last executing test programs: 18.695187669s ago: executing program 2 (id=161): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) unshare$auto(0x20000080) (async) unshare$auto(0x20000080) (async) mbind$auto(0x81, 0xfffffffffffffff1, 0x80000001, &(0x7f0000000080)=0xa9c, 0x9, 0x0) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x3c, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HSR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}, @OVS_DP_ATTR_USER_FEATURES={0x8, 0x5, 0xa}, @OVS_DP_ATTR_MASKS_CACHE_SIZE={0x8, 0x7, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x80) 18.469898983s ago: executing program 2 (id=162): mmap$auto(0x0, 0xe983, 0xb0, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0x2, 0x2, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0)={0x2, @sockaddr_1_1}, 0x55) ioctl$auto(0xc8, 0x400454ce, 0x5c8d) write$auto(0x3, 0x0, 0x81) mlock$auto(0x81, 0xffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x9, 0x8000, 0x5, 0x729, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x53, 0x9) syz_genetlink_get_family_id$auto_ovs_meter(0x0, 0xffffffffffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) 15.136590203s ago: executing program 2 (id=173): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) lchown$auto(0x0, 0x0, 0x6) (async) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) socket(0xa, 0x3, 0x3a) (async) dup3$auto(0x8000000000000001, 0x5, 0x800000000) (async) splice$auto(0x8, &(0x7f0000000080)=0xac, 0x5, 0x0, 0xffffffffffffffff, 0x3) (async, rerun: 32) prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x2, 0xffffffffffffffff, 0x8) (async, rerun: 32) ptrace$auto(0x10, 0x10000000000001, 0xffffffffffffff56, 0x868f) (async, rerun: 32) prctl$auto(0x42d, 0x10, 0x7fff, 0xffffffffffffffff, 0x3) (rerun: 32) 5.86019479s ago: executing program 2 (id=176): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1e, 0x1, 0x0) setreuid$auto(0x3, 0x7) epoll_ctl$auto(r0, 0x1cb6, 0x3, &(0x7f0000000500)={0xffffff92}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x2474a7d9180cffa3, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x40c0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x1e, 0x1, 0x0) (async) setreuid$auto(0x3, 0x7) (async) epoll_ctl$auto(r0, 0x1cb6, 0x3, &(0x7f0000000500)={0xffffff92}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x2474a7d9180cffa3, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x40c0) (async) 5.64517815s ago: executing program 2 (id=179): sendmsg$auto_IOAM6_CMD_ADD_SCHEMA(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044800}, 0x20004000) sendmsg$auto_NFSD_CMD_LISTENER_SET(0xffffffffffffffff, 0x0, 0x4000) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x3, 0x1) socket(0x2, 0x801, 0x106) socket(0x10, 0x2, 0xc) syz_genetlink_get_family_id$auto_MAC802154_HWSIM(0x0, r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rseq$auto(&(0x7f0000000000)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x7ffe, 0x0, 0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) clone$auto(0x8000000000000000, 0x4, 0xfffffffffffffffc, 0x0, 0x7) io_uring_setup$auto(0x6, 0x0) madvise$auto(0x8, 0x200008, 0x19) setpriority$auto(0x2, 0x8000000000000000, 0x4) socket(0x2, 0x3, 0xa) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mincore$auto(0x0, 0x10000, 0x0) getsockopt$auto(0x6, 0x84, 0x84, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x404, 0x7ffd) setresuid$auto(0x0, 0x8, 0x8000) prctl$auto(0x3a, 0x2b7, 0x8, 0x10003, 0x10001) mmap$auto(0x0, 0x9, 0xdf, 0x1000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x80, &(0x7f0000000040)={0x4, 0x60000, 0x928, 0xae, 0x10001, 0x4, r1, [0x8, 0x6, 0x1ff], {0xffffffff, 0x7fff, 0x9, 0x0, 0x4, 0x4, 0x7, 0x4, 0x1ff}, {0x0, 0x6, 0x9, 0x6, 0x87fe, 0x6, 0x1, 0x3, 0x45}}) 4.835758639s ago: executing program 1 (id=185): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x8802, 0x32) write$auto(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000880)='./file0\x00', 0xc3, 0x80) pwritev$auto(0x4, 0x0, 0x2, 0xae, 0x3) setsockopt$auto(r0, 0x20424088, 0x8, &(0x7f0000000000)='&])\'\x00', 0x80) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) memfd_secret$auto(0x0) mmap$auto(0x0, 0x8, 0xfffffffffffffffa, 0x13, 0x3, 0x0) r2 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000080), r1) sendmsg$auto_NFC_CMD_DISABLE_SE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000427bd7000fbdbdf25120000000400140005000b0007000009000000000000007e5b00000005000f000000000008000e003f000000080001000703004ddb882400265d292700000000a2ca9b74e77a6195067344fca9f6926cc42189baa40fd6dd2b872d78a69a1d90336cf4f25577f58fb016ce4c0e47886460d5ff69eee9ffa3cef08fdccfe7011dd19b4bd7a3c6cce9363ebdfa61c704a6ea138cbf1a37ecf20ab359d4276a60b43288d9f698890a284c847820cd4108a1bad0916ff4ed2304c39f3450b0b69ea734ec0fadaaeb4fb026a4d03d7f7019dcb0584e886ad404503b866cf5c7399ce9c7295c22230fa244c8a79c174962c0ad341b1284a5213b49a05db2171ab713d25bc58245655720199c8fac983ffe7611412d456ac777555f5d194fb04fa3441fc310bad3c00536cf28d4e82b685a45cd358b44ea13ec6bf6bf290801fca8b7fca7cfa89488e5c78e4672aa2ae69003d8cd29b3ce902af8f7f8a585bb3507171c4abe4e144c2d382d01bad21fb8809d49bd1ff4879a00000000002c025ea1c2e2214d3bbc7eb0c6b0fd4d4204adddc2b4"], 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x4048090) pipe2$auto(0x0, 0x80) sendfile$auto(0x6, 0x3, 0x0, 0xc01) mmap$auto(0xd2c7, 0x2, 0xfffffffffffffffa, 0x13, 0x40, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x100000000000032, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) ioctl$auto(0x3, 0x89e0, 0xfffffffffffff4e0) munmap$auto(0xfffffffffffffffd, 0x4) 4.421684719s ago: executing program 0 (id=187): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_map_fd=0x29d, 0x7, @old_map_fd=0x3ff}, 0xa3) r1 = socket(0xa, 0x3, 0xff) sendmsg$auto_NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x40084) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000300)=[0x404], 0x7}, 0x7e) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) sendmsg$auto(r1, &(0x7f0000000240)={&(0x7f0000000000)=[0x9, 0xfffffffffffffffe], 0x6, 0x0, 0xfffe000000000, &(0x7f0000000200)=[0x1000, 0x7c1e9120], 0x7, 0xbe05}, 0x6) unshare$auto(0x200) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="80000000", @ANYRES16=0x0, @ANYBLOB="00032bbd7000fcdbdf257c00000006"], 0x80}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df"], 0x1ac}}, 0x40000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1f00000012"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000021}, 0x8004) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0xdd, 0x8000) setns(r2, 0x18000000) umount2$auto(&(0x7f0000000080)='.\x00', 0x3) setns(r2, 0x0) r4 = socket(0xa, 0x2, 0x0) setsockopt$auto(r4, 0x29, 0x30, 0x0, 0x56b) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x20) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x22040, 0x75) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) 3.934936613s ago: executing program 1 (id=189): r0 = socket(0xa, 0x3, 0x73) setreuid$auto(0x3, 0x7) fspick$auto(0x6a, 0x0, 0xe) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f0000000140)={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socket(0xa, 0x2, 0x88) newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0xfffffffffffffe01, 0x2, 0x0, 0x3dc3, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x5, 0x7, 0xffffffffffffffff, 0x8, 0xcab, 0x6, 0x0, 0x4, 0x7}, 0x1000) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000080)={0x2, @sockaddr_1_1={"59c7"}}, 0x6b) select$auto(0x6d0c, 0x0, 0x0, 0x0, 0x0) socketpair$auto(0x6, 0x5, 0x8000000000000000, 0x0) socket(0x2, 0x5, 0x0) socket(0x23, 0x80805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x11, 0xa, 0xfffffffc) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000080)={0x2, @sockaddr_1_1={"59c7ef"}}, 0x6b) select$auto(0x3, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x9, 0x9, 0x3, 0x6, 0x2, 0x9, 0x5e58296f, 0x4000000000000000, 0x9, 0x3, 0x200, 0x8, 0x6]}, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000140)={0xa, @sa_data_min="c4aeed448dc7fe8000"}, 0x55) connect$auto(0x3, &(0x7f0000000000)={0x2, @sa_data_min="0800e00000000000c1728d2af766"}, 0x55) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x24004141) sendmmsg$auto(0x3, &(0x7f0000000040)={{0x0, 0x2, &(0x7f0000000080)={0x0, 0x1}, 0x10a, 0x0, 0x0, 0x3ff}, 0xed7138c}, 0x200, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1100000012"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x0) recvfrom$auto(r0, 0x0, 0x1ff, 0x2, 0x0, 0x0) 3.822122129s ago: executing program 0 (id=190): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) socket(0xa, 0x2, 0x0) select$auto(0xfffffffd, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x9, 0x6, 0x1, 0x2800000000000002, 0x9, 0x5e582971, 0xff, 0x2c, 0x4, 0xffff, 0x80000074, 0xb]}, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000140)={0xa, @sa_data_min="c4aeed448dc7fe8000"}, 0x55) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mq_open$auto(&(0x7f0000000080)='+-\'\xd5,\x00', 0x1, 0x5, &(0x7f0000000180)={0x6, 0x3, 0x5, 0x6}) ioctl$auto(0xc8, 0x54e3, 0x5c8d) select$auto(0x6, 0x0, &(0x7f0000000100)={[0x9, 0x4000000009, 0x0, 0x0, 0x9, 0x3, 0x6, 0x2, 0x9, 0x5e58296f, 0x4000000000000000, 0x9, 0x3, 0x200, 0x8, 0x6]}, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000040)={{0x0, 0x2, &(0x7f00000000c0)={0x0, 0x2f9e}, 0x10a, 0x0, 0x0, 0x403ff}, 0xed7138c}, 0x200, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x7000846) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x11}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, '\x00\x00\x00\x00\x00y+\x00'}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 3.439975051s ago: executing program 0 (id=192): madvise$auto(0x0, 0xffffffffffff0001, 0x15) settimeofday$auto(&(0x7f0000000000)={0x77b}, &(0x7f0000000040)={0x3e2, 0x9}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000000c0)='ns/ipc\x00') 3.149879371s ago: executing program 3 (id=193): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket(0xa, 0x5, 0x0) pipe$auto(0x0) setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x9) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_3={0x8, 0x906a, 0x18c, 0x4, 0x2, 0x8, 0x4, 0x57b8, 0xfffffff8, "63acf0e05b2d33ebc15774e816ef77cf", 0x0, 0x543, r0, 0x207, 0x0, 0x4, 0x4, 0x2, 0xe, 0xa, @attach_btf_obj_fd=r0, 0xc, 0x7fb, 0x80000200006, 0xa, 0x48000000, 0xa7c2}, 0x102) bind$auto(0x3, &(0x7f0000000040)={0xa, @sa_data_min="001000000000fe8000"}, 0x69) shutdown$auto(0x200000003, 0x2) select$auto(0x3, 0x0, &(0x7f0000000100)={[0xd, 0x200, 0x0, 0xc, 0x8, 0x3, 0x6, 0x2, 0x9, 0x5e582970, 0x4000000000000000, 0x6, 0x4, 0x4, 0x400000000000008, 0x6]}, 0x0, 0x0) poll$auto(&(0x7f0000000080)={0x2, 0x0, 0x1a}, 0xff, 0x1) connect$auto(0x3, &(0x7f0000000140)={0xa, @sa_data_min="c4aeed448dc7fe8000"}, 0x55) 2.817733355s ago: executing program 0 (id=194): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000100), r0) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_LINK={0x8, 0x1, 0x81}, @GTPA_VERSION={0x8, 0x2, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x40000002c55, 0x0) mmap$auto(0x0, 0x10000, 0xffb, 0x8000000008011, 0x3, 0x8000) r2 = socket(0x11, 0x800000003, 0x0) getsockopt$auto(r2, 0x107, 0x9, 0x0, 0x0) mmap$auto(0x0, 0x8020009, 0xe2, 0xcb1, 0x401, 0x8040001008000) 2.8116146s ago: executing program 1 (id=195): mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) mincore$auto(0x0, 0x10000, 0x0) (async) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) (async) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000001480), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_BIND_RX(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010026bd7000fcdbdf250d00000008000300", @ANYRES32=r2, @ANYBLOB="0400028008000100", @ANYRES32=r1], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x4) (async) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f00000000c0), r2) (async) mknodat$auto(r0, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8) (async) renameat2$auto(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000080)='./file0\x00', 0x7) 2.809717113s ago: executing program 3 (id=196): pipe$auto(&(0x7f0000000040)) r0 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f00000000c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000df3e24896d7f37d28df6808ec4950a8b2dd5edabf438d34d2acae796072677632ea1fa00b8b8a5af68f1f5a00c40b22a8b91aa2f76393c9855f1956359f94684a8875247783da68688974ddd7e80b5b9e15245579ab3c1a0e8274c83dfe985cad37bb13790f9de7211ff7013a8b45afd10bc8718ca79e957cca1f95c34cbcf0a1d1ce5352bb2943976dfc099a96c9301171480431d4944918f92bc", @ANYRES16=r0, @ANYBLOB="010029bd7000fddbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x80000) io_uring_setup$auto(0x1, &(0x7f0000000400)={0xb7, 0x7, 0x1ff, 0xfffff1a9, 0x5b06735f, 0x1ff, r1, [0x0, 0x7d02, 0xfffffffd], {0x8001, 0x9, 0x4, 0x4, 0x800, 0x4, 0xa, 0xfffffff3, 0x1}, {0x0, 0x10001, 0xc4, 0x1, 0x7, 0x7, 0x100, 0x0, 0x237}}) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r2, &(0x7f0000000200)='\x00', 0x0, &(0x7f0000000100)=&(0x7f00000000c0)='\\\x00', 0x1000) madvise$auto(0x0, 0x6, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000240), r2) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(r3, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xc8, r4, 0x800, 0x70bd25, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY_CAPS={0xb4, 0x18, 0x0, 0x1, [@nested={0xae, 0xa5, 0x0, 0x1, [@nested={0x4, 0xbe}, @nested={0x4, 0xe7}, @typed={0xd, 0xcf, 0x0, 0x0, @str='$.@%&:(\x97\x00'}, @generic="bc6f71bb2309c878dfde931d51612a0068d3c71b7ee3530e425f7a82146758accbb1966dff34703cc9fdcc5f894c1ccf19336669ef2851cb138926f3d3d778f2ed8b06bc3469b1a7caa66a74360c870ce29a2402fb81e3c6c39e58e0d18019db810b2a924013e95010488b5f3af683a9593eacdb8523", @nested={0x4, 0xbf}, @typed={0x14, 0xe4, 0x0, 0x0, @ipv6=@empty}, @nested={0x4, 0x80}]}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x8800}, 0x4040008) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r2) syz_genetlink_get_family_id$auto_MAC80211_HWSIM(&(0x7f0000000000), r1) 2.480417315s ago: executing program 0 (id=197): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x100000, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x2) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) clock_nanosleep$auto(0x0, 0x3, 0x0, 0x0) (async) mmap$auto(0x8000000000000000, 0xfffffffffffffffc, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) setregid$auto(0x81, 0x5) (async) clone$auto(0x7fff, 0xff, 0x0, 0x0, 0x7) r0 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r0) (async) open(&(0x7f0000001280)='MAC80211_HWSIM\x00', 0x2a4c0, 0x20) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) (async) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) (async) mmap$auto(0x0, 0x8, 0x1000000007, 0x25d3, 0x0, 0x8000) (async) socket(0x840000000002, 0x3, 0xff) (async) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) mmap$auto(0x9, 0xffffffff, 0xfffffffffffffff9, 0x17, 0x3, 0x5) (async) connect$auto(0x3, &(0x7f0000000000)={0x2, @sa_data_min="0800e00000000000c1728d2af766"}, 0x55) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001380)={0x0}, 0x1, 0x0, 0x0, 0x20000010}, 0x200080c4) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x6, &(0x7f00000002c0)={0x0, 0xc4}, 0xfffffffffffffffd, 0x0, 0x0, 0x9}, 0xb}, 0x3, 0x0) (async) mkdir$auto(&(0x7f0000000040)='MAC80211_HWSIM\x00', 0x1) r1 = socket(0x10, 0x2, 0x9) sendmsg$auto_NL80211_CMD_DEL_MPATH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000005304"], 0x14}, 0x1, 0x0, 0x0, 0x4040040}, 0x40010) syz_clone3(&(0x7f00000012c0)={0x40006000, &(0x7f00000000c0)=0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000140), {0x3}, &(0x7f0000000180)=""/4096, 0x1000, &(0x7f0000001180)=""/225, &(0x7f0000001280), 0x0, {r0}}, 0xbb) sendfile$auto(r1, r2, &(0x7f0000001340)=0x5, 0x0) set_mempolicy$auto(0xcb, &(0x7f0000000080)=0x1, 0xa4e) 2.297744796s ago: executing program 3 (id=198): socket(0xa, 0x801, 0x84) sysfs$auto(0x2, 0x50, 0x0) get_mempolicy$auto(0x0, 0x0, 0x0, 0x7f, 0x9) (async) get_mempolicy$auto(0x0, 0x0, 0x0, 0x7f, 0x9) setsockopt$auto(0x200000000000003, 0x1, 0x29, 0x0, 0x300) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/uts\x00') ioctl$NS_GET_PARENT(r0, 0xb701, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socket(0xa, 0x801, 0x84) (async) socket(0xa, 0x801, 0x84) semctl$auto(0x8, 0xfffffffa, 0x2, 0x3fe0) (async) semctl$auto(0x8, 0xfffffffa, 0x2, 0x3fe0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0xc) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 2.255274436s ago: executing program 1 (id=199): r0 = socket(0x8972c23b626a13d5, 0x5, 0x0) mmap$auto(0x0, 0x8, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) (async) shutdown$auto(0x200000003, 0x2) (async, rerun: 64) close_range$auto(0x0, r0, 0xc002) (async, rerun: 64) pipe$auto(0x0) (async) pipe$auto(&(0x7f0000000000)=0xae8) tee$auto(0x2000000000000, 0x3, 0x3ff, 0x9) (async) r1 = socket(0x2, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) (async) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) (async) io_uring_register$auto(0x100000001, 0x14, 0x0, 0x5) (async, rerun: 32) getsockopt$auto(r1, 0x10d, 0xa, 0x0, &(0x7f00000000c0)=0x4) (rerun: 32) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0x8) connect$auto(0x3, &(0x7f0000000140)={0x2, @sa_data_min="09ae0300"}, 0x55) sendto$auto(0x3, 0x0, 0xf, 0x101, &(0x7f0000000140)={0x2, @sockaddr_1_1}, 0x1c) (async, rerun: 64) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd) (async, rerun: 64) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000a00), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r2, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000541fd14b279e09e31ef07a2f7bb00c7357b8e7b1e5872d2ba55ef7ef9a29040e027718cccd5c26591a0765512c84231398dc7bb319fa4877cd9654c3cba7d6f3328fda917a47d9e7cbe29b74eaa2acf0735993518760a2153ce48d3f130e8ea6a47ad1688dae44f63f7749e5672936809f44911501439f53dcbbf5704640a701b5345cd97230b236b13d9283ccc98e2dbd0000", @ANYRES16=r3, @ANYBLOB="010027bd7000fedbdf250700000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000804}, 0x8880) mq_notify$auto(0x6, &(0x7f00000000c0)={@sival_ptr=0x0, 0x0, 0x1}) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async, rerun: 64) io_uring_setup$auto(0x40005, &(0x7f0000000000)={0x6, 0x1, 0x400, 0x7, 0x1005, 0x6, 0x7, [0x4, 0x2e9, 0x8], {0x0, 0x1, 0x8, 0x7, 0x5, 0x100005, 0x1, 0xfffffffc, 0x7}, {0x4, 0xfff, 0x1ff, 0x2, 0x8, 0x200, 0x3, 0x0, 0x3}}) (rerun: 64) 1.744627259s ago: executing program 2 (id=200): socket(0xa, 0x3, 0x32) clock_nanosleep$auto(0x5, 0x9, &(0x7f0000000000)={0x64733704, 0x9}, &(0x7f0000000080)={0x4, 0x6}) close_range$auto(0x2, 0xfffffffffffff000, 0x2) bpf$auto(0x8000000000000020, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x2, 0x3a) semtimedop$auto(0x8, &(0x7f00000001c0)={0x7, 0xe7, 0x9}, 0x7, &(0x7f0000000200)={0x40e5, 0x1}) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) memfd_secret$auto(0x0) ftruncate$auto(0x3, 0x700) finit_module$auto(0x3, 0xfffffffffffffffe, 0x400000000004) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) setsockopt$auto(r0, 0x29, 0x21, &(0x7f0000000040)='! ', 0x63) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0x3, &(0x7f0000000140)={0xa, @sa_data_min="c457ffffffffffffff000300"}, 0x55) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00>c'], 0x1c}, 0x1, 0x0, 0x0, 0x40000021}, 0x8004) sendmmsg$auto(0x3, &(0x7f00000000c0)={{0x0, 0x9, 0x0, 0x105, 0x0, 0x4, 0x3}, 0xed7138c}, 0x47, 0x0) memfd_secret$auto(0x0) 1.629835064s ago: executing program 3 (id=201): socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32) getsockopt$auto(0x3, 0x200000000001, 0x23, 0xfffffffffffffffe, 0x0) (async, rerun: 32) open(&(0x7f0000000000)='./cgroup\x00', 0x80040, 0x181) 1.629579495s ago: executing program 1 (id=202): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) keyctl$auto(0x4, 0x1ce, 0x3, 0x2, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) clone$auto(0x1000, 0x3, 0x0, 0x0, 0x6) madvise$auto(0x0, 0x2000000080000001, 0x3) r0 = socket(0x15, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40005) socket(0x2a, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000100), r0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="3e71c80ec7b2abb423753777d9ed0e54d4af325396d346916f1f87792b0f9b063a4a57bdab23a6e9a98fc2f7385fb3954c0506b14d8bfdbaf7b17f237bb0c22734caeb7a1e797eb8fc73174c77e0fae43e0c59e4e4d66d755197543b51d24030f06a9e7d71002f4e3112b1b357261e710f4da8c62d4b74ca04b47b03000000000000001411f9717b886771b226cdeca5f8ec4c23accc7cb68a7d93e14809c0cb0313852aa3f8f3a2882fa6b017cab5f7cbd462970bbcc8f55960feff3f5f0c37ee2ca0a2e79a0c4f7a8cd82ff81a35f50457d9c912e3f1538e67735538fa2144831cdfc201dbb0947de670325b4226e74ee3218510f913a144f642916a0f0319fc76f1ee3ab8e2cde2c73ecaa90d2009f510687284126a1ea922bb8123768f2e7da277369574b416ddc4", @ANYRES16=r1, @ANYBLOB="040027bd7000fddbdf250a000000"], 0x14}}, 0x6a71520117a5d043) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_clone3(&(0x7f0000000700)={0x1000000, &(0x7f00000001c0), &(0x7f00000004c0), &(0x7f0000000500)=0x0, {0xe}, &(0x7f0000000540)=""/165, 0xa5, &(0x7f0000000600)=""/190, &(0x7f00000006c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58) lstat$auto(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x7, 0x1e3, 0x5, 0x4, 0xee01, 0x0, 0x0, 0x1ff, 0x4e1b, 0x2, 0x5, 0x9, 0x9, 0x9, 0x3, 0x4, 0xd}) pidfd_send_signal$auto(r0, 0x1, &(0x7f0000000880)={@siginfo_0_0={0xc, 0x7fffffff, 0x6, @_sigchld={r3, r4, 0x5, 0xa, 0x8000000000000001}}}, 0x401) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001480), r5) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r5, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f0000000040)={0x20, r6, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x0) r7 = syz_genetlink_get_family_id$auto_SMC_PNETID(&(0x7f0000000180), r5) sendmsg$auto_SMC_PNETID_ADD(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="96010080", @ANYRES16=r7, @ANYBLOB="010026bd7000ffdbdf250200000005000400020000007c0001006e6c3838323131400343c2dd75ca1ab89f8684fdb7c77740ff898984d46ee4bcde271e13e5a06057292f3dbeee8c966f3a982c19c6edb77d35b40000031a7499f53842c70049fa96386626428c59b7414e9e0000000000000000b21ca5001b62f13aabc21e512f0c7c7ba0c3f7b99e78ae8052e9f82005b9"], 0x98}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040810) sendmsg$auto_SMC_PNETID_ADD(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="44040000", @ANYRES16=r7, @ANYBLOB="040029bd7000fbdbdf25020000000900010024405c2f000000000500010000000000050004000700000006000100210000000a000300087e2f4026000000"], 0x44}, 0x1, 0x0, 0x0, 0x40011}, 0x20048000) 1.224625449s ago: executing program 3 (id=203): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) madvise$auto(0x3, 0xc6, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b7e, 0x20007, 0x0) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0xc1, 0x2000000000002) socket(0x2, 0x2, 0x1) (async) socket(0x2, 0x2, 0x1) socket(0x2, 0x801, 0x106) (async) socket(0x2, 0x801, 0x106) socket(0x26, 0x80805, 0x0) open(0x0, 0x12ba7e, 0x145) fanotify_mark$auto(0x0, 0x1, 0x9, 0x4, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) readv$auto(0x0, &(0x7f0000000080)={0x0, 0x20}, 0x3) madvise$auto(0xa, 0x3, 0x5) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) syz_clone3(&(0x7f0000000000)={0x28020000, 0x0, 0x0, 0x0, {0x17}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) (async) syz_clone3(&(0x7f0000000000)={0x28020000, 0x0, 0x0, 0x0, {0x17}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) 954.336747ms ago: executing program 0 (id=204): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket(0xa, 0x5, 0x0) pipe$auto(0x0) setsockopt$auto(0x3, 0x0, 0x13, 0x0, 0x9) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_3={0x8, 0x906a, 0x18c, 0x4, 0x2, 0x8, 0x4, 0x57b8, 0xfffffff8, "63acf0e05b2d33ebc15774e816ef77cf", 0x0, 0x543, r0, 0x207, 0x0, 0x4, 0x4, 0x2, 0xe, 0xa, @attach_btf_obj_fd=r0, 0xc, 0x7fb, 0x80000200006, 0xa, 0x48000000, 0xa7c2}, 0x102) bind$auto(0x3, &(0x7f0000000040)={0xa, @sa_data_min="001000000000fe8000"}, 0x69) shutdown$auto(0x200000003, 0x2) select$auto(0x3, 0x0, &(0x7f0000000100)={[0xd, 0x200, 0x0, 0xc, 0x8, 0x3, 0x6, 0x2, 0x9, 0x5e582970, 0x4000000000000000, 0x6, 0x4, 0x4, 0x400000000000008, 0x6]}, 0x0, 0x0) poll$auto(&(0x7f0000000080)={0x2, 0x0, 0x1a}, 0xff, 0x1) connect$auto(0x3, &(0x7f0000000140)={0xa, @sa_data_min="c4aeed448dc7fe8000"}, 0x55) 141.763557ms ago: executing program 3 (id=205): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth1_vlan\x00', 0x0}) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d40), r1) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000d40), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r4, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x1c, r5, 0x305, 0x70bd2a, 0x25dfdbfc, {}, [@NETDEV_A_QSTATS_IFINDEX={0x8, 0x1, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r6) sendmsg$auto_NL80211_CMD_GET_STATION(r8, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, r9, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x7}, @NL80211_ATTR_FILS_ERP_RRK={0x2b, 0xfc, "2c8074a3377a1561a23f23a949f2971a2d4294ad245e23ff817f73a1ecd3f960bf070d45eb8de6"}]}, 0x48}, 0x1, 0x0, 0x0, 0x24004890}, 0x80) close_range$auto(0x2, 0x401, 0x0) sendmsg$auto_ETHTOOL_MSG_PHC_VCLOCKS_GET(r1, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001d80)={0x20, r3, 0x27, 0x70bd29, 0x25dfdbfc, {}, [@ETHTOOL_A_PHC_VCLOCKS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40040}, 0x40040) 0s ago: executing program 1 (id=206): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x801, 0x84) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0xffffffffffffffcd, 0x0, 0x1, 0x0, 0x0, 0x40000021}, 0x8004) connect$auto(r1, &(0x7f0000000140)={0xa, @sa_data_min="c4aeed448dc7fe8000"}, 0x59) fanotify_init$auto(0x2, 0x10) select$auto(0xa, 0x0, &(0x7f0000000100)={[0x20000000000d, 0x203, 0x0, 0xc, 0x5, 0x3, 0x5, 0x2000000000000002, 0x9, 0x8, 0xff, 0xa, 0x4, 0xaab, 0x5, 0x4006]}, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000140)={0xa, @sa_data_min="c4aeed448dc7fe8000"}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) getdents64$auto(r1, &(0x7f00000001c0)={0x4, 0xc000000, 0xa9, 0x9, "f287eb646ec474a3c643b944584dcca9e53f451b9bde6424d8a0ead49a5219d80173c70cf54fe13d18223f66072e68e40d1b4635343fc5391fd371d7d5b897a8dd5dc79af2f2ddc75494e1691e79ab56d664d7e653b3b6fb400f0a989e2cb602777490643ac8a6377e356cd3e271992f8a1373f7a663877ca2028a9cb6db22eceec4cc14b341a639ec38aaa444a478ba5abcbe1f9b2e7dd2348a54f37c5a2d29c00e6f4dabe3f14d0e3ad3efaec326cf7421"}, 0x10000) shutdown$auto(0x200000003, 0x2) getpeername$auto(0x3, 0x0, 0x0) sendmmsg$auto(0x3, &(0x7f0000000180)={{0x0, 0x80, &(0x7f0000000040)={0x0, 0x660b}, 0x4, 0x0, 0x1, 0xb33}, 0xed7138c}, 0x2, 0x9) setsockopt$auto(0x3, 0x1, 0xd, 0x0, 0x8) close_range$auto(0x2, 0x8000, 0x0) r2 = syz_genetlink_get_family_id$auto_MAC80211_HWSIM(&(0x7f0000000080), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000300)={0x94, r2, 0x8a00f4e9954364ed, 0x70bd29, 0x25dfdbfd, {}, [@HWSIM_ATTR_RADIO_NAME={0x7f, 0x11, '.\x00\x00\x00\x00\x00\x00\x00-\x9c\xe4\xbe\x9e6y\x93\xd5\xbc\x9f\x8a\xf7\f\x01k\a\x86\xc1a\x12;\xab\xd7+\x99\xe71\x9b)p\x06\x02;/X\xfc+\x8b@\x90\xfc\x00\xbbNvh\x88\x10\x00\x00\f\x11\xe7\xd3:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xec|\xfd+Q3y\xef\xf1\xb3\x9eI\xa2\x99_f\x0ej\xa7x\x13\x13%^3\x85O\xe2\xe1\x84\xcb\x86\xe6\x16\x9er\xdb[\x89\xb9\x06s\xa5\x1f\xfe\xdf4\x1c'}]}, 0x94}, 0x1, 0x0, 0x0, 0x84}, 0x24000054) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. syzkaller login: [ 84.455350][ T5843] cgroup: Unknown subsys name 'net' [ 84.587359][ T5843] cgroup: Unknown subsys name 'cpuset' [ 84.595795][ T5843] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.300609][ T5843] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.277219][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.289544][ T5863] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.298615][ T5863] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.307236][ T5863] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.315864][ T5863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.332833][ T5863] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.340835][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.363872][ T5863] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.364945][ T5866] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.381767][ T5870] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.382485][ T5869] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 88.392561][ T5870] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.400837][ T5867] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.403443][ T5870] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.411056][ T5869] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.418425][ T5870] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.432491][ T5870] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.441092][ T5870] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.461006][ T5870] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.468637][ T5870] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.477141][ T5870] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 88.484763][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.494374][ T5856] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 88.504037][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.879940][ T5853] chnl_net:caif_netlink_parms(): no params data found [ 88.955672][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 88.975599][ T5857] chnl_net:caif_netlink_parms(): no params data found [ 88.994293][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 89.070348][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.078495][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.086578][ T5853] bridge_slave_0: entered allmulticast mode [ 89.094056][ T5853] bridge_slave_0: entered promiscuous mode [ 89.128521][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.136669][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.146729][ T5853] bridge_slave_1: entered allmulticast mode [ 89.154044][ T5853] bridge_slave_1: entered promiscuous mode [ 89.249487][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.263165][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.326673][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.334050][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.341309][ T5861] bridge_slave_0: entered allmulticast mode [ 89.348998][ T5861] bridge_slave_0: entered promiscuous mode [ 89.357377][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.365316][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.373008][ T5852] bridge_slave_0: entered allmulticast mode [ 89.379925][ T5852] bridge_slave_0: entered promiscuous mode [ 89.387542][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.395369][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.403654][ T5852] bridge_slave_1: entered allmulticast mode [ 89.410625][ T5852] bridge_slave_1: entered promiscuous mode [ 89.426797][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.434339][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.441750][ T5857] bridge_slave_0: entered allmulticast mode [ 89.450357][ T5857] bridge_slave_0: entered promiscuous mode [ 89.458003][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.465924][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.473532][ T5861] bridge_slave_1: entered allmulticast mode [ 89.480468][ T5861] bridge_slave_1: entered promiscuous mode [ 89.508180][ T5853] team0: Port device team_slave_0 added [ 89.515804][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.524361][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.531611][ T5857] bridge_slave_1: entered allmulticast mode [ 89.539137][ T5857] bridge_slave_1: entered promiscuous mode [ 89.557701][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.571306][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.584404][ T5853] team0: Port device team_slave_1 added [ 89.637226][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.670491][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.686572][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.698869][ T5852] team0: Port device team_slave_0 added [ 89.708006][ T5852] team0: Port device team_slave_1 added [ 89.715716][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.723411][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.749733][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.767520][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.810186][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.817447][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.843449][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.866720][ T5861] team0: Port device team_slave_0 added [ 89.876099][ T5861] team0: Port device team_slave_1 added [ 89.924102][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.931112][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.957955][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.971200][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.978662][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.006318][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.023418][ T5857] team0: Port device team_slave_0 added [ 90.030648][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.037857][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.064350][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.093241][ T5857] team0: Port device team_slave_1 added [ 90.109710][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.116915][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.145274][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.186938][ T5853] hsr_slave_0: entered promiscuous mode [ 90.193829][ T5853] hsr_slave_1: entered promiscuous mode [ 90.266461][ T5852] hsr_slave_0: entered promiscuous mode [ 90.273688][ T5852] hsr_slave_1: entered promiscuous mode [ 90.280077][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.288778][ T5852] Cannot create hsr debugfs directory [ 90.295436][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.302832][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.330086][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.358105][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.365612][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.395988][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.417459][ T5861] hsr_slave_0: entered promiscuous mode [ 90.424438][ T5861] hsr_slave_1: entered promiscuous mode [ 90.431574][ T5861] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.439355][ T5861] Cannot create hsr debugfs directory [ 90.483172][ T5856] Bluetooth: hci0: command tx timeout [ 90.489387][ T5860] Bluetooth: hci1: command tx timeout [ 90.562571][ T5860] Bluetooth: hci2: command tx timeout [ 90.562704][ T5856] Bluetooth: hci3: command tx timeout [ 90.593979][ T5857] hsr_slave_0: entered promiscuous mode [ 90.600410][ T5857] hsr_slave_1: entered promiscuous mode [ 90.607075][ T5857] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.614874][ T5857] Cannot create hsr debugfs directory [ 90.804030][ T5852] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.844677][ T5852] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.859867][ T5852] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.891518][ T5852] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.958772][ T5853] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.973501][ T5853] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.985065][ T5853] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.017256][ T5853] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.060161][ T5861] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.095332][ T5861] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.122666][ T5861] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.146421][ T5861] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.190232][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.225729][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.249737][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.265372][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.348314][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.440987][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.457970][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.487121][ T3551] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.494711][ T3551] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.515718][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.530456][ T3551] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.537754][ T3551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.566129][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.578457][ T5853] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.600507][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.608316][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.626889][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.634043][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.673212][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.688020][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.714937][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.722161][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.735157][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.742388][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.754041][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.761198][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.810264][ T3551] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.817459][ T3551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.217423][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.351870][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.435441][ T5852] veth0_vlan: entered promiscuous mode [ 92.456532][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.486983][ T5852] veth1_vlan: entered promiscuous mode [ 92.521065][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.545347][ T5857] veth0_vlan: entered promiscuous mode [ 92.572720][ T5856] Bluetooth: hci1: command tx timeout [ 92.577529][ T5860] Bluetooth: hci0: command tx timeout [ 92.627035][ T5857] veth1_vlan: entered promiscuous mode [ 92.643031][ T5860] Bluetooth: hci2: command tx timeout [ 92.643068][ T5856] Bluetooth: hci3: command tx timeout [ 92.666954][ T5852] veth0_macvtap: entered promiscuous mode [ 92.693934][ T5853] veth0_vlan: entered promiscuous mode [ 92.704194][ T5852] veth1_macvtap: entered promiscuous mode [ 92.728908][ T5853] veth1_vlan: entered promiscuous mode [ 92.765160][ T5861] veth0_vlan: entered promiscuous mode [ 92.795569][ T5857] veth0_macvtap: entered promiscuous mode [ 92.808821][ T5861] veth1_vlan: entered promiscuous mode [ 92.824553][ T5853] veth0_macvtap: entered promiscuous mode [ 92.836728][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.859518][ T5853] veth1_macvtap: entered promiscuous mode [ 92.868695][ T5857] veth1_macvtap: entered promiscuous mode [ 92.885970][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.914906][ T5852] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.925215][ T5852] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.935358][ T5852] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.949910][ T5852] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.010533][ T5861] veth0_macvtap: entered promiscuous mode [ 93.020212][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.032642][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.044969][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.063806][ T5861] veth1_macvtap: entered promiscuous mode [ 93.101924][ T5853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.119179][ T5853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.144779][ T5853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.159114][ T5853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.173680][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.189093][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.201825][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.214215][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.241600][ T5853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.258676][ T5853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.271543][ T5853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.290005][ T5853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.301784][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.315945][ T5857] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.326013][ T5857] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.336343][ T5857] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.345440][ T5857] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.375291][ T5853] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.387693][ T5853] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.397456][ T5853] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.406700][ T5853] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.420237][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.434063][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.447683][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.459307][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.469420][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 93.480138][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.491587][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.531741][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.542964][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.553940][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.565903][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.575900][ T5861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.586435][ T5861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.597525][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.635901][ T5861] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.645121][ T5861] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.654522][ T5861] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.663615][ T5861] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.680171][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.703485][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.780570][ T3571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.790695][ T3571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.839133][ T3571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.849085][ T3571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.905675][ T5852] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.914994][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.932845][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.940726][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.947694][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.993951][ T3571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.001861][ T3571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.091641][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.120391][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.166635][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.181772][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.642480][ T5856] Bluetooth: hci1: command tx timeout [ 94.643513][ T5860] Bluetooth: hci0: command tx timeout [ 94.722262][ T5860] Bluetooth: hci3: command tx timeout [ 94.722407][ T5856] Bluetooth: hci2: command tx timeout [ 94.985851][ T5926] netlink: 'syz.0.1': attribute type 6 has an invalid length. [ 95.002552][ T5926] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1'. [ 95.009031][ T5937] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.722289][ T5856] Bluetooth: hci1: command tx timeout [ 96.729704][ T5856] Bluetooth: hci0: command tx timeout [ 96.803530][ T5860] Bluetooth: hci3: command tx timeout [ 96.809019][ T5860] Bluetooth: hci2: command tx timeout [ 97.350775][ T5977] syz.0.11 uses obsolete (PF_INET,SOCK_PACKET) [ 97.367153][ T9] cfg80211: failed to load regulatory.db [ 98.021165][ T5988] netlink: 'syz.2.16': attribute type 6 has an invalid length. [ 98.057464][ T5988] netlink: 330 bytes leftover after parsing attributes in process `syz.2.16'. [ 98.370249][ T6005] ======================================================= [ 98.370249][ T6005] WARNING: The mand mount option has been deprecated and [ 98.370249][ T6005] and is ignored by this kernel. Remove the mand [ 98.370249][ T6005] option from the mount to silence this warning. [ 98.370249][ T6005] ======================================================= [ 98.449260][ T6006] process 'syz.3.21' launched ':,' with NULL argv: empty string added [ 99.911282][ T6056] delete_channel: no stack [ 105.491038][ T6155] Zero length message leads to an empty skb [ 106.452624][ T6184] netlink: 28 bytes leftover after parsing attributes in process `syz.0.61'. [ 106.925298][ T6191] could not allocate digest TFM handle [ 107.140865][ T6205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.65'. [ 107.193051][ T6193] could not allocate digest TFM handle [ 108.197511][ T6233] sctp: failed to load transform for md5: -2 [ 108.247279][ T6211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.518435][ T6327] openvswitch: netlink: Flow actions attr not present in new flow. [ 115.496301][ T6336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.93'. [ 115.602829][ T6340] netlink: 12 bytes leftover after parsing attributes in process `syz.2.93'. [ 116.529009][ T6346] netlink: 334 bytes leftover after parsing attributes in process `syz.1.97'. [ 119.062901][ T6380] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 119.311571][ T6384] Process accounting resumed [ 119.837560][ T6388] netlink: 28 bytes leftover after parsing attributes in process `syz.2.107'. [ 119.899432][ T6388] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.941104][ T6388] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.011256][ T6388] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.029641][ T6388] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.480317][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.111'. [ 120.599823][ T6427] netlink: 122 bytes leftover after parsing attributes in process `syz.3.111'. [ 121.887305][ T6461] netlink: 342 bytes leftover after parsing attributes in process `syz.3.120'. [ 122.101244][ T6471] kAFS: No cell specified [ 122.203093][ T6477] kAFS: No cell specified [ 122.216465][ T6473] can: request_module (can-proto-0) failed. [ 122.432893][ T6487] netlink: zone id is out of range [ 122.442118][ T6487] netlink: zone id is out of range [ 122.447315][ T6487] netlink: zone id is out of range [ 122.484198][ T6487] netlink: zone id is out of range [ 122.509740][ T6487] netlink: zone id is out of range [ 122.522372][ T6487] netlink: zone id is out of range [ 122.527574][ T6487] netlink: zone id is out of range [ 122.554960][ T6487] netlink: zone id is out of range [ 122.560161][ T6487] netlink: zone id is out of range [ 122.566482][ T6487] netlink: zone id is out of range [ 123.072454][ T5860] Bluetooth: hci2: unexpected event 0x04 length: 52 > 10 [ 123.630934][ T6524] netlink: 28 bytes leftover after parsing attributes in process `syz.1.132'. [ 123.983731][ T6532] netlink: 'syz.0.134': attribute type 28 has an invalid length. [ 123.991554][ T6532] netlink: 'syz.0.134': attribute type 29 has an invalid length. [ 124.022320][ T6532] netlink: 'syz.0.134': attribute type 30 has an invalid length. [ 124.030146][ T6532] netlink: 'syz.0.134': attribute type 31 has an invalid length. [ 124.042290][ T6532] netlink: 'syz.0.134': attribute type 32 has an invalid length. [ 124.050097][ T6532] netlink: 'syz.0.134': attribute type 33 has an invalid length. [ 124.072096][ T6532] netlink: 'syz.0.134': attribute type 35 has an invalid length. [ 124.079912][ T6532] netlink: 'syz.0.134': attribute type 37 has an invalid length. [ 124.135338][ T6532] netlink: 'syz.0.134': attribute type 39 has an invalid length. [ 124.156951][ T6532] netlink: 'syz.0.134': attribute type 40 has an invalid length. [ 124.164935][ T6532] netlink: 18 bytes leftover after parsing attributes in process `syz.0.134'. [ 124.250524][ T6541] mmap: syz.1.136 (6541) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 125.132374][ T5860] Bluetooth: hci2: command tx timeout [ 126.133479][ T6592] netlink: 28 bytes leftover after parsing attributes in process `syz.0.150'. [ 126.542069][ T30] audit: type=1326 audit(8277292053.920:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6597 comm="syz.1.155" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3223d7e819 code=0x0 [ 126.607438][ T6602] netlink: 4 bytes leftover after parsing attributes in process `syz.1.155'. [ 127.120071][ T6612] netlink: 342 bytes leftover after parsing attributes in process `syz.2.157'. [ 127.153258][ T6612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.157'. [ 127.837207][ T6623] HSR: entered promiscuous mode [ 128.867765][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.166'. [ 138.335099][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.345666][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 141.820547][ T6714] netlink: 4 bytes leftover after parsing attributes in process `syz.0.186'. [ 141.849206][ T6715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.186'. [ 142.098568][ T5860] Bluetooth: hci2: unexpected event 0x04 length: 4 < 10 [ 142.136307][ T6721] netlink: 3 bytes leftover after parsing attributes in process `syz.0.187'. [ 142.802999][ T6735] net_ratelimit: 6 callbacks suppressed [ 142.803027][ T6735] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 145.244248][ T30] audit: type=1107 audit(8277292038.170:3): pid=6751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 199.764282][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.770918][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 212.096141][ T5860] Bluetooth: hci0: command 0x0406 tx timeout [ 212.102642][ T54] Bluetooth: hci3: command 0x0406 tx timeout [ 212.110746][ T5867] Bluetooth: hci2: command 0x0406 tx timeout [ 212.116553][ T5163] Bluetooth: hci1: command 0x0406 tx timeout [ 261.215880][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.224259][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 289.372431][ T31] INFO: task syz.0.204:6785 blocked for more than 143 seconds. [ 289.380309][ T31] Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 289.388210][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 289.402100][ T31] task:syz.0.204 state:D stack:28384 pid:6785 tgid:6785 ppid:5857 flags:0x00000004 [ 289.421529][ T31] Call Trace: [ 289.425420][ T31] [ 289.428464][ T31] __schedule+0xe58/0x5ad0 [ 289.433299][ T31] ? __pfx___lock_acquire+0x10/0x10 [ 289.438583][ T31] ? lock_acquire.part.0+0x11b/0x380 [ 289.444086][ T31] ? __pfx___schedule+0x10/0x10 [ 289.450462][ T31] ? schedule+0x298/0x350 [ 289.455355][ T31] ? __pfx_lock_release+0x10/0x10 [ 289.460591][ T31] ? __wait_on_bit+0xc9/0x180 [ 289.465627][ T31] ? lock_acquire+0x2f/0xb0 [ 289.470233][ T31] ? schedule+0x1fd/0x350 [ 289.475314][ T31] schedule+0xe7/0x350 [ 289.479497][ T31] io_schedule+0xbf/0x130 [ 289.484180][ T31] bit_wait_io+0x15/0xe0 [ 289.489034][ T31] __wait_on_bit+0x62/0x180 [ 289.494015][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 289.499043][ T31] out_of_line_wait_on_bit+0xda/0x110 [ 289.504690][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 289.510955][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 289.516724][ T31] do_get_write_access+0x933/0x1270 [ 289.522195][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 289.528529][ T31] __ext4_journal_get_write_access+0x6a/0x390 [ 289.534931][ T31] ext4_reserve_inode_write+0x13b/0x270 [ 289.540585][ T31] __ext4_mark_inode_dirty+0x1a4/0x860 [ 289.546230][ T31] ? ext4_dirty_inode+0xd9/0x130 [ 289.552039][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 289.558109][ T31] ? rcu_is_watching+0x12/0xc0 [ 289.564046][ T31] ? trace_jbd2_handle_start+0x1b9/0x240 [ 289.569773][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 289.575129][ T31] ? __ext4_journal_start_sb+0x19f/0x660 [ 289.580877][ T31] ? __ext4_journal_start_sb+0x1a8/0x660 [ 289.586852][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 289.592364][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 289.597824][ T31] ext4_dirty_inode+0xd9/0x130 [ 289.603065][ T31] ? rcu_is_watching+0x12/0xc0 [ 289.607924][ T31] __mark_inode_dirty+0x1f7/0xe60 [ 289.613091][ T31] generic_update_time+0xcf/0xf0 [ 289.618123][ T31] file_update_time+0x17d/0x1c0 [ 289.623298][ T31] ext4_page_mkwrite+0x368/0x1760 [ 289.628500][ T31] ? __mod_memcg_lruvec_state+0x538/0x750 [ 289.634446][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 289.639974][ T31] ? pte_alloc_one+0x2a3/0x390 [ 289.645043][ T31] do_page_mkwrite+0x177/0x380 [ 289.651130][ T31] do_pte_missing+0x29e/0x3e00 [ 289.656048][ T31] ? do_raw_spin_unlock+0x172/0x230 [ 289.661327][ T31] ? __pmd_alloc+0x380/0x860 [ 289.666275][ T31] __handle_mm_fault+0x103c/0x2a40 [ 289.671597][ T31] ? lock_vma_under_rcu+0x6b9/0x980 [ 289.677975][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 289.684048][ T31] handle_mm_fault+0x3fa/0xaa0 [ 289.688901][ T31] do_user_addr_fault+0x60d/0x13f0 [ 289.695253][ T31] exc_page_fault+0x5c/0xc0 [ 289.700078][ T31] asm_exc_page_fault+0x26/0x30 [ 289.705618][ T31] RIP: 0033:0x7f59c2c51c11 [ 289.710220][ T31] RSP: 002b:00007ffe0b5fe450 EFLAGS: 00010246 [ 289.716461][ T31] RAX: 00000000003ffdf0 RBX: 0000000000000000 RCX: 0000000000000000 [ 289.724664][ T31] RDX: 0000001b31420000 RSI: 0000000000400000 RDI: 00007f59c2e72290 [ 289.732987][ T31] RBP: 00007ffe0b5fe6ac R08: 0000000000000004 R09: 0000000000040000 [ 289.741052][ T31] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000032 [ 289.749337][ T31] R13: 00000000000237cc R14: 000000000002328f R15: 00007ffe0b5fe700 [ 289.758624][ T31] [ 289.761813][ T31] INFO: task syz.2.200:6786 blocked for more than 143 seconds. [ 289.769692][ T31] Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 289.777112][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 289.786914][ T31] task:syz.2.200 state:D stack:28288 pid:6786 tgid:6786 ppid:5853 flags:0x00000004 [ 289.797296][ T31] Call Trace: [ 289.800614][ T31] [ 289.803678][ T31] __schedule+0xe58/0x5ad0 [ 289.808188][ T31] ? __pfx___lock_acquire+0x10/0x10 [ 289.813725][ T31] ? __pfx___schedule+0x10/0x10 [ 289.818653][ T31] ? schedule+0x298/0x350 [ 289.823496][ T31] ? __pfx_lock_release+0x10/0x10 [ 289.828597][ T31] ? __wait_on_bit+0xc9/0x180 [ 289.833397][ T31] ? lock_acquire+0x2f/0xb0 [ 289.837973][ T31] ? schedule+0x1fd/0x350 [ 289.842678][ T31] schedule+0xe7/0x350 [ 289.847149][ T31] io_schedule+0xbf/0x130 [ 289.852172][ T31] bit_wait_io+0x15/0xe0 [ 289.857317][ T31] __wait_on_bit+0x62/0x180 [ 289.862299][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 289.868076][ T31] out_of_line_wait_on_bit+0xda/0x110 [ 289.874603][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 289.880985][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 289.887059][ T31] do_get_write_access+0x933/0x1270 [ 289.892659][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 289.898837][ T31] __ext4_journal_get_write_access+0x6a/0x390 [ 289.905704][ T31] ext4_reserve_inode_write+0x13b/0x270 [ 289.911607][ T31] __ext4_mark_inode_dirty+0x1a4/0x860 [ 289.917393][ T31] ? ext4_dirty_inode+0xd9/0x130 [ 289.923807][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 289.930299][ T31] ? rcu_is_watching+0x12/0xc0 [ 289.935305][ T31] ? trace_jbd2_handle_start+0x1b9/0x240 [ 289.941099][ T31] ? jbd2__journal_start+0xf6/0x6a0 [ 289.946599][ T31] ? __ext4_journal_start_sb+0x19f/0x660 [ 289.953159][ T31] ? __ext4_journal_start_sb+0x1a8/0x660 [ 289.961351][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 289.966945][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 289.973249][ T31] ext4_dirty_inode+0xd9/0x130 [ 289.978710][ T31] ? rcu_is_watching+0x12/0xc0 [ 289.984022][ T31] __mark_inode_dirty+0x1f7/0xe60 [ 289.989328][ T31] generic_update_time+0xcf/0xf0 [ 289.994971][ T31] file_update_time+0x17d/0x1c0 [ 290.000141][ T31] ext4_page_mkwrite+0x368/0x1760 [ 290.005906][ T31] ? __mod_memcg_lruvec_state+0x538/0x750 [ 290.011796][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 290.017469][ T31] ? pte_alloc_one+0x2a3/0x390 [ 290.022908][ T31] do_page_mkwrite+0x177/0x380 [ 290.027932][ T31] do_pte_missing+0x29e/0x3e00 [ 290.033701][ T31] ? do_raw_spin_unlock+0x172/0x230 [ 290.039553][ T31] ? __pmd_alloc+0x380/0x860 [ 290.045069][ T31] __handle_mm_fault+0x103c/0x2a40 [ 290.050367][ T31] ? lock_vma_under_rcu+0x6b9/0x980 [ 290.056418][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 290.063984][ T31] handle_mm_fault+0x3fa/0xaa0 [ 290.069820][ T31] do_user_addr_fault+0x60d/0x13f0 [ 290.075681][ T31] exc_page_fault+0x5c/0xc0 [ 290.081785][ T31] asm_exc_page_fault+0x26/0x30 [ 290.086958][ T31] RIP: 0033:0x7f37cf851c11 [ 290.091439][ T31] RSP: 002b:00007ffe4b517c80 EFLAGS: 00010246 [ 290.098052][ T31] RAX: 00000000003ffdf0 RBX: 0000000000000000 RCX: 0000000000000000 [ 290.106988][ T31] RDX: 0000001b31620000 RSI: 0000000000400000 RDI: 00007f37cfa72290 [ 290.115291][ T31] RBP: 00007ffe4b517edc R08: 0000000000000004 R09: 0000000000040000 [ 290.124582][ T31] R10: 0000000000000011 R11: 0000000000000293 R12: 000055558d69b5eb [ 290.133233][ T31] R13: 000055558d69b590 R14: 00000000000225bb R15: 00007ffe4b517f30 [ 290.142571][ T31] [ 290.145902][ T31] [ 290.145902][ T31] Showing all locks held in the system: [ 290.154933][ T31] 1 lock held by khungtaskd/31: [ 290.160973][ T31] #0: ffffffff8ddbaf40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 [ 290.173594][ T31] 6 locks held by kworker/u8:5/82: [ 290.179224][ T31] #0: ffff8881436dc948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x126b/0x1b30 [ 290.191143][ T31] #1: ffffc9000218fd80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1b30 [ 290.204112][ T31] #2: ffff888035caa0e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0 [ 290.215034][ T31] #3: ffff888035cacb98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1b3/0x820 [ 290.225594][ T31] #4: ffff888035cae958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 [ 290.235717][ T31] #5: ffff88807f795bb0 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x352/0x1370 [ 290.246083][ T31] 2 locks held by getty/5610: [ 290.251521][ T31] #0: ffff888035b9a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 290.262157][ T31] #1: ffffc90002fc62f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 [ 290.276008][ T31] 3 locks held by syz-executor/5843: [ 290.282995][ T31] #0: ffff88802fc52070 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x13e/0x980 [ 290.294772][ T31] #1: ffff888035caa518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x177/0x380 [ 290.305272][ T31] #2: ffff888035cae958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 [ 290.315228][ T31] 3 locks held by syz.0.204/6785: [ 290.320638][ T31] #0: ffff888034aadd18 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x13e/0x980 [ 290.332376][ T31] #1: ffff888035caa518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x177/0x380 [ 290.342839][ T31] #2: ffff888035cae958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 [ 290.354152][ T31] 3 locks held by syz.2.200/6786: [ 290.359448][ T31] #0: ffff888034aadc40 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x13e/0x980 [ 290.371256][ T31] #1: ffff888035caa518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x177/0x380 [ 290.381402][ T31] #2: ffff888035cae958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 [ 290.391302][ T31] 3 locks held by syz.3.205/6788: [ 290.396498][ T31] #0: ffff888033df74a8 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x13e/0x980 [ 290.407276][ T31] #1: ffff888035caa518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x177/0x380 [ 290.417252][ T31] #2: ffff888035cae958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 [ 290.427237][ T31] 3 locks held by syz.1.206/6789: [ 290.432651][ T31] #0: ffff88807c159148 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x13e/0x980 [ 290.443125][ T31] #1: ffff888035caa518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x177/0x380 [ 290.452920][ T31] #2: ffff888035cae958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xf6c/0x1430 [ 290.462940][ T31] [ 290.465341][ T31] ============================================= [ 290.465341][ T31] [ 290.475366][ T31] NMI backtrace for cpu 0 [ 290.479841][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 290.490119][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 290.500382][ T31] Call Trace: [ 290.503687][ T31] [ 290.506638][ T31] dump_stack_lvl+0x116/0x1f0 [ 290.511494][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 290.517002][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 290.523300][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 290.529517][ T31] watchdog+0xf0c/0x1240 [ 290.533829][ T31] ? __pfx_watchdog+0x10/0x10 [ 290.538956][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 290.544391][ T31] ? __kthread_parkme+0x148/0x220 [ 290.552789][ T31] ? __pfx_watchdog+0x10/0x10 [ 290.557824][ T31] kthread+0x2c1/0x3a0 [ 290.562081][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 290.567334][ T31] ? __pfx_kthread+0x10/0x10 [ 290.572084][ T31] ret_from_fork+0x45/0x80 [ 290.576563][ T31] ? __pfx_kthread+0x10/0x10 [ 290.581205][ T31] ret_from_fork_asm+0x1a/0x30 [ 290.586034][ T31] [ 290.590062][ T31] Sending NMI from CPU 0 to CPUs 1: [ 290.596255][ C1] NMI backtrace for cpu 1 [ 290.596273][ C1] CPU: 1 UID: 0 PID: 6581 Comm: kworker/u8:27 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 290.596304][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 290.596321][ C1] Workqueue: bat_events batadv_nc_worker [ 290.596355][ C1] RIP: 0010:check_preemption_disabled+0x16/0xe0 [ 290.596403][ C1] Code: ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 53 48 83 ec 08 65 8b 1d bd b1 ed 74 65 8b 05 b2 b1 ed 74 ff ff ff 7f 74 0f 48 83 c4 08 89 d8 5b 5d 41 5c c3 cc cc cc cc [ 290.596428][ C1] RSP: 0018:ffffc9000c507a90 EFLAGS: 00000286 [ 290.596448][ C1] RAX: 0000000080000001 RBX: 0000000000000001 RCX: ffffffff816af2d9 [ 290.596466][ C1] RDX: fffffbfff2039f0b RSI: ffffffff8bb06ae0 RDI: ffffffff8bb06b20 [ 290.596484][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff2039f0a [ 290.596501][ C1] R10: ffffffff901cf857 R11: 0000000000000002 R12: ffffffff8ddbaf40 [ 290.596518][ C1] R13: ffff88801aca0000 R14: 0000000000000000 R15: dffffc0000000000 [ 290.596536][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 290.596563][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 290.596581][ C1] CR2: 00005599621e4600 CR3: 000000000db7e000 CR4: 00000000003526f0 [ 290.596606][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 290.596622][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 290.596639][ C1] Call Trace: [ 290.596646][ C1] [ 290.596655][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 290.596691][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 290.596734][ C1] ? nmi_handle+0x1a7/0x5c0 [ 290.596763][ C1] ? check_preemption_disabled+0x16/0xe0 [ 290.596806][ C1] ? default_do_nmi+0x6a/0x160 [ 290.596837][ C1] ? exc_nmi+0x170/0x1e0 [ 290.596866][ C1] ? end_repeat_nmi+0xf/0x53 [ 290.596895][ C1] ? lock_release+0xa9/0x6f0 [ 290.596920][ C1] ? check_preemption_disabled+0x16/0xe0 [ 290.596963][ C1] ? check_preemption_disabled+0x16/0xe0 [ 290.597007][ C1] ? check_preemption_disabled+0x16/0xe0 [ 290.597050][ C1] [ 290.597058][ C1] [ 290.597067][ C1] rcu_is_watching+0x12/0xc0 [ 290.597100][ C1] lock_release+0x4e2/0x6f0 [ 290.597124][ C1] ? batadv_nc_worker+0x887/0x1060 [ 290.597154][ C1] ? __pfx_lock_release+0x10/0x10 [ 290.597178][ C1] ? trace_lock_acquire+0x146/0x1e0 [ 290.597214][ C1] ? batadv_nc_worker+0x164/0x1060 [ 290.597243][ C1] ? lock_acquire+0x2f/0xb0 [ 290.597267][ C1] ? batadv_nc_worker+0x164/0x1060 [ 290.597298][ C1] batadv_nc_worker+0x88c/0x1060 [ 290.597331][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 290.597362][ C1] ? rcu_is_watching+0x12/0xc0 [ 290.597395][ C1] ? trace_lock_acquire+0x146/0x1e0 [ 290.597429][ C1] ? process_one_work+0x8bb/0x1b30 [ 290.597455][ C1] ? lock_acquire+0x2f/0xb0 [ 290.597478][ C1] ? process_one_work+0x8bb/0x1b30 [ 290.597505][ C1] process_one_work+0x958/0x1b30 [ 290.597535][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 290.597572][ C1] ? __pfx_process_one_work+0x10/0x10 [ 290.597603][ C1] ? rcu_is_watching+0x12/0xc0 [ 290.597640][ C1] ? assign_work+0x1a0/0x250 [ 290.597681][ C1] worker_thread+0x6c8/0xf00 [ 290.597711][ C1] ? __kthread_parkme+0x148/0x220 [ 290.597745][ C1] ? __pfx_worker_thread+0x10/0x10 [ 290.597770][ C1] kthread+0x2c1/0x3a0 [ 290.597801][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 290.597836][ C1] ? __pfx_kthread+0x10/0x10 [ 290.597868][ C1] ret_from_fork+0x45/0x80 [ 290.597893][ C1] ? __pfx_kthread+0x10/0x10 [ 290.597925][ C1] ret_from_fork_asm+0x1a/0x30 [ 290.597971][ C1] [ 290.598651][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 290.972054][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 290.982417][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 290.992496][ T31] Call Trace: [ 290.995884][ T31] [ 290.998843][ T31] dump_stack_lvl+0x3d/0x1f0 [ 291.003512][ T31] panic+0x71d/0x800 [ 291.007543][ T31] ? __pfx_panic+0x10/0x10 [ 291.012004][ T31] ? preempt_schedule_thunk+0x1a/0x30 [ 291.017417][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 291.023640][ T31] ? preempt_schedule_thunk+0x1a/0x30 [ 291.029352][ T31] ? watchdog+0xd76/0x1240 [ 291.034167][ T31] ? watchdog+0xd69/0x1240 [ 291.038879][ T31] watchdog+0xd87/0x1240 [ 291.043383][ T31] ? __pfx_watchdog+0x10/0x10 [ 291.048526][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 291.054206][ T31] ? __kthread_parkme+0x148/0x220 [ 291.059378][ T31] ? __pfx_watchdog+0x10/0x10 [ 291.064202][ T31] kthread+0x2c1/0x3a0 [ 291.068524][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 291.074374][ T31] ? __pfx_kthread+0x10/0x10 [ 291.079007][ T31] ret_from_fork+0x45/0x80 [ 291.083563][ T31] ? __pfx_kthread+0x10/0x10 [ 291.088420][ T31] ret_from_fork_asm+0x1a/0x30 [ 291.093347][ T31] [ 291.096979][ T31] Kernel Offset: disabled [ 291.101349][ T31] Rebooting in 86400 seconds..