last executing test programs:

6m30.469178382s ago: executing program 2 (id=2283):
mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000)
mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000)
mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000)
writev$auto(0x8, &(0x7f0000000040)={&(0x7f0000000000), 0x1}, 0xabc)
close_range$auto(0x2, 0x8, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x16, &(0x7f0000000040), 0x1)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x8)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

6m30.276885245s ago: executing program 2 (id=2285):
mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1541, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(r0, 0x4040ae79, 0x0)

6m29.748967795s ago: executing program 2 (id=2289):
move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000)
mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000)
openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000140)='/proc/devices\x00', 0x800, 0x0)
r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC0\x00', 0x80, 0x0)
ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, 0x0)

6m29.365949207s ago: executing program 2 (id=2291):
socket$nl_generic(0x11, 0x3, 0x10)
mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000)
mmap$auto(0xf000, 0x8, 0x1000000003, 0x9b72, 0x2, 0x8000)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
socketpair$auto(0x1d, 0x2, 0x2, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(0x0, 0x22240, 0x118)
socket(0x2, 0x1, 0x0)
setsockopt$auto(0x3, 0x6, 0x17, 0x0, 0xfb3)

6m29.033730642s ago: executing program 2 (id=2294):
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x3, 0x6)
lsm_list_modules$auto(0x0, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e)
ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0)
rename$auto(&(0x7f0000000480)='./file0\x00', 0x0)

6m28.75077345s ago: executing program 2 (id=2297):
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
readv$auto(r0, &(0x7f00000001c0)={0x0, 0x7}, 0x1)
ioctl$auto_IMADDTIMER(r0, 0x80044940, &(0x7f0000001140))
prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)

6m13.57777776s ago: executing program 32 (id=2297):
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x102000, 0x0)
readv$auto(r0, &(0x7f00000001c0)={0x0, 0x7}, 0x1)
ioctl$auto_IMADDTIMER(r0, 0x80044940, &(0x7f0000001140))
prctl$auto(0x1000000003b, 0x1, 0x4, 0x8, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)

3m32.533492752s ago: executing program 0 (id=3476):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
userfaultfd$auto(0x816)
mlockall$auto(0x7)
mprotect$auto(0x0, 0x8000000000000001, 0x6)
clone3$auto(0x0, 0x40)
getrandom$auto(0x0, 0x6000000, 0x3)
mbind$auto(0xffc, 0x100000004, 0x100000002, 0x0, 0x7ff, 0x5)
setuid$auto(0xe)
syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd=r1}, 0xa3)
bpf$auto(0x3, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc)

3m31.671943479s ago: executing program 0 (id=3477):
mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000)
pipe2$auto(0x0, 0x80)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
r0 = socket(0x2b, 0x1, 0x1)
bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4001, @loopback}, 0x6b)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
close_range$auto(0x2, 0x8, 0x0)
socket(0x15, 0x5, 0x0)
socket(0x2, 0x1, 0x106)
setsockopt$auto(r0, 0x0, 0x33, 0x0, 0x4)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)

3m30.712821892s ago: executing program 0 (id=3485):
close_range$auto(0x2, 0xa, 0x0)
socket(0x18, 0xa, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0)
mincore$auto(0x1000, 0x8001, 0x0)
sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYRES16=r0, @ANYBLOB="2f212abd"], 0x14}}, 0x4000000)
openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9)
select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x1, 0x3, 0x300000000000000, 0x80000001, 0x7, 0x6d3c, 0xfffffffffffffffd, 0x2]}, 0x0)

3m30.612864227s ago: executing program 0 (id=3486):
sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, 0x0, 0x80)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000300)={{0x0, 0x12, &(0x7f0000000280)={0x0, 0x800000050}, 0x7, 0x0, 0x0, 0x1}, 0x7}, 0x8, 0x7fff)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f00000000c0), 0x2201, 0x0)
ioctl$auto_IOCTL_STOP_ACCEL_DEV(r0, 0x40096101, &(0x7f0000000000)={@config_section=0x0, 0xfe})
pwrite64$auto(0xffffffffffffffff, 0x0, 0x7, 0x800000000000007)
read$auto_mtd_fops_mtdchar(0xffffffffffffffff, &(0x7f0000000d00)=""/4096, 0x1000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0)
io_uring_setup$auto(0x6, 0x0)
io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3)
io_uring_register$auto(0x2, 0x0, 0x0, 0x3)

3m30.372203939s ago: executing program 0 (id=3489):
openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x4100, 0x0)
openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000280)='/dev/usbmon29\x00', 0x5f9000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0xa}, 0x5, 0x20000000)
readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x7}, 0x10)
socket(0x11, 0x800, 0xfb11)
mount$auto(&(0x7f0000000180)='xfrm0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='\x00', 0x6, &(0x7f0000000240)="e496433eeb34df08522bc6754c216c084e58d9ad5ebea1b0ec74fee049eb2494f7c7cbc32ce409a26374e4549474ea2edb417c4c501cef41fb17b0c3")
memfd_create$auto(0x0, 0x4)
seccomp$auto(0x2, 0x0, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x1, 0x0)
futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6)
tkill$auto(0x1, 0x7)

3m30.005471184s ago: executing program 0 (id=3493):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
io_uring_setup$auto(0x6, 0x0)
timerfd_create$auto(0x0, 0x0)
socket(0xa, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
socket(0x1e, 0x805, 0x0)
sysfs$auto(0x2, 0x6, 0x0)
fsopen$auto(0x0, 0x1)
fsconfig$auto(r1, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0)
fsconfig$auto(r0, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0)

3m29.662688653s ago: executing program 33 (id=3493):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
io_uring_setup$auto(0x6, 0x0)
timerfd_create$auto(0x0, 0x0)
socket(0xa, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
close_range$auto(0x2, 0x8000, 0x0)
socket(0x1e, 0x805, 0x0)
sysfs$auto(0x2, 0x6, 0x0)
fsopen$auto(0x0, 0x1)
fsconfig$auto(r1, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0)
fsconfig$auto(r0, 0x1, &(0x7f00000001c0)='+\x00', &(0x7f0000000280), 0x0)

7.000205124s ago: executing program 3 (id=4426):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_NL80211_CMD_SET_TID_TO_LINK_MAPPING(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000040}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x60, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_FRAME_MATCH={0x3c, 0x5b, "9872294eb947760d4b274fd7d1c6820df32f459a0d76ef01fe98422dcedb65b2cc6654b4dee09f7aa9c0a8af981d176ddf098cda835389d0"}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x8, 0x9}}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x80)
syz_genetlink_get_family_id$auto_ncsi(&(0x7f0000000140), r0)
sendmsg$auto_NL80211_CMD_SET_REG(r0, &(0x7f0000001200)={&(0x7f0000000180), 0xc, &(0x7f00000011c0)={&(0x7f00000001c0)={0x74, 0x0, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0xffffffc9}, @NL80211_ATTR_PEER_MEASUREMENTS={0x4}, @NL80211_ATTR_FRAME_MATCH={0x52, 0x5b, "b8f174911578727c788246b5b5763958a02f05ee3b8e0965e6bf37fddaeaf099458268f4672dd67c7f41729e3d341001bf9d5912b2b7b8ff91457760564dec46e52ee0907c980abd37390e2f0429"}]}, 0x74}, 0x1, 0x0, 0x0, 0xe10caaa69e361ddf}, 0x80)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, 0x0, 0x4040000)
syz_genetlink_get_family_id$auto_nl80211(0x0, r0)
sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(r0, 0x0, 0x40880)
openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f00000017c0)='/proc/thread-self/clear_refs\x00', 0x502100, 0x0)
r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x80100, 0x0)
r2 = clone$auto(0x7, 0x0, 0x0, 0x0, 0x8416)
r3 = prctl$auto(0xffff9d7e, 0x7fff, r2, 0x10000, 0x7)
splice$auto(r1, 0x0, r3, 0x0, 0x7, 0x3f)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x109002, 0x0)
r4 = syz_genetlink_get_family_id$auto_seg6(&(0x7f00000037c0), r0)
sendmsg$auto_SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000003940)={0x0, 0x0, &(0x7f0000003900)={&(0x7f0000003800)={0x28, r4, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4080)

6.774955464s ago: executing program 5 (id=4427):
r0 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x60100, 0x0)
read$auto_vhci_fops_hci_vhci(r0, &(0x7f0000000d40)=""/16, 0x10)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
gettid()
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0xa, 0x5, 0x0)
bind$auto(0x3, 0x0, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
madvise$auto(0x7, 0xfffffffffffefffe, 0x15)
openat$auto_msr_fops_msr(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0)
read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0)
ioperm$auto(0x3, 0x5, 0x149)
get_mempolicy$auto(0x0, 0x0, 0x2d0000000000000, 0x59, 0x4)
fanotify_mark$auto(0xffffffffffffffff, 0xffffffff, 0x8, 0xffffffffffffffff, 0x0)

6.690058738s ago: executing program 3 (id=4428):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0)
r1 = socket(0xa, 0x2, 0x88)
syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000000), r1)
sendmsg$auto_NETDEV_CMD_NAPI_GET(r0, 0x0, 0x0)
read$auto_rfcomm_dlc_debugfs_fops_(0xffffffffffffffff, &(0x7f0000000080)=""/96, 0x60)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/mac80211_hwsim/hwsim0/ieee80211/phy0/rfkill2/index\x00', 0x41e9c1, 0x0)
r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff)
r4 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0)
pread64$auto(r4, 0x0, 0x100000001, 0xf4240)
sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001380)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="01001fbd7000fcdbdf250400000004001000"], 0x18}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800)
r5 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0xc2000, 0x0)
ioctl$auto_USB_RAW_IOCTL_INIT(r5, 0x41015500, &(0x7f00000002c0)={"cd9c361b4eb79958c335e76fcbe6533c700d0fedd08fc536d88edc8989e194138963c58eb8565f9479ca061fb2f2b7cdd4911c9a07e86969eb7dcd5dd66d138f5cc664b17908bb1c3b40364a3515fcb0d7bb61fc7cd0f955bf805a1311b704f7728553deaedb517f1d53fd9d76694e0dec4bd8b3ec0a37f6b38110fb002df552", "a47cb55ed5ee2297e1118b6ae03138b190f10aca776d1e7a2ed9e3e9ed742a856d9c3cb0a5f20605a098e5db505f8913d90cbd813918b2eb323b44b69120ccd4431a063abcef56c231d8ce18e681d455597181113bfe72ca5a78c7175a14a3a991cb75e1619c676639fe46986b389bce66b7e06c0975080c900f552e0a12ad2c", 0xa})
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
close_range$auto(0x2, 0x8000, 0x0)

6.028239703s ago: executing program 3 (id=4431):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
ioctl$auto(0x3, 0xc1485544, 0xb551)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
write$auto(0x3, 0x0, 0xfffffdef)
write$auto(0x3, 0x0, 0xfffffdef)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
madvise$auto(0x108000, 0x800034, 0x200000b)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
madvise$auto(0x5, 0x2, 0x0)
mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000)
socket(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000)

4.571499178s ago: executing program 4 (id=4435):
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3)
memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4)
socket(0xa, 0x3, 0x100)
socket(0x2a, 0x2, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
eventfd$auto(0x948)
socket(0xa, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
eventfd$auto(0x3)
r1 = socket(0xa, 0x2, 0x88)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3)

4.414533345s ago: executing program 4 (id=4436):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setgroups$auto(0xe32, &(0x7f0000000040)=0x9)
madvise$auto(0x0, 0x53, 0x9)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000)
pselect6$auto(0x101, &(0x7f0000000080)={[0x6, 0x7, 0xffffffffffffffff, 0x3, 0x1, 0x6, 0x9, 0x7, 0x1, 0x4, 0x9, 0x4, 0x4, 0x7, 0xcb2a, 0x9]}, &(0x7f0000000100)={[0xffff, 0x3, 0xfffffffffffff31a, 0x7, 0x590, 0x8, 0x1d4, 0x4, 0x6, 0x7, 0x5, 0x7, 0x80, 0x8, 0x0, 0x1]}, &(0x7f0000000180)={[0xa9, 0x4, 0x4, 0x1, 0x3, 0x6, 0xcbd0, 0x200000001, 0x1f, 0xfffffffffffffffd, 0x7ff, 0x8000000000000001, 0x4, 0x7f, 0x91, 0x7]}, &(0x7f0000000000)={0x899, 0x5}, &(0x7f0000000200))
mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000)
ppoll$auto(&(0x7f0000000280)={<r0=>0xffffffffffffffff, 0x6, 0x9}, 0x9, &(0x7f00000002c0)={0x8000000000000001, 0x8001}, &(0x7f0000000300)={0x7ff}, 0x8)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2)
memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00T\x00'/40, 0x9)
fallocate$auto(0x3, 0x0, 0xe, 0x8ec8)
finit_module$auto(0x3, 0xfffffffffffffffe, 0x2)
sendmsg$auto_NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040800}, 0x40850)
mremap$auto(0x6, 0xad, 0x6, 0x7, 0x4)

3.71480987s ago: executing program 1 (id=4438):
socket(0x15, 0x5, 0x0)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, <r0=>0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x2, 0x1, 0x0)
socket(0x10, 0x2, 0x0)
memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x7, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
eventfd$auto(0x3)
r1 = socket(0xa, 0x2, 0x88)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3)

3.67281164s ago: executing program 3 (id=4440):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xfffffffffffefffd, 0x17)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x1)
madvise$auto(0x0, 0x20499d, 0x9)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000080)={0x0, <r2=>r1, r0, 0x401})
ioctl$auto_IOCTL_VMCI_QUEUEPAIR_SETVA(r2, 0x7a4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
futex_waitv$auto(&(0x7f0000000000)={0x8, 0x5d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4)
io_uring_setup$auto(0x40005, &(0x7f0000000000)={0x6, 0x1, 0x400, 0x7, 0x1005, 0x6, 0x7, [0x4, 0x2e9, 0x8], {0x0, 0x1, 0x8, 0x7, 0x5, 0x100005, 0x1, 0xfffffffc, 0x7}, {0x4, 0xfff, 0xffff7fff, 0x2, 0x8, 0x200, 0x3, 0x0, 0x3}})
madvise$auto(0x108000, 0x800034, 0x9)
bpf$auto(0xb, 0x0, 0x3)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)

3.495172486s ago: executing program 5 (id=4441):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
write$auto(0x3, 0x0, 0xfffffdef)
fcntl$auto(0x3, 0x4, 0xa553)
io_uring_setup$auto(0x85, 0x0)
getsockopt$auto(0xffffffffffffffff, 0x0, 0x53, 0x0, 0x0)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000)
process_vm_readv$auto(0x0, 0x0, 0x4800000001, 0x0, 0x59, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x301, 0x0)
ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xc008ae05, 0x0)
socket(0x0, 0x5, 0x2000005)
open(0x0, 0x40000, 0x40)

3.36405573s ago: executing program 1 (id=4442):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
unshare$auto(0x40000080)
mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
getrandom$auto(0x0, 0x6000000, 0x3)
mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2)
mlockall$auto(0x7)
madvise$auto(0x0, 0x7, 0xfffffffa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60044061}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x801, 0x84)
connect$auto(0x3, &(0x7f0000000140), 0x59)
listen$auto(0x3, 0x81)
accept$auto(0x3, 0x0, 0x0)
mlockall$auto(0x7)
shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffe)

2.788567294s ago: executing program 5 (id=4443):
openat$auto_sync_info_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x1a9382, 0x0)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0xa, 0x3, 0x100)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptys0\x00', 0x101e81, 0x0)
fanotify_init$auto(0x5, 0x2000000000002)
socket(0x2, 0x801, 0x100)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x11, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
setreuid$auto(0x15, 0x5)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)

2.555931405s ago: executing program 5 (id=4444):
socket(0x11, 0x3, 0x9)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x0, 0x0)
r0 = syz_clone(0x21242011, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages$auto(r0, 0x1002, 0x0, 0x0, 0x0, 0x2)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x7)
mmap$auto(0x0, 0x4, 0xffd, 0x8000000008012, 0x3, 0x0)
ioperm$auto(0x7, 0x6, 0xffffffffffff4064)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6)
openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/filter\x00', 0x8800, 0x0)
mmap$auto(0x0, 0x8, 0x6, 0x9b72, 0x2, 0x8000)
readv$auto(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x9}, 0x8bb)
open(0x0, 0xa240, 0x15e)
unshare$auto(0x40000080)
ioctl$auto(0x20000000000003, 0x8946, 0x2)

1.725276681s ago: executing program 5 (id=4445):
openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x101000, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_handshake(&(0x7f0000000040), 0xffffffffffffffff)
ioperm$auto(0x800, 0x5, 0xd)
io_cancel$auto(0x7, 0x0, 0x0)
sendmsg$auto_HANDSHAKE_CMD_DONE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@HANDSHAKE_A_DONE_SOCKFD={0x8}]}, 0x1c}}, 0x0)
futex$auto(&(0x7f0000000000)=0x1, 0x6, 0x9, &(0x7f0000000040)={0x2}, 0x0, 0x6)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$auto(0x3, 0x80044df9, 0x38)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
socket(0x25, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x40000, 0x0)
read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffffff, 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40802, 0x0)
mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd)
acct$auto(&(0x7f0000000000)='\x00')

1.460803767s ago: executing program 1 (id=4446):
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3)
memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4)
socket(0xa, 0x3, 0x100)
socket(0x2a, 0x2, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
eventfd$auto(0x948)
socket(0xa, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
eventfd$auto(0x3)
r1 = socket(0xa, 0x2, 0x88)
bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3)

1.256936363s ago: executing program 1 (id=4447):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
epoll_create$auto(0x4)
socket(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0xff)
socket(0xa, 0x801, 0x84)
getsockopt$auto(0x100000006, 0x0, 0x5, 0xfffffffffffffffe, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
epoll_ctl$auto(0x5, 0x1, r0, 0x0)
setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b)

995.491128ms ago: executing program 1 (id=4448):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x80)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r1 = socket(0x2, 0x1, 0x0)
bind$auto(0x3, 0x0, 0x6a)
sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000)
write$auto(0x3, 0x0, 0xfffffdef)
shutdown$auto(0x200000003, 0x2)
sendmmsg$auto(0x3, 0x0, 0x3, 0x0)
r2 = open(0x0, 0x0, 0x408)
getdents$auto(r2, 0x0, 0x400018)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

656.820364ms ago: executing program 3 (id=4449):
socket(0x1d, 0x2, 0x6)
io_uring_setup$auto(0x6, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x4601, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
socketpair$auto(0x4, 0x1, 0x20000, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0)
r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0)
ioctl$auto_TCFLSH2(r2, 0x80047456, 0x0)
ioctl$auto_TIOCSTI2(r2, 0x5412, 0x0)

656.010611ms ago: executing program 4 (id=4457):
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
socket(0x10, 0x2, 0x0)
socket(0x2, 0x5, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$', @ANYBLOB="00211459a600fbdb"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0)
sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="0700000000000000df25"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010)
openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x440000, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
setsockopt$auto(0x4, 0x0, 0x485, 0xfffffffffffffffe, 0x0)
preadv$auto(0xffffffff, &(0x7f00000003c0)={&(0x7f0000000380), 0x1}, 0x4, 0x6, 0x42)
statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x401bf, 0x7352, 0x3d, 0x200000000065f, 0x1ffde, 0x7, 0x3, 0x2, 0x9, 0x3, 0x5, 0x4, 0x3000, 0x9, 0x6, 0x10003, 0x80, 0x8, 0x0, 0x7, 0x1ffc, 0x203, 0x400, 0x84, [0x1, 0x0, 0x0, 0x100, 0x2000000000000000, 0x2000, 0xfffffffffffffffd, 0x40a, 0x70624ce7, 0x0, 0xfffffffffffffffd, 0x0, 0x3, 0x1, 0x4, 0x7, 0x7ff, 0xfffffffffffffffd, 0x200000000000, 0x0, 0xffffffffefffffff, 0x3, 0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x400000000005b8, 0xc, 0x4000000000, 0x8, 0x4, 0x6, 0xffffffffffffffbf, 0x890, 0x800000000000a, 0xfffffffffffffffc, 0x1000, 0xa38, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x4000000000, 0x6, 0x0, 0x100000]}, 0x1fe, 0xd)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

519.019816ms ago: executing program 4 (id=4450):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
msgsnd$auto(0x8, 0x0, 0x3, 0x8)
mmap$auto(0x5, 0x8000000000000000, 0x3, 0xfe3b, 0xffffffffffffffff, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x9, 0x5, 0x3)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
setregid$auto(0xffffffffffffffff, 0xfffe)
ioperm$auto(0x7, 0x6, 0x2)
semop$auto(0x6, 0x0, 0x6730)
setresuid$auto(0x0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x2, 0x6, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff)
sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8008}, 0x4000040)
sched_setaffinity$auto(0x1, 0x1, &(0x7f0000000000)=0x1200000000008a)

337.332195ms ago: executing program 4 (id=4451):
mmap$auto(0x0, 0x2030009, 0x3, 0x100000000eb1, 0xfffffff7fffffff7, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
eventfd$auto(0x3)
eventfd$auto(0x0)
socket(0x2, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
pipe$auto(0x0)
socketpair$auto(0x1e, 0x1, 0x4, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyz6\x00', 0x0, 0x0)
ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0)
ioctl$auto_TCFLSH2(r0, 0x800455ca, 0x0)

138.779437ms ago: executing program 4 (id=4452):
unshare$auto(0x40000080)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1d, 0x2, 0x2)
socket(0x1d, 0x2, 0x2)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x4, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x2, 0x3, 0x5, 0x7}, 0x3, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), 0xffffffffffffffff)
setsockopt$auto(0xffffffffffffffff, 0x29, 0x49, &(0x7f0000000040)='!\x00', 0x1ff)

122.975955ms ago: executing program 1 (id=4453):
unshare$auto(0x40000080)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1d, 0x2, 0x2)
socket(0x1d, 0x2, 0x2)
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x4, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x2, 0x3, 0x5, 0x7}, 0x3, 0x81)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)
r1 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)
r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket(0xa, 0x2, 0x3a)
setsockopt$auto(r3, 0x29, 0x49, &(0x7f0000000040)='!\x00', 0x1ff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r4=>0x0})
sendmsg$auto_BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000040)={0x1c, r2, 0x13ebbac2338983f3, 0x70b927, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x4008000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vlan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_clone3(&(0x7f00000001c0)={0x8000000, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), {0x15}, &(0x7f0000000140)=""/7, 0x7, &(0x7f00000009c0)=""/4096, &(0x7f0000000180)=[0xffffffffffffffff, 0x0], 0x2}, 0x58)
syz_open_procfs$namespace(r5, &(0x7f0000000240)='ns/mnt\x00')

27.823713ms ago: executing program 3 (id=4454):
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0xc, 0xe3, 0x400000000a, 0x3}, 0x6f4)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x0, 0x0)
openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/fail_io_timeout/probability\x00', 0x20000, 0x0)
read$auto(0x3, 0x0, 0x80)
r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0)
write$auto(r0, 0x0, 0x9)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000)

0s ago: executing program 5 (id=4455):
r0 = pipe$auto(&(0x7f0000000200))
syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000001c0), r0)
r1 = socket(0xa, 0x801, 0x100)
getsockopt$auto(r1, 0x40000000029, 0x3c, 0xfffffffffffffffe, 0x0)
r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$auto_SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000580)={0x121c, r2, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_HMACINFO={0x11d6, 0x7, 0x0, 0x1, [@typed={0x8, 0xd6, 0x0, 0x0, @u32=0x370}, @nested={0xd1, 0xe5, 0x0, 0x1, [@nested={0x4, 0x144}, @nested={0x4, 0x11b}, @nested={0x4, 0x57}, @generic="fa601a952696e16b79cb0409f51c1fd2e0e8fc542a7d1e59be0f7e25afde8f30cc4bfdf2bd2a46508e6d23bb011a49309352bfa7b203652a0c648fe63f27714dd9ae7aabcaa5d3fbc65d82ea34c9095b3fb255079902a6c874cfd6fa56ff78bbe8c3b013c897919d0d17be82b27fc809c3b041b99d59fdac612f6cede70a0b6b7c631b8edd16a979864b9a24724ef616b655fe52807409217a6567af79cb168aff1314247cc920fecc83694e81e881da328ea9bf96a069c2adfa1461656857657c"]}, @nested={0x101c, 0x12b, 0x0, 0x1, [@generic="d29c730e82e08555ad4505fb8723377d6621ff5945d1a8dde8300ae9fb96fedc61f38249cccf7d6615d99caf066130b076ea35b5f47294c8d38e46594a37bf7cd5dff43886275e86f41d0f18ce40f200b4dcfb56092875d87aac23881bde80382bec03bd598dffa915a0df34fe9bf80a7d8ffc7647e1cd9ac9399cca24a554b459da15dbf9a93e5e047b34c718585cb943cb200965da168d9ca647c62c3033dba3741ebd063e1523de4d72e27dcc720b543d19503c604e21b3c318e2639f5b2fa5b1b8033e5d5562702da2cd32729340e9a416f01b77356399d286864060d7e430a3c62c87e97f14cc86237556783c444a1f3f0d200b2b4b55a70a6c58a18e5962cfaef70ad898730dfb99ca1d36feda7c24abf6a74bb3e08306b6e68394900cef3805c409c19a7277d3286af0471e48067ce7b43e3427d83dd01b4aa84baea6e7fb6545a15b49c38d2b371348fdd4070c332fa829b01046b931e3977d6db7b53719d13d6693234d8ff7edda9f5c77c856f96c9917f7216977a033a73862e05f49a53e47a7e6c40d2eeb5c5ec584c0eadbf0bb8154c4ad4753209a06a70154b0e4c1e97ac875583c3c7b367792772d2698cebb6e4b7461d024f896a275cf8b19bd57a3435da1f03460da3465bb121a06f94b84b4ca9bdf40963a37fe0de4c79bdaec4bdf65ea4d30ba994a426f0310ebadc834643a9fa702c74c4e2d3806b9f6e2a41deb6f507818325fb276e9bcbd1c377979277d5672bde55bf2b0807234505bf02dcc710cb263594f1d40e696a8b588b95804908c2be9f35f55039c7ff0dedfa6e6aa623849883da62880c659553ed0dd7bc9effe69d9264bf316b28414a7a48042b289af06bd8bbf2c6abbb4eb1dd63672160e0e700c7e9ae0e9719e39d8bbd9433969945d3643134f3a08681357497e5a33ba3bae979b7544a695850195c9cf2841a9b24ba264623868469901098ddf17f3a33e4dd3e85f04525613af59129c8b14fc4b1e7771042c953e6ed909a9b9cdea252a3bba6dfda5580b0fc673e00e267d5d09fae3bbca014f57699e0b67fbf5b0b97c78ead6015f7672a3dfb45fcb863ba24fc28550392ecbfaaa120d33fbf55a4cbd712bdc4b41161544eb63ceef7db784d2b8e2ea8828242214b31ef571e14944a66f4c35e0d65da0be7ad9594fe5e0ed10a0f86f17d4ab7bd9c43bfd1eb407b68d849e2f4812802254b2b80e7fd486a2887176d5bf15104db15e91cc4f76e9fd3c8f8ac441a6afff4cc1da55dcfa7cd8a981e7dfa604d1308fe74055a38d816e906d9b075f5df886b70ffb52afc3fc8e03fe3cc3d3888ca36a8c0ec8f97752f2b9f905d348fab6d6fd4f39235e1c7e87c78bddcbd63aa4afcddb06537f35a30b1db59517a5ab65f71fcd23afe70175d0e9386aa5c95b6addcbfaa1639b907b420b504d0455d1a951ac1982cc5075bd2512b8b5660d78f2eea0c977831b39d2b00420e77ee6dba49b85c3cf65d63f52fb3df2d20510b1fc282f4ae4ae52a4485364124f1c22863608eab08d0a4051463492d629e580224661b1a928a28db31f7f95136744be440cb234cfa7e01b0a24572ea5b7fde2befb3ddf71ea3287a652dc154557d2c86f96838202b981fa1be7f5b0a0e8d9e1828c45a7014994aee18b080392744734a9a151216ec6e73c4eefbab718ab412fe02352dbf5e0d8ce79b3faf8dc2487b6e93b11b812308e0aab0001f87784c4ffb2b66ac11b256f95742b8cf7d30977abbfab42e8a696e096b89f386954f9a967e0b4ce0b7617a10a1abbb07f81d4dfea6ff1efde60c3718bdd392e8eadb5b03dbe184353b6a661e44419fb73e5a1156b5fcf059efadc140f2f361ece7c92ebab7b1912758f6d8933c1657d36f75fd0aa69bc0cefa32af3d4cf02514d47ce1a1e72dd9fa6f61789fff10ac2ac7dad2b45f795e9406509f328c9566f421b63a1728a3fb7c44202a3d57557e1c85981023ef8d43f28433fdaaf3f2b2595f730dffbec92aa36a0f72b6243608e65fdd5c9b03f224ac0815a99798fcf9ba9fb028b1ce0247a155d6ce49b43047c3e5648f454b002780594045fad541b3b6c6fb2e49dc737ec7049de7f05f4a83d90823bc56aaeb1022b9c71026a114cd40ddfb3af7c7df03b2928fb3a6d18262fa6055b580760666bde06c8c76506a9bfafbc45a76777135b7bec29bce9decff2279380fdabf39415928cd9057e62cbe08750b0774f0f0e9ce1a44d5b4ab23b53d364933896117338e0983e558ba8924fb5a19d292b144687069106c68350120ea19b4b23ecc8c389b928c368febd161d7b61e3bba438e535b2b8e8242dfb795b8f29994a7c1725c57b94a7d9e2287094d49b5f92b33b21048a0cf1917ef7928f38e514526631f57d5ac4aa387ca977f2648fe256ecf6a1d4f4e824e84c990f64af113fc0d029925949bd3d87efbf9a3222f6532ab34fede2e9efc68b0600313080c3417a54334ab9ee2acad89bede959dd795c1d48f7f4590475301fe3f51a4f678226e8591dce12a9ef0f37885dd3de4851468b382bb24261bedf96401801a19bd443fc90a388cc6eac7b3367eadfc769ab5780b0615d5531b8fb6e79a9efc3b490c75c37fb51f7427784e414e9eaa5a7cc0dfb184adf7faff7394870475811d18a8087991d0425e8ca0292a3bc7ea0bb574c89e1040b163f608aa7ac18b989031c774f1a733e842f8fccf754631948d7211445c696299a54e81dda9a48a5a78c346b0afc6f4810a8b5ffc6618149e0d7060033c543d19b73714daa29876b236f12ba284e81dfe139fddc4db2a308517f12b2b24a10e0579b4c6013fc47a1638ba4f89223888f162529c976cb3225c728b1a33c66e7de8159e6552d1bfb7b4f56b3430d5d6a41b5db5f0eaaafb291c44b690e43c87d98e46f15d4ab7a8cd9113490469b3c3aa3b7d7651e8ceb5c536d104eb8e1c4c88ff9154c2b80271027704aa571c22f626489f2a2bb6680c57dfca2674044da28377b1f3db1f2fc3a1890aa0324155b7fb6bd8677bf9f4f190607ce1631e8ffad797f111186eb7173aea5333c54f87c75199ea21865080a78f940d9b494c65e290f1f297deb16aa8fb6edac6b5aab5639cf0a32933da8832c975b482a5d971f42f74fa2af7b8316748feb7c2329ecfb88cd8bc437d94c6740a5e78553cd5e6133b7929a222209482bff987b195c2fc970d55beb4326433b6cdb76feeb37acce448c1a2217bb486e5dc25dad3d04096e5b653945041fd2d693eee0de390a2f03fe3e359eff475b43bf1640d58b2adf6c5bd7e2a1ad9dc46b14befc0788bbf9ea2a1d8da69ef1258c1d8cd43152c80d140e817e23e025c76d116905eaa6c2b9b923bc68fe23c29e5b9a15e47ec9509961a83ae16a2f753a4fd01861e2f18f5c400dc1177c650effb751bba2dc1213c28b8779e72b8d45eed5513a18508bbc055ad9cb4a579e87dfb1f93badd0a110cbc2b0205297ae61ffff95345eb9ba6672f635b97e026cdcadf0db3e68e6c9b1f7b52367e019a4411f3f94144b42c9ac0bf0079e0dec4edf866520c9a803fca2e7d29fb8e622661a766d6174d7ba905e22c6f30a2943091dc08be11468aa6af5331c165534cf22dd1cc9b73e9963ad71c94d3ff7d9ab93ae485a42b75ef2996258b1e3e078337b4cf9ff4b119653883d75ef4cb3732e01c0990b0d784aa1001adf817a4042b66f15bc57b2e5b585d48e2ff4f390db64780d41c3e960c0b92db31f24fbd997c70dcd7151ed5e614e8c0c1917f98da9f73fdaefc629e24df2298ccc97e4c4997c9bf2fa5b0bbeccf094f3d78a1b818e33570d6dfefdc284bdc24eeb67be63beed120407a52ff6de1510e5ebf4f92b409049a05e3a1826df62ded0c2f2acf33ff6c10b2bc7f6e30c7f17b1b0a42ea379f29f90b392ee3a488897c128800aa641265257e9ff5e60a35c98c30111e2bfe1640d7dc506244f2142143bb45c96fd3dbc81b2a1ed223d5d92070214751366f7e44ba6f49059a3bbbc8d9a6c511acbbc1085df1689ff293cb1bff8c38c68767a9b55859525fee38cafafb806e5c4a89eb65445fb06e6837635d8ace9230e94635971b7831a190f92f38addfd8b592cd5e0834be4d4b1c93ff9c35db71e633078970f681030682e34ec796b7875eedb2e56940346048526e9d5ae2276f6b4716b376dc07f17e8e0f01eb9a108e60c99a46f591f7b7f6802ac2b807b080f232761e1afb160a2bb1474a866aa47932edb966f0583f02e537a09d0f13b10cfb3c370a405c0c37c8298bf1e93d93c381d15ce06378e6504cd078ad4449c1b024c55fddfad3109e23b0c31446d6486b13234568fc60c7d5a3b8208dca98631ea151500a9982ea27c2b8b232644ffb737ddf47f9c266be589a5a4e58469988b74f028b70aef0c443753a82d3954a7ca63444f98e1b6cbf2f799d59d1c0ed27efaf0edeca8d415d0dd1a4f2de12b0bc80079436486378e813b58b3734064532a3d8332d8698ecca6268b0fbbd85c1b0e9bffdb63f3e409675c42fe81bd29ee5bc528610a30172d0e537dcfc7eaf08da4f136f728da4c2a1831fd9d66c4ade996fb76e7fd1d7c9ae265e029bbdade9f9f03e8bbee6eae20024d011c6301b47fc14020d8d2d54af5491a10a06c325cbdd3f4944d400b97ff1cce3b4e8954116a6358b9ac492614a58d62c652c44c233003d9650a4210e3b5d738d81a22422a58587fdd72c49f2f244696811ae4e7ac6b79dede550cc1b5c4f59860380a3ad7f5a3e5da57e61f2cd9fed4c3ee2c7c459119951b314e0962d80ba398f605c5fd55b8ac2225b3a55f7bd11646bb18b258c22f15f82daa6d5a7502f31a77e235e33f81dc667027b02c2c1fdade136f01dbd1a545083f425d49a555a650c8c17bd01fa776117a77b878792f6640ceae317530d41f6dc7175f751334f5d6f3059f96d9b0b2869a519a92d04431418f91f0a1aa74f0284cc88068616f942e1f227f3796be02346153fed7bf516a7c3609dc6d2df4af1c4f2f66d990face40fa751a54d3b38866ff84aecc161604af2b6d42f61a5170f15e1ba2458f24f565737d44c82b3f2701c7ebf2c14358924d4dc288ec71ec865a73e2ca22205399108aead622bc3b2da24ef911827841783120569e14142ec1fba95d1dad91ddcbdb4ec37118619466eb1910fc3b6bbb46afc93b72298307ebe078b579b2dcd60d984e97c1398aad452af8d7439cfcf22e7e3e9e26349b775fd0e50c4d1c12b6c57ec498d99a6646966dbf4a32698edca84e7d0215229b82ecc6aa5b2e846a70c93bddebbc04f32bc40c5a6fec7545f04e4503d530ab5fd92af6eb208929130b9de5b5d0f544cce7f82200b5574d0f87fba4eaf87e9a4631bede985437073e1b9369fdf332cbc8f31c11277f4693e8e3779e08e565a7f9c4ea7f8fdad1d8e44814a215ef1a2b8c15c758ee7b983d28f4041e204d5ce4682f28e3ef369a12c4915aafb04f7708adb20d5f2d492dc06c3a643a7dbc4693f5b1cf7ae35a91109e477cc7ba746809786ce86d44d072c33af4a41d9f9be6a11c3bfa712e29f4b212a49460d20c66cb8103e45da517e59ef97257277d36432db2688b9a36ba8c07919552668979751bd78052b6b60438261ae679b4ab40dd6ab4fc61c7bcc9ac0a7531749f5343ff6bdb47a5127950baa95681b6845490437f330923f1b7c7c96177390bc62739b9702c3b3f9b1d9c4cb548edeab055b6acc7e911ef37655efefca2b5d7c36666c99e42bd42385651ccb036a45b62182f68639fe761e42987f55ac7", @typed={0x12, 0x25, 0x0, 0x0, @str='/dev/ubi_ctrl\x00'}, @nested={0x4, 0xcd}]}, @generic="adbd2324419f85f2a36b638936ee0d59642f0d90b88dbda5fc5dce5c8e9323bdba3a7b5faf97111a477d17cffe9127a727a2f6a834fd6b825ae85d4689e71602e83059179be46412e1443cc15c20eb370aa5f1e2235af8d7b7085e58406f3a05f29382e11253580068df0bda94483c05480ac673bc278d8a4a987bfc13d4b2ca04e6c1c8771c593eff1ae77ad8b80418c6bbe13edbc66d8272c7281dc7f3029780631a051b16c9ce2d78331bc9fa63c553a6b84a644d6d54e88b0c25a76bb85e6b0e6cae492e50120d7f7faf8297c78cd94b0355c67b8964212e"]}, @SEG6_ATTR_DST={0x14, 0x1, @mcast2}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe0}]}, 0x121c}, 0x1, 0x0, 0x0, 0x20000080}, 0x40)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/demote_size\x00', 0x123902, 0x0)
r3 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x109402, 0x0)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6)
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop6/queue/nr_requests\x00', 0x1a3a42, 0x0)
read$auto(r3, &(0x7f0000000140)='\x00', 0x7)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
read$auto(0x3, 0x0, 0x1f3c)
write$auto(0x3, 0x0, 0xfdef)

kernel console output (not intermixed with test programs):

085][ T8158] [U] 
[  165.851866][ T8150] [U] 
[  168.651104][ T8250] netlink: 334 bytes leftover after parsing attributes in process `syz.0.841'.
[  169.993449][ T8278] netlink: 146 bytes leftover after parsing attributes in process `syz.0.859'.
[  171.200396][ T8304] netlink: 338 bytes leftover after parsing attributes in process `syz.1.862'.
[  171.245317][ T8306] netlink: 338 bytes leftover after parsing attributes in process `syz.1.862'.
[  171.250598][ T8308] netlink: 146 bytes leftover after parsing attributes in process `syz.2.863'.
[  171.562228][ T8317] netlink: 4 bytes leftover after parsing attributes in process `syz.1.872'.
[  171.791113][ T8323] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  173.085068][ T8353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.878'.
[  173.382086][ T8362] smc: net device syz_tun applied user defined pnetid ETHTOOL
[  173.478371][ T8366] Process accounting resumed
[  174.180323][ T8388] netlink: 330 bytes leftover after parsing attributes in process `syz.3.892'.
[  175.590847][ T8428] netlink: 8 bytes leftover after parsing attributes in process `syz.2.908'.
[  175.634768][ T8433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.907'.
[  178.434345][ T8487] netlink: 'syz.0.936': attribute type 33 has an invalid length.
[  178.452379][ T8487] netlink: 322 bytes leftover after parsing attributes in process `syz.0.936'.
[  180.455667][ T8514] netlink: 334 bytes leftover after parsing attributes in process `syz.1.937'.
[  180.900367][ T8526] openvswitch: netlink: Tunnel attr 8192 out of range max 16
[  181.707102][ T8538] smc: net device syz_tun applied user defined pnetid ETHTOOL
[  182.396773][ T8546] netlink: 342 bytes leftover after parsing attributes in process `syz.1.957'.
[  182.737761][ T8552] Process accounting resumed
[  182.907986][ T8555] netlink: 334 bytes leftover after parsing attributes in process `syz.3.951'.
[  182.951365][ T8556] netlink: 8 bytes leftover after parsing attributes in process `syz.1.954'.
[  184.013743][ T8576] netlink: 'syz.2.964': attribute type 1 has an invalid length.
[  184.021444][ T8576] netlink: 230 bytes leftover after parsing attributes in process `syz.2.964'.
[  187.029349][ T8634] [U] 
[  187.032118][ T8634] [U] 
[  187.034846][ T8634] [U] 
[  187.037578][ T8634] [U] 
[  187.052803][ T8634] [U] 
[  187.055574][ T8634] [U] 
[  187.058302][ T8634] [U] 
[  187.061021][ T8634] [U] 
[  187.069706][ T8634] [U] 
[  187.072452][ T8634] [U] 
[  187.075174][ T8634] [U] 
[  187.077906][ T8634] [U] 
[  187.093491][ T8634] [U] 
[  187.096248][ T8634] [U] 
[  187.098969][ T8634] [U] 
[  187.101688][ T8634] [U] 
[  187.145601][ T8634] [U] 
[  187.148376][ T8634] [U] 
[  187.151112][ T8634] [U] 
[  187.153840][ T8634] [U] 
[  187.191710][ T8634] [U] 
[  187.194456][ T8634] [U] �P�)z���D
����2���+y�<�z]�)襳|��Cw��82���!GL;��;��(���j�b`k�ok��5`��T�D����H�j��^�j��;�A�~þS�+���J�p���Ӎҋ�?H}mV�7��Z�,�Xn���oc	�
[  187.210374][ T8634] [U] 6EU�*3�ҽ��=�B2�����7�o��͙��e�~DMm����,��vm\)��bԆS5K2bT����Zm���ᾟ�\F�xOA6���exT�F�	H�j��}���{W�n�B
[  187.223340][ T8634] [U] ��v�aW a��Y`��	�|뇯6�įv"0ױ���sk�-Ӱ��P�8Yj�d�FD};�($B��r��C��,�eU�c�PG����<@��	�c�[Ź;U���V9^<���Jn��)��$�������oT�8 ;|��R�l
[  187.238906][ T8634] [U] ��vZ�
[  187.242213][ T8634] [U] VD-l�+"稩��E�YjUMiZ�Z1�o��+����.�'A-Pb�����P8�Z9�e��`�Fv���R^&����:Q��
[  187.251973][ T8634] [U] �2Ԯl��V�!:?�{�k�Ll;������}����>1��"�d�x+cs�Fԩ�+8�6l7+o���;����x�%��[����*j�Mb�E�f�k�_��`
[  187.263802][ T8634] [U] 1��9eن$�~�+{tFt�s�'���
[  187.268694][ T8634] [U] ��ə�Fa��bSZan/���������r���yM�ϳ�ckٻWŗ�(�<*w��~�p?��X�w�q�գPy�
ܪ��k�I�6lL��'%����D{�[��rݕȫ�>��͋k�YFYt��
[  187.282436][ T8634] [U] ]��p�#A�U/0��}���J8'�X��������z�I����m��KUM�Q�Φ�3�O$��76�Q%�Ս������Њ.��
[  187.292015][ T8634] [U] j�����9'�P��н̿:d"5��,�F&���E��wLJBs�7�Na��:>�|v4ŝ�.L|��<�ݎ�j�N�_��̐)�G#��G�������|�+���]v�#��j�
�1���\��z/{�?���~O��
[  187.306727][ T8634] [U] -��~��+�ءz�
[  187.310571][ T8634] [U] ��Z<H��u��e���XWv�{u�~��_$�@�Wo:}�!4�?�S#�̜l:�f��ŀ*j�=�fm�5

�X�)�q����� ���3�
[  187.321186][ T8634] [U] �|p����t�:O��5熕����q4~g�a�/T�`�37
[  187.327201][ T8634] [U] ��ӤJ�.�}V{�0�H�I��F�ʇ*
�1���Y�6�0w�ۦ�No8�GC^I׊��ݥ�M�a�,T��/�0Y��M�K��;���o	O���jeT9wЗ�P~�h
[  187.339296][ T8634] [U] �	�}�$�ʪ�u���2y�/!�{�H��v2���[.H
��: Eϵ>���}�sUHL���J)vC=�����㝰4ۼ<��k��(s��J�K+��=%�w
[  187.351052][ T8634] [U] k�ҫP���jpͽM�MD�!)'�?��$m:�<��c�r���\X�nT)�s3����&��cɴ	��Ɵa������૦>��5����W]����^�R?JR�'��mh�[��
[  187.374522][ T8634] [U] }���u�hjG�܍� �U!��.o�����XVs쓄?��cd=�R��p�r���7�ޯ��&���J�¼a/B��	M��ʕs{`4��8�	J�
[  187.385779][ T8634] [U] s� )f�|]O�������>�oJ`
[  187.390674][ T8634] [U] ��4��a\Yk���%R{d;1���4��3�<2�Wߧ����H�e��ּay�Q�΍>M7U�l��
[  187.399375][ T8634] [U] �A��@�]�[N��qvsTi
[  187.403555][ T8634] [U] ���K�7K�v����FR\@�����rc�DbdGh���2�j�̂F�O@�cl&w��5|��U�Y����2
[  187.412602][ T8634] [U] �p���:b��?��ޕ�����އ
[  187.417556][ T8634] [U] �"
[  187.420431][ T8634] [U] 0���]qu�r�;�K����3�H;����y	'�#@[�{���[�:
N����1R6����vψ��x�#�j�\`#�����=�L�k�U��9�)F&彇p����G�E7죐�nr1a7r*8xJ{�8����JB�Es�
[  187.436001][ T8634] [U] ʡ�?�v8[���h��&��l�� ��_�c�[�t)Aĉ�|8���>�YC��
[  187.443322][ T8634] [U] ���%�Ѽ�8�kI�Ji�0Gn���۾�I63�|B�}e�Kw����
[  187.449865][ T8634] [U] �&�C�!��p�P�"NG�����_�"�UҐfwr>6)1�)��'�����^��чkX5�d�e<�(�.��5c��S�={⟿��lT�U[㎻�V8e[�^��B�u�t�����F���6Gj\�d�rg��l�J�8&����L��ѽ�(C5��<�#��Ug�g��S%��wV��t�6I�	��
}}�6%�9�^�����Vl�`q��~���5ه��g
[  187.471514][ T8634] [U] �.�M����x�]?Dez�K��#G2������(�Ь"�A�ȁA�w�y�(kB	�~�����1_���Q�I@�j�ۛfJM����X��j�.v�v�T��߅��`�x�FV~���6|ױ�@�1�
[  187.485691][ T8634] [U] �|�Z�8�*i��>�G��|2f���Cv��|u*��T*��7j�$
[  187.492046][ T8634] [U] �,�C�vـ��6藖X;�w�B��i��Uf_��R�N�-,�!���w���{�vE�T,���D�ij:%
�T7㸿[��S+�
[  187.501796][ T8634] [U] �Uc&��18K����|���7���=5�p�/CѸw�܀�?�M�k�/K	 $���E�y�/�d��QY{ݐI)�.8߶6}�����\�l�Z��-x��m��
[  187.571495][ T8634] [U] �?b���~<��߈���X<�+n?X�\�\l+{�^c���.��
[  187.577898][ T8634] [U] �$p�)<#����$�^>�b�eW�笞��n�f<`z���z�=�!%�:,�tG����W>�l~{���[��������!gmzDJ9��pӪǵ���߽R�О#�\��
[  187.590169][ T8634] [U] ��?-�ߞG��_
[  187.594005][ T8634] [U] ��@�o]�ܧgD{��_Ge@
'i�	�P������Ƭ�b���ws�Ŭ}��ה\�N+ma�/�}"�\--���ǿ�҅��m�
[  187.604446][ T8634] [U] �ll��3���XI�@^Vİ5B����Z$��6V��}܎��_z�����>F.0UY7�'IЄfW�Y�ŜUo�߽=`����U��uN+�㫒
[  187.615872][ T8634] [U] �q[9b4_%E��Z�T�yD#�¾1��8�7�Q�f���
[  187.621704][ T8634] [U] 5��Ҁv�d���E��2���\|r��;�
[  187.626835][ T8634] [U] ��B�h��Υ|���V�_֟H���M^xW�Pl����Y
[  187.632992][ T8634] [U] &�W2���
[  187.636275][ T8634] [U] U��<f~�s��ȕ���0�o������]�`��+"�d�w$��8$��;Z����S.ݗ�2����i�ZG���t��{��=�C��P�h0�6��=O�����`�/�=6���B���G칞
[  187.649720][ T8634] [U] w<q��z�H�ԧk׬W�/��|c�ۢ��楤���ՈV
[  187.655698][ T8634] [U] "�Q�v���ă����T�?S`�ɟ|e�h�E���!�X�
[  187.661767][ T8634] [U] �m�%)����-�з'�~,J��r!�:.,z��^}���b�b��[ sCޛ���E7����oq�[������5�F�	���d7�-YTKI����7'��	M,5����G�n�R?�
[  187.674696][ T8634] [U] �5S�+����H�����)����w1x�i�v�Z���{<��z�6ʋa庶L�$tJ����>�'
@B�� ��h�������S#U+��.tye]M�c����M��Ih7�2-�M�3�#��Q���5WKX�w+[]��6#:���Df�U	�#�k������rh
[  187.692055][ T8634] [U] �G�QzʓZi��
[  187.695786][ T8634] [U] �g��?
�
��n�j~W_Z�r#7rz���v(Ȅ�����D4����3�E�dgꚏ�ps�a�|VO��gq�4���&e'.���"2��K0�W����#3��Y�F��;�/t�Ub2�*a�[$ÉOU.�٤n�:_�����V�	��A�0_Ɯ�x�$d�����f3�Q�M0<��Ue""�nmc��P��@���E͟��7��ӯ�(��N�G�N�E���F��h��dֿ�ҩHcˡAH�ՔxJ�FwI��1�w��r;��iT�F�X(����`!�'������v�ד�oiGmv|�Lǂo���;��)�f�
[  187.727580][ T8634] [U] ?-�G��k����֣�D2@gEd��T��n��K<顕�&��F6��:��7�&]=3�B���JpN��'sp�.���[	��;��(�q�6�s��u��Y)�0C�|�V�1}��0�b�g��&P�U�k3���7��H�U2B�3�8tw���>-N%�7�͍1��LT1��u����>B�I�|�c�J%k��S[2CԘC%“�!9�Q�ڟ0��pp����C���	H��K�[W(���^��'c@$� ���&��Z�D�1�V�(\��
[  187.758063][ T8634] [U] @�؀���L�l��QP�&r��(,꧴�V�m>�m�6�GBh��TL��emf�$M8eR�f<st�����
f�'�gj�U��F ~پ�<Gkの��n��
��:�n%%�4zŻ���ڷ�@�-�|eJ�#�%Ds�%f��=�_<f���4��C�@�7�S�6&"
[  187.775564][ T8634] [U] ��4[�P�D���&��P?�d��CK����O ��H8�UBO���b��KE���Dۣ��e��p�T�6�8�����}�5U���9S
[  187.786086][ T8634] [U] �~Gd�	�Z2m�����4q
[  187.790526][ T8634] [U] ����K��-m�;�j��G-�6�O-Z?�k=�}n�x�M��7�~�'��+~�x����X�i��+��	.�v�Sc+a�N,���|?WA��+Vf�PS�GH�:����;����}s�|>Ue2�	�D�v�L�m�jw�-[����@��+]�|�T*>�
[  187.806522][ T8634] [U] qFC7!P����Ik��z�VdN�ؤ��K���C>ݺ����nI�0�DFd��,Vs
[  187.814355][ T8634] [U] ���g%� ��N�����e��� �:�Y����������z&VP�Ą
[  187.821229][ T8634] [U] a�[�
[  187.824281][ T8634] [U] �{Ɣ͎���aߑ��_��W(��H�4����%7W?Nz@�R3��/R?F�,г��i�{ƪ ��@�}%�o�����}IF~�Myjࣛ���%N!/E4s��h&�u	��Q��B��	��ra����*Z�
[  187.838444][ T8634] [U] ��_&(�7dt$��ɾ%�CM-w����
[  187.843482][ T8634] [U] �\n2]�yr�|��
[  187.847397][ T8634] [U] ��j��5,�Kǭ	��2����k�󕌢K�"j�?����4M-$'mq#^P�e�������|�Ƈ"�o3�Td����b,9|S�pA,�bM�&�$
[  187.858346][ T8634] [U] ��dJQF�\
[  187.861743][ T8634] [U] �2l`����*2�8LZ�@�N����I�ʞ�c���b�Ndb����$���j	�K�H�����%�Gߕh?�����O��^qa.� �H\f5Xv"#�D�h���)���Lx�!�M_���e���n�����/�M�9�Ux*����W�^��`q�b��O!�q#a�
[  187.879038][ T8634] [U] �
[  187.881917][ T8634] [U] �Ėl��w��=��DѬ]�[�]d6⻝��?g�?l���{���v����M��4��b�u1���r8�f�}�f� Z��{��k�(݁�+o`�WZt�������0�4�
[  187.894521][ T8634] [U] ��&O,�Ϫ�yտ�䎷���KM�P�x�5�4�:����F��:���L�2
[  187.901586][ T8634] [U] �-��I��(��u�1�.L�-l�� á5��fD��|�_=tn�{��Z�Dz��}
l۳��XTd�~�є�
/���=,�f���
��m|R��:(Yb6�0eR*��\�ng�"h5탎!f�[J8�5�:}u%��x#���,�)�,ɧmp
��m�TهXZ4���eC
[  187.918961][ T8634] [U] �E_�2k$,�Ҡǝ$O�	��
[  187.923573][ T8634] [U] ��!����c��٨:��m����P7#�r!]&�#�p�g��01
�A�+^P��d0�d.}!�-kU���W�A����/�"��\
[  187.952710][ T8634] [U] �h���cM�#�UC%��K��ϛ�����Q�U9���>�]I�>��.�~��l���~�ʘ������]�"ϫ�f�j[�j�>����=�w Э���!pE��4�z���o�Nܺ�W�͋40C��ß���n)���a
��g�D �s&샵�f�Y�1������x�$m�3��xK4�{Mгִ)�e �V�S���[B��S�f-���xmj��0Ʀ|��PA�ijJco63^rXD|�$��ye���P9��[ą�3U��mP�g\pǵ�s*���%��?w	KY�0�
[  187.982032][ T8634] [U] ���Iճ�9��f[��F�G����
������*��L������s:<��XU�%
[  187.989443][ T8634] [U] �}�G����
–����S
��
���Gf_ISc�Y[*q9��y�A<~��1(�XN=�<�ΝX���6���}�p��:Z8i�5ǝa��@�p;U�@�%�j�k#�F\e�6f�U�	H�q'��10T�ɴ�z�]wkTP>�R��� �J�<(x
8E�߿3p�k\�<��#���q��[)��ef�����bz��3�|Eg�[��6��ߎ�8�R(?h6oԊnJuy#WI7�(��
[  188.013178][ T8634] [U] h�Dќ�2��}�__`t]����O
hV�z��K"����ug����,��9�;6���3>��+�g�{��J'@�"[JL�M�-�������ݮP� �;O�(���$����^��*�~�8҃��r�yCn&�N�;D+~�L�t�<+Jc���\H���q
[  188.017706][ T8646] netlink: 12 bytes leftover after parsing attributes in process `syz.1.985'.
[  188.029850][ T8634] [U] S�\3c��ΖB�3B')�B��7����IT��{ڬ���h��c���g7;{�=�4�sE�Z{�yz�A-����i���Pa�[XNS������'E^?�vTaf����X6���B�hC�)a2�;��>q�`���t	ɬq���"��6�h�`M��,
�u%H$7%��ᓿ�
[  188.029899][ T8634] [U] |yږ���À���b�
�K��a��r��ok�]�F���NNe.|����+M>�
~�?�NW�f
[  188.029920][ T8634] [U] �r�ᙃ�B�о@��w[�p�g�:�k�'%� �B6`K|u�B���Y�U`�0�9��uZ���{C���
3�nT�1���X��L�þ��j����&5��ߖ�?��v�V`t̎�Ͳ���	�_���\�qt��N�S>�a��>S�9�
[  188.029940][ T8634] [U] ��tog���>�5J�R��Ӣ�	�Kߖ���ьo�7��Ib��tp�K�+� nH_���%pmؕ�$�`��̃F����W��ϙ[+��1��!�Ư�OҞ�
[  188.029954][ T8634] [U] `5
[  188.029971][ T8634] [U] �\il�!�?��t�J�'�E6&���2�
[  188.029992][ T8634] [U] ���XC��k)c�|���2��s�R��S���y�k�S������7W�.L���5���_SP��^�����8ID5��'��+tП/�Ҧ�f��Y�1{���Kaf�Z�/�%�H�O8��u��	9�]3�Ԙn���#�`e���Ϊ����h��]�D�V�����P�5f��&�"^/�g���$m)����eqQ8w�����ӯe*e�oN�w��VcV���e��n�,�w���*b���wU���םD��{�C���$h�A��E���f
[  188.030029][ T8634] [U] t�֓�>��}C�9ʖ;�u�6��;Z����2u�-k��3�4u���9&�QI�-&����Ta�á`W{���-QY(�ϝ�H{|�ȭ"-�G�9;z�Dm����u-1H�{In�B"��l~J��+(W~�Z�[Tx@���ǭ�δa�vG����x�zH�|�t�B���U��y
�$*�~O��t�	���M��8b�#��������J�䨶m\�;=c��?�ז
fG���K{(���O�]?���鮄�<�n���qd$I$��)�&�3�E/
[  188.167237][ T8634] [U] �E�eF����}"hX�Q?c��Y�pd�3$��r��&�l����vmG���4Y��X����|,��Q)G:b�i�#��F�6+H-@�������g��K�#GyC�u��m��|��P��K�1��t~"
[  188.180924][ T8634] [U] �N1��_Z�E�?ȣ���t�I*J�)x��:�	8�s�>���^�T*������D����g�!l��<�o�A^�I��n��i9��
[  188.191716][ T8634] [U] ��#�v�El��
��,�8@Ͻ�Z�1%A���Ci9���|~����MK�[�&H�.�Q���t��hBx�{s��fj�%l��TY��B�T፮�>��ϊ0/��c�^��َ)�?�q��{��ۙW��C/���DK�1��:�d��
I���
[  188.203969][ T8649] netlink: 12 bytes leftover after parsing attributes in process `syz.1.985'.
[  188.207525][ T8634] [U] �ͷ��dFߦȼ�J/���{����5�l ����4-��l��Hn�'��1	���BO80�R��J=fl��j�o��
[  188.226277][ T8634] [U] �*�i���#O�(�*2n�|ֽ=�A��+�Z�g�;4��>�E�`��3(�s��h�I�7�
�G�Aй`��҄T�s�D����̘^�I�	�1�
[  188.236796][ T8634] [U] �R�܉㈅|��'"�l����de�l�
[  188.241934][ T8634] [U] >����ۯI� ˃Of�ر�v��P�9B9[+��T�hO����E�1Z�S�Esӟ`k�CϹ�����N��oǃ	�
[  188.251777][ T8634] [U] M��#THpՔR�2����TӲcoJY�|m�2�k�s7�rI���19�|Sz�ZKRX����>�V����;�z+{���w0�\��N��]�%��p��9c?*3יכ�`�/�o6�j�w����:��X�W��'��l
P*����7��'ϯ��OEm&`�`��|5�lR�F���I�PV�;����v�ɔQ���
[  188.271600][ T8634] [U] 6B�h�� ��"h��e�g��J���K�(���%֟�'rw���z��!�Ĵ�f�C�:���ꝭ���8���z5ں���=�^��Z��|ޖ<�U�ͼ���
[  188.283607][ T8634] [U] �x�������ws\h�4
��:��L�4�)S��E��
[  188.289699][ T8634] [U] [��
���α�
[  188.293271][ T8634] [U] ajnktL��(���y@��T�[R���t�����/̆�4?DZ�)��L�4L�x�m�7����Ѷ��*HfUꜺ�3,���F�'�m�g_��j#<4�ъ�]������S�8&��yu��(u�M�1mA�!V
[  188.307264][ T8634] [U] �ۊ�����­1�e�9
[  188.311252][ T8634] [U] ��������l�f��S����0P��H���$���X�Yqt�b�3�i3��<hCns'��'�>��GJ�\l��5|�Q�e��+��풵�*c��y�L�I{���{�T�;q}�vQ}8Ha�����GʷZ��_cg��
[  188.325914][ T8634] [U] ��³�H|KM�d�R�4�J���MaMzI/v���1��2|�.�.UPY�ձ$�ڕ��T*��+��A=��K�W�D�{�F$3fw�gIO1D,w;ͻ�4�sd¡�
[  188.389149][ T8634] [U] /�Si���"WY1������N'T Ғ)�ܾ��/83�v��5����
[  188.724409][ T8659] nvme_fcloop: unknown parameter or missing value '/'
[  189.310338][ T8673] netlink: 342 bytes leftover after parsing attributes in process `syz.0.995'.
[  189.655628][ T8680] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1000'.
[  190.003485][ T8689] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1003'.
[  190.584328][ T8699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1005'.
[  190.602972][ T8709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1011'.
[  190.667266][ T8709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1011'.
[  190.689516][ T8714] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1013'.
[  191.032278][ T8725] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1017'.
[  192.060513][ T8759] netlink: 'syz.3.1033': attribute type 4 has an invalid length.
[  194.622409][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.629044][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  195.474437][ T8869] __nla_validate_parse: 3 callbacks suppressed
[  195.474458][ T8869] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1064'.
[  195.864918][ T8875] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  195.872956][ T8879] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1068'.
[  195.893565][ T8875] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  195.922496][ T8879] smc: removing net device syz_tun with user defined pnetid ETHTOOL
[  195.957260][ T8875] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  196.012594][ T8875] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  196.024514][ T8874] sctp: [Deprecated]: syz.1.1067 (pid 8874) Use of int in max_burst socket option.
[  196.024514][ T8874] Use struct sctp_assoc_value instead
[  196.958346][ T8907] netlink: 322 bytes leftover after parsing attributes in process `syz.2.1080'.
[  196.970499][ T8909] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1079'.
[  197.179255][ T8912] netlink: 'syz.0.1083': attribute type 27 has an invalid length.
[  197.191489][ T8912] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1083'.
[  197.914968][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout
[  197.982675][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout
[  197.989600][ T5143] Bluetooth: hci3: command 0x0c1a tx timeout
[  198.059784][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout
[  198.239926][ T8948] netlink: 'syz.0.1090': attribute type 4 has an invalid length.
[  198.680538][ T8963] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1094'.
[  198.749930][ T8963] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1094'.
[  198.931673][ T8974] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1097'.
[  198.942396][ T8974] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1097'.
[  199.757153][ T9008] FAULT_INJECTION: forcing a failure.
[  199.757153][ T9008] name failslab, interval 1, probability 0, space 0, times 0
[  199.785317][ T9008] CPU: 1 UID: 0 PID: 9008 Comm: syz.0.1103 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  199.796063][ T9008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  199.806159][ T9008] Call Trace:
[  199.809454][ T9008]  <TASK>
[  199.812390][ T9008]  dump_stack_lvl+0x16c/0x1f0
[  199.817085][ T9008]  should_fail_ex+0x497/0x5b0
[  199.821775][ T9008]  ? fs_reclaim_acquire+0xae/0x150
[  199.826904][ T9008]  should_failslab+0xc2/0x120
[  199.831597][ T9008]  kmem_cache_alloc_noprof+0x6e/0x3b0
[  199.836979][ T9008]  ? __pfx___pti_set_user_pgtbl+0x10/0x10
[  199.842716][ T9008]  ? __pmd_alloc+0xc3/0x8b0
[  199.847232][ T9008]  __pmd_alloc+0xc3/0x8b0
[  199.851571][ T9008]  copy_page_range+0x3c9e/0x5650
[  199.856546][ T9008]  ? __pfx_copy_page_range+0x10/0x10
[  199.861846][ T9008]  ? mas_store+0x53d/0xac0
[  199.866275][ T9008]  ? __pfx_mas_store+0x10/0x10
[  199.871050][ T9008]  ? lock_acquire+0x2f/0xb0
[  199.875561][ T9008]  ? copy_mm+0xf74/0x25b0
[  199.879911][ T9008]  ? up_write+0x1b2/0x520
[  199.884252][ T9008]  copy_mm+0x1237/0x25b0
[  199.888513][ T9008]  ? __pfx_copy_mm+0x10/0x10
[  199.893113][ T9008]  ? copy_process+0x3ca7/0x6f20
[  199.898016][ T9008]  ? __raw_spin_lock_init+0x3a/0x110
[  199.903322][ T9008]  copy_process+0x3e6d/0x6f20
[  199.908028][ T9008]  ? __pfx_copy_process+0x10/0x10
[  199.913078][ T9008]  ? futex_wait+0x121/0x380
[  199.917596][ T9008]  kernel_clone+0xfd/0x960
[  199.922027][ T9008]  ? __pfx_kernel_clone+0x10/0x10
[  199.927066][ T9008]  ? do_futex+0x123/0x350
[  199.931408][ T9008]  ? __pfx_do_futex+0x10/0x10
[  199.936095][ T9008]  ? 0xffffffff81000000
[  199.940251][ T9008]  __do_sys_clone+0xba/0x100
[  199.944855][ T9008]  ? __pfx___do_sys_clone+0x10/0x10
[  199.950060][ T9008]  ? 0xffffffff81000000
[  199.954230][ T9008]  do_syscall_64+0xcd/0x250
[  199.958747][ T9008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.964682][ T9008] RIP: 0033:0x7fcfba985d29
[  199.969107][ T9008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.988722][ T9008] RSP: 002b:00007fcfbb7e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  199.997151][ T9008] RAX: ffffffffffffffda RBX: 00007fcfbab76080 RCX: 00007fcfba985d29
[  200.005132][ T9008] RDX: 9999999999999999 RSI: 0000000000000009 RDI: 0000000000000021
[  200.013121][ T9008] RBP: 00007fcfbaa01b08 R08: 0000000000000006 R09: 0000000000000000
[  200.021098][ T9008] R10: ffffffff81000000 R11: 0000000000000246 R12: 0000000000000000
[  200.029074][ T9008] R13: 0000000000000000 R14: 00007fcfbab76080 R15: 00007ffcb8cb6d78
[  200.037055][ T9008]  ? 0xffffffff81000000
[  200.041225][ T9008]  </TASK>
[  201.243553][ T9027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1111'.
[  202.631841][ T9051] sctp: [Deprecated]: syz.3.1116 (pid 9051) Use of int in maxseg socket option.
[  202.631841][ T9051] Use struct sctp_assoc_value instead
[  202.712634][ T9052] sctp: [Deprecated]: syz.2.1119 (pid 9052) Use of int in max_burst socket option.
[  202.712634][ T9052] Use struct sctp_assoc_value instead
[  203.223642][ T9067] misc userio: No port type given on /dev/userio
[  204.269442][ T9094] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1135'.
[  205.657948][ T9114] openvswitch: netlink: VXLAN extension 13870 out of range max 1
[  207.610361][ T9149] kafs: addr_prefs: Invalid Command
[  208.683037][ T9189] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1167'.
[  209.149018][ T9195] misc userio: No port type given on /dev/userio
[  209.199827][ T9202] netlink: 306 bytes leftover after parsing attributes in process `syz.3.1172'.
[  209.770083][ T9215] mkiss: ax0: crc mode is auto.
[  211.134698][ T9238] misc userio: No port type given on /dev/userio
[  211.597591][ T9251] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  211.729861][ T9255] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1194'.
[  213.342165][ T9292] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1208'.
[  213.517985][ T9300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1210'.
[  213.669652][ T9306] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1213'.
[  214.278025][ T9325] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1222'.
[  214.383429][ T9327] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1224'.
[  214.566017][ T9334] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1226'.
[  214.568411][ T9335] netlink: 'syz.0.1227': attribute type 1 has an invalid length.
[  214.917718][ T9343] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  215.107255][ T9348] bond0: mtu greater than device maximum
[  215.150420][ T9338] sctp: [Deprecated]: syz.2.1228 (pid 9338) Use of int in maxseg socket option.
[  215.150420][ T9338] Use struct sctp_assoc_value instead
[  215.770639][ T9357] mkiss: ax0: crc mode is auto.
[  217.986224][ T9401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1249'.
[  218.902489][ T9427] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1261'.
[  221.408160][ T9505] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1288'.
[  221.438600][ T9505] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1288'.
[  221.456598][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1289'.
[  221.929843][ T9530] ptrace attach of "./syz-executor exec"[5829] was attempted by "./syz-executor exec"[9530]
[  222.209567][ T9540] netlink: 'syz.0.1298': attribute type 14 has an invalid length.
[  222.218877][ T9540] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1298'.
[  223.054385][ T9581] netlink: 306 bytes leftover after parsing attributes in process `syz.1.1309'.
[  225.789986][ T9637] erspan0: entered allmulticast mode
[  226.358525][ T9658] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1336'.
[  226.391917][ T9658] IPv6: NLM_F_CREATE should be specified when creating new route
[  227.374236][ T9693] netlink: 74 bytes leftover after parsing attributes in process `syz.3.1348'.
[  227.458331][ T9695] vivid-009: =================  START STATUS  =================
[  227.475102][ T9695] vivid-009: Enable Output Cropping: true grabbed
[  227.491209][ T9695] vivid-009: Enable Output Composing: true grabbed
[  227.505772][ T9695] vivid-009: Enable Output Scaler: true grabbed
[  227.522410][ T9695] vivid-009: Tx RGB Quantization Range: Automatic grabbed
[  227.539694][ T9695] vivid-009: Transmit Mode: HDMI grabbed
[  227.552421][ T9695] vivid-009: Hotplug Present: 0x00000000
[  227.573036][ T9695] vivid-009: RxSense Present: 0x00000000
[  227.589523][ T9695] vivid-009: EDID Present: 0x00000000
[  227.602702][ T9695] vivid-009: ==================  END STATUS  ==================
[  227.765188][ T9702] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma?
[  228.939863][ T9728] netlink: 74 bytes leftover after parsing attributes in process `syz.1.1362'.
[  230.346694][ T9786] netlink: 74 bytes leftover after parsing attributes in process `syz.0.1385'.
[  231.662830][ T9821] vivid-009: =================  START STATUS  =================
[  231.686935][ T9821] vivid-009: Enable Output Cropping: true grabbed
[  231.712054][ T9813] netlink: 74 bytes leftover after parsing attributes in process `syz.2.1395'.
[  231.745756][ T9824] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1399'.
[  231.754001][ T9821] vivid-009: Enable Output Composing: true grabbed
[  231.765069][ T9821] vivid-009: Enable Output Scaler: true grabbed
[  231.773481][ T9821] vivid-009: Tx RGB Quantization Range: Automatic grabbed
[  231.780667][ T9821] vivid-009: Transmit Mode: HDMI grabbed
[  231.792594][ T9821] vivid-009: Hotplug Present: 0x00000000
[  231.798305][ T9821] vivid-009: RxSense Present: 0x00000000
[  231.804263][ T9821] vivid-009: EDID Present: 0x00000000
[  231.822652][ T9821] vivid-009: ==================  END STATUS  ==================
[  232.168961][ T9841] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1405'.
[  232.184735][ T9841] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1405'.
[  232.970831][ T9851] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1408'.
[  233.591560][ T9866] vivid-009: =================  START STATUS  =================
[  233.591604][ T9866] vivid-009: Enable Output Cropping: true grabbed
[  233.591646][ T9866] vivid-009: Enable Output Composing: true grabbed
[  233.591682][ T9866] vivid-009: Enable Output Scaler: true grabbed
[  233.591720][ T9866] vivid-009: Tx RGB Quantization Range: Automatic grabbed
[  233.591756][ T9866] vivid-009: Transmit Mode: HDMI grabbed
[  233.591788][ T9866] vivid-009: Hotplug Present: 0x00000000
[  233.591819][ T9866] vivid-009: RxSense Present: 0x00000000
[  233.591849][ T9866] vivid-009: EDID Present: 0x00000000
[  233.591879][ T9866] vivid-009: ==================  END STATUS  ==================
[  233.731223][ T9872] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  234.866979][ T9908] ALSA: mixer_oss: invalid OSS volume ''
[  235.925395][ T9948] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1446'.
[  236.728003][ T9976] erspan0: entered allmulticast mode
[  238.257527][T10033] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1475'.
[  239.064653][T10060] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1478'.
[  239.162847][T10056] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1476'.
[  239.223972][T10060] syz.0.1478 (10060) used greatest stack depth: 21376 bytes left

syzkaller
syzkaller login: [  240.316302][T10102] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1492'.
[  240.392442][T10104] netlink: 'syz.2.1493': attribute type 4 has an invalid length.
[  240.405760][T10104] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1493'.
[  240.757296][T10119] netlink: 138 bytes leftover after parsing attributes in process `syz.2.1507'.
[  241.456699][T10140] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1510'.
[  241.481811][T10140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  241.502698][T10140] batman_adv: batadv0: Removing interface: batadv_slave_0
[  241.512482][T10140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  241.522675][T10140] batman_adv: batadv0: Removing interface: batadv_slave_1
[  244.096888][T10202] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1532'.
[  244.629054][T10217] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1540'.
[  244.715954][T10211] UHID_CREATE from different security context by process 1019 (syz.3.1537), this is not allowed.
[  245.110983][T10230] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1547'.
[  245.139063][T10230] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1547'.
[  246.974416][T10275] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1560'.
[  246.983810][T10275] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.991356][T10275] batman_adv: batadv0: Removing interface: batadv_slave_0
[  247.023563][T10275] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  247.043579][T10275] batman_adv: batadv0: Removing interface: batadv_slave_1
[  247.066098][T10276] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1569'.
[  248.389174][T10303] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1571'.
[  249.446720][T10336] netlink: 'syz.2.1583': attribute type 17 has an invalid length.
[  249.463819][T10336] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1583'.
[  249.623488][T10335] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1585'.
[  249.689827][T10341] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  250.591142][T10367] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1597'.
[  250.893697][T10370] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1599'.
[  251.043424][T10370] syz.1.1599 (10370) used greatest stack depth: 21136 bytes left
[  251.135578][ T5143] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  251.149931][ T5143] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  251.160335][ T5143] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  251.187559][ T5143] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  251.197642][ T5143] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  251.207211][ T5143] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  251.617470][T10371] chnl_net:caif_netlink_parms(): no params data found
[  251.837223][T10371] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.859388][T10371] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.870466][T10371] bridge_slave_0: entered allmulticast mode
[  251.895875][T10371] bridge_slave_0: entered promiscuous mode
[  251.940461][T10371] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.962630][T10371] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.969934][T10371] bridge_slave_1: entered allmulticast mode
[  251.985161][T10371] bridge_slave_1: entered promiscuous mode
[  252.017771][T10371] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  252.030684][T10371] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  252.077027][T10371] team0: Port device team_slave_0 added
[  252.086089][T10371] team0: Port device team_slave_1 added
[  252.129767][T10371] batman_adv: batadv0: Adding interface: batadv_slave_0
[  252.142653][T10371] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  252.169355][T10371] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  252.182596][T10371] batman_adv: batadv0: Adding interface: batadv_slave_1
[  252.189573][T10371] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  252.224211][T10371] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  252.271213][T10371] hsr_slave_0: entered promiscuous mode
[  252.278092][T10371] hsr_slave_1: entered promiscuous mode
[  252.284917][T10371] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  252.299434][T10371] Cannot create hsr debugfs directory
[  252.481495][T10371] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.567867][T10371] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.643670][T10371] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.712978][T10371] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.886896][T10371] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  252.900843][T10371] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  252.916622][T10371] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  252.931613][T10371] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  253.036583][T10371] 8021q: adding VLAN 0 to HW filter on device bond0
[  253.067299][T10371] 8021q: adding VLAN 0 to HW filter on device team0
[  253.086180][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.093342][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  253.115402][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.122587][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  253.252820][ T5143] Bluetooth: hci3: command tx timeout
[  253.339621][T10371] 8021q: adding VLAN 0 to HW filter on device batadv0
[  253.373218][T10371] veth0_vlan: entered promiscuous mode
[  253.384170][T10371] veth1_vlan: entered promiscuous mode
[  253.440014][T10371] veth0_macvtap: entered promiscuous mode
[  253.449065][T10371] veth1_macvtap: entered promiscuous mode
[  253.465543][T10371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.476131][T10371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.486568][T10371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.497419][T10371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.509993][T10371] batman_adv: batadv0: Interface activated: batadv_slave_0
[  253.521873][T10371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.532384][T10371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.542292][T10371] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.552868][T10371] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.564055][T10371] batman_adv: batadv0: Interface activated: batadv_slave_1
[  253.585426][T10371] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.594998][T10371] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.603921][T10371] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.612712][T10371] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.676985][T10399] netlink: 'syz.1.1605': attribute type 19 has an invalid length.
[  253.686417][T10399] netlink: 114 bytes leftover after parsing attributes in process `syz.1.1605'.
[  253.912670][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.920537][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.064008][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  254.093727][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.193205][T10409] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1610'.
[  254.855290][T10427] netlink: 306 bytes leftover after parsing attributes in process `syz.2.1616'.
[  255.050690][T10433] netlink: 'syz.1.1619': attribute type 39 has an invalid length.
[  255.058774][T10433] netlink: 'syz.1.1619': attribute type 40 has an invalid length.
[  255.066720][T10433] netlink: 'syz.1.1619': attribute type 41 has an invalid length.
[  255.074708][T10433] netlink: 'syz.1.1619': attribute type 44 has an invalid length.
[  255.082645][T10433] netlink: 'syz.1.1619': attribute type 46 has an invalid length.
[  255.090576][T10433] netlink: 'syz.1.1619': attribute type 47 has an invalid length.
[  255.098741][T10433] netlink: 'syz.1.1619': attribute type 48 has an invalid length.
[  255.106958][T10433] netlink: 'syz.1.1619': attribute type 49 has an invalid length.
[  255.115097][T10433] netlink: 'syz.1.1619': attribute type 50 has an invalid length.
[  255.123375][T10433] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1619'.
[  255.333204][ T5143] Bluetooth: hci3: command tx timeout
[  255.371686][T10442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1620'.
[  255.934545][T10460] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1630'.
[  256.054984][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  256.061335][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  256.249583][T10466] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1632'.
[  256.621618][T10474] netlink: 'syz.2.1636': attribute type 20 has an invalid length.
[  256.636857][T10474] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1636'.
[  256.648843][T10474] IPv6: NLM_F_CREATE should be specified when creating new route
[  256.763360][T10477] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1638'.
[  256.844363][T10480] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1637'.
[  256.967250][T10484] netlink: 314 bytes leftover after parsing attributes in process `syz.0.1640'.
[  257.147872][T10491] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1642'.
[  257.422917][ T5143] Bluetooth: hci3: command tx timeout
[  258.301951][T10508] netlink: zone id is out of range
[  258.489653][T10508] netlink: zone id is out of range
[  258.547212][T10508] netlink: set zone limit has 8 unknown bytes
[  259.501790][ T5143] Bluetooth: hci3: command tx timeout
[  259.907489][T10559] __nla_validate_parse: 4 callbacks suppressed
[  259.907520][T10559] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1669'.
[  260.116877][T10570] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1671'.
[  260.629523][T10588] netlink: 146 bytes leftover after parsing attributes in process `syz.1.1679'.
[  260.921555][T10600] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1684'.
[  261.223962][T10609] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1687'.
[  261.406941][T10616] validate_nla: 1 callbacks suppressed
[  261.406961][T10616] netlink: 'syz.0.1689': attribute type 3 has an invalid length.
[  261.539274][T10619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1691'.
[  261.539846][T10621] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1692'.
[  262.540183][T10649] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1700'.
[  262.583283][T10649] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1700'.
[  263.227412][T10676] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1711'.
[  265.005883][T10717] __nla_validate_parse: 2 callbacks suppressed
[  265.005905][T10717] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1725'.
[  266.463299][T10744] netlink: 306 bytes leftover after parsing attributes in process `syz.0.1736'.
[  266.994372][T10756] netlink: 'syz.3.1739': attribute type 3 has an invalid length.
[  267.506100][T10769] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1745'.
[  267.564739][T10770] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1753'.
[  267.944261][T10774] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1746'.
[  268.125687][T10784] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1750'.
[  269.602421][T10810] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1762'.
[  269.703690][T10812] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1760'.
[  270.149914][T10814] netlink: 'syz.1.1763': attribute type 21 has an invalid length.
[  270.193076][T10814] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1763'.
[  270.479436][T10830] netlink: 'syz.2.1767': attribute type 27 has an invalid length.
[  270.494012][T10830] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1767'.
[  270.948290][T10844] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1772'.
[  271.985393][T10870] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1781'.
[  272.247777][T10862] raw_sendmsg: syz.1.1779 forgot to set AF_INET. Fix it!
[  272.546956][T10879] netlink: 'syz.1.1784': attribute type 19 has an invalid length.
[  272.582711][T10879] netlink: 114 bytes leftover after parsing attributes in process `syz.1.1784'.
[  273.189333][T10896] mkiss: ax0: crc mode is auto.
[  275.023187][T10949] netlink: 'syz.3.1809': attribute type 28 has an invalid length.
[  275.031069][T10949] netlink: 'syz.3.1809': attribute type 29 has an invalid length.
[  275.052939][T10949] netlink: 'syz.3.1809': attribute type 30 has an invalid length.
[  275.060900][T10949] netlink: 'syz.3.1809': attribute type 31 has an invalid length.
[  275.082548][T10949] netlink: 'syz.3.1809': attribute type 32 has an invalid length.
[  275.096459][T10949] netlink: 'syz.3.1809': attribute type 33 has an invalid length.
[  275.107444][T10949] netlink: 'syz.3.1809': attribute type 35 has an invalid length.
[  275.146369][T10949] netlink: 'syz.3.1809': attribute type 37 has an invalid length.
[  275.161313][T10949] netlink: 'syz.3.1809': attribute type 39 has an invalid length.
[  275.174063][T10949] netlink: 18 bytes leftover after parsing attributes in process `syz.3.1809'.
[  275.212618][T10951] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1810'.
[  275.245961][T10951] IPv6: NLM_F_CREATE should be specified when creating new route
[  275.273898][T10951] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  275.281680][T10951] IPv6: NLM_F_CREATE should be set when creating new route
[  275.289006][T10951] IPv6: NLM_F_CREATE should be set when creating new route
[  276.012011][T10972] netlink: 326 bytes leftover after parsing attributes in process `syz.2.1819'.
[  276.104472][T10976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1821'.
[  276.120085][T10976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1821'.
[  276.324178][T10979] netlink: 350 bytes leftover after parsing attributes in process `syz.2.1822'.
[  276.409823][T10985] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1825'.
[  276.548344][T10993] netlink: 306 bytes leftover after parsing attributes in process `syz.2.1827'.
[  276.672113][T10995] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1828'.
[  277.291842][T11016] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1838'.
[  278.011663][T11042] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1850'.
[  280.851392][T11119] __nla_validate_parse: 3 callbacks suppressed
[  280.851412][T11119] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1877'.
[  280.906128][T11119] IPv6: Can't replace route, no match found
[  283.363170][T11181] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1897'.
[  283.508325][T11183] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1898'.
[  283.814523][T11188] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1900'.
[  288.275672][T11271] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1928'.
[  288.357132][T11271] veth1_macvtap: left promiscuous mode
[  289.688387][T11293] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1937'.
[  289.725250][T11293] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1937'.
[  289.753200][T11293] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1937'.
[  289.763081][T11293] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1937'.
[  289.837091][T11293] netlink: 114 bytes leftover after parsing attributes in process `syz.3.1937'.
[  292.336947][T11334] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1953'.
[  292.959726][T11362] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1964'.
[  293.775465][T11377] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1968'.
[  294.108260][T11379] netlink: 326 bytes leftover after parsing attributes in process `syz.3.1970'.
[  294.312323][T11384] netlink: 290 bytes leftover after parsing attributes in process `syz.2.1971'.
[  294.345498][T11389] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1972'.
[  294.734966][T11391] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1974'.
[  295.488984][T11420] validate_nla: 4 callbacks suppressed
[  295.489008][T11420] netlink: 'syz.2.1983': attribute type 4 has an invalid length.
[  295.523981][T11420] netlink: 314 bytes leftover after parsing attributes in process `syz.2.1983'.
[  295.780005][T11422] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed
[  295.798823][T11422] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff)
[  297.591948][T11457] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1996'.
[  298.805415][T11475] devtmpfs: Unknown parameter ':'
[  301.038785][T11510] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2012'.
[  301.403418][T11510] veth1_macvtap: left promiscuous mode
[  301.667805][T11523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'.
[  301.731379][T11523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'.
[  302.026950][T11525] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2019'.
[  303.201281][T11555] mkiss: ax0: crc mode is auto.
[  304.098447][T11578] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2038'.
[  306.118478][T11624] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2054'.
[  306.187148][T11624] veth1_macvtap: left promiscuous mode
[  307.485238][T11653] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2065'.
[  307.552136][T11653] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2065'.
[  307.561687][T11656] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2067'.
[  307.596491][T11653] netlink: 98 bytes leftover after parsing attributes in process `syz.1.2065'.
[  307.620816][T11653] veth0_macvtap: left promiscuous mode
[  308.011413][T11666] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2072'.
[  308.191380][   T29] audit: type=1326 audit(6031858787.664:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11670 comm="syz.3.2074" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8346585d29 code=0x0
[  308.248299][T11672] Process accounting resumed
[  308.466856][T11677] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2076'.
[  308.496449][T11677] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2076'.
[  309.384755][   T29] audit: type=1326 audit(6031858788.864:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11695 comm="syz.1.2083" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f51af785d29 code=0x0
[  309.521680][T11699] netlink: 'syz.3.2084': attribute type 21 has an invalid length.
[  309.551469][T11699] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2084'.
[  309.964823][T11710] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2087'.
[  311.173179][T11740] __nla_validate_parse: 2 callbacks suppressed
[  311.173201][T11740] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2098'.
[  311.205751][T11740] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2098'.
[  311.357379][T11749] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2100'.
[  312.447717][T11792] kAFS: Invalid Command on /proc/fs/afs/cells file
[  312.699700][T11801] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2112'.
[  312.867047][T11809] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2115'.
[  313.123303][T11813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2117'.
[  313.160226][T11813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2117'.
[  314.161247][T11838] Invalid ELF header magic: != ELF
[  316.762898][T11884] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2140'.
[  316.784477][T11884] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2140'.
[  317.514964][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  317.521312][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  318.050497][   T29] audit: type=1326 audit(6031858797.524:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11912 comm="syz.2.2151" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbeff585d29 code=0x0
[  318.135418][T11915] Process accounting resumed
[  318.411887][T11921] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2153'.
[  319.529734][T11945] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2162'.
[  319.562599][T11945] 
: renamed from gre0 (while UP)
[  319.597186][T11945] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2162'.
[  320.219043][T11958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2167'.
[  320.300741][T11960] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2168'.
[  321.459062][T11969] could not allocate digest TFM handle 
[  321.572725][T11978] could not allocate digest TFM handle 
[  324.485322][T12056] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  326.195971][T12104] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2218'.
[  326.218343][T12104] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2218'.
[  326.244427][T12104] netlink: 170 bytes leftover after parsing attributes in process `syz.3.2218'.
[  326.728411][T12112] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2222'.
[  326.810446][T12112] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2222'.
[  328.242754][T12132] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2230'.
[  328.858996][T12138] Invalid ELF header magic: != ELF
[  329.678448][T12152] netlink: 322 bytes leftover after parsing attributes in process `syz.0.2236'.
[  332.134304][T12184] could not allocate digest TFM handle 
[  332.367400][T12183] could not allocate digest TFM handle 
[  334.937295][T12258] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2273'.
[  335.814803][T12268] netlink: 'syz.3.2277': attribute type 64 has an invalid length.
[  335.830967][T12268] netlink: 74 bytes leftover after parsing attributes in process `syz.3.2277'.
[  335.853553][T12270] hugetlbfs: syz.2.2278 (12270): Using mlock ulimits for SHM_HUGETLB is obsolete
[  336.738634][T12292] block nbd0: not configured, cannot reconfigure
[  340.858687][T12364] netlink: 'syz.0.2316': attribute type 33 has an invalid length.
[  340.904158][T12364] netlink: 322 bytes leftover after parsing attributes in process `syz.0.2316'.
[  340.958866][T12364] 8021q: adding VLAN 0 to HW filter on device team0
[  341.539868][T12378] netlink: 'syz.0.2320': attribute type 5 has an invalid length.
[  341.547957][T12378] netlink: 314 bytes leftover after parsing attributes in process `syz.0.2320'.
[  342.580115][T12389] mkiss: ax0: crc mode is auto.
[  343.319354][T12396] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2326'.
[  343.396822][T12396] veth0_macvtap: left promiscuous mode
[  343.414532][T12398] netlink: 122 bytes leftover after parsing attributes in process `syz.3.2327'.
[  344.462759][T12411] netlink: 'syz.3.2333': attribute type 4 has an invalid length.
[  344.511291][T12411] netlink: 314 bytes leftover after parsing attributes in process `syz.3.2333'.
[  344.597830][T12411] IPv6: NLM_F_CREATE should be specified when creating new route
[  344.659336][T12411] IPv6: NLM_F_REPLACE set, but no existing node found!
[  346.481163][T12438] netlink: 'syz.1.2343': attribute type 39 has an invalid length.
[  346.526280][T12438] netlink: 'syz.1.2343': attribute type 40 has an invalid length.
[  346.554298][T12438] netlink: 'syz.1.2343': attribute type 41 has an invalid length.
[  346.586833][T12438] netlink: 'syz.1.2343': attribute type 44 has an invalid length.
[  346.627496][T12438] netlink: 'syz.1.2343': attribute type 46 has an invalid length.
[  346.657203][T12438] netlink: 'syz.1.2343': attribute type 47 has an invalid length.
[  346.684489][T12438] netlink: 'syz.1.2343': attribute type 48 has an invalid length.
[  346.716786][T12438] netlink: 'syz.1.2343': attribute type 49 has an invalid length.
[  346.752254][T12438] netlink: 'syz.1.2343': attribute type 50 has an invalid length.
[  346.777410][T12438] netlink: 6 bytes leftover after parsing attributes in process `syz.1.2343'.
[  348.657484][T12468] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2356'.
[  349.441742][T12480] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2360'.

syzkaller
syzkaller login: [  350.369927][T12490] sp0: Synchronizing with TNC
[  351.940895][T12520] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2374'.
[  352.038112][T12522] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2375'.
[  352.048786][T12522] hsr0: entered allmulticast mode
[  352.057046][T12522] hsr_slave_0: entered allmulticast mode
[  352.064556][T12522] hsr_slave_1: entered allmulticast mode
[  352.348539][T12524] netlink: 222 bytes leftover after parsing attributes in process `syz.0.2377'.
[  352.374757][T12525] netlink: 222 bytes leftover after parsing attributes in process `syz.0.2377'.
[  352.412111][T12528] netlink: 326 bytes leftover after parsing attributes in process `syz.3.2379'.
[  352.462749][T12528] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.473284][T12528] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.538147][T12550] tipc: Started in network mode
[  353.550735][T12550] tipc: Node identity ffffffff, cluster identity 4711
[  353.568225][T12550] tipc: Node number set to 4294967295
[  353.579600][T12554] bridge0: port 3(hsr_slave_1) entered blocking state
[  353.586646][T12554] bridge0: port 3(hsr_slave_1) entered disabled state
[  353.611301][T12554] hsr_slave_1: entered allmulticast mode
[  353.628303][T12554] hsr_slave_1: left allmulticast mode
[  353.635026][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  353.678257][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  353.690973][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  353.715271][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  353.724431][ T5835] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  353.733075][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  353.817467][T12562] netlink: 314 bytes leftover after parsing attributes in process `syz.0.2391'.
[  354.170752][T12555] chnl_net:caif_netlink_parms(): no params data found
[  354.306330][T12577] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2396'.
[  354.360242][T12577] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  354.431601][T12555] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.439256][T12555] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.446954][T12555] bridge_slave_0: entered allmulticast mode
[  354.454292][T12555] bridge_slave_0: entered promiscuous mode
[  354.462084][T12555] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.469306][T12555] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.477092][T12555] bridge_slave_1: entered allmulticast mode
[  354.484419][T12555] bridge_slave_1: entered promiscuous mode
[  354.564693][T12555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  354.580104][T12555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  354.655781][T12555] team0: Port device team_slave_0 added
[  354.688150][T12555] team0: Port device team_slave_1 added
[  354.765870][T12555] batman_adv: batadv0: Adding interface: batadv_slave_0
[  354.773297][T12555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  354.799196][    C1] vkms_vblank_simulate: vblank timer overrun
[  354.806992][T12555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  354.880957][T12555] batman_adv: batadv0: Adding interface: batadv_slave_1
[  354.897452][T12555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  354.950708][T12597] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2403'.
[  354.952534][T12555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  355.160968][T12555] hsr_slave_0: entered promiscuous mode
[  355.179859][T12555] hsr_slave_1: entered promiscuous mode
[  355.209056][T12555] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  355.229216][T12555] Cannot create hsr debugfs directory
[  355.240567][T12603] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2406'.
[  355.573375][T12613] bridge0: port 3(team0) entered blocking state
[  355.591832][T12613] bridge0: port 3(team0) entered disabled state
[  355.602083][T12613] team0: entered allmulticast mode
[  355.620915][T12613] team_slave_0: entered allmulticast mode
[  355.642000][T12613] team_slave_1: entered allmulticast mode
[  355.653272][T12613] team0: entered promiscuous mode
[  355.662055][T12613] team_slave_0: entered promiscuous mode
[  355.678048][T12613] team_slave_1: entered promiscuous mode
[  355.797495][T12555] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  355.823839][ T5835] Bluetooth: hci2: command tx timeout
[  355.855716][T12555] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  355.874348][T12555] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  355.895444][T12555] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  355.979391][T12555] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.005588][T12555] 8021q: adding VLAN 0 to HW filter on device team0
[  356.025340][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.033767][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  356.043864][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.051037][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  356.081048][T12555] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  356.091562][T12555] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  356.278856][T12555] 8021q: adding VLAN 0 to HW filter on device batadv0
[  356.599881][T12640] netlink: 'syz.1.2419': attribute type 10 has an invalid length.
[  356.624895][T12640] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2419'.
[  356.821994][T12555] veth0_vlan: entered promiscuous mode
[  356.865209][T12555] veth1_vlan: entered promiscuous mode
[  356.954070][T12555] veth0_macvtap: entered promiscuous mode
[  356.976039][T12555] veth1_macvtap: entered promiscuous mode
[  357.045051][T12555] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  357.069504][T12555] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.090980][T12653] __nla_validate_parse: 2 callbacks suppressed
[  357.091000][T12653] netlink: 130 bytes leftover after parsing attributes in process `syz.0.2423'.
[  357.107171][T12555] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  357.117729][T12555] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.127809][T12555] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  357.138429][T12555] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.151283][T12555] batman_adv: batadv0: Interface activated: batadv_slave_0
[  357.190394][T12555] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  357.219257][T12555] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.230031][T12555] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  357.241027][T12555] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.251363][T12555] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  357.272994][T12555] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  357.311101][T12555] batman_adv: batadv0: Interface activated: batadv_slave_1
[  357.367826][T12555] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  357.402543][T12555] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  357.421972][T12555] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  357.443635][T12651] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2421'.
[  357.455163][T12555] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  357.608690][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  357.638703][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  357.687226][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  357.715917][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  357.895906][ T5835] Bluetooth: hci2: command tx timeout
[  357.969495][T12668] netlink: 314 bytes leftover after parsing attributes in process `syz.0.2428'.
[  359.581356][T12705] netlink: 'syz.4.2439': attribute type 4 has an invalid length.
[  359.608732][T12705] netlink: 314 bytes leftover after parsing attributes in process `syz.4.2439'.
[  359.624712][T12705] IPv6: NLM_F_CREATE should be specified when creating new route
[  359.827248][T12712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2444'.
[  359.963083][T12717] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2445'.
[  359.974010][ T5835] Bluetooth: hci2: command tx timeout
[  360.242725][T12726] sp0: Synchronizing with TNC
[  360.826231][T12744] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2454'.
[  361.925187][T12781] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2468'.
[  362.062587][ T5835] Bluetooth: hci2: command tx timeout
[  362.160028][T12784] scsi_strcpy_devinfo: vendor string '��/&c��~n]	�|
[  362.160028][T12784] M�' is too long
[  362.199593][T12784] scsi_strcpy_devinfo: model string '�Dd5��K�2b�
[  362.199593][T12784] ���W����� ��' is too long
[  365.199164][T12856] Invalid ELF header magic: != ELF
[  366.152212][T12882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2501'.
[  366.180585][T12882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2501'.
[  366.772655][T12901] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2510'.
[  367.185522][T12905] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2512'.
[  368.054095][T12929] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2518'.
[  368.165867][T12929] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.173430][T12929] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.448368][T12939] netlink: 'syz.0.2522': attribute type 27 has an invalid length.
[  368.470209][T12939] netlink: 'syz.0.2522': attribute type 28 has an invalid length.
[  368.501871][T12939] netlink: 'syz.0.2522': attribute type 29 has an invalid length.
[  368.530002][T12939] netlink: 'syz.0.2522': attribute type 30 has an invalid length.
[  368.560618][T12939] netlink: 'syz.0.2522': attribute type 31 has an invalid length.
[  368.602983][T12939] netlink: 'syz.0.2522': attribute type 32 has an invalid length.
[  368.610866][T12939] netlink: 'syz.0.2522': attribute type 33 has an invalid length.
[  368.647116][T12939] netlink: 'syz.0.2522': attribute type 35 has an invalid length.
[  368.676601][T12939] netlink: 'syz.0.2522': attribute type 37 has an invalid length.
[  368.693479][T12939] netlink: 'syz.0.2522': attribute type 39 has an invalid length.
[  368.712321][T12939] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2522'.
[  371.587455][T13019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2551'.
[  371.618030][T13019] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2551'.
[  371.663867][T13019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2551'.
[  375.202716][ T5143] Bluetooth: hci1: Malformed HCI Event
[  375.787536][T13102] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2582'.
[  375.902863][ T5143] Bluetooth: hci3: command 0x0406 tx timeout
[  376.129456][T13115] netlink: 50 bytes leftover after parsing attributes in process `syz.0.2584'.
[  376.584898][T13126] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2588'.
[  376.632798][T13126] �: renamed from hsr0 (while UP)
[  378.775552][T13171] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2601'.
[  378.937739][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.944208][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  380.771756][T13206] netlink: 50 bytes leftover after parsing attributes in process `syz.4.2612'.
[  382.786813][T13210] kexec: Could not allocate control_code_buffer
[  383.366151][T13233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2624'.
[  386.657848][T13277] validate_nla: 1 callbacks suppressed
[  386.657877][T13277] netlink: 'syz.3.2637': attribute type 4 has an invalid length.
[  386.752578][T13277] netlink: 314 bytes leftover after parsing attributes in process `syz.3.2637'.
[  387.290568][T13283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2640'.
[  387.331271][T13283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2640'.
[  387.873182][T13291] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2642'.
[  388.178462][T13295] netlink: 'syz.4.2644': attribute type 19 has an invalid length.
[  388.256468][T13295] netlink: 'syz.4.2644': attribute type 27 has an invalid length.
[  388.282627][T13295] netlink: 'syz.4.2644': attribute type 28 has an invalid length.
[  388.319220][T13295] netlink: 'syz.4.2644': attribute type 29 has an invalid length.
[  388.382810][T13295] netlink: 38 bytes leftover after parsing attributes in process `syz.4.2644'.
[  388.449498][T13297] nbd: illegal input index 50331648
[  388.869959][T13305] netlink: 'syz.0.2649': attribute type 64 has an invalid length.
[  388.899898][T13305] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2649'.
[  391.276142][T13347] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2665'.
[  391.305515][T13347] netlink: 302 bytes leftover after parsing attributes in process `syz.3.2665'.
[  391.670143][T13352] netlink: 22 bytes leftover after parsing attributes in process `syz.4.2667'.
[  391.752348][T13355] Process accounting resumed
[  394.786231][T13411] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2690'.
[  394.832959][T13411] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2690'.
[  394.985106][T13416] netlink: 452 bytes leftover after parsing attributes in process `syz.0.2693'.
[  395.004615][T13416] netlink: 452 bytes leftover after parsing attributes in process `syz.0.2693'.
[  395.068327][T13419] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2694'.
[  395.108739][T13419] netlink: 274 bytes leftover after parsing attributes in process `syz.3.2694'.
[  397.109331][T13468] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2712'.
[  397.150079][T13468] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2712'.
[  397.212951][T13472] netlink: 4368 bytes leftover after parsing attributes in process `syz.3.2713'.
[  397.885240][T13491] tipc: Started in network mode
[  397.890166][T13491] tipc: Node identity ee00, cluster identity 4711
[  397.922611][T13491] tipc: Node number set to 60928
[  398.372413][T13500] HfR: entered promiscuous mode
[  398.602088][T13508] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2726'.
[  398.680537][T13508] : renamed from bond_slave_1 (while UP)
[  399.966054][T13553] __nla_validate_parse: 1 callbacks suppressed
[  399.966076][T13553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2740'.
[  400.036344][T13553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2740'.
[  400.807750][T13589] netlink: 266 bytes leftover after parsing attributes in process `syz.3.2755'.
[  400.828097][T13589] IPv6: NLM_F_CREATE should be specified when creating new route
[  403.007709][T13643] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2771'.
[  403.162308][T13643] hsr_slave_1 (unregistering): left promiscuous mode
[  404.023681][T13649] netlink: 'syz.3.2773': attribute type 10 has an invalid length.
[  404.047681][T13649] netlink: 230 bytes leftover after parsing attributes in process `syz.3.2773'.
[  404.854908][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  408.958768][T13701] netlink: 'syz.1.2791': attribute type 4 has an invalid length.
[  408.972557][T13701] netlink: 314 bytes leftover after parsing attributes in process `syz.1.2791'.
[  409.900936][T13717] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2797'.
[  410.055153][T13720] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2798'.
[  410.102860][T13720] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2798'.
[  410.319127][T13728] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2802'.
[  410.435964][T13728] hsr_slave_1 (unregistering): left promiscuous mode
[  410.930293][T13735] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2804'.
[  410.961416][T13735] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2804'.
[  412.783653][T13770] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2813'.
[  412.830921][T13770] hsr_slave_1 (unregistering): left promiscuous mode
[  413.029061][T13776] netlink: 7 bytes leftover after parsing attributes in process `syz.0.2817'.
[  413.040728][T13776] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2817'.
[  414.795221][T13824] __nla_validate_parse: 3 callbacks suppressed
[  414.795240][T13824] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2838'.
[  414.812689][T13824] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2838'.
[  414.830408][T13824] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2838'.
[  414.980304][T13834] netlink: 18 bytes leftover after parsing attributes in process `syz.0.2842'.
[  415.041580][T13836] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2841'.
[  415.163632][T13836] hsr_slave_1 (unregistering): left promiscuous mode
[  416.513503][T13885] netlink: 246 bytes leftover after parsing attributes in process `syz.4.2860'.
[  419.466156][T13944] kexec: Could not allocate control_code_buffer
[  421.133675][T14002] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2901'.
[  421.499080][ T5835] Bluetooth: hci1: unexpected event 0x02 length: 0 < 1
[  421.835995][T14018] FAULT_INJECTION: forcing a failure.
[  421.835995][T14018] name failslab, interval 1, probability 0, space 0, times 0
[  421.848940][T14018] CPU: 0 UID: 0 PID: 14018 Comm: syz.1.2908 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  421.859746][T14018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  421.869840][T14018] Call Trace:
[  421.873156][T14018]  <TASK>
[  421.876116][T14018]  dump_stack_lvl+0x16c/0x1f0
[  421.880845][T14018]  should_fail_ex+0x497/0x5b0
[  421.885583][T14018]  ? fs_reclaim_acquire+0xae/0x150
[  421.890749][T14018]  should_failslab+0xc2/0x120
[  421.895477][T14018]  __kmalloc_noprof+0xce/0x4f0
[  421.900292][T14018]  ? fib_default_rule_add+0x4f/0x420
[  421.905637][T14018]  fib_default_rule_add+0x4f/0x420
[  421.910794][T14018]  fib4_rules_init+0x7c/0x1c0
[  421.915507][T14018]  fib_net_init+0x1de/0x3d0
[  421.920055][T14018]  ? __pfx_fib_net_init+0x10/0x10
[  421.925127][T14018]  ? do_init_timer+0xc9/0x110
[  421.929849][T14018]  ? devinet_init_net+0x5b3/0x8f0
[  421.934929][T14018]  ? __pfx_fib_net_init+0x10/0x10
[  421.939998][T14018]  ops_init+0x1df/0x5f0
[  421.944206][T14018]  setup_net+0x21f/0x860
[  421.948504][T14018]  ? __pfx_setup_net+0x10/0x10
[  421.953319][T14018]  ? down_read_killable+0xcc/0x380
[  421.958478][T14018]  ? __pfx_down_read_killable+0x10/0x10
[  421.964047][T14018]  ? debug_mutex_init+0x37/0x70
[  421.968916][T14018]  copy_net_ns+0x2b4/0x6c0
[  421.973372][T14018]  create_new_namespaces+0x3ea/0xad0
[  421.978675][T14018]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  421.984320][T14018]  ksys_unshare+0x45d/0xa40
[  421.988842][T14018]  ? __pfx_ksys_unshare+0x10/0x10
[  421.993879][T14018]  ? xfd_validate_state+0x5d/0x180
[  421.999006][T14018]  __x64_sys_unshare+0x31/0x40
[  422.003787][T14018]  do_syscall_64+0xcd/0x250
[  422.008315][T14018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.014229][T14018] RIP: 0033:0x7f51af785d29
[  422.018649][T14018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.038270][T14018] RSP: 002b:00007f51ad5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  422.046707][T14018] RAX: ffffffffffffffda RBX: 00007f51af975fa0 RCX: 00007f51af785d29
[  422.054688][T14018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  422.062663][T14018] RBP: 00007f51af801b08 R08: 0000000000000000 R09: 0000000000000000
[  422.070640][T14018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  422.078616][T14018] R13: 0000000000000000 R14: 00007f51af975fa0 R15: 00007ffd82e62018
[  422.086604][T14018]  </TASK>
[  422.089716][    C0] vkms_vblank_simulate: vblank timer overrun
[  422.644738][T14036] netlink: 342 bytes leftover after parsing attributes in process `syz.4.2913'.
[  422.675842][T14036] netlink: 'syz.4.2913': attribute type 1 has an invalid length.
[  422.702525][T14036] netlink: 274 bytes leftover after parsing attributes in process `syz.4.2913'.
[  422.762901][T14040] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2916'.
[  422.794451][T14040] netlink: 504 bytes leftover after parsing attributes in process `syz.3.2916'.
[  424.976282][T14102] netlink: 'syz.3.2935': attribute type 27 has an invalid length.
[  425.011009][T14102] netlink: 146 bytes leftover after parsing attributes in process `syz.3.2935'.
[  428.576994][T14168] netlink: 'syz.0.2959': attribute type 6 has an invalid length.
[  428.597143][T14168] netlink: 'syz.0.2959': attribute type 7 has an invalid length.
[  428.610245][T14168] netlink: 'syz.0.2959': attribute type 8 has an invalid length.
[  428.624992][T14168] netlink: 'syz.0.2959': attribute type 9 has an invalid length.
[  428.642582][T14168] netlink: 'syz.0.2959': attribute type 12 has an invalid length.
[  428.650666][T14168] netlink: 'syz.0.2959': attribute type 13 has an invalid length.
[  431.080847][T14222] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2978'.
[  431.121741][T14222] netlink: 274 bytes leftover after parsing attributes in process `syz.1.2978'.
[  432.434121][T14249] [U] 	
[  432.436989][T14249] [U] 
[  432.439732][T14249] [U] 
[  432.442456][T14249] [U] 
[  432.445193][T14249] [U] 
[  432.482824][T14249] [U] 
[  432.485628][T14249] [U] 
[  432.488349][T14249] [U] 
[  432.491072][T14249] [U] 
[  432.520807][T14248] [U] 
[  435.312635][T14297] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3004'.
[  435.352182][T14298] netlink: 338 bytes leftover after parsing attributes in process `syz.0.3004'.
[  435.391728][T14297] netlink: 210 bytes leftover after parsing attributes in process `syz.0.3004'.
[  435.413020][T14294] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  435.419423][T14294] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  435.442959][T14298] netlink: 210 bytes leftover after parsing attributes in process `syz.0.3004'.
[  435.480614][T14294] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  435.503217][T14294] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  435.551283][T14294] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  435.560532][T14294] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  435.566997][ T5835] Bluetooth: hci2: ACL packet for unknown connection handle 0
[  435.664132][T14294] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  435.688895][T14303] netlink: 222 bytes leftover after parsing attributes in process `syz.0.3006'.
[  435.700824][T14303] netlink: 222 bytes leftover after parsing attributes in process `syz.0.3006'.
[  435.856718][T14306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3008'.
[  435.879056][T14306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3008'.
[  436.734515][T14323] FAULT_INJECTION: forcing a failure.
[  436.734515][T14323] name failslab, interval 1, probability 0, space 0, times 0
[  436.750196][T14323] CPU: 0 UID: 0 PID: 14323 Comm: syz.3.3014 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  436.761026][T14323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  436.771133][T14323] Call Trace:
[  436.774450][T14323]  <TASK>
[  436.777413][T14323]  dump_stack_lvl+0x16c/0x1f0
[  436.782141][T14323]  should_fail_ex+0x497/0x5b0
[  436.786887][T14323]  ? fs_reclaim_acquire+0xae/0x150
[  436.792052][T14323]  should_failslab+0xc2/0x120
[  436.796784][T14323]  __kmalloc_noprof+0xce/0x4f0
[  436.801612][T14323]  ? xfrm_hash_alloc+0xd1/0x100
[  436.806513][T14323]  xfrm_hash_alloc+0xd1/0x100
[  436.811232][T14323]  xfrm_state_init+0x11f/0x630
[  436.816018][T14323]  ? __pfx_xfrm_net_init+0x10/0x10
[  436.821145][T14323]  xfrm_net_init+0x211/0xcb0
[  436.825753][T14323]  ? __pfx_xfrm_net_init+0x10/0x10
[  436.830877][T14323]  ops_init+0x1df/0x5f0
[  436.835052][T14323]  setup_net+0x21f/0x860
[  436.839313][T14323]  ? __pfx_setup_net+0x10/0x10
[  436.844090][T14323]  ? down_read_killable+0xcc/0x380
[  436.849220][T14323]  ? __pfx_down_read_killable+0x10/0x10
[  436.854794][T14323]  ? debug_mutex_init+0x37/0x70
[  436.859665][T14323]  copy_net_ns+0x2b4/0x6c0
[  436.864094][T14323]  create_new_namespaces+0x3ea/0xad0
[  436.869400][T14323]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  436.875054][T14323]  ksys_unshare+0x45d/0xa40
[  436.879577][T14323]  ? __pfx_ksys_unshare+0x10/0x10
[  436.884618][T14323]  ? xfd_validate_state+0x5d/0x180
[  436.889746][T14323]  __x64_sys_unshare+0x31/0x40
[  436.894525][T14323]  do_syscall_64+0xcd/0x250
[  436.899046][T14323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.904956][T14323] RIP: 0033:0x7f8346585d29
[  436.909377][T14323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.929001][T14323] RSP: 002b:00007f83473e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  436.937428][T14323] RAX: ffffffffffffffda RBX: 00007f8346775fa0 RCX: 00007f8346585d29
[  436.945407][T14323] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  436.953387][T14323] RBP: 00007f8346601b08 R08: 0000000000000000 R09: 0000000000000000
[  436.961364][T14323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  436.969360][T14323] R13: 0000000000000000 R14: 00007f8346775fa0 R15: 00007fff4ab299e8
[  436.977355][T14323]  </TASK>
[  437.508649][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  437.508676][T13640] Bluetooth: hci0: command 0x0c1a tx timeout
[  437.514819][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout
[  437.572701][T14344] Bluetooth: hci2: command 0x0c1a tx timeout
[  438.698451][T14373] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3028'.
[  438.765064][T14373] netlink: 274 bytes leftover after parsing attributes in process `syz.1.3028'.
[  439.228662][T14381] could not allocate digest TFM handle 
[  439.576667][T14344] Bluetooth: hci3: command 0x0406 tx timeout
[  439.652615][T14344] Bluetooth: hci2: command 0x0c1a tx timeout
[  440.199191][T14408] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3037'.
[  440.224416][T14408] netlink: 306 bytes leftover after parsing attributes in process `syz.4.3037'.
[  440.376843][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  440.384636][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  440.418892][T14413] netlink: 246 bytes leftover after parsing attributes in process `syz.4.3039'.
[  441.516422][T14437] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app
[  441.699629][T14444] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3052'.
[  441.736424][T14344] Bluetooth: hci2: command 0x0c1a tx timeout
[  441.843255][T14448] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3052'.
[  442.713232][T14471] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  443.780378][T14494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3065'.
[  445.100036][T14524] netlink: 342 bytes leftover after parsing attributes in process `syz.4.3076'.
[  449.289766][T14609] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3103'.
[  451.500403][T14653] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3120'.
[  451.530611][T14653] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3120'.
[  451.562738][T14653] netlink: 210 bytes leftover after parsing attributes in process `syz.4.3120'.
[  451.607489][T14653] netlink: 210 bytes leftover after parsing attributes in process `syz.4.3120'.
[  451.766855][T14657] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3122'.
[  451.788904][T14657] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3122'.
[  452.731071][T14686] KVM: debugfs: duplicate directory 14686-3
[  455.230961][T14730] mkiss: ax0: crc mode is auto.
[  459.911668][T14801] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  460.738843][T14816] netlink: 246 bytes leftover after parsing attributes in process `syz.1.3170'.
[  465.594690][T14877] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3192'.
[  465.674656][T14876] Invalid ELF header magic: != ELF
[  468.166939][T14891] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3195'.
[  468.449530][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[  468.486276][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[  468.503382][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[  468.533044][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[  468.562898][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[  468.592796][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[  468.603429][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[  468.643897][T14894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3197'.
[  469.617909][T14917] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3204'.
[  470.676051][T14937] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  473.193997][T15001] __nla_validate_parse: 3 callbacks suppressed
[  473.194017][T15001] netlink: 306 bytes leftover after parsing attributes in process `syz.3.3236'.
[  475.389375][T15032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3245'.
[  475.839244][T15045] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3249'.
[  475.919258][T15045] veth1_macvtap: left promiscuous mode
[  476.757309][T15059] HfR: entered promiscuous mode
[  476.811072][T15059] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3253'.
[  476.884872][T15059] HfR: left promiscuous mode
[  477.633788][T15080] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3259'.
[  477.704677][T15080] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3259'.
[  478.059930][T15082] netlink: 306 bytes leftover after parsing attributes in process `syz.1.3262'.
[  479.234026][T15100] Process accounting resumed
[  481.133207][T15135] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3279'.
[  483.037980][T15173] HfR: entered promiscuous mode
[  483.079672][T15173] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3291'.
[  483.100234][T15173] HfR: left promiscuous mode
[  484.737140][T15215] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3309'.
[  485.261076][T15230] netlink: 'syz.4.3314': attribute type 6 has an invalid length.
[  485.271306][T15230] netlink: 'syz.4.3314': attribute type 7 has an invalid length.
[  485.281171][T15230] netlink: 'syz.4.3314': attribute type 8 has an invalid length.
[  485.306138][T15230] netlink: 'syz.4.3314': attribute type 9 has an invalid length.
[  485.326629][T15230] netlink: 226 bytes leftover after parsing attributes in process `syz.4.3314'.
[  485.708866][   T29] audit: type=1806 audit(4294967323.708:5): xattr="." res=0
[  488.214889][T15290] netlink: 54 bytes leftover after parsing attributes in process `syz.1.3335'.
[  489.090683][T15309] Process accounting resumed
[  489.717986][T15325] Process accounting resumed
[  494.663593][T15421] usb usb28: usbfs: process 15421 (syz.3.3374) did not claim interface 0 before use
[  495.963623][T15429] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3378'.
[  499.815153][T15511] binder: 15508:15511 ioctl 80081270 38 returned -22
[  499.874547][T15511] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3410'.
[  499.926614][T15513] binder: 15508:15513 ioctl c0105512 1 returned -22
[  501.818684][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.827549][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  504.235949][T14344] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  506.886207][T15604] binder: 15602:15604 ioctl 541b 38 returned -22
[  507.842327][T15633] netlink: 'syz.3.3438': attribute type 29 has an invalid length.
[  507.870484][T15633] netlink: 'syz.3.3438': attribute type 30 has an invalid length.
[  507.880625][T15633] netlink: 'syz.3.3438': attribute type 31 has an invalid length.
[  507.900916][T15633] netlink: 'syz.3.3438': attribute type 32 has an invalid length.
[  507.923801][T15633] netlink: 'syz.3.3438': attribute type 33 has an invalid length.
[  507.952389][T15633] netlink: 'syz.3.3438': attribute type 35 has an invalid length.
[  507.992371][T15633] netlink: 'syz.3.3438': attribute type 37 has an invalid length.
[  508.022916][T15633] netlink: 18 bytes leftover after parsing attributes in process `syz.3.3438'.
[  509.323286][T15656] Process accounting paused
[  509.513324][T15664] [U] 
[  509.516090][T15664] [U] 
[  509.518826][T15664] [U] 
[  509.521561][T15664] [U] 
[  509.569942][T15664] [U] 
[  509.572712][T15664] [U] 
[  509.575449][T15664] [U] 
[  509.578175][T15664] [U] 
[  509.598078][T15663] [U] 
[  509.697309][T15666] sctp: [Deprecated]: syz.0.3448 (pid 15666) Use of int in max_burst socket option deprecated.
[  509.697309][T15666] Use struct sctp_assoc_value instead
[  509.908147][T15670] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3450'.
[  510.249104][T15668] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3449'.
[  510.281417][T15668] : renamed from bond0 (while UP)
[  510.608941][T15681] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3454'.
[  510.651489][T15683] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3456'.
[  510.658402][T15681] netlink: 252 bytes leftover after parsing attributes in process `syz.4.3454'.
[  510.700863][T15683] hsr_slave_0: left promiscuous mode
[  511.796058][T15702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3465'.
[  511.955841][T15711] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3466'.
[  512.012054][T15711] ip_vti0: entered promiscuous mode
[  513.204617][T15737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3474'.
[  513.228857][T15737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3474'.
[  513.941629][T15739] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3475'.
[  516.149055][T15776] [U] 
[  516.151824][T15776] [U] 
[  516.154559][T15776] [U] 
[  516.157289][T15776] [U] 
[  516.166848][T15776] [U] 
[  516.169603][T15776] [U] 
[  516.172310][T15776] [U] 
[  516.175016][T15776] [U] 
[  516.229570][T15775] [U] 
[  517.003506][T15793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3496'.
[  517.016627][T15793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3496'.
[  517.116138][T15796] lo: entered allmulticast mode
[  517.123706][T15796] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3497'.
[  517.300875][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  517.315249][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  517.333439][ T5143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  517.343861][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  517.352206][ T5143] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  517.359994][ T5143] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  517.405635][T15795] lo: left allmulticast mode
[  517.495829][T15799] netlink: zone id is out of range
[  517.507831][T15799] netlink: zone id is out of range
[  517.526106][T15799] netlink: zone id is out of range
[  517.533958][T15799] netlink: zone id is out of range
[  517.539274][T15799] netlink: zone id is out of range
[  517.575039][T15799] netlink: zone id is out of range
[  517.580176][T15799] netlink: zone id is out of range
[  517.600967][T15799] netlink: zone id is out of range
[  517.611997][T15799] netlink: zone id is out of range
[  517.623159][T15799] netlink: zone id is out of range
[  517.641177][T15798] chnl_net:caif_netlink_parms(): no params data found
[  517.806618][T15798] bridge0: port 1(bridge_slave_0) entered blocking state
[  517.831741][T15798] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.859489][T15798] bridge_slave_0: entered allmulticast mode
[  517.874419][T15798] bridge_slave_0: entered promiscuous mode
[  517.891998][T15798] bridge0: port 2(bridge_slave_1) entered blocking state
[  517.899240][T15798] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.906536][T15798] bridge_slave_1: entered allmulticast mode
[  517.913635][T15798] bridge_slave_1: entered promiscuous mode
[  518.093487][T15798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  518.144741][T15798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  518.250955][T15798] team0: Port device team_slave_0 added
[  518.277048][T15798] team0: Port device team_slave_1 added
[  518.352743][T15798] batman_adv: batadv0: Adding interface: batadv_slave_0
[  518.359736][T15798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  518.411373][T15798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  518.428061][T15798] batman_adv: batadv0: Adding interface: batadv_slave_1
[  518.435324][T15798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  518.470477][T15813] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3500'.
[  518.493825][T15798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  518.808567][T15798] hsr_slave_0: entered promiscuous mode
[  518.899742][T15798] hsr_slave_1: entered promiscuous mode
[  518.990118][T15798] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  518.997952][T15798] Cannot create hsr debugfs directory
[  519.394677][T15798] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  519.413784][T14344] Bluetooth: hci1: command tx timeout
[  519.447166][T15798] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  519.456965][T15798] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  519.473986][T15798] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  519.681775][T15839] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  519.693306][T15839] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  519.700757][T15839] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  519.722131][T15798] 8021q: adding VLAN 0 to HW filter on device bond0
[  519.730374][T15839] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  519.752792][T15839] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  519.792015][T15798] 8021q: adding VLAN 0 to HW filter on device team0
[  519.803354][T15839] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  519.819796][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  519.826972][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  520.012973][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.020150][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  520.526578][T15798] 8021q: adding VLAN 0 to HW filter on device batadv0
[  520.938955][T15798] veth0_vlan: entered promiscuous mode
[  520.971945][T15798] veth1_vlan: entered promiscuous mode
[  521.051949][T15798] veth0_macvtap: entered promiscuous mode
[  521.090527][T15798] veth1_macvtap: entered promiscuous mode
[  521.127506][T15798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  521.160971][T15798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.172669][T14344] Bluetooth: hci0: command 0x0c1a tx timeout
[  521.201962][T15798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  521.212601][T15798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.222524][T15798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  521.233415][T15798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.249621][T15798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  521.270815][T15798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.291811][T15798] batman_adv: batadv0: Interface activated: batadv_slave_0
[  521.356036][T15798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  521.371977][T15798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.383633][T15798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  521.399751][T15798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.411451][T15798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  521.448856][T15798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.482178][T15798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  521.508381][T15798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.540504][T15798] batman_adv: batadv0: Interface activated: batadv_slave_1
[  521.592165][T15798] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  521.634628][T15798] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  521.658716][T15798] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  521.667757][T15798] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  521.733841][ T5143] Bluetooth: hci2: command 0x0c1a tx timeout
[  521.739959][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  521.742621][T14344] Bluetooth: hci1: command 0x040f tx timeout
[  521.931620][ T3441] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  521.972845][ T3441] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  522.035037][  T988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  522.051865][  T988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  522.625065][T15903] netlink: 252 bytes leftover after parsing attributes in process `syz.3.3525'.
[  522.646316][T15903] netlink: 252 bytes leftover after parsing attributes in process `syz.3.3525'.
[  523.784176][T15936] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3531'.
[  523.812671][T14344] Bluetooth: hci1: command 0x040f tx timeout
[  523.923606][T15936] ip_vti0: entered promiscuous mode
[  524.696263][T15949] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3537'.
[  525.017914][T15955] net_ratelimit: 2 callbacks suppressed
[  525.017938][T15955] netlink: zone id is out of range
[  525.094007][T15955] netlink: zone id is out of range
[  525.099185][T15955] netlink: zone id is out of range
[  525.109190][T15955] netlink: zone id is out of range
[  525.132585][T15955] netlink: zone id is out of range
[  525.138556][T15955] netlink: zone id is out of range
[  525.181420][T15955] netlink: zone id is out of range
[  525.214700][T15955] netlink: zone id is out of range
[  525.219875][T15955] netlink: zone id is out of range
[  525.307763][T15955] netlink: zone id is out of range
[  525.892931][T14344] Bluetooth: hci1: command 0x040f tx timeout
[  527.972676][T14344] Bluetooth: hci1: command 0x040f tx timeout
[  528.053937][T15994] erspan0: entered allmulticast mode
[  528.402870][T16012] sp0: Synchronizing with TNC
[  529.375790][T16027] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  529.410360][T16027] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  529.905289][T16030] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  529.928491][T16030] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  529.942746][T16030] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  529.950134][T16030] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  530.235622][T16040] net_ratelimit: 2 callbacks suppressed
[  530.235642][T16040] netlink: zone id is out of range
[  530.282558][T16040] netlink: zone id is out of range
[  530.305143][T16040] netlink: zone id is out of range
[  530.310575][T16040] netlink: zone id is out of range
[  530.344355][T16040] netlink: zone id is out of range
[  530.362532][T16040] netlink: zone id is out of range
[  530.408844][T16040] netlink: zone id is out of range
[  530.418686][T16044] Invalid ELF header magic: != ELF
[  530.448771][T16040] netlink: zone id is out of range
[  530.515662][T16040] netlink: zone id is out of range
[  530.547051][T16040] netlink: zone id is out of range
[  530.678373][T16050] netlink: 'syz.4.3563': attribute type 4 has an invalid length.
[  530.688192][T16050] netlink: 'syz.4.3563': attribute type 32 has an invalid length.
[  530.718672][T16050] netlink: 46 bytes leftover after parsing attributes in process `syz.4.3563'.
[  531.492760][T14344] Bluetooth: hci0: command 0x0c1a tx timeout
[  531.837872][T16058] erspan0: entered allmulticast mode
[  531.972651][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout
[  531.972692][ T5143] Bluetooth: hci3: command 0x0406 tx timeout
[  531.978821][T14344] Bluetooth: hci1: command 0x040f tx timeout
[  532.100549][T16064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3576'.
[  535.742091][T16143] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3591'.
[  536.589150][T16156] erspan0: entered allmulticast mode
[  536.961968][T16164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3597'.
[  537.164125][T16170] lo: entered allmulticast mode
[  537.170837][T16170] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3600'.
[  537.839156][T16169] lo: left allmulticast mode
[  537.950370][T16176] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3603'.
[  538.006707][T16176] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3603'.
[  539.164595][T16195] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3616'.
[  539.536996][T16191] Process accounting resumed
[  539.717430][T16195] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  539.737766][T16195] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  539.764189][T16195] bond0 (unregistering): Released all slaves
[  539.810320][T16196] erspan0: entered allmulticast mode
[  539.907734][T16202] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3611'.
[  540.069092][T16202] geneve1: entered allmulticast mode
[  540.744849][T16214] FAULT_INJECTION: forcing a failure.
[  540.744849][T16214] name failslab, interval 1, probability 0, space 0, times 0
[  540.789947][T16214] CPU: 1 UID: 0 PID: 16214 Comm: syz.4.3614 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  540.800787][T16214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  540.810895][T16214] Call Trace:
[  540.814196][T16214]  <TASK>
[  540.817155][T16214]  dump_stack_lvl+0x16c/0x1f0
[  540.821882][T16214]  should_fail_ex+0x497/0x5b0
[  540.826601][T16214]  ? fs_reclaim_acquire+0xae/0x150
[  540.831758][T16214]  should_failslab+0xc2/0x120
[  540.836491][T16214]  __kmalloc_noprof+0xce/0x4f0
[  540.841307][T16214]  ? __register_sysctl_table+0xb4/0x18c0
[  540.846989][T16214]  __register_sysctl_table+0xb4/0x18c0
[  540.852490][T16214]  ? __pfx_snprintf+0x10/0x10
[  540.857214][T16214]  ? __pfx___register_sysctl_table+0x10/0x10
[  540.863242][T16214]  ? is_module_address+0x2a/0x50
[  540.868230][T16214]  ? register_net_sysctl_sz+0x228/0x3e0
[  540.873838][T16214]  __devinet_sysctl_register+0x1b5/0x360
[  540.879534][T16214]  ? __pfx___devinet_sysctl_register+0x10/0x10
[  540.885743][T16214]  ? trace_kmalloc+0x2d/0xd0
[  540.890378][T16214]  ? devinet_init_net+0xeb/0x8f0
[  540.895370][T16214]  ? __pfx_devinet_init_net+0x10/0x10
[  540.900800][T16214]  ? __pfx_devinet_init_net+0x10/0x10
[  540.906229][T16214]  devinet_init_net+0x33d/0x8f0
[  540.911141][T16214]  ? __pfx_devinet_init_net+0x10/0x10
[  540.916573][T16214]  ops_init+0x1df/0x5f0
[  540.920781][T16214]  setup_net+0x21f/0x860
[  540.925079][T16214]  ? __pfx_setup_net+0x10/0x10
[  540.929892][T16214]  ? down_read_killable+0xcc/0x380
[  540.935051][T16214]  ? __pfx_down_read_killable+0x10/0x10
[  540.940654][T16214]  ? debug_mutex_init+0x37/0x70
[  540.945569][T16214]  copy_net_ns+0x2b4/0x6c0
[  540.950032][T16214]  create_new_namespaces+0x3ea/0xad0
[  540.955374][T16214]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  540.961064][T16214]  ksys_unshare+0x45d/0xa40
[  540.965617][T16214]  ? __pfx_ksys_unshare+0x10/0x10
[  540.970683][T16214]  ? xfd_validate_state+0x5d/0x180
[  540.975842][T16214]  __x64_sys_unshare+0x31/0x40
[  540.980650][T16214]  do_syscall_64+0xcd/0x250
[  540.985206][T16214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.991155][T16214] RIP: 0033:0x7fb063b85d29
[  540.995605][T16214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  541.015254][T16214] RSP: 002b:00007fb0648f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  541.023722][T16214] RAX: ffffffffffffffda RBX: 00007fb063d75fa0 RCX: 00007fb063b85d29
[  541.031731][T16214] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  541.039744][T16214] RBP: 00007fb063c01b08 R08: 0000000000000000 R09: 0000000000000000
[  541.047752][T16214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  541.055765][T16214] R13: 0000000000000000 R14: 00007fb063d75fa0 R15: 00007fff69459f88
[  541.063788][T16214]  </TASK>
[  542.142957][T16251] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3629'.
[  542.153710][T16251] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3629'.
[  542.229751][T16254] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3628'.
[  542.597067][T16261] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3632'.
[  542.655673][T16261] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3632'.
[  542.903633][T16258] sp0: Synchronizing with TNC
[  542.957983][T16255] [U] �
[  545.442847][T16302] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  545.464347][T16308] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3646'.
[  545.479883][T16302] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  545.522841][T16302] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  545.529033][T16302] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  546.852837][T14344] Bluetooth: hci0: command 0x0c1a tx timeout
[  547.090650][T16339] FAULT_INJECTION: forcing a failure.
[  547.090650][T16339] name failslab, interval 1, probability 0, space 0, times 0
[  547.144467][T16339] CPU: 0 UID: 0 PID: 16339 Comm: syz.3.3655 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  547.155313][T16339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  547.165417][T16339] Call Trace:
[  547.168729][T16339]  <TASK>
[  547.171691][T16339]  dump_stack_lvl+0x16c/0x1f0
[  547.176417][T16339]  should_fail_ex+0x497/0x5b0
[  547.181142][T16339]  ? fs_reclaim_acquire+0xae/0x150
[  547.186302][T16339]  should_failslab+0xc2/0x120
[  547.191044][T16339]  __kmalloc_cache_noprof+0x68/0x420
[  547.196393][T16339]  ? fib_notifier_ops_register+0x123/0x270
[  547.202272][T16339]  fib_net_init+0x1a6/0x3d0
[  547.206842][T16339]  ? __pfx_fib_net_init+0x10/0x10
[  547.211920][T16339]  ? do_init_timer+0xc9/0x110
[  547.216655][T16339]  ? devinet_init_net+0x5b3/0x8f0
[  547.221743][T16339]  ? __pfx_fib_net_init+0x10/0x10
[  547.226921][T16339]  ops_init+0x1df/0x5f0
[  547.231142][T16339]  setup_net+0x21f/0x860
[  547.235445][T16339]  ? __pfx_setup_net+0x10/0x10
[  547.240267][T16339]  ? down_read_killable+0xcc/0x380
[  547.245437][T16339]  ? __pfx_down_read_killable+0x10/0x10
[  547.251042][T16339]  ? debug_mutex_init+0x37/0x70
[  547.255948][T16339]  copy_net_ns+0x2b4/0x6c0
[  547.260416][T16339]  create_new_namespaces+0x3ea/0xad0
[  547.265775][T16339]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  547.272752][T16339]  ksys_unshare+0x45d/0xa40
[  547.277300][T16339]  ? __pfx_ksys_unshare+0x10/0x10
[  547.282386][T16339]  ? xfd_validate_state+0x5d/0x180
[  547.287552][T16339]  __x64_sys_unshare+0x31/0x40
[  547.292372][T16339]  do_syscall_64+0xcd/0x250
[  547.296936][T16339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  547.302886][T16339] RIP: 0033:0x7f8346585d29
[  547.307337][T16339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  547.327001][T16339] RSP: 002b:00007f83473e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  547.335468][T16339] RAX: ffffffffffffffda RBX: 00007f8346775fa0 RCX: 00007f8346585d29
[  547.343483][T16339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  547.351497][T16339] RBP: 00007f8346601b08 R08: 0000000000000000 R09: 0000000000000000
[  547.359500][T16339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  547.367508][T16339] R13: 0000000000000000 R14: 00007f8346775fa0 R15: 00007fff4ab299e8
[  547.375542][T16339]  </TASK>
[  547.492770][T14344] Bluetooth: hci3: command 0x0406 tx timeout
[  547.572610][T14344] Bluetooth: hci1: command 0x040f tx timeout
[  547.578834][T14344] Bluetooth: hci2: command 0x0c1a tx timeout
[  550.277981][T16377] net_ratelimit: 2 callbacks suppressed
[  550.278004][T16377] netlink: zone id is out of range
[  550.311405][T16377] netlink: zone id is out of range
[  550.317036][T16377] netlink: zone id is out of range
[  550.323616][T16377] netlink: zone id is out of range
[  550.329429][T16377] netlink: zone id is out of range
[  550.335137][T16377] netlink: zone id is out of range
[  550.340465][T16377] netlink: zone id is out of range
[  550.352667][T16377] netlink: zone id is out of range
[  550.357839][T16377] netlink: zone id is out of range
[  550.430406][T16377] netlink: zone id is out of range
[  551.272318][T16392] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3668'.
[  553.740365][T16415] binder: 16414:16415 ioctl c0306201 9 returned -14
[  556.990031][T16473] syz.5.3693 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  558.049725][T16492] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3698'.
[  558.339584][T16496] Process accounting resumed
[  559.333297][T16514] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3713'.
[  559.361425][T16514] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3713'.
[  560.382857][T16542] Process accounting resumed
[  561.993136][T16560] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3728'.
[  562.023425][T16559] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
	
	
	
	
	
	
	




	
				

	
	

	
		
	

	
		
	

	
		

	

	

	
		
	

	
		
	
	
	

	
		
	

	
		
		
	

	
		
	




	
				
	






		
		


	
	
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		
	

	
		



		
		
	
		
			

	

		



	
					


	
					


	
					


	
					


	
					


	
					


	
	

	
		
	


	
				
	
	



	
			
	

	
		

syzkaller
syzkaller login: [  607.067797][T17342] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  609.377595][T17391] HfR: entered promiscuous mode
[  609.429952][T17391] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3971'.
[  609.482360][T17394] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3971'.
[  609.516101][T17391] HfR: left promiscuous mode
[  609.706639][T17404] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  615.161565][T17504] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  616.213740][T17512] device-mapper: ioctl: ioctl interface mismatch: kernel(4.48.0), user(0.0.0), cmd(6)
[  624.706452][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  624.717591][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
	

	
		
	

	
		
	

	
		

	

	
	

				



	


		
	
		




		
		
	

	
		
	
		
			

	
		
			

	
		
			


			
		
	




			














	





	


	






	

	





	




	

	

	


	
	





	






	




	





		







	

	
		
	

	
		
		
		


	
			
	

	
				
		
		




	
	

































































































	
	

	

	

	
		
	
			
	

	
				
		
		



	
	
	

	

	




	
				
	
			
	
			
	

	
		
	

	
		
		
		


	
			
	

	
				
		
		




	
	
	

	
		



	

	
			
	
			
	

	
		
	

	
		
	
	

	

	

	
		
	

	

	
	
	
	
	
	
	

	
		

	


syzkaller
syzkaller login: [  693.550315][T18591] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  695.172785][T18608] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4321'.
[  698.458832][ T5143] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  699.922031][T18671] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4339'.

syzkaller
syzkaller login: [  706.003781][T18732] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  707.351163][T18754] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  708.238402][T18770] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4368'.
[  708.717283][T18761] Invalid ELF header magic: != ELF
[  710.047236][T18791] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  710.612773][T18792] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4372'.
[  711.285293][T18801] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4375'.
[  712.383552][T18826] sp0: Synchronizing with TNC
[  712.601185][T18833] sp0: Synchronizing with TNC
[  712.925922][T18843] netlink: 326 bytes leftover after parsing attributes in process `syz.5.4387'.
[  713.793761][T18863] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4392'.
[  715.895669][T18903] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  717.451514][T18927] Process accounting resumed
[  717.685904][T18941] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4413'.
[  718.367014][T18956] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  718.497288][T18951] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4416'.
[  719.133427][T18971] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4421'.
[  719.678026][T18982] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4425'.
[  719.931997][T18979] sp0: Synchronizing with TNC
[  720.089039][T18984] sp0: Synchronizing with TNC
[  721.540136][T19019] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4433'.
[  722.638400][T19011] Process accounting resumed
[  723.012958][ T5143] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  724.297792][T19057] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  724.661774][T19032] Invalid ELF header magic: != ELF
[  724.933305][T19067] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22
[  726.286503][T19079] sp0: Synchronizing with TNC
[  726.383725][T19087] sp0: Synchronizing with TNC
[  726.617177][T19092] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4452'.
[  726.679231][T19098] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4453'.
[  726.724249][T19096] 
[  726.726818][T19096] ======================================================
[  726.734541][T19096] WARNING: possible circular locking dependency detected
[  726.742243][T19096] 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 Not tainted
[  726.750047][T19096] ------------------------------------------------------
[  726.757746][T19096] syz.5.4455/19096 is trying to acquire lock:
[  726.764403][T19096] ffff888143725de0 (&q->sysfs_lock){+.+.}-{4:4}, at: queue_attr_store+0xe2/0x170
[  726.774458][T19096] 
[  726.774458][T19096] but task is already holding lock:
[  726.782569][T19096] ffff8881437258b0 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: queue_attr_store+0xd8/0x170
[  726.793778][T19096] 
[  726.793778][T19096] which lock already depends on the new lock.
[  726.793778][T19096] 
[  726.805203][T19096] 
[  726.805203][T19096] the existing dependency chain (in reverse order) is:
[  726.815098][T19096] 
[  726.815098][T19096] -> #4 (&q->q_usage_counter(io)#23){++++}-{0:0}:
[  726.824565][T19096]        blk_mq_submit_bio+0x1fb6/0x24c0
[  726.830805][T19096]        __submit_bio+0x384/0x540
[  726.836341][T19096]        submit_bio_noacct_nocheck+0x698/0xd70
[  726.843117][T19096]        submit_bio_noacct+0x93a/0x1e20
[  726.849222][T19096]        mpage_readahead+0x41d/0x590
[  726.855043][T19096]        read_pages+0x1a8/0xdc0
[  726.860377][T19096]        page_cache_ra_unbounded+0x3dc/0x750
[  726.866962][T19096]        force_page_cache_ra+0x24b/0x340
[  726.873159][T19096]        page_cache_sync_ra+0x110/0x9c0
[  726.879253][T19096]        filemap_get_pages+0xd7b/0x1be0
[  726.885349][T19096]        filemap_read+0x3ca/0xd70
[  726.890867][T19096]        blkdev_read_iter+0x187/0x480
[  726.896772][T19096]        vfs_read+0x87f/0xbe0
[  726.901911][T19096]        ksys_read+0x12b/0x250
[  726.907142][T19096]        do_syscall_64+0xcd/0x250
[  726.912666][T19096]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.919718][T19096] 
[  726.919718][T19096] -> #3 (mapping.invalidate_lock#2){++++}-{4:4}:
[  726.929090][T19096]        down_read+0x9a/0x330
[  726.934236][T19096]        filemap_fault+0x2e0/0x2820
[  726.939949][T19096]        __do_fault+0x10a/0x490
[  726.945272][T19096]        do_pte_missing+0xebd/0x3e00
[  726.951081][T19096]        __handle_mm_fault+0x103c/0x2a40
[  726.957275][T19096]        handle_mm_fault+0x3fa/0xaa0
[  726.963083][T19096]        __get_user_pages+0x8d9/0x3b50
[  726.969081][T19096]        populate_vma_page_range+0x27f/0x3a0
[  726.975658][T19096]        __mm_populate+0x1d6/0x380
[  726.981275][T19096]        vm_mmap_pgoff+0x293/0x360
[  726.986891][T19096]        ksys_mmap_pgoff+0x32c/0x5c0
[  726.992695][T19096]        __x64_sys_mmap+0x125/0x190
[  726.998405][T19096]        do_syscall_64+0xcd/0x250
[  727.003926][T19096]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.010977][T19096] 
[  727.010977][T19096] -> #2 (&mm->mmap_lock){++++}-{4:4}:
[  727.019280][T19096]        __might_fault+0x11b/0x190
[  727.024900][T19096]        _copy_from_user+0x29/0xd0
[  727.030517][T19096]        __blk_trace_setup+0xa8/0x180
[  727.036420][T19096]        blk_trace_setup+0x47/0x70
[  727.042033][T19096]        sg_ioctl+0x7a3/0x26b0
[  727.047282][T19096]        __x64_sys_ioctl+0x190/0x200
[  727.053092][T19096]        do_syscall_64+0xcd/0x250
[  727.058618][T19096]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.065668][T19096] 
[  727.065668][T19096] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}:
[  727.074261][T19096]        __mutex_lock+0x19b/0xa60
[  727.079784][T19096]        blk_register_queue+0x13c/0x4f0
[  727.085875][T19096]        add_disk_fwnode+0x785/0x1300
[  727.091769][T19096]        brd_alloc.isra.0+0x50a/0x7c0
[  727.097675][T19096]        brd_init+0x12b/0x1d0
[  727.102829][T19096]        do_one_initcall+0x128/0x630
[  727.108650][T19096]        kernel_init_freeable+0x58f/0x8b0
[  727.114935][T19096]        kernel_init+0x1c/0x2b0
[  727.120271][T19096]        ret_from_fork+0x45/0x80
[  727.125688][T19096]        ret_from_fork_asm+0x1a/0x30
[  727.131499][T19096] 
[  727.131499][T19096] -> #0 (&q->sysfs_lock){+.+.}-{4:4}:
[  727.139800][T19096]        __lock_acquire+0x249e/0x3c40
[  727.145696][T19096]        lock_acquire.part.0+0x11b/0x380
[  727.151879][T19096]        __mutex_lock+0x19b/0xa60
[  727.157408][T19096]        queue_attr_store+0xe2/0x170
[  727.163224][T19096]        sysfs_kf_write+0x117/0x170
[  727.168941][T19096]        kernfs_fop_write_iter+0x33d/0x500
[  727.175328][T19096]        vfs_write+0x5ae/0x1150
[  727.180659][T19096]        ksys_write+0x12b/0x250
[  727.185983][T19096]        do_syscall_64+0xcd/0x250
[  727.191502][T19096]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.198554][T19096] 
[  727.198554][T19096] other info that might help us debug this:
[  727.198554][T19096] 
[  727.209787][T19096] Chain exists of:
[  727.209787][T19096]   &q->sysfs_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#23
[  727.209787][T19096] 
[  727.226040][T19096]  Possible unsafe locking scenario:
[  727.226040][T19096] 
[  727.234216][T19096]        CPU0                    CPU1
[  727.240101][T19096]        ----                    ----
[  727.245984][T19096]   lock(&q->q_usage_counter(io)#23);
[  727.251893][T19096]                                lock(mapping.invalidate_lock#2);
[  727.260493][T19096]                                lock(&q->q_usage_counter(io)#23);
[  727.269175][T19096]   lock(&q->sysfs_lock);
[  727.273930][T19096] 
[  727.273930][T19096]  *** DEADLOCK ***
[  727.273930][T19096] 
[  727.282870][T19096] 6 locks held by syz.5.4455/19096:
[  727.288567][T19096]  #0: ffff88807d2e5978 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x267/0x390
[  727.298521][T19096]  #1: ffff88802418c420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12b/0x250
[  727.308385][T19096]  #2: ffff888063f7d888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x27b/0x500
[  727.319146][T19096]  #3: ffff8881417d14b8 (kn->active#164){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x29e/0x500
[  727.330271][T19096]  #4: ffff8881437258b0 (&q->q_usage_counter(io)#23){++++}-{0:0}, at: queue_attr_store+0xd8/0x170
[  727.341954][T19096]  #5: ffff8881437258e8 (&q->q_usage_counter(queue)#7){+.+.}-{0:0}, at: queue_attr_store+0xd8/0x170
[  727.353822][T19096] 
[  727.353822][T19096] stack backtrace:
[  727.360285][T19096] CPU: 1 UID: 0 PID: 19096 Comm: syz.5.4455 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  727.372121][T19096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  727.383179][T19096] Call Trace:
[  727.386774][T19096]  <TASK>
[  727.389985][T19096]  dump_stack_lvl+0x116/0x1f0
[  727.395128][T19096]  print_circular_bug+0x41c/0x610
[  727.400653][T19096]  check_noncircular+0x31a/0x400
[  727.406081][T19096]  ? __pfx_check_noncircular+0x10/0x10
[  727.412112][T19096]  ? save_trace+0x290/0xa10
[  727.417061][T19096]  ? add_lock_to_list+0x17d/0x390
[  727.422591][T19096]  __lock_acquire+0x249e/0x3c40
[  727.427923][T19096]  ? __pfx___lock_acquire+0x10/0x10
[  727.433643][T19096]  ? __pfx___lock_acquire+0x10/0x10
[  727.439350][T19096]  lock_acquire.part.0+0x11b/0x380
[  727.444960][T19096]  ? queue_attr_store+0xe2/0x170
[  727.450386][T19096]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  727.456574][T19096]  ? rcu_is_watching+0x12/0xc0
[  727.461807][T19096]  ? trace_lock_acquire+0x14e/0x1f0
[  727.467522][T19096]  ? find_held_lock+0x2d/0x110
[  727.472761][T19096]  ? queue_attr_store+0xe2/0x170
[  727.478190][T19096]  ? lock_acquire+0x2f/0xb0
[  727.483132][T19096]  ? queue_attr_store+0xe2/0x170
[  727.488559][T19096]  __mutex_lock+0x19b/0xa60
[  727.493507][T19096]  ? queue_attr_store+0xe2/0x170
[  727.498930][T19096]  ? mark_held_locks+0x9f/0xe0
[  727.504181][T19096]  ? queue_attr_store+0xe2/0x170
[  727.509712][T19096]  ? __pfx___mutex_lock+0x10/0x10
[  727.515247][T19096]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  727.521636][T19096]  ? blk_mq_freeze_queue_wait+0xaf/0x190
[  727.527838][T19096]  ? __pfx_autoremove_wake_function+0x10/0x10
[  727.534516][T19096]  ? queue_attr_store+0xd8/0x170
[  727.539941][T19096]  ? queue_attr_store+0xe2/0x170
[  727.545365][T19096]  queue_attr_store+0xe2/0x170
[  727.550599][T19096]  ? __pfx_queue_attr_store+0x10/0x10
[  727.556510][T19096]  sysfs_kf_write+0x117/0x170
[  727.561657][T19096]  kernfs_fop_write_iter+0x33d/0x500
[  727.567475][T19096]  ? __pfx_sysfs_kf_write+0x10/0x10
[  727.573210][T19096]  vfs_write+0x5ae/0x1150
[  727.577971][T19096]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  727.584361][T19096]  ? __pfx___mutex_lock+0x10/0x10
[  727.589886][T19096]  ? __pfx_vfs_write+0x10/0x10
[  727.595129][T19096]  ksys_write+0x12b/0x250
[  727.599885][T19096]  ? __pfx_ksys_write+0x10/0x10
[  727.605218][T19096]  do_syscall_64+0xcd/0x250
[  727.610174][T19096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.616667][T19096] RIP: 0033:0x7f373f385d29
[  727.621526][T19096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  727.643089][T19096] RSP: 002b:00007f3740171038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  727.652336][T19096] RAX: ffffffffffffffda RBX: 00007f373f575fa0 RCX: 00007f373f385d29
[  727.661103][T19096] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003
[  727.669865][T19096] RBP: 00007f373f401b08 R08: 0000000000000000 R09: 0000000000000000
[  727.678638][T19096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  727.687406][T19096] R13: 0000000000000000 R14: 00007f373f575fa0 R15: 00007ffc74851428
[  727.696173][T19096]  </TASK>
[  727.699596][    C1] vkms_vblank_simulate: vblank timer overrun