: ffffffff8fb5e010 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1397.326812][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xe3/0x1b40 [ 1397.340559][ T30] 2 locks held by syz-executor/26905: [ 1397.345975][ T30] #0: ffff88805b53c0e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100 [ 1397.356614][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1397.367187][ T30] 2 locks held by syz.1.6353/27182: [ 1397.372413][ T30] #0: ffff88807e2620e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100 [ 1397.383188][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1397.393138][ T30] 2 locks held by syz-executor/27296: [ 1397.399406][ T30] #0: ffff8880866bc0e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100 [ 1397.410019][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1397.419953][ T30] 2 locks held by syz-executor/28043: [ 1397.425351][ T30] #0: ffff888011cc00e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100 [ 1397.436370][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1397.447655][ T30] 2 locks held by syz.5.6593/28223: [ 1397.452881][ T30] #0: ffff8880859a40e0 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xd6/0x100 [ 1397.463913][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1397.474318][ T30] 2 locks held by syz.3.6787/28996: [ 1397.479786][ T30] #0: ffffffff8fb5e010 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1397.488301][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x694/0xbe0 [ 1397.502269][ T30] 2 locks held by syz.9.6798/29031: [ 1397.510765][ T30] #0: ffffffff8fb5e010 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1397.532239][ T30] #1: ffffffff8e1bae88 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xe3/0x1b40 [ 1397.545598][ T30] [ 1397.556358][ T30] ============================================= [ 1397.556358][ T30] [ 1397.565052][ T30] NMI backtrace for cpu 1 [ 1397.569401][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0 [ 1397.579930][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1397.590009][ T30] Call Trace: [ 1397.593314][ T30] [ 1397.596269][ T30] dump_stack_lvl+0x116/0x1f0 [ 1397.600979][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 1397.606036][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1397.612054][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1397.618075][ T30] watchdog+0xf14/0x1240 [ 1397.622381][ T30] ? __pfx_watchdog+0x10/0x10 [ 1397.627090][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1397.632320][ T30] ? __kthread_parkme+0x148/0x220 [ 1397.637383][ T30] ? __pfx_watchdog+0x10/0x10 [ 1397.642091][ T30] kthread+0x2c1/0x3a0 [ 1397.646200][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1397.651430][ T30] ? __pfx_kthread+0x10/0x10 [ 1397.656057][ T30] ret_from_fork+0x45/0x80 [ 1397.660526][ T30] ? __pfx_kthread+0x10/0x10 [ 1397.665150][ T30] ret_from_fork_asm+0x1a/0x30 [ 1397.670004][ T30] [ 1397.674432][ T30] Sending NMI from CPU 1 to CPUs 0: [ 1397.680707][ C0] NMI backtrace for cpu 0 [ 1397.680728][ C0] CPU: 0 UID: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0 [ 1397.680753][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1397.680766][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 1397.680849][ C0] RIP: 0010:__sanitizer_cov_trace_switch+0x4f/0x90 [ 1397.680875][ C0] Code: 83 f8 10 75 2f 41 bd 03 00 00 00 4c 8b 75 00 31 db 4d 85 f6 74 1e 48 8b 74 dd 10 4c 89 e2 4c 89 ef 48 83 c3 01 48 8b 4c 24 28 8c fd ff ff 49 39 de 75 e2 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc [ 1397.680895][ C0] RSP: 0018:ffffc90000ab6ec0 EFLAGS: 00000206 [ 1397.680911][ C0] RAX: 0000000000000000 RBX: 0000000000000009 RCX: ffffffff8aa1a531 [ 1397.680924][ C0] RDX: 0000000000000003 RSI: 0000000000000032 RDI: 0000000000000001 [ 1397.680937][ C0] RBP: ffffffff8c9ec0c0 R08: 0000000000000001 R09: 0000000000000030 [ 1397.680950][ C0] R10: 0000000000000003 R11: 0000000000000b8f R12: 0000000000000003 [ 1397.680963][ C0] R13: 0000000000000001 R14: 0000000000000020 R15: ffff88803522a9b0 [ 1397.680977][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1397.680998][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1397.681013][ C0] CR2: 00007fa199ba49a0 CR3: 0000000033476000 CR4: 00000000003526f0 [ 1397.681026][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1397.681039][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1397.681051][ C0] Call Trace: [ 1397.681058][ C0] [ 1397.681065][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 1397.681097][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1397.681126][ C0] ? nmi_handle+0x1ac/0x5d0 [ 1397.681148][ C0] ? __sanitizer_cov_trace_switch+0x4f/0x90 [ 1397.681169][ C0] ? default_do_nmi+0x6a/0x160 [ 1397.681198][ C0] ? exc_nmi+0x170/0x1e0 [ 1397.681225][ C0] ? end_repeat_nmi+0xf/0x53 [ 1397.681253][ C0] ? _ieee802_11_parse_elems_full+0x271/0x4300 [ 1397.681329][ C0] ? __sanitizer_cov_trace_switch+0x4f/0x90 [ 1397.681353][ C0] ? __sanitizer_cov_trace_switch+0x4f/0x90 [ 1397.681376][ C0] ? __sanitizer_cov_trace_switch+0x4f/0x90 [ 1397.681399][ C0] [ 1397.681406][ C0] [ 1397.681414][ C0] _ieee802_11_parse_elems_full+0x271/0x4300 [ 1397.681445][ C0] ? __pfx__ieee802_11_parse_elems_full+0x10/0x10 [ 1397.681472][ C0] ? rcu_is_watching+0x12/0xc0 [ 1397.681498][ C0] ? __kmalloc_noprof+0x23b/0x4f0 [ 1397.681524][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 1397.681555][ C0] ? cfg80211_find_elem_match+0x156/0x190 [ 1397.681669][ C0] ieee802_11_parse_elems_full+0x8bc/0x1630 [ 1397.681697][ C0] ? lock_acquire.part.0+0x11b/0x380 [ 1397.681721][ C0] ? find_held_lock+0x2d/0x110 [ 1397.681752][ C0] ? cfg80211_update_known_bss+0x439/0x1760 [ 1397.681814][ C0] ? __pfx_ieee802_11_parse_elems_full+0x10/0x10 [ 1397.681841][ C0] ? mark_held_locks+0x9f/0xe0 [ 1397.681869][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1397.681896][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 1397.681919][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1397.681940][ C0] ? cfg80211_update_known_bss+0xb84/0x1760 [ 1397.681963][ C0] ieee80211_inform_bss+0xf1/0x10f0 [ 1397.682029][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 1397.682054][ C0] ? rcu_is_watching+0x12/0xc0 [ 1397.682080][ C0] ? lock_acquire+0x2f/0xb0 [ 1397.682098][ C0] ? cfg80211_inform_single_bss_data+0x758/0x1e40 [ 1397.682124][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 1397.682149][ C0] cfg80211_inform_single_bss_data+0x8b1/0x1e40 [ 1397.682172][ C0] ? unwind_next_frame+0xe5d/0x20c0 [ 1397.682199][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 1397.682232][ C0] ? stack_trace_save+0x95/0xd0 [ 1397.682263][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1397.682289][ C0] ? __pfx_mark_lock+0x10/0x10 [ 1397.682317][ C0] ? stack_depot_save_flags+0x28/0x9e0 [ 1397.682368][ C0] ? ieee80211_parse_ch_switch_ie+0xd6f/0x1f60 [ 1397.682426][ C0] ? cfg80211_inform_bss_data+0x254/0x3e40 [ 1397.682448][ C0] cfg80211_inform_bss_data+0x254/0x3e40 [ 1397.682471][ C0] ? ieee80211_ibss_rx_queued_mgmt+0xc54/0x3040 [ 1397.682512][ C0] ? ieee80211_iface_work+0xc0b/0xf00 [ 1397.682537][ C0] ? cfg80211_wiphy_work+0x3de/0x560 [ 1397.682561][ C0] ? process_one_work+0x958/0x1b30 [ 1397.682580][ C0] ? __pfx_mark_lock+0x10/0x10 [ 1397.682629][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 1397.682660][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 1397.682684][ C0] ? hlock_class+0x4e/0x130 [ 1397.682708][ C0] ? mark_lock+0xb5/0xc60 [ 1397.682738][ C0] ? hlock_class+0x4e/0x130 [ 1397.682762][ C0] ? __lock_acquire+0xcc5/0x3c40 [ 1397.682800][ C0] ? hlock_class+0x4e/0x130 [ 1397.682827][ C0] ? find_held_lock+0x2d/0x110 [ 1397.682855][ C0] cfg80211_inform_bss_frame_data+0x252/0x8a0 [ 1397.682884][ C0] ieee80211_bss_info_update+0x311/0xab0 [ 1397.682911][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 1397.682937][ C0] ? ieee80211_ibss_rx_queued_mgmt+0x191c/0x3040 [ 1397.682966][ C0] ? ieee80211_mandatory_rates+0x1ab/0x220 [ 1397.682999][ C0] ieee80211_ibss_rx_queued_mgmt+0x1956/0x3040 [ 1397.683025][ C0] ? hlock_class+0x4e/0x130 [ 1397.683053][ C0] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 1397.683079][ C0] ? lock_acquire.part.0+0x11b/0x380 [ 1397.683099][ C0] ? find_held_lock+0x2d/0x110 [ 1397.683122][ C0] ? find_held_lock+0x2d/0x110 [ 1397.683148][ C0] ? kcov_remote_start+0x370/0x6e0 [ 1397.683173][ C0] ? mark_held_locks+0x9f/0xe0 [ 1397.683202][ C0] ? kcov_remote_start+0x3cf/0x6e0 [ 1397.683228][ C0] ieee80211_iface_work+0xc0b/0xf00 [ 1397.683256][ C0] cfg80211_wiphy_work+0x3de/0x560 [ 1397.683282][ C0] process_one_work+0x958/0x1b30 [ 1397.683306][ C0] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 1397.683330][ C0] ? __pfx_process_one_work+0x10/0x10 [ 1397.683349][ C0] ? rcu_is_watching+0x12/0xc0 [ 1397.683377][ C0] ? assign_work+0x1a0/0x250 [ 1397.683408][ C0] worker_thread+0x6c8/0xf00 [ 1397.683433][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1397.683452][ C0] kthread+0x2c1/0x3a0 [ 1397.683475][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1397.683495][ C0] ? __pfx_kthread+0x10/0x10 [ 1397.683519][ C0] ret_from_fork+0x45/0x80 [ 1397.683538][ C0] ? __pfx_kthread+0x10/0x10 [ 1397.683565][ C0] ret_from_fork_asm+0x1a/0x30 [ 1397.683620][ C0] [ 1397.698430][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1397.698446][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0 [ 1397.698475][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1397.698489][ T30] Call Trace: [ 1397.698497][ T30] [ 1397.698507][ T30] dump_stack_lvl+0x3d/0x1f0 [ 1397.698541][ T30] panic+0x71d/0x800 [ 1397.698598][ T30] ? __pfx_panic+0x10/0x10 [ 1397.698629][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1397.698666][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1397.698703][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1397.698730][ T30] ? watchdog+0xd7e/0x1240 [ 1397.698756][ T30] ? watchdog+0xd71/0x1240 [ 1397.698785][ T30] watchdog+0xd8f/0x1240 [ 1397.698816][ T30] ? __pfx_watchdog+0x10/0x10 [ 1397.698847][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1397.698876][ T30] ? __kthread_parkme+0x148/0x220 [ 1397.698908][ T30] ? __pfx_watchdog+0x10/0x10 [ 1397.698933][ T30] kthread+0x2c1/0x3a0 [ 1397.698959][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1397.698985][ T30] ? __pfx_kthread+0x10/0x10 [ 1397.699015][ T30] ret_from_fork+0x45/0x80 [ 1397.699038][ T30] ? __pfx_kthread+0x10/0x10 [ 1397.699067][ T30] ret_from_fork_asm+0x1a/0x30 [ 1397.699115][ T30] [ 1398.417935][ T30] Kernel Offset: disabled [ 1398.422258][ T30] Rebooting in 86400 seconds..