last executing test programs: 11m37.380324661s ago: executing program 3 (id=260): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2b, 0x1, 0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x80000, 0x0) socket(0x2, 0x80802, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket$nl_generic(0x10, 0x3, 0x10) dup2$auto(0x5, 0x4) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x80800, 0x0) read$auto(0x3, 0x0, 0x400000) 11m37.13288525s ago: executing program 3 (id=261): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYRES8], 0x24}, 0x1, 0x0, 0x0, 0x20040014}, 0x2600c880) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000080), 0x6b) connect$auto(0x3, &(0x7f00000000c0), 0x55) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) close_range$auto(0x2, 0x8, 0x0) 11m36.910964801s ago: executing program 3 (id=262): sendfile$auto(0x6, 0x3, 0x0, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x6) munmap$auto(0x20001000, 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x1, 0x89a0, 0x8) 11m35.682353672s ago: executing program 3 (id=270): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) select$auto(0x7fffffff, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x9}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) socket(0x15, 0x5, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) write$auto(0x6, 0x0, 0x100000001) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) 11m34.39708338s ago: executing program 3 (id=277): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) open(&(0x7f0000000080)='.\x00', 0x0, 0x1f2) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) open(0x0, 0x22240, 0x155) 11m34.218009133s ago: executing program 3 (id=279): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) r0 = socket(0x10, 0x80002, 0x8) close_range$auto(r0, r0, 0x0) pipe$auto(0x0) splice$auto(r0, 0x0, 0x2, 0x0, 0x3fb, 0x9) write$auto(0x6, 0x0, 0x100000001) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x6, 0x7bd6, 0x0) 11m25.369947283s ago: executing program 2 (id=313): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) open(0x0, 0x22240, 0x154) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x2, 0xb}, 0x800009}, 0x5, 0x20000000) r1 = syz_genetlink_get_family_id$auto_nbd(0x0, r0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/notify_on_release\x00', 0x20000, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/stat\x00', 0x40080, 0x0) read$auto(0x3, 0x0, 0x80) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/56, 0x38) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x28, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x6}, @NBD_ATTR_INDEX={0x8, 0x1, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x84}, 0x10) 11m24.547506898s ago: executing program 2 (id=315): mmap$auto(0x0, 0x400008, 0xe3, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x6041, 0x0) socket(0x2, 0x801, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x6e}, 0x1, 0x0, 0x0, 0x44800}, 0x40080c8) write$auto(0x3, 0x0, 0xfffffdef) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x9) 11m23.567344576s ago: executing program 2 (id=317): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x4, 0x1, r0, @relative_id=0x13, 0xe600}, 0xf) r3 = open(0x0, 0x261c2, 0x84) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) bpf$auto(0x1, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x7}, 0xc) 11m23.254688951s ago: executing program 2 (id=320): r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x3e, 0x0, 0x1ff) finit_module$auto(0x3, 0xfffffffffffffffe, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setns$auto(0x0, 0xb) cachestat$auto(0x1, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x5) 11m21.907212881s ago: executing program 2 (id=327): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) open(&(0x7f0000000080)='.\x00', 0x0, 0x1f2) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) open(0x0, 0x22240, 0x155) 11m21.166245736s ago: executing program 2 (id=330): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0xa, 0x801, 0x84) pipe$auto(0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) close_range$auto(r0, r1, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) 11m19.091915311s ago: executing program 32 (id=279): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) r0 = socket(0x10, 0x80002, 0x8) close_range$auto(r0, r0, 0x0) pipe$auto(0x0) splice$auto(r0, 0x0, 0x2, 0x0, 0x3fb, 0x9) write$auto(0x6, 0x0, 0x100000001) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x6, 0x7bd6, 0x0) 11m6.063319435s ago: executing program 33 (id=330): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0xa, 0x801, 0x84) pipe$auto(0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) fsopen$auto(0x0, 0x1) epoll_create$auto(0x4) close_range$auto(r0, r1, 0x0) epoll_create$auto(0x4) epoll_ctl$auto(0x5, 0x1, 0x8000000000000000, 0x0) 4m18.711419334s ago: executing program 1 (id=2001): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$auto(0xffffffffffffffff, 0x114, 0x271f, 0xfffffffffffffffc, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000940)={'batadv0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32=r1, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0a0001000001"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) r2 = openat$auto_fuse_conn_congestion_threshold_ops_control(0xffffffffffffff9c, 0x0, 0x1, 0x0) read$auto_fuse_conn_congestion_threshold_ops_control(r2, &(0x7f0000000280)=""/8, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4m18.43332864s ago: executing program 1 (id=2002): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) getresuid$auto(&(0x7f0000000000)=0xff, &(0x7f0000000040)=0x7, 0x0) 4m18.280867231s ago: executing program 1 (id=2003): ioperm$auto(0xfb, 0x5, 0xe) lsm_get_self_attr$auto(0x0, 0x0, 0x0, 0x0) 4m18.132431309s ago: executing program 1 (id=2005): r0 = gettid() rt_sigqueueinfo$auto(r0, 0x5, &(0x7f0000000140)={@siginfo_0_0={0x0, 0x7f, 0x80, @_sigsys={0x0, 0x101}}}) 4m17.974889296s ago: executing program 1 (id=2006): unshare$auto(0xb0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x8, &(0x7f0000000040)={0x5, 0x49, 0x2, 0xb, 0x9, 0xffffffff, 0xffffffffffffffff, [0x6, 0x2], {0xe4, 0x7, 0x9, 0x200, 0x6, 0x8, 0x8, 0x3, 0x5}, {0x9, 0x135, 0x39b1d926, 0x3, 0x5, 0x2, 0x4, 0x3, 0x3}}) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000000), r0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) sendmsg$auto_IEEE802154_LLSEC_LIST_KEY(0xffffffffffffffff, 0x0, 0x24000000) socket(0x11, 0x800, 0x303) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) clock_gettime$auto(0x1, 0x0) unshare$auto(0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x800, 0x10000c5, 0x0, 0x40eb2, 0x402, 0x300000000000) fanotify_init$auto(0x5, 0x2000000000002) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x7}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4040000) setresgid$auto(0x9, 0x8, 0x400) ioperm$auto(0xc5, 0x4, 0x2) sethostname$auto(&(0x7f0000000140)='\x00', 0x1) r3 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x10a) unshare$auto(0x80) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffd) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r5, 0x301, 0x70bd26, 0x25dfdc02}, 0x14}, 0x1, 0x0, 0x0, 0x8810}, 0x0) unshare$auto(0x80) open_by_handle_at$auto(r3, &(0x7f0000000040)={0x4, 0x2, "06000000"}, 0x2) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) 4m16.881817673s ago: executing program 1 (id=2009): writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) 4m16.705839105s ago: executing program 34 (id=2009): writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) 3m54.568535999s ago: executing program 4 (id=2103): mmap$auto(0x0, 0x8000404, 0x4000000000df, 0x60eb2, 0x4, 0x300000000000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioperm$auto(0x4, 0xbc6, 0x81) mmap$auto(0x0, 0x3, 0xdc, 0xeb1, 0x401, 0x8003) getsockopt$auto(0x100000006, 0x1, 0x33, 0xfffffffffffffffe, 0x0) ioctl$auto(0xc9, 0x100000002, 0x4000000005c8d) write$auto(0x3, 0x0, 0x3f00) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x5, 0x84) io_uring_setup$auto(0x3, 0x0) io_uring_register$auto(0x2, 0x2, &(0x7f0000000040), 0x86) io_uring_register$auto(0x2, 0x6, &(0x7f0000000180), 0x1) getrandom$auto(0x0, 0x6000000, 0x3) msgrcv$auto(0x9, &(0x7f0000000000)={0x80000000, 0xff}, 0xd647, 0x4, 0x2) madvise$auto(0x0, 0xf663, 0x15) pipe2$auto(0x0, 0x80) migrate_pages$auto(0x0, 0x101, 0x0, &(0x7f0000000140)=0x9) madvise$auto(0x0, 0xffffffffffff0001, 0x15) futex$auto(0x0, 0x6, 0x47, 0x0, 0x0, 0x0) mmap$auto(0x93, 0x9, 0x9, 0x14, 0x100000001, 0x2) 3m52.368264092s ago: executing program 4 (id=2113): close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x80800, 0x0) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) sendfile$auto(0x6, 0x3, 0x0, 0x8000) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x20001000, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0xfffffffffffffffe, 0x8, 0x8003, 0xeb3, 0xfffffffffffffff9, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x3, 0x0, &(0x7f0000000140)=0x6) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timer_settime$auto(0x0, 0xffff8000, &(0x7f00000000c0)={{0xf, 0x10007}, {0x0, 0x800}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x8c3a, 0x2, 0xf) socket(0x2, 0xa, 0xa) lsm_list_modules$auto(0x0, &(0x7f0000000100)=0xbefc, 0x0) ioctl$auto(0x1, 0x89a0, 0x8) read$auto(0x3, 0x0, 0x400000) socket(0xa, 0x3, 0x6) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1a00279e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 3m48.330330893s ago: executing program 4 (id=2127): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000004440), 0xffffffffffffffff) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@OVS_DP_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x2000000) 3m48.104721608s ago: executing program 4 (id=2128): socket(0x23, 0x80805, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x89ed, 0xfffffffffffff4e0) 3m43.235594388s ago: executing program 4 (id=2134): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) 3m38.398778116s ago: executing program 4 (id=2147): unshare$auto(0x40000080) 3m23.010957605s ago: executing program 35 (id=2147): unshare$auto(0x40000080) 2m47.309455212s ago: executing program 5 (id=2316): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/neigh/vxcan1/base_reachable_time\x00', 0x80000, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) r0 = openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) pwrite64$auto(r0, 0x0, 0x1, 0x7fff000000000000) 2m47.16444708s ago: executing program 5 (id=2317): mmap$auto(0x0, 0xff, 0xdb, 0x9b72, 0x5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x1, 0x0) fanotify_init$auto(0x65, 0x2) pwritev2$auto(0x4, &(0x7f0000001fc0)={0x0, 0x7}, 0x1, 0xffffffffffffffff, 0x81, 0x8) 2m46.95390545s ago: executing program 5 (id=2318): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r1, 0x432bc8a33af5150b, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20000802) 2m46.79347397s ago: executing program 5 (id=2319): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_DELETE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x30, r1, 0x9, 0x70bd27, 0x25dfdbfb, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r3}, @NET_SHAPER_A_HANDLE={0x14, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_ID={0x8, 0x2, 0x6}, @NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x2}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0xc050) 2m46.568422127s ago: executing program 5 (id=2321): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) tkill$auto(0x1, 0x7) 2m45.162786968s ago: executing program 5 (id=2325): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) write$auto(0x800000000000c8, 0x0, 0x1a) mmap$auto(0x6, 0x9, 0x6, 0x32d4, 0x10000, 0x80000001) ioctl$auto(0xc8, 0xffffffff800454dd, 0x4000000000008) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x7fffffffffffffff, 0xdf, 0x15, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0x80) madvise$auto(0x0, 0x3, 0x66) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x8, 0x1040000004, 0x8b74, 0x2, 0x8000) getsockopt$auto(r0, 0x84, 0x1b, 0x0, &(0x7f0000000040)=0x400) mmap$auto(0x0, 0x4, 0x4000000020df, 0x40eb2, 0x402, 0x300000000000) capset$auto(0x0, 0x0) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x39b8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2m44.951049285s ago: executing program 36 (id=2325): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) write$auto(0x800000000000c8, 0x0, 0x1a) mmap$auto(0x6, 0x9, 0x6, 0x32d4, 0x10000, 0x80000001) ioctl$auto(0xc8, 0xffffffff800454dd, 0x4000000000008) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x7fffffffffffffff, 0xdf, 0x15, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0x80) madvise$auto(0x0, 0x3, 0x66) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x8, 0x1040000004, 0x8b74, 0x2, 0x8000) getsockopt$auto(r0, 0x84, 0x1b, 0x0, &(0x7f0000000040)=0x400) mmap$auto(0x0, 0x4, 0x4000000020df, 0x40eb2, 0x402, 0x300000000000) capset$auto(0x0, 0x0) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x39b8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2m18.848418189s ago: executing program 0 (id=2440): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/misc/hw_random/rng_current\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mprotect$auto(0x1ffff000, 0x8000000000000004, 0xd) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/rose6/statistics/tx_window_errors\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xf7) r1 = openat$auto_tracing_mark_raw_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker_raw\x00', 0xc05, 0x0) write$auto_tracing_mark_raw_fops_trace(r1, 0x0, 0x10) 2m18.467482475s ago: executing program 0 (id=2443): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) write$auto(0x800000000000c8, 0x0, 0x1a) mmap$auto(0x6, 0x9, 0x6, 0x32d4, 0x10000, 0x80000001) ioctl$auto(0xc8, 0xffffffff800454dd, 0x4000000000008) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x7fffffffffffffff, 0xdf, 0x15, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0x80) madvise$auto(0x0, 0x3, 0x66) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0x1b, 0x0, &(0x7f0000000040)=0x400) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x4, 0x4000000020df, 0x40eb2, 0x402, 0x300000000000) capset$auto(0x0, 0x0) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x39b8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2m16.243203228s ago: executing program 0 (id=2451): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40) ioctl$auto(0xc8, 0x400454da, 0x5c8d) getegid() socket(0x2, 0x1, 0x0) setsockopt$auto(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x4) getsockopt$auto(0xffffffffffffffff, 0x0, 0x9, 0x0, 0x0) 2m16.034832587s ago: executing program 0 (id=2452): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/ksm/merge_across_nodes\x00', 0x80202, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x9) write$auto(0x3, 0x0, 0xfdef) 2m15.723760426s ago: executing program 0 (id=2453): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) rseq$auto(&(0x7f0000000300)={0x0, 0x9, 0x0, 0x4, 0xffffffff, 0xfffffffe}, 0x8000, 0x0, 0x3) shmdt$auto(0x0) madvise$auto(0x0, 0x3, 0x15) rt_sigqueueinfo$auto(0x1, 0x7, &(0x7f0000000040)={@siginfo_0_0={0x0, 0x5, 0xfffffffb, @_sigpoll={0x52, 0x7}}}) 2m13.266536105s ago: executing program 0 (id=2458): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffc, 0x8000) r0 = socket(0x10, 0x2, 0x0) fstat$auto(r0, &(0x7f0000000340)={0x7, 0xb, 0xa59, 0x5, 0x0, 0x0, 0x0, 0x9, 0x4, 0x81, 0x8, 0x2, 0x7fffffffffffffff, 0x4, 0x6, 0x9, 0x2}) sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x12f8}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x59e, 0x0, 0x0, 0x9}, 0x207}, 0x40, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 2m12.933773013s ago: executing program 37 (id=2458): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffc, 0x8000) r0 = socket(0x10, 0x2, 0x0) fstat$auto(r0, &(0x7f0000000340)={0x7, 0xb, 0xa59, 0x5, 0x0, 0x0, 0x0, 0x9, 0x4, 0x81, 0x8, 0x2, 0x7fffffffffffffff, 0x4, 0x6, 0x9, 0x2}) sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x12f8}, 0x1, 0x0, 0x0, 0x4004080}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x59e, 0x0, 0x0, 0x9}, 0x207}, 0x40, 0x100) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 16.625208496s ago: executing program 6 (id=2837): syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r1 = socket(0xa, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r3, r1, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) 12.446057021s ago: executing program 6 (id=2858): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000040), r0) syz_genetlink_get_family_id$auto_ila(0x0, r0) keyctl$auto(0xf, 0xfffffffffffffffe, 0x6, 0x80, 0x401) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/keys\x00', 0x8340, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000001700)=""/4096, 0x1000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'pimreg1\x00'}) sendmsg$auto_ILA_CMD_DEL(r0, 0x0, 0x11) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f00000001c0)={0x2, 0x6, 0xfffff801}) io_uring_setup$auto(0x7, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) 9.009539201s ago: executing program 9 (id=2872): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01002bbd7000fddbdf25040000000b002e0000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4044820) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) mount$auto(0x0, &(0x7f0000000100), 0x0, 0x100000, 0x0) unshare$auto(0x20000) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r2, 0x0) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x100000000005d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd) fcntl$auto(0xff80000000000000, 0x4, 0xfffffffffffffffc) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x20003b44, 0x2, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x800005411, 0x38) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x4) clone$auto(0x440f, 0x6, &(0x7f00000000c0)=0x10001, &(0x7f0000000180)=0x9, 0x8) io_uring_setup$auto(0x40005, &(0x7f0000000000)={0x6, 0x1, 0x400, 0x7, 0x1005, 0x6, 0x7, [0x4, 0x2e9, 0x8], {0x0, 0x1, 0x8, 0x7, 0x5, 0x100005, 0x1, 0x0, 0x7}, {0x4, 0xfff, 0xffff7fff, 0x2, 0x8, 0x200, 0x3, 0x0, 0x3}}) madvise$auto(0x108000, 0x800034, 0x9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 8.839372459s ago: executing program 6 (id=2873): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x100000, 0x0) read$auto(r0, 0x0, 0x9) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) fanotify_init$auto(0xfeffeffc, 0x40) pipe$auto(0x0) sched_rr_get_interval$auto(0x0, &(0x7f0000000380)={0x100000000, 0x9}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) openat$auto_dfs_dom_ops_debugfs(0xffffffffffffff9c, 0x0, 0x10483, 0x0) 7.446374886s ago: executing program 6 (id=2875): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x101401, 0x0) pipe$auto(&(0x7f00000000c0)) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) socket(0x2, 0x1, 0x0) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f00000024c0)='/sys/kernel/debug/o2hb/quorum_regions\x00', 0x80080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) 6.291524393s ago: executing program 6 (id=2879): mmap$auto(0x0, 0x76, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x1, 0x3c, 0x0, 0x7) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0x10000) read$auto(0xffffffffffffffff, &(0x7f0000000000)='(^![\\/#\x00', 0xffff) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x8000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(0x3, 0x4b67, 0x38) 5.361870464s ago: executing program 9 (id=2882): r0 = openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffbfffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x8004) move_pages$auto(0x0, 0x5, &(0x7f0000000380)=&(0x7f0000000280), &(0x7f00000003c0)=0x1, 0x0, 0x2) read$auto_l2cap_debugfs_fops_(r0, &(0x7f0000000100)=""/109, 0x6d) mseal$auto(0x1ffff000, 0x7dda, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) r1 = openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/cmdline\x00', 0x2000, 0x0) read$auto_proc_pid_cmdline_ops_base(r1, &(0x7f0000000040)=""/159, 0x9f) 3.14569727s ago: executing program 7 (id=2888): socket(0x2, 0x801, 0x100) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/swaps\x00', 0x180, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/sctp/snmp\x00', 0x101800, 0x0) socket(0x10, 0x2, 0x0) fanotify_init$auto(0x7, 0x801) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) socket(0x2, 0x80805, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x145940, 0x0) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 3.02301599s ago: executing program 8 (id=2889): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/lapb3/netdev_group\x00', 0x80, 0x0) mprotect$auto(0x1ffff000, 0x8000000001000001, 0xd) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/conf/wg0/drop_gratuitous_arp\x00', 0x202, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fffe000) socket(0x1e, 0x2, 0xffffffff) clone$auto(0x1, 0x100, 0x0, 0x0, 0x800) open_by_handle_at$auto(0xffffffffffffffff, 0x0, 0xffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x8000, 0x0) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) mkdir$auto(&(0x7f0000001280)='./file0\x00', 0x0) mount$auto(0x0, &(0x7f0000001500)='./file0\x00', 0x0, 0x8000, 0x0) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336"], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x4) seccomp$auto(0x1, 0x0, &(0x7f0000000040)) keyctl$auto(0x2, 0x0, 0x400000000, 0x1, 0xa0) io_uring_setup$auto(0x6, 0x0) 2.899327279s ago: executing program 7 (id=2890): socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x3, 0x8000) pipe$auto(0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptys0\x00', 0x101e81, 0x0) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x801, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x11, 0x3, 0x10) socket(0xa, 0x3, 0x100) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x8) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setreuid$auto(0x15, 0x5) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) 2.845184775s ago: executing program 9 (id=2891): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) mmap$auto(0x6, 0x9, 0x6, 0x32d4, 0x10000, 0x80000001) ioctl$auto(0xc8, 0xffffffff800454dd, 0x4000000000008) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) mremap$auto(0x4000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) set_mempolicy$auto(0x8003, &(0x7f0000000280)=0x7b, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x7fffffffffffffff, 0xdf, 0x15, 0x7, 0x28000) write$auto(0x3, 0x0, 0x7fffffff) read$auto(0x3, 0x0, 0x80) madvise$auto(0x0, 0x3, 0x66) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x8, 0x1040000004, 0x8b74, 0x2, 0x8000) getsockopt$auto(r0, 0x84, 0x1b, 0x0, &(0x7f0000000040)=0x400) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$auto(0x0, 0x4, 0x4000000020df, 0x40eb2, 0x402, 0x300000000000) capset$auto(0x0, 0x0) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r1, 0x0, 0x39b8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2.644004109s ago: executing program 7 (id=2892): unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x2) socket(0x1d, 0x2, 0x2) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x3, 0x4, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x2, 0x3, 0x5, 0x7}, 0x3, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r3, 0x29, 0x49, &(0x7f0000000040)='!\x00', 0x1ff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000040)={0x1c, r2, 0x13ebbac2338983f3, 0x70b927, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x4008000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone3(&(0x7f00000001c0)={0x8000000, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100), {0x15}, &(0x7f0000000140)=""/7, 0x7, &(0x7f00000009c0)=""/4096, &(0x7f0000000180)=[0xffffffffffffffff, 0x0], 0x2}, 0x58) read$auto(r0, 0x0, 0x40000003bf) 2.45252763s ago: executing program 8 (id=2893): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000180)='ns/ipc\x00') socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x85, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x80) socketpair$auto(0x1e, 0x5, 0x8, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x75, 0x0, &(0x7f0000000000)=0x9000c) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto_DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x40086200, 0x0) 2.236930134s ago: executing program 8 (id=2894): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000010c0), 0xffffffffffffffff) r1 = socket(0x2, 0x1, 0x106) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r2, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r2, 0x800, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0xfffffffb}, @NL80211_ATTR_TDLS_SUPPORT={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000060}, 0x20000010) madvise$auto(0xfffffffffffffffe, 0xffffffffffff0005, 0x19) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x1, 0x7, 0xf3, 0x2000eb7, 0x5, 0x8000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) fstatfs$auto(0x3, 0xfffffffffffffffd) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) inotify_add_watch$auto(r1, 0x0, 0x7ff) recvmsg$auto(0x4, 0x0, 0x1) sched_setaffinity$auto(0x0, 0x7, &(0x7f00000003c0)=0x80000001) 1.66894367s ago: executing program 6 (id=2895): mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) ioctl$auto(0x3, 0x541b, 0x38) madvise$auto(0x0, 0x2000040080000005, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x1c, &(0x7f0000000100), 0x1) move_pages$auto(r0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x6044814}, 0x81) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1300"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto(0x3, 0x0, 0x80) read$auto(0x3, 0x0, 0x80) 1.356576318s ago: executing program 9 (id=2896): prctl$auto(0x39, 0x1, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r2) sendmsg$auto_TIPC_NL_MEDIA_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002f80)={0x14, r3, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x11c, r3, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x107, 0x1, 0x0, 0x1, [@generic="e2dac040d4cfe2a61fbb8aba8a0a32ac5460e6338502281828c79619f75b7f8cad5de54a4b1198a8e5834cc1bb069bb5a60d9c12255c386c0c268ac17fc3f9f59f37160169261717c27041a8a233ebea9c1f8c97c51fcfddeeeae299f23c693b4041eecc0a63408c2d0eb2187cc68025fffb1f0c51888dd5a9cf32e66d498ae08e35f03d94e8f74a73b003b4a1d6c3412e0802681ebf80132df64805b47aad3f44b5a19c97723eefce208a5fd22eafc106557ec4df0d4296cb2044fb23dae2d1d0a264034c68045636de0ce24d510ceaad257c2a4b348a091ad05ec2bfc8565346dce9efb139", @typed={0x8, 0x10e, 0x0, 0x0, @u32=0x7d}, @typed={0x8, 0xd, 0x0, 0x0, @u32=0x1}, @generic="92871702c502dec111f5b9f3dc"]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x40000}, 0x40000d1) sendmsg$auto_NCSI_CMD_SET_PACKAGE_MASK(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c004}, 0x40080c0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x7ffffffffffffffc, 0xc) sysfs$auto(0x1, 0xfffffffffffffffa, 0x9) ioperm$auto(0xde, 0x9, 0x100402) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x80001, 0x0) prctl$auto(0x23, 0x5, 0x2008, 0x0, 0x0) memfd_create$auto(&(0x7f0000000040)='^-.(\\&^\xd5\'@!],!\\\'!\x00', 0x3) connect$auto(0x3, 0x0, 0x55) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) process_vm_readv$auto(0x0, 0x0, 0x4, 0x0, 0x6, 0x0) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=r0}, 0xa3) 1.144230241s ago: executing program 8 (id=2897): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/034/001\x00', 0x143100, 0x0) pivot_root$auto(0x0, &(0x7f0000000100)='.\x00') close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff2, 0x8000) io_setup$auto(0x100, 0x0) mlockall$auto(0x7) socket(0xa, 0x3, 0x5) r0 = open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) read$auto(r0, 0x0, 0xe) write$auto_fake_panic_fops_(r0, &(0x7f0000000400), 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'}) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) 946.645296ms ago: executing program 9 (id=2898): splice$auto(0x4, 0x0, 0x2, 0x0, 0xfffffffffffffffc, 0x4) r0 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000040), 0xffffffffffffffff) madvise$auto(0x0, 0x2000040080000004, 0xe) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x3, 0x6) r1 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xfffff4a4, 0x0, 0xfffffffffffffffd) sendmsg$auto_NL80211_CMD_GET_REG(r1, 0x0, 0x40000) sendmsg$auto_CTRL_CMD_GETFAMILY(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002abd77dcb7fcdf2503000000190000000000000001"], 0x24}, 0x1, 0x0, 0x0, 0x4008810}, 0x10000000) mprotect$auto(0x1ffff000, 0x8000000000000001, 0x1) r2 = socket(0x10, 0x2, 0x0) r3 = socket(0xa, 0x2, 0x3a) connect$auto(0x3, 0x0, 0x55) sendmsg$auto_NL80211_CMD_DEL_PMK(r3, 0x0, 0x40000) sendmsg$auto_IPVS_CMD_GET_INFO(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000005}, 0x4004010) 871.900095ms ago: executing program 7 (id=2899): fanotify_init$auto(0x200, 0x1) open(&(0x7f0000000140)='./bus\x00', 0x2a4c0, 0x40) open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ip_mr_vif\x00', 0x100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x18, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x800) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) pipe$auto(0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 761.976809ms ago: executing program 8 (id=2900): socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x11, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffff6, 0x8000) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) r2 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_map_fd=r1, 0x8, @old_prog_fd=r0}, 0xa3) bpf$auto(0x1, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x42c, 0x0, 0x80000000, 0xc, 0xb, 0x5}, 0x7) 522.971895ms ago: executing program 8 (id=2901): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x1a9382, 0x0) read$auto(r0, &(0x7f0000000080)='nlctrl\x00', 0x401) mmap$auto(0x0, 0x402000b, 0xdf, 0x10, 0x401, 0x8000) r1 = socket(0x10, 0x2, 0xc) r2 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="000128bd7000fbdbdf250a000000cc94ac2760a40600"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2000000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) setsockopt$auto(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x8) r3 = openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000000040), 0x264240, 0x0) ioctl$auto(r3, 0x40045542, 0x10001) socketpair$auto(0x1b, 0x8, 0x401, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) gettid() setuid$auto(0x0) readahead$auto(r4, 0x7, 0x80000001) write$auto(0x3, 0x0, 0xfffffdef) 482.874763ms ago: executing program 7 (id=2902): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2c, 0x3, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/0000:00:03.0/resource0\x00', 0x103000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80805, 0x0) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1e, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) pipe$auto(0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x181502, 0x0) write$auto(r0, 0x0, 0xc3) 159.753303ms ago: executing program 7 (id=2903): open(&(0x7f0000000240)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x138) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x2, 0x3, 0xa) r1 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r1, &(0x7f0000000040)={0x8, 0x2, "0200000000000000"}, 0x3ffff) getsockopt$auto(r0, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) socket(0xa, 0x3, 0xff) connect$auto(0x3, &(0x7f0000000140), 0x55) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x5, 0x3, 0x19, 0x940, 0x1, 0x3, 0x6, 0x4, 0x80, 0x5, 0x2, 0x9, 0xb0, 0x9, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2, 0x2]}, 0x4, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socketpair$auto(0x5, 0x3ff, 0x8, &(0x7f0000000080)=0x7) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1, 0x9) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop7\x00', 0x20203, 0x0) sendmsg$auto_NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000002dc0)={0x0, 0x0, &(0x7f0000002d80)={&(0x7f00000016c0)=ANY=[@ANYBLOB="00060000", @ANYRES16=r2, @ANYBLOB="4d242bbd7000fedbdf2589000000eb057f001b2b2e6ef2aec9338ac38da670bc3229d63b3c993d035b2b5163016994d62911b289833f8e164d64c8564e532ef75393fd52667856e6245fcfac3d35a4e50ac07d9b84f6871d2454b1fa550d0ae3397eb10b00cce934a67ad35b17f85f5e071fdada2fba509b0ad3f4c5a2f8e3365249da43c64d368d646ab9e44791529fa83998bdf891862c197d86dcfd7cb4031f43f006f16afc6e2f6782b1c9a3861faff3a7120dc70da27a0f3f75fe3313ef2440fac0e3fd7d2d1bdc23311b79b039c859cb7e8b9b0b9234838e2fcc861a9778c2e6bd9f6c9b32a36dad6ed922e589fa5464f45c195d678b1665173d1b67448f930c669f368a95cf9413fb776342a7f3c8e31bfe59288bd900dd8dc57245fd7b817110abfb51f7a3915da22d83e0c9fea98abcd91b7166b5aa2b846ebd413d685abf7384b10f40b8952cad4d54eaf27f71b66f583724dd1813b3e3d72601037a5fc6b828c657e7a237c266f31dc44f1e94d6c80bb01be1d2119c87bd8dcfd57bc085fcffc605241b80040cc8fab99cc2a0103446033fc6971d0c4ca9fd956b35422cbceb888609b285c451f80ef1680c5463b223bcfd1ed6b2b62e2225fe72c23f32ca7554abcf609834d82e6a4bd838a2a312b9d1269cd1fd08a414ebfbd3f8ebd9590c9620d81cf345df55a251386b213636c2c18906a3b8e5af257e5d3b7f509910b5df6974f05074a2f9d54cd306d15a82b16f6e829a8336901cb8f2131cf0a27e9656384af609762d57b56fd3070246c7518925be0c461dfbea56b6c759c88d5ffe918f5f597cfe8628c2e9bed66ed9b9e29a8fbc9e8859e5323a88e5de098ce9444af0dd8ec4b2c86b18da66f8968af5261a74201b2cfb500d64d9f679f4cf126249b3770c24759ef05164f8e62d49083c8ddd5288e3d75360f7f20c30c0f377ad9cea642666ca4a814de39f2bb3deb0b372a6aa5d647f195e03f12be7bd5f647e0df0a398aa0dce27828306919d196185c6efb5a2555dd7d111a09e2213e66960ef5e8a078be14f36668ba40c90a9d2eb93c23956a2cf425b0aa5717b5c2727a0bf2fb96e2669ae53ab9e0d2e2763a7d7c381e48330c572d60dc5701400913d7f2f9c8a5ebdb4510acdf2ba6de86f2d1aa1e86dce843842b3714ce895edbfe633ecbbc92cbab4f61dd0dfb01bbdbce9795bf81b75bf933ba18f077852e3d478ef6d305e51b283d04875e27baec1258b436dd5c9dd6c51783bb11555e76aa636f0771218b279cf28d3ed2dd7a003b1a92dd3af692138a8e45b328fcc51a5a1ceb94cce95e7b59024a74bea717de6304bafd27a0277d949a17082515dfef26b07760b5a49e220cb723623520fbfbd856b149aeec3b53531cb5bf657fec6169918288aeb0a36a76126d28aae633f32482c6d9fb6f5a814d78b4dcbd1c0e7384d945b729c75be1af3c8504d72b1c5df0f4be49edd066b24548cd3521d604c61f2d9fb8292e27cb809f4dc22e6fe13b7124a0ea5cc6e876662c93d06a0eaa646417bc33a7a056013648ee405aab809cc2382a7bcf35f811169d9757a0b5f01b5cd72c9e3cfe86bea628d10ed630d49ac6586e75eefcbe28743a0893b89fe6c5040bbe17cb7ccd25399a82dab841d572e31f7bf15361e5fcf74ba7f89b4869f2e63af3abd3309e51fbed1a644f1663b2c5f846948096c1d409bc35f3030c87a0ad074959faf08c62aa2b5ba4ae84af389e79221eb2b7576dd70d8d71019cc048fd0e7b4c811fbe72bd3221cbfee3d2c101fd6a605dc73ee0dfac11dc496de2432a9f5c85704dd5c725e58d9306bfd74c5e90007011cfad93e3352cb4279596f25438e58d44176b179f27b0e5758affd66c3779feb383537da8fda057dc00811fa21723a6d30d4f969b6982fc9abad7b50192d0f8674d0a72f56c0988a76251431f3c441d7766186eac0bc8513883a86655ca4354bc85319315c389ad55e770ddbeae5b584e84e8897d94d6d7bf6f6e7db7e5a5dcae986510b954d1a7a931a0a161465e37bdf63d813c6928a5e3ad0445c18dc0b33d8a9c8795b6060adbc434910a54ef199a75a1ea111e43941abde89a09514e26b688c7518a3dd66cfa0d0b599bfd7093403ddee450643c604e8bacfb638febb6431333400"], 0x600}, 0x1, 0x0, 0x0, 0x800}, 0x8000) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/controlC1\x00', 0x8043, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) 0s ago: executing program 9 (id=2904): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) sysfs$auto(0x2, 0x100000000000027, 0x0) fsopen$auto(0x0, 0x1) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000140)=ANY=[@ANYRES16, @ANYRESOCT=0x0], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x22048814) socket(0x10, 0x2, 0x0) ioctl$auto_def_blk_fops_fs(0xffffffffffffffff, 0xab0a, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x1, 0x21eb, 0x7ff, 0x3, 0x8, 0xb, 0x9, 0x0, 0x3}, 0x6f4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000000)='./file0\x00', 0xa01c2, 0x84) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000100), r0) sendmsg$auto_NL802154_CMD_GET_INTERFACE(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fcdbdf25050000001400040000000000000000bdcf0000000000065187bb6c1edb71e70000bbaefa0e9e420977fdfedc52ca553d9eb81583691e250dc2df254f5a39a1b1cb15f12d80c59c068742c45ba331b4c6158d5e65a5ad15e1afecd329ceaab38f5a7e0e15de378c59d4b5025eb085c40cc0dfaf9aafcb05be21e4a33b12240a0e608e88f38a7a3348065e3c2dabb618ddb82de610ae0aa3ae05af48390c1b69fd734012fec53b55add140aa3a1eb8cc04d0d8bd08278da62b52"], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x0, 0x3, 0xd, 0x3, 0x81, 0xfffffffc, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0xb0, 0x9, 0x1, 0xffffffff, 0x5, 0x7, 0x0, 0x7, 0x0, 0xfffffffe, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x71a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x9, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80100, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): 211139][ T8041] [U] [ 194.213860][ T8041] [U] [ 194.216586][ T8041] [U] [ 194.240162][ T8041] [U] [ 194.242897][ T8041] [U] [ 194.245618][ T8041] [U] [ 194.248335][ T8041] [U] [ 194.270207][ T8041] [U] [ 194.272943][ T8041] [U] [ 194.275664][ T8041] [U] [ 194.278388][ T8041] [U] [ 194.293326][ T8041] [U] [ 194.296058][ T8041] [U] [ 194.298780][ T8041] [U] [ 194.301501][ T8041] [U] [ 194.326501][ T8041] [U] [ 194.329245][ T8041] [U] [ 194.331979][ T8041] [U] [ 194.334702][ T8041] [U] [ 194.349731][ T8041] [U] [ 194.352476][ T8041] [U] [ 194.355192][ T8041] [U] [ 194.357906][ T8041] [U] [ 194.373770][ T8041] [U] [ 194.376516][ T8041] [U] [ 194.379245][ T8041] [U] [ 194.381969][ T8041] [U] [ 194.400234][ T8041] [U] [ 194.402970][ T8041] [U] [ 194.405692][ T8041] [U] [ 194.408415][ T8041] [U] [ 194.439105][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.452301][ T8041] [U] [ 194.452441][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.455011][ T8041] [U] [ 194.463949][ T8041] [U] [ 194.466665][ T8041] [U] [ 194.502640][ T8044] [U] [ 194.505382][ T8044] [U] [ 194.508103][ T8044] [U] [ 194.510821][ T8044] [U] [ 194.537359][ T8044] [U] [ 194.540100][ T8044] [U] [ 194.542832][ T8044] [U] [ 194.545555][ T8044] [U] [ 194.548276][ T8044] [U] [ 194.593842][ T8044] [U] [ 194.596594][ T8044] [U] [ 194.599322][ T8044] [U] [ 194.602044][ T8044] [U] [ 194.638208][ T8044] [U] [ 196.611461][ T8062] kernel read not supported for file /#)-\&[} (pid: 8062 comm: syz.1.727) [ 196.671509][ T29] audit: type=1800 audit(4294967301.980:5): pid=8062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.727" name="#)-\&[}" dev="mqueue" ino=17495 res=0 errno=0 [ 198.259249][ T8090] netlink: 28 bytes leftover after parsing attributes in process `syz.1.736'. [ 198.862262][ T8090] bond0: (slave bond_slave_1): Releasing backup interface [ 199.547005][ T8098] netlink: zone id is out of range [ 199.603616][ T8098] netlink: set zone limit has 8 unknown bytes [ 200.113226][ T8104] netlink: 28 bytes leftover after parsing attributes in process `syz.4.742'. [ 200.896314][ T8093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.737'. [ 200.993066][ T8093] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 202.147531][ T8104] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.343011][ T8104] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.451478][ T8104] bond0 (unregistering): Released all slaves [ 202.895829][ T8130] netlink: 28 bytes leftover after parsing attributes in process `syz.4.747'. [ 204.291019][ T8153] netlink: 4 bytes leftover after parsing attributes in process `syz.5.755'. [ 205.296543][ T8174] sctp: [Deprecated]: syz.1.760 (pid 8174) Use of struct sctp_assoc_value in delayed_ack socket option. [ 205.296543][ T8174] Use struct sctp_sack_info instead [ 205.671637][ T8174] netlink: 28 bytes leftover after parsing attributes in process `syz.1.760'. [ 205.971316][ T8174] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 211.404699][ T8231] netlink: 28 bytes leftover after parsing attributes in process `syz.1.777'. [ 216.820477][ T8297] netlink: 4 bytes leftover after parsing attributes in process `syz.5.799'. [ 219.960027][ T8344] netlink: 28 bytes leftover after parsing attributes in process `syz.5.811'. [ 220.063685][ T8344] team0: Port device team_slave_1 removed [ 222.952808][ T8408] netlink: 28 bytes leftover after parsing attributes in process `syz.1.829'. [ 224.630684][ T8427] sctp: [Deprecated]: syz.0.832 (pid 8427) Use of struct sctp_assoc_value in delayed_ack socket option. [ 224.630684][ T8427] Use struct sctp_sack_info instead [ 224.967199][ T8427] netlink: 28 bytes leftover after parsing attributes in process `syz.0.832'. [ 225.067320][ T8427] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 225.142534][ T8436] netlink: 4 bytes leftover after parsing attributes in process `syz.1.836'. [ 226.443669][ T8450] netlink: 28 bytes leftover after parsing attributes in process `syz.5.839'. [ 226.555578][ T8450] bond0: (slave bond_slave_0): Releasing backup interface [ 226.943811][ T8442] Invalid ELF header magic: != ELF [ 230.628713][ T8504] netlink: 330 bytes leftover after parsing attributes in process `syz.1.853'. [ 230.661819][ T8504] : renamed from wg0 (while UP) [ 232.726624][ T8540] netlink: 28 bytes leftover after parsing attributes in process `syz.4.861'. [ 233.546097][ T8552] tipc: Started in network mode [ 233.568497][ T8552] tipc: Node identity ffffffff, cluster identity 4711 [ 233.592654][ T8552] tipc: Node number set to 4294967295 [ 234.689093][ T8574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.873'. [ 235.453045][ T8587] netlink: 4 bytes leftover after parsing attributes in process `syz.1.878'. [ 236.710226][ T8627] netlink: 4 bytes leftover after parsing attributes in process `syz.5.889'. [ 236.786638][ T8629] netlink: 28 bytes leftover after parsing attributes in process `syz.5.891'. [ 236.848483][ T8629] vcan0: entered promiscuous mode [ 237.018643][ T8635] netlink: 28 bytes leftover after parsing attributes in process `syz.5.893'. [ 238.044261][ T8655] netlink: 28 bytes leftover after parsing attributes in process `syz.0.899'. [ 238.066376][ T8655] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.088622][ T8657] netlink: 4 bytes leftover after parsing attributes in process `syz.1.900'. [ 238.119626][ T8658] netlink: 'syz.0.899': attribute type 46 has an invalid length. [ 238.149618][ T8655] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.321851][ T8684] netlink: 4 bytes leftover after parsing attributes in process `syz.1.910'. [ 240.337049][ T8697] netlink: 4 bytes leftover after parsing attributes in process `syz.5.916'. [ 242.154353][ T8724] aoe: invalid device specification v [ 242.270850][ T8726] ubi0: attaching mtd0 [ 242.298269][ T8726] ubi0: scanning is finished [ 242.312406][ T8726] ubi0: empty MTD device detected [ 242.592599][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 242.694447][ T8726] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 242.701965][ T8726] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 242.737480][ T8726] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 242.756115][ T8726] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 242.802701][ T8726] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 242.905883][ T8726] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 242.914433][ T8726] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4093763427 [ 242.942401][ T8726] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 243.021785][ T8741] can0: slcan on pty48. [ 243.044769][ T8737] ubi0: background thread "ubi_bgt0d" started, PID 8737 [ 243.453517][ T8740] can0 (unregistered): slcan off pty48. [ 244.321242][ T8770] netlink: 338 bytes leftover after parsing attributes in process `syz.0.932'. [ 244.445589][ T8770] Process accounting resumed [ 244.450548][ T8770] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8770 comm: syz.0.932) [ 244.613200][ T8778] netlink: 28 bytes leftover after parsing attributes in process `syz.0.934'. [ 244.695927][ T8778] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8778 comm: syz.0.934) [ 245.048093][ T8782] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8782 comm: syz.0.935) [ 245.234535][ T8795] netlink: 28 bytes leftover after parsing attributes in process `syz.0.938'. [ 245.384936][ T8795] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 245.415980][ T8795] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode [ 245.516608][ T8806] netlink: 4 bytes leftover after parsing attributes in process `syz.5.939'. [ 245.739030][ T8794] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8794 comm: syz.0.938) [ 246.239849][ T8815] netlink: 4 bytes leftover after parsing attributes in process `syz.5.940'. [ 246.267381][ T8816] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8816 comm: syz.0.941) [ 246.433246][ T8819] netlink: 28 bytes leftover after parsing attributes in process `syz.0.942'. [ 246.573901][ T8819] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8819 comm: syz.0.942) [ 247.572296][ T8822] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8822 comm: syz.0.944) [ 247.772167][ T8843] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8843 comm: syz.0.949) [ 247.994006][ T8845] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8845 comm: syz.0.950) [ 248.479798][ T8850] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8850 comm: syz.0.952) [ 248.710335][ T8859] netlink: 4 bytes leftover after parsing attributes in process `syz.5.955'. [ 249.122653][ T8863] netlink: 28 bytes leftover after parsing attributes in process `syz.0.957'. [ 249.159093][ T8863] bridge_slave_1: left allmulticast mode [ 249.182198][ T8863] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.567911][ T8862] warn_unsupported: 1 callbacks suppressed [ 249.567932][ T8862] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8862 comm: syz.0.957) [ 250.597892][ T8884] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8884 comm: syz.0.964) [ 251.432537][ T8904] netlink: 8 bytes leftover after parsing attributes in process `syz.4.970'. [ 251.705000][ T8908] netlink: 28 bytes leftover after parsing attributes in process `syz.1.971'. [ 252.216605][ T8910] mtrr: base(0x0000) is not aligned on a size(0x300000) boundary [ 252.268511][ T8898] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8898 comm: syz.0.968) [ 252.652756][ T8923] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8923 comm: syz.0.976) [ 252.832445][ T5840] Bluetooth: hci4: command 0x0406 tx timeout [ 253.077757][ T8934] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8934 comm: syz.0.979) [ 253.221557][ T8940] netlink: 28 bytes leftover after parsing attributes in process `syz.0.981'. [ 253.278082][ T8940] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8940 comm: syz.0.981) [ 253.755300][ T8948] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 253.782766][ T8948] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 253.836710][ T8950] netlink: 4 bytes leftover after parsing attributes in process `syz.5.983'. [ 254.096725][ T8957] netlink: 28 bytes leftover after parsing attributes in process `syz.4.986'. [ 254.400593][ T8943] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8943 comm: syz.0.982) [ 254.632207][ T8953] Invalid ELF header magic: != ELF [ 255.524223][ T8965] netlink: 28 bytes leftover after parsing attributes in process `syz.0.987'. [ 255.780872][ T8965] team0: Port device team_slave_1 removed [ 255.885875][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.892298][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.118399][ T8965] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8965 comm: syz.0.987) [ 256.817944][ T8992] netlink: 4 bytes leftover after parsing attributes in process `syz.1.996'. [ 256.844217][ T8992] netlink: 4 bytes leftover after parsing attributes in process `syz.1.996'. [ 256.977743][ T8925] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8925 comm: syz.0.976) [ 257.031723][ T8996] netlink: 4 bytes leftover after parsing attributes in process `syz.1.997'. [ 257.664254][ T9005] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1000'. [ 257.909844][ T8979] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 8979 comm: syz.0.991) [ 260.569266][ T9012] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9012 comm: syz.0.1001) [ 261.654164][ T9040] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9040 comm: syz.0.1010) [ 262.065220][ T9055] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9055 comm: syz.0.1014) [ 262.213526][ T9060] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9060 comm: syz.0.1016) [ 262.711467][ T9058] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9058 comm: syz.0.1016) [ 262.782656][ T9062] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9062 comm: syz.0.1016) [ 263.265116][ T9069] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1020'. [ 264.121536][ T9071] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1018'. [ 264.424747][ T9065] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9065 comm: syz.0.1018) [ 264.753380][ T9083] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9083 comm: syz.0.1022) [ 265.061986][ T9090] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9090 comm: syz.0.1025) [ 265.461841][ T9096] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9096 comm: syz.0.1026) [ 266.466811][ T9094] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9094 comm: syz.0.1026) [ 267.970464][ T9109] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9109 comm: syz.0.1030) [ 268.844996][ T9118] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1032'. [ 268.999127][ T9118] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9118 comm: syz.0.1032) [ 269.256145][ T9130] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9130 comm: syz.0.1035) [ 269.511423][ T9133] capability: warning: `syz.0.1036' uses 32-bit capabilities (legacy support in use) [ 269.732101][ T9133] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9133 comm: syz.0.1036) [ 270.152650][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 270.423128][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 270.796908][ T9138] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9138 comm: syz.0.1037) [ 271.147575][ T9145] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9145 comm: syz.0.1039) [ 272.281444][ T9152] kernel write not supported for file netdevsim/netdevsim0/psample/latency_max (pid: 9152 comm: syz.0.1042) [ 275.512725][ T9178] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1047'. [ 276.070226][ T9172] Process accounting paused [ 276.585828][ T9200] kernel read not supported for file /#)-\&[} (pid: 9200 comm: syz.4.1053) [ 276.614843][ T29] audit: type=1800 audit(8277292059.700:6): pid=9200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1053" name="#)-\&[}" dev="mqueue" ino=16272 res=0 errno=0 [ 278.651236][ T9236] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1062'. [ 279.035339][ T9236] team0: Port device team_slave_0 removed [ 279.364191][ T9245] kernel read not supported for file /#)-\&[} (pid: 9245 comm: syz.1.1065) [ 279.408446][ T29] audit: type=1800 audit(8277292062.490:7): pid=9245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1065" name="#)-\&[}" dev="mqueue" ino=17495 res=0 errno=0 [ 282.612655][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 282.634155][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 282.774410][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 283.001557][ T9283] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1073'. [ 283.032923][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 283.379823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 283.592575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 283.680492][ T9316] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1081'. [ 285.791090][ T9354] Process accounting resumed [ 285.866241][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 285.874716][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 287.992091][ T9390] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 288.052508][ T9390] CIFS mount error: No usable UNC path provided in device string! [ 288.052508][ T9390] [ 288.093281][ T9390] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 291.403494][ T9429] Process accounting resumed [ 291.482490][ T9433] bridge0: port 1(team0) entered blocking state [ 291.488965][ T9433] bridge0: port 1(team0) entered disabled state [ 291.543009][ T9433] team0: entered allmulticast mode [ 291.588542][ T9433] team_slave_0: entered allmulticast mode [ 291.666109][ T9433] team_slave_1: entered allmulticast mode [ 291.733364][ T9433] team0: entered promiscuous mode [ 291.753338][ T9433] team_slave_0: entered promiscuous mode [ 291.812548][ T9433] team_slave_1: entered promiscuous mode [ 291.853233][ T9433] bridge0: port 1(team0) entered blocking state [ 291.859586][ T9433] bridge0: port 1(team0) entered forwarding state [ 293.328713][ T9462] netlink: 252 bytes leftover after parsing attributes in process `syz.0.1113'. [ 293.565587][ T9468] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1115'. [ 293.649275][ T9467] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1114'. [ 296.008781][ T9500] ======================================================= [ 296.008781][ T9500] WARNING: The mand mount option has been deprecated and [ 296.008781][ T9500] and is ignored by this kernel. Remove the mand [ 296.008781][ T9500] option from the mount to silence this warning. [ 296.008781][ T9500] ======================================================= [ 296.337863][ T9513] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1127'. [ 297.086605][ T9524] netlink: 'syz.5.1130': attribute type 46 has an invalid length. [ 298.448723][ T9556] Process accounting resumed [ 299.988296][ T9579] Process accounting resumed [ 301.892499][ T9615] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1155'. [ 306.364373][ T9665] netlink: 342 bytes leftover after parsing attributes in process `syz.5.1168'. [ 306.393815][ T29] audit: type=1800 audit(8277292089.480:8): pid=9673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1170" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 308.379303][ T9690] GUP no longer grows the stack in syz.1.1175 (9690): 14000-401000 (4000) [ 308.432718][ T9690] CPU: 1 UID: 0 PID: 9690 Comm: syz.1.1175 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 308.443463][ T9690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 308.453555][ T9690] Call Trace: [ 308.456852][ T9690] [ 308.459802][ T9690] dump_stack_lvl+0x16c/0x1f0 [ 308.464531][ T9690] gup_vma_lookup+0x1d2/0x220 [ 308.469254][ T9690] __get_user_pages+0x236/0x3b50 [ 308.474241][ T9690] ? hlock_class+0x4e/0x130 [ 308.478780][ T9690] ? __lock_acquire+0x15a9/0x3c40 [ 308.483857][ T9690] ? __pfx___get_user_pages+0x10/0x10 [ 308.489287][ T9690] __gup_longterm_locked+0x211/0x1870 [ 308.494698][ T9690] ? __pfx___lock_acquire+0x10/0x10 [ 308.499958][ T9690] ? __pfx___gup_longterm_locked+0x10/0x10 [ 308.505826][ T9690] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 308.511490][ T9690] ? rwsem_read_trylock+0x12d/0x250 [ 308.516724][ T9690] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 308.522302][ T9690] ? process_vm_rw_core.constprop.0+0x3ff/0x9c0 [ 308.528590][ T9690] pin_user_pages_remote+0xee/0x150 [ 308.533834][ T9690] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 308.539675][ T9690] ? down_read+0xc9/0x330 [ 308.544058][ T9690] process_vm_rw_core.constprop.0+0x42b/0x9c0 [ 308.550184][ T9690] ? futex_wait_queue+0x101/0x1f0 [ 308.555247][ T9690] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 308.561907][ T9690] process_vm_rw+0x301/0x360 [ 308.566544][ T9690] ? __pfx_process_vm_rw+0x10/0x10 [ 308.571704][ T9690] ? up_write+0x1b2/0x520 [ 308.576080][ T9690] ? __pfx___do_sys_mremap+0x10/0x10 [ 308.581420][ T9690] ? xfd_validate_state+0x5d/0x180 [ 308.586576][ T9690] ? arch_syscall_is_vdso_sigreturn+0xb6/0x230 [ 308.592789][ T9690] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 308.598471][ T9690] ? syscall_trace_enter+0x5e/0x260 [ 308.603712][ T9690] do_syscall_64+0xcd/0x250 [ 308.608261][ T9690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.614197][ T9690] RIP: 0033:0x7fdb5c785d19 [ 308.618639][ T9690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.638275][ T9690] RSP: 002b:00007fdb5d672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 308.646725][ T9690] RAX: ffffffffffffffda RBX: 00007fdb5c975fa0 RCX: 00007fdb5c785d19 [ 308.654726][ T9690] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 00000000000003b0 [ 308.662721][ T9690] RBP: 00007fdb5c801a20 R08: 0000000000000006 R09: 0000000000000000 [ 308.670717][ T9690] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 308.678713][ T9690] R13: 0000000000000000 R14: 00007fdb5c975fa0 R15: 00007ffc509dcc48 [ 308.686732][ T9690] [ 310.526464][ T9737] CIFS mount error: No usable UNC path provided in device string! [ 310.526464][ T9737] [ 310.572439][ T9737] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 311.671301][ T9756] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1194'. [ 314.143642][ T9798] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1206'. syzkaller syzkaller login: [ 314.666724][ T9808] could not allocate digest TFM handle [ 316.833378][ T9860] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1223'. [ 317.320637][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.327269][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.232607][ T9913] could not allocate digest TFM handle [ 321.908517][ T9925] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1238'. [ 321.933007][ T9925] hsr_slave_1: left promiscuous mode [ 323.752949][ T9955] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1246'. [ 323.813366][ T9955] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 323.835763][ T9955] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 323.878329][ T9955] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 323.895204][ T9955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 324.054365][ T9961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1247'. [ 325.876949][ T9976] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1249'. [ 326.024530][ T9993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1257'. [ 330.311196][T10049] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1271'. [ 330.381830][T10049] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1271'. [ 330.530013][T10057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1274'. [ 332.370264][ T5834] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 333.278189][T10096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1283'. [ 333.479358][ T29] audit: type=1800 audit(8277292116.560:9): pid=10113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1287" name="SYSV0000000a" dev="hugetlbfs" ino=0 res=0 errno=0 [ 341.792141][T10236] nbd: must specify at least one socket [ 343.189812][T10253] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1315'. [ 352.665923][T10367] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1342'. [ 352.722242][T10367] netdevsim netdevsim5 netdevsim2: entered allmulticast mode [ 353.763663][T10407] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 353.782395][T10407] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 354.675579][T10421] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1352'. [ 355.320786][T10436] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1358'. [ 355.378965][T10438] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1358'. [ 358.154823][T10488] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1371'. [ 358.797553][T10506] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1376'. [ 358.841783][T10506] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1376'. [ 358.843228][T10505] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1375'. [ 358.998395][T10505] mac80211_hwsim hwsim3 wlan0: left promiscuous mode [ 359.188331][T10501] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1375'. [ 364.172238][T10618] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1406'. [ 364.183463][T10618] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1406'. [ 366.194761][T10648] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1412'. [ 366.217810][T10648] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1412'. [ 367.275886][T10671] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1418'. [ 367.347416][T10673] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1418'. [ 370.030514][T10725] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1431'. [ 370.067002][T10725] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1431'. [ 370.253146][T10734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1434'. [ 371.943243][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1444'. [ 371.995595][T10772] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1444'. [ 372.015421][T10772] veth0_macvtap: left promiscuous mode [ 372.290956][T10779] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1446'. [ 372.318764][T10779] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode [ 372.457530][T10779] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1446'. [ 373.724083][T10807] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1453'. [ 376.409087][T10859] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1467'. [ 376.608503][T10859] mac80211_hwsim hwsim15 wlan0: entered allmulticast mode [ 376.830817][T10858] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1467'. [ 378.757188][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.763577][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.280676][T10910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1481'. [ 379.324828][T10910] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1481'. [ 382.140887][T10944] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1489'. [ 382.440708][T10951] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1489'. [ 384.843756][T10992] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1501'. [ 384.862149][T10992] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1501'. [ 385.790286][T11001] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1504'. [ 386.281891][T11009] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1507'. [ 390.949606][T11063] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1519'. [ 391.002332][T11063] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1519'. [ 392.213233][T11076] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1521'. [ 397.033090][T11151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1541'. [ 397.398305][T11154] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1542'. [ 397.438727][T11154] bridge0: port 1(team0) entered disabled state [ 398.531188][T11159] Invalid ELF header magic: != ELF [ 399.115027][T11176] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1547'. [ 399.543153][T11183] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1548'. [ 399.613867][T11183] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1548'. [ 400.062017][T11189] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1549'. [ 400.279969][T11192] ptrace attach of "./syz-executor exec"[5830] was attempted by "./syz-executor exec"[11192] [ 400.301191][T11189] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 400.342389][T11189] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 401.861609][T11210] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1553'. [ 401.927469][T11210] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1553'. [ 405.726784][T11250] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1563'. [ 405.754823][T11250] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1563'. [ 406.796044][T11271] HfR: entered promiscuous mode [ 406.828551][T11271] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1569'. [ 407.136819][T11279] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1570'. [ 407.285455][T11279] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1570'. [ 407.456509][T11279] bond0: (slave bond_slave_1): Releasing backup interface [ 408.134096][T11302] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1576'. [ 408.177656][T11302] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1576'. [ 408.904588][T11325] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1584'. [ 409.093920][T11335] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1586'. [ 409.108664][T11335] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1586'. [ 410.029103][ T29] audit: type=1107 audit(2097.220:10): pid=11355 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 411.192861][T11382] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1597'. [ 411.230353][T11384] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1599'. [ 411.274936][T11387] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1597'. [ 412.189068][T11410] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1604'. [ 412.223491][T11410] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 412.715497][T11428] bridge0: port 3(batadv0) entered blocking state [ 412.758244][T11428] bridge0: port 3(batadv0) entered disabled state [ 412.781834][T11428] batadv0: entered allmulticast mode [ 412.925054][T11428] batadv0: entered promiscuous mode [ 413.082744][ T3544] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 413.092523][ T3544] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 414.112546][T11448] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1613'. [ 414.178118][T11449] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1613'. [ 414.617710][T11454] netlink: 'syz.0.1615': attribute type 4 has an invalid length. [ 415.165381][T11460] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1617'. [ 416.197257][T11474] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1621'. [ 419.386649][T11518] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1629'. [ 419.396217][T11518] mac80211_hwsim hwsim15 wlan0: entered promiscuous mode [ 422.047920][T11548] erspan0: entered allmulticast mode [ 423.138997][T11560] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1639'. [ 423.213876][T11563] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1639'. [ 426.541608][T11602] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1648'. [ 429.001845][T11650] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1657'. [ 429.048542][T11650] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1657'. [ 431.138952][T11664] erspan0: entered allmulticast mode [ 432.630680][T11684] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1666'. [ 432.712496][T11684] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1666'. [ 434.787699][T11722] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1676'. [ 434.814881][T11722] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1676'. [ 440.203780][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.210114][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.086706][T11821] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1700'. [ 443.702571][T11835] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1702'. [ 443.789895][T11833] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1702'. [ 445.801883][T11855] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 445.832002][T11855] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 446.242762][T11862] Invalid ELF header magic: != ELF [ 447.674368][T11876] erspan0: entered allmulticast mode [ 450.080537][T11914] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1719'. [ 450.992923][T11922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1721'. [ 451.047772][T11922] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1721'. [ 451.823164][T11932] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1724'. [ 452.830589][T11957] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1728'. [ 452.849991][T11957] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode [ 454.200854][T11974] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1731'. [ 454.365850][T11983] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1732'. [ 454.393492][T11983] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1732'. [ 460.862424][T12071] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1750'. [ 460.872569][T12071] netdevsim netdevsim4 netdevsim2: entered allmulticast mode [ 461.101638][T12076] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1751'. [ 464.224771][T12117] kexec: Could not allocate control_code_buffer [ 465.313015][T12133] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1761'. [ 465.775714][T12143] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1762'. [ 465.820574][T12143] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1762'. [ 467.312189][T12166] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1768'. [ 472.843522][T12232] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1783'. [ 476.238381][T12288] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1795'. [ 477.332783][T12305] nbd: socks must be embedded in a SOCK_ITEM attr [ 477.384918][T12305] block nbd1: shutting down sockets [ 478.899257][T12328] kernel read not supported for file /#)-\&[} (pid: 12328 comm: syz.1.1802) [ 478.966134][ T29] audit: type=1800 audit(2166.160:11): pid=12328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1802" name="#)-\&[}" dev="mqueue" ino=17495 res=0 errno=0 [ 483.682604][T12354] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1806'. [ 483.692908][T12321] kexec: Could not allocate control_code_buffer [ 483.762343][T12354] bridge_slave_1: left allmulticast mode [ 483.768034][T12354] bridge_slave_1: left promiscuous mode [ 483.882544][T12354] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.979920][T12354] bridge_slave_0: left allmulticast mode [ 484.019192][T12354] bridge_slave_0: left promiscuous mode [ 484.052501][T12354] bridge0: port 1(bridge_slave_0) entered disabled state [ 484.100302][T12360] Process accounting resumed [ 484.123205][T12360] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1807'. [ 484.339464][T12354] bridge0 (unregistering): left allmulticast mode [ 485.950174][T12389] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1815'. [ 485.961376][T12389] netlink: 326 bytes leftover after parsing attributes in process `syz.5.1815'. [ 486.349734][T12398] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1817'. [ 486.372550][T12398] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1817'. [ 487.236718][T12409] nbd: socks must be embedded in a SOCK_ITEM attr [ 487.243638][T12409] block nbd1: shutting down sockets [ 487.821885][T12428] netlink: 'syz.4.1823': attribute type 4 has an invalid length. [ 488.332976][T12444] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1824'. [ 491.947462][T12490] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1838'. [ 496.320036][T12537] Process accounting resumed [ 496.329132][T12537] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1849'. [ 497.803835][T12541] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1850'. [ 498.053827][T12546] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1852'. [ 501.643976][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.650312][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.798970][T12627] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1872'. [ 501.830573][T12627] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1872'. [ 501.991091][T12629] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1867'. [ 502.140362][T12632] Process accounting resumed [ 502.170186][T12632] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1881'. [ 502.355013][T12636] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1873'. [ 504.099820][T12668] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1882'. [ 506.306905][T12707] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1893'. [ 506.329741][T12707] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1893'. [ 511.332161][T12780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1912'. [ 515.163464][T12814] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1919'. [ 516.633149][T12823] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1923'. [ 516.788717][T12826] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1925'. [ 517.592810][T12839] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1928'. [ 517.660490][T12840] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1928'. [ 520.828899][T12869] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1935'. [ 521.073361][T12872] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1937'. [ 524.433574][T12915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1945'. [ 534.139741][T13061] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1984'. [ 535.282191][T13094] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1996'. [ 535.603043][T13111] netlink: 82 bytes leftover after parsing attributes in process `syz.1.2001'. [ 535.633573][T13111] netlink: 82 bytes leftover after parsing attributes in process `syz.1.2001'. [ 538.364192][T13140] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 538.373502][T13140] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 538.381766][T13140] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 538.389787][T13140] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 538.397450][T13140] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 538.405387][T13140] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 538.824770][T13138] chnl_net:caif_netlink_parms(): no params data found [ 538.912278][T13149] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2015'. [ 539.157743][T13138] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.165086][T13138] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.172351][T13138] bridge_slave_0: entered allmulticast mode [ 539.179327][T13138] bridge_slave_0: entered promiscuous mode [ 539.187524][T13138] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.194687][T13138] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.201880][T13138] bridge_slave_1: entered allmulticast mode [ 539.208896][T13138] bridge_slave_1: entered promiscuous mode [ 539.366902][T13138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 539.416248][T13138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 539.599105][T13138] team0: Port device team_slave_0 added [ 539.620209][T13138] team0: Port device team_slave_1 added [ 539.792660][T13138] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.812291][T13138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.885831][T13138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.926397][T13138] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.946976][T13138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.016494][T13138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.049328][T13181] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2018'. [ 540.131326][T13184] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2018'. [ 540.250850][T13138] hsr_slave_0: entered promiscuous mode [ 540.257835][T13138] hsr_slave_1: entered promiscuous mode [ 540.302460][T13138] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 540.310511][T13138] Cannot create hsr debugfs directory [ 540.400400][T13190] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2020'. [ 540.443061][ T5840] Bluetooth: hci0: command tx timeout [ 540.457585][T13190] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2020'. [ 540.780065][T13138] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 540.817059][T13138] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 540.839831][T13138] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 540.872134][T13138] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 541.117009][T13138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.161491][T13138] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.204065][ T3282] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.211181][ T3282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.251789][ T3282] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.258940][ T3282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.753776][T13138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.211038][T13138] veth0_vlan: entered promiscuous mode [ 542.229779][T13138] veth1_vlan: entered promiscuous mode [ 542.270044][T13138] veth0_macvtap: entered promiscuous mode [ 542.289097][T13138] veth1_macvtap: entered promiscuous mode [ 542.318876][T13138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.331881][T13138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.346558][T13138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.373609][T13138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.390552][T13138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.407480][T13138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.419540][T13138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.436896][T13138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.449572][T13138] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.476624][T13138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.489924][T13138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.509394][T13138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.520309][ T5840] Bluetooth: hci0: command tx timeout [ 542.537446][T13138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.550070][T13138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.568062][T13138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.578325][T13138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.594752][T13138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.616243][T13138] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 542.649017][T13138] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.666010][T13138] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.680134][T13138] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.696006][T13138] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 542.839032][ T3544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.873976][ T3544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 542.905781][ T3544] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 542.922758][ T3544] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.508128][T13214] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2012'. [ 544.096701][T13225] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2023'. [ 544.327483][T13235] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2025'. [ 544.592410][ T5840] Bluetooth: hci0: command tx timeout [ 546.407972][T13271] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2039'. [ 546.673182][ T5840] Bluetooth: hci0: command tx timeout [ 546.796573][T13283] netlink: 82 bytes leftover after parsing attributes in process `syz.5.2041'. [ 546.857497][T13285] netlink: 82 bytes leftover after parsing attributes in process `syz.5.2041'. [ 550.071459][T13345] netlink: 82 bytes leftover after parsing attributes in process `syz.0.2058'. [ 550.110016][T13345] netlink: 82 bytes leftover after parsing attributes in process `syz.0.2058'. [ 551.470069][T13367] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2063'. [ 559.241968][T13482] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2097'. [ 560.915236][T13520] block nbd4: not configured, cannot reconfigure [ 562.092640][T13533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2109'. [ 562.354971][T13541] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2115'. [ 563.077277][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.084196][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.003989][T13556] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2119'. [ 565.903544][T13586] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2127'. [ 568.484635][T13597] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 569.112984][T13597] syz.5.2130 (13597) used greatest stack depth: 17264 bytes left [ 570.894960][T13604] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2133'. [ 575.512675][T13635] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 575.519480][T13635] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 577.207159][T13653] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2151'. [ 577.314734][T13654] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2151'. [ 578.953009][T13659] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2153'. [ 585.354367][T13700] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2165'. [ 586.034324][T13708] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2167'. [ 591.118595][T13565] syz.5.2119 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 591.172249][T13565] CPU: 0 UID: 0 PID: 13565 Comm: syz.5.2119 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 591.183066][T13565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 591.193139][T13565] Call Trace: [ 591.196423][T13565] [ 591.199361][T13565] dump_stack_lvl+0x16c/0x1f0 [ 591.204059][T13565] dump_header+0x101/0x900 [ 591.208498][T13565] oom_kill_process+0x270/0xa60 [ 591.213357][T13565] ? mem_cgroup_out_of_memory+0x8d/0x270 [ 591.219003][T13565] out_of_memory+0x351/0x1700 [ 591.223699][T13565] ? __pfx_out_of_memory+0x10/0x10 [ 591.228819][T13565] ? rcu_read_unlock+0x17/0x60 [ 591.233621][T13565] ? find_held_lock+0x2d/0x110 [ 591.238419][T13565] mem_cgroup_out_of_memory+0x207/0x270 [ 591.243982][T13565] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 591.250064][T13565] ? do_raw_spin_unlock+0x172/0x230 [ 591.255283][T13565] try_charge_memcg+0x54c/0xaf0 [ 591.260151][T13565] ? __pfx_try_charge_memcg+0x10/0x10 [ 591.265547][T13565] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 591.271027][T13565] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 591.276500][T13565] ? get_mem_cgroup_from_mm+0x131/0x5f0 [ 591.282055][T13565] __mem_cgroup_charge+0x9b/0x280 [ 591.287100][T13565] shmem_alloc_and_add_folio+0x507/0xc00 [ 591.292750][T13565] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 591.298655][T13565] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 591.304820][T13565] ? shmem_huge_global_enabled+0x176/0x250 [ 591.310651][T13565] ? shmem_allowable_huge_orders+0xcd/0x3e0 [ 591.316569][T13565] shmem_get_folio_gfp+0x689/0x1530 [ 591.321792][T13565] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 591.327434][T13565] ? find_held_lock+0x2d/0x110 [ 591.332220][T13565] shmem_write_begin+0x161/0x300 [ 591.337185][T13565] ? __pfx_shmem_write_begin+0x10/0x10 [ 591.342651][T13565] ? timestamp_truncate+0x21f/0x2e0 [ 591.347869][T13565] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 591.354741][T13565] generic_perform_write+0x2ba/0x920 [ 591.360051][T13565] ? __pfx_generic_perform_write+0x10/0x10 [ 591.365873][T13565] ? inode_needs_update_time.part.0+0x191/0x270 [ 591.372135][T13565] shmem_file_write_iter+0x10e/0x140 [ 591.377438][T13565] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 591.383257][T13565] __kernel_write_iter+0x318/0xa80 [ 591.388384][T13565] ? __pfx___kernel_write_iter+0x10/0x10 [ 591.394042][T13565] ? get_dump_page+0x15b/0x230 [ 591.398850][T13565] ? __pfx___might_resched+0x10/0x10 [ 591.404159][T13565] ? get_dump_page+0x143/0x230 [ 591.408940][T13565] ? get_dump_page+0x15b/0x230 [ 591.413723][T13565] dump_user_range+0x389/0x8c0 [ 591.418509][T13565] ? __pfx_dump_user_range+0x10/0x10 [ 591.423811][T13565] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 591.429994][T13565] ? __pfx_writenote+0x10/0x10 [ 591.434782][T13565] elf_core_dump+0x2787/0x3880 [ 591.439567][T13565] ? __pfx_elf_core_dump+0x10/0x10 [ 591.444687][T13565] ? kasan_save_stack+0x42/0x60 [ 591.449544][T13565] ? kasan_save_stack+0x33/0x60 [ 591.454402][T13565] ? kasan_save_track+0x14/0x30 [ 591.459263][T13565] ? __kasan_kmalloc+0xaa/0xb0 [ 591.464038][T13565] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 591.469509][T13565] ? do_coredump+0x1665/0x43e0 [ 591.474288][T13565] ? get_signal+0x23f3/0x2610 [ 591.479019][T13565] ? rcu_is_watching+0x12/0xc0 [ 591.483800][T13565] ? trace_lock_acquire+0x14e/0x1f0 [ 591.489017][T13565] ? __pfx_sort+0x10/0x10 [ 591.493362][T13565] ? get_signal+0x23f3/0x2610 [ 591.498056][T13565] ? do_coredump+0x2dd5/0x43e0 [ 591.502844][T13565] do_coredump+0x2dd5/0x43e0 [ 591.507472][T13565] ? __pfx_do_coredump+0x10/0x10 [ 591.512433][T13565] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 591.518392][T13565] get_signal+0x23f3/0x2610 [ 591.522916][T13565] ? __pfx_get_signal+0x10/0x10 [ 591.527773][T13565] ? __pfx_force_sig_fault+0x10/0x10 [ 591.533077][T13565] arch_do_signal_or_restart+0x90/0x7e0 [ 591.538641][T13565] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 591.544816][T13565] ? trace_irq_disable.constprop.0+0xea/0x140 [ 591.550906][T13565] irqentry_exit_to_user_mode+0x13f/0x280 [ 591.556639][T13565] asm_exc_invalid_op+0x1a/0x20 [ 591.561500][T13565] RIP: 0033:0x0 [ 591.564963][T13565] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 591.572326][T13565] RSP: 002b:000000000000000e EFLAGS: 00010217 [ 591.578399][T13565] RAX: 0000000000000000 RBX: 00007f133eb76080 RCX: 00007f133e985d19 [ 591.586376][T13565] RDX: 00000000200000c0 RSI: 0000000000000006 RDI: 000000000000440f [ 591.594350][T13565] RBP: 00007f133ea01a20 R08: 0000000000000008 R09: 0000000000000000 [ 591.602326][T13565] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000000 [ 591.610306][T13565] R13: 0000000000000000 R14: 00007f133eb76080 R15: 00007ffec1f0fbd8 [ 591.618305][T13565] [ 591.658312][T13565] memory: usage 307200kB, limit 307200kB, failcnt 22073 [ 591.665483][T13565] memory+swap: usage 419904kB, limit 9007199254740988kB, failcnt 0 [ 591.673611][T13565] kmem: usage 4384kB, limit 9007199254740988kB, failcnt 0 [ 591.680749][T13565] Memory cgroup stats for /syz5: [ 591.681058][T13565] cache 303886336 [ 591.689775][T13565] rss 4296704 [ 591.693165][T13565] rss_huge 0 [ 591.696388][T13565] shmem 303878144 [ 591.700113][T13565] mapped_file 120029184 [ 591.704342][T13565] dirty 0 [ 591.707296][T13565] writeback 0 [ 591.710669][T13565] workingset_refault_anon 14485 [ 591.715712][T13565] workingset_refault_file 2548 [ 591.720497][T13565] swap 115408896 [ 591.724346][T13565] swapcached 1900544 [ 591.728262][T13565] pgpgin 1063869 [ 591.731824][T13565] pgpgout 1001962 [ 591.735584][T13565] pgfault 623543 [ 591.739153][T13565] pgmajfault 1743 [ 591.742844][T13565] inactive_anon 106102784 [ 591.747260][T13565] active_anon 203972608 [ 591.751429][T13565] inactive_file 8192 [ 591.755381][T13565] active_file 0 [ 591.758924][T13565] unevictable 0 [ 591.762463][T13565] hierarchical_memory_limit 314572800 [ 591.767977][T13565] hierarchical_memsw_limit 9223372036854771712 [ 591.774367][T13565] total_cache 303886336 [ 591.778545][T13565] total_rss 4296704 [ 591.782435][T13565] total_rss_huge 0 [ 591.786233][T13565] total_shmem 303878144 [ 591.790407][T13565] total_mapped_file 120029184 [ 591.795189][T13565] total_dirty 0 [ 591.798735][T13565] total_writeback 0 [ 591.802617][T13565] total_workingset_refault_anon 14485 [ 591.808003][T13565] total_workingset_refault_file 2548 [ 591.813396][T13565] total_swap 115408896 [ 591.817769][T13565] total_swapcached 1900544 [ 591.822247][T13565] total_pgpgin 1063869 [ 591.826402][T13565] total_pgpgout 1001962 [ 591.832726][T13565] total_pgfault 623543 [ 591.836886][T13565] total_pgmajfault 1743 [ 591.841061][T13565] total_inactive_anon 106102784 [ 591.845971][T13565] total_active_anon 203972608 [ 591.850732][T13565] total_inactive_file 8192 [ 591.855224][T13565] total_active_file 0 [ 591.859234][T13565] total_unevictable 0 [ 591.863323][T13565] anon_cost 0 [ 591.866747][T13565] file_cost 0 [ 591.870051][T13565] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.453,pid=7209,uid=0 [ 591.886594][T13565] Memory cgroup out of memory: Killed process 7209 (syz.5.453) total-vm:103688kB, anon-rss:944kB, file-rss:20796kB, shmem-rss:0kB, UID:0 pgtables:92kB oom_score_adj:1000 [ 591.953949][T13140] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 591.972316][T13140] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 592.003088][T13140] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 592.012008][T13140] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 592.020874][T13140] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 592.028444][T13140] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 592.089744][T13562] syz.5.2119 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 592.102222][T13562] CPU: 0 UID: 0 PID: 13562 Comm: syz.5.2119 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 592.113036][T13562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 592.123114][T13562] Call Trace: [ 592.126420][T13562] [ 592.129375][T13562] dump_stack_lvl+0x16c/0x1f0 [ 592.134096][T13562] dump_header+0x101/0x900 [ 592.138555][T13562] oom_kill_process+0x270/0xa60 [ 592.143443][T13562] ? mem_cgroup_out_of_memory+0x8d/0x270 [ 592.149115][T13562] out_of_memory+0x351/0x1700 [ 592.153839][T13562] ? __pfx_out_of_memory+0x10/0x10 [ 592.158985][T13562] ? rcu_read_unlock+0x17/0x60 [ 592.163796][T13562] ? find_held_lock+0x2d/0x110 [ 592.168689][T13562] mem_cgroup_out_of_memory+0x207/0x270 [ 592.174264][T13562] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 592.180377][T13562] ? do_raw_spin_unlock+0x172/0x230 [ 592.185614][T13562] try_charge_memcg+0x54c/0xaf0 [ 592.190511][T13562] ? __pfx_try_charge_memcg+0x10/0x10 [ 592.195920][T13562] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 592.201415][T13562] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 592.206916][T13562] ? get_mem_cgroup_from_mm+0x131/0x5f0 [ 592.212496][T13562] __mem_cgroup_charge+0x9b/0x280 [ 592.217562][T13562] shmem_alloc_and_add_folio+0x507/0xc00 [ 592.223233][T13562] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 592.229165][T13562] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 592.235360][T13562] ? shmem_huge_global_enabled+0x176/0x250 [ 592.241210][T13562] ? shmem_allowable_huge_orders+0xcd/0x3e0 [ 592.247138][T13562] shmem_get_folio_gfp+0x689/0x1530 [ 592.252370][T13562] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 592.258038][T13562] ? find_held_lock+0x2d/0x110 [ 592.262855][T13562] shmem_write_begin+0x161/0x300 [ 592.267826][T13562] ? __pfx_shmem_write_begin+0x10/0x10 [ 592.273313][T13562] ? timestamp_truncate+0x21f/0x2e0 [ 592.278552][T13562] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 592.282229][T13726] chnl_net:caif_netlink_parms(): no params data found [ 592.285518][T13562] generic_perform_write+0x2ba/0x920 [ 592.297605][T13562] ? __pfx_generic_perform_write+0x10/0x10 [ 592.303450][T13562] ? inode_needs_update_time.part.0+0x191/0x270 [ 592.309741][T13562] shmem_file_write_iter+0x10e/0x140 [ 592.315071][T13562] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 592.320918][T13562] __kernel_write_iter+0x318/0xa80 [ 592.326073][T13562] ? __pfx___kernel_write_iter+0x10/0x10 [ 592.331707][T13562] ? get_dump_page+0x15b/0x230 [ 592.336473][T13562] ? __pfx___might_resched+0x10/0x10 [ 592.341757][T13562] dump_user_range+0x389/0x8c0 [ 592.346526][T13562] ? __pfx_dump_user_range+0x10/0x10 [ 592.351809][T13562] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 592.357960][T13562] ? __pfx_writenote+0x10/0x10 [ 592.362743][T13562] elf_core_dump+0x2787/0x3880 [ 592.367548][T13562] ? __pfx_elf_core_dump+0x10/0x10 [ 592.372677][T13562] ? try_to_wake_up+0x949/0x1490 [ 592.377606][T13562] ? __pfx_lock_release+0x10/0x10 [ 592.382634][T13562] ? rwsem_wake.isra.0+0xbe/0x120 [ 592.387667][T13562] ? rcu_is_watching+0x12/0xc0 [ 592.392427][T13562] ? trace_lock_acquire+0x14e/0x1f0 [ 592.397623][T13562] ? __pfx_sort+0x10/0x10 [ 592.401950][T13562] ? get_signal+0x23f3/0x2610 [ 592.406632][T13562] ? do_coredump+0x2dd5/0x43e0 [ 592.411395][T13562] do_coredump+0x2dd5/0x43e0 [ 592.416019][T13562] ? __pfx_do_coredump+0x10/0x10 [ 592.420987][T13562] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 592.426919][T13562] get_signal+0x23f3/0x2610 [ 592.431460][T13562] ? __pfx_get_signal+0x10/0x10 [ 592.436308][T13562] ? __pfx_force_sig_fault+0x10/0x10 [ 592.441593][T13562] arch_do_signal_or_restart+0x90/0x7e0 [ 592.447140][T13562] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 592.453300][T13562] ? trace_irq_disable.constprop.0+0xea/0x140 [ 592.459366][T13562] irqentry_exit_to_user_mode+0x13f/0x280 [ 592.465097][T13562] asm_exc_invalid_op+0x1a/0x20 [ 592.469972][T13562] RIP: 0033:0x0 [ 592.473426][T13562] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 592.480814][T13562] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 592.486875][T13562] RAX: 0000000000000000 RBX: 00007f133eb76160 RCX: 00007f133e985d19 [ 592.494844][T13562] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b44 [ 592.502811][T13562] RBP: 00007f133ea01a20 R08: 0000000000000002 R09: 0000000000000000 [ 592.510772][T13562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.518752][T13562] R13: 0000000000000000 R14: 00007f133eb76160 R15: 00007ffec1f0fbd8 [ 592.526767][T13562] [ 593.264387][T13726] bridge0: port 1(bridge_slave_0) entered blocking state [ 593.271635][T13726] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.295316][T13726] bridge_slave_0: entered allmulticast mode [ 593.331307][T13726] bridge_slave_0: entered promiscuous mode [ 593.347290][T13726] bridge0: port 2(bridge_slave_1) entered blocking state [ 593.374487][T13726] bridge0: port 2(bridge_slave_1) entered disabled state [ 593.381756][T13726] bridge_slave_1: entered allmulticast mode [ 593.385411][T13562] memory: usage 304208kB, limit 307200kB, failcnt 22677 [ 593.397399][T13726] bridge_slave_1: entered promiscuous mode [ 593.432306][T13562] memory+swap: usage 422380kB, limit 9007199254740988kB, failcnt 0 [ 593.462228][T13562] kmem: usage 4240kB, limit 9007199254740988kB, failcnt 0 [ 593.469388][T13562] Memory cgroup stats for /syz5: [ 593.469694][T13562] cache 301289472 [ 593.498931][T13726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 593.512364][T13562] rss 4743168 [ 593.515683][T13562] rss_huge 0 [ 593.540834][T13726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 593.543746][T13562] shmem 299229184 [ 593.583341][T13562] mapped_file 108609536 [ 593.602336][T13562] dirty 0 [ 593.605298][T13562] writeback 0 [ 593.628407][T13562] workingset_refault_anon 14485 [ 593.645583][T13562] workingset_refault_file 3049 [ 593.650383][T13562] swap 121380864 [ 593.657549][T13726] team0: Port device team_slave_0 added [ 593.678415][T13726] team0: Port device team_slave_1 added [ 593.682326][T13562] swapcached 0 [ 593.702309][T13562] pgpgin 1066522 [ 593.705888][T13562] pgpgout 1005578 [ 593.732239][T13562] pgfault 624694 [ 593.750067][T13562] pgmajfault 1746 [ 593.755909][T13726] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 593.770292][T13562] inactive_anon 119648256 [ 593.776992][T13726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 593.782248][T13562] active_anon 183975936 [ 593.817014][T13726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 593.835133][T13726] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 593.849241][T13726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 593.872224][T13562] inactive_file 0 [ 593.882558][T13562] active_file 2060288 [ 593.886724][T13562] unevictable 0 [ 593.896060][T13726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 593.920628][T13562] hierarchical_memory_limit 314572800 [ 593.940827][T13562] hierarchical_memsw_limit 9223372036854771712 [ 593.970406][T13562] total_cache 301289472 [ 593.982218][T13562] total_rss 4743168 [ 593.992525][T13562] total_rss_huge 0 [ 593.995739][T13726] hsr_slave_0: entered promiscuous mode [ 594.005664][T13726] hsr_slave_1: entered promiscuous mode [ 594.012248][T13562] total_shmem 299229184 [ 594.017915][T13726] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 594.026724][T13562] total_mapped_file 108609536 [ 594.028216][T13726] Cannot create hsr debugfs directory [ 594.031428][T13562] total_dirty 0 [ 594.031441][T13562] total_writeback 0 [ 594.031453][T13562] total_workingset_refault_anon 14485 [ 594.112342][T13562] total_workingset_refault_file 3049 [ 594.117674][T13562] total_swap 121380864 [ 594.121883][T13562] total_swapcached 0 [ 594.122402][T13140] Bluetooth: hci1: command tx timeout [ 594.155849][T13562] total_pgpgin 1066522 [ 594.180314][T13562] total_pgpgout 1005578 [ 594.190406][T13562] total_pgfault 624694 [ 594.220935][T13562] total_pgmajfault 1746 [ 594.231094][T13562] total_inactive_anon 119648256 [ 594.241211][T13562] total_active_anon 183975936 [ 594.262112][T13562] total_inactive_file 0 [ 594.292222][T13562] total_active_file 2060288 [ 594.302236][T13562] total_unevictable 0 [ 594.306247][T13562] anon_cost 0 [ 594.332318][T13562] file_cost 0 [ 594.335652][T13562] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2115,pid=13545,uid=0 [ 594.407387][T13562] Memory cgroup out of memory: Killed process 13545 (syz.5.2115) total-vm:143216kB, anon-rss:1012kB, file-rss:40072kB, shmem-rss:18688kB, UID:0 pgtables:268kB oom_score_adj:0 [ 594.489657][T13726] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 594.499171][T13751] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 594.524203][T13726] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 594.551249][T13726] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 594.595567][T13726] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 594.867031][T13726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 594.919448][T13726] 8021q: adding VLAN 0 to HW filter on device team0 [ 594.963738][T10517] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.970889][T10517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 595.003872][T10517] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.010985][T10517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 595.191069][T13760] netlink: 82 bytes leftover after parsing attributes in process `syz.0.2180'. [ 595.230220][T13760] netlink: 82 bytes leftover after parsing attributes in process `syz.0.2180'. [ 595.642812][T13726] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 596.195270][T13140] Bluetooth: hci1: command tx timeout [ 596.351623][T13726] veth0_vlan: entered promiscuous mode [ 596.382724][T13726] veth1_vlan: entered promiscuous mode [ 596.449291][T13726] veth0_macvtap: entered promiscuous mode [ 596.468374][T13726] veth1_macvtap: entered promiscuous mode [ 596.494157][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.515172][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.532062][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.552875][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.570164][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.581365][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.599323][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.610400][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.631730][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.649900][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.666235][T13726] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 596.695926][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.718884][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.739749][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.752095][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.771735][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.792523][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.810150][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.821507][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.840278][T13726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.861541][T13726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.882868][T13726] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 596.908692][T13726] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.926845][T13726] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.940577][T13726] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.956879][T13726] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.111584][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 597.148875][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 597.201797][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 597.218675][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.273536][T13140] Bluetooth: hci1: command tx timeout [ 598.511118][T13784] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2184'. [ 600.363115][T13140] Bluetooth: hci1: command tx timeout [ 605.080892][T13895] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2219'. [ 605.142348][T13885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2214'. [ 605.189613][T13897] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2220'. [ 606.516729][T13918] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2224'. [ 608.024192][T13949] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2235'. [ 608.997375][T13974] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2240'. [ 609.736958][T13986] netlink: 338 bytes leftover after parsing attributes in process `syz.7.2246'. [ 609.831334][T13988] netlink: 338 bytes leftover after parsing attributes in process `syz.7.2246'. [ 613.026635][T14025] netlink: 82 bytes leftover after parsing attributes in process `syz.5.2257'. [ 613.037943][T14025] netlink: 82 bytes leftover after parsing attributes in process `syz.5.2257'. [ 613.374662][T14038] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2260'. [ 613.442733][T14036] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2258'. [ 613.500446][T14033] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 613.510274][T14033] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 613.543626][T14036] mac80211_hwsim hwsim35 wlan0: entered promiscuous mode [ 613.610987][T14036] mac80211_hwsim hwsim35 wlan0: entered allmulticast mode [ 613.639963][T14033] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 613.660930][T14033] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 613.713239][T14033] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 613.719268][T14033] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 613.850378][T14033] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 613.930433][T14033] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 613.956909][T14033] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 614.079470][T14033] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 614.939268][T14065] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2268'. [ 615.122431][T14054] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2264'. [ 615.472354][T13140] Bluetooth: hci2: command 0x0406 tx timeout [ 615.713076][T13140] Bluetooth: hci4: command 0x0406 tx timeout [ 615.792413][T13140] Bluetooth: hci0: command 0x0c1a tx timeout [ 615.952504][T13140] Bluetooth: hci1: command 0x0c1a tx timeout [ 617.554272][T13140] Bluetooth: hci2: command 0x0406 tx timeout [ 617.792481][T13140] Bluetooth: hci4: command 0x0406 tx timeout [ 617.872518][T13140] Bluetooth: hci0: command 0x0c1a tx timeout [ 618.037370][T13140] Bluetooth: hci1: command 0x0c1a tx timeout [ 619.773106][T14126] netlink: 82 bytes leftover after parsing attributes in process `syz.0.2283'. [ 619.852596][T14131] netlink: 82 bytes leftover after parsing attributes in process `syz.0.2283'. [ 619.952576][T13140] Bluetooth: hci0: command 0x0c1a tx timeout [ 620.112248][T13140] Bluetooth: hci1: command 0x0c1a tx timeout [ 620.408867][T14134] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2285'. [ 620.522404][T14133] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 620.603787][T14133] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 620.609880][T14133] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 620.764646][T14133] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 621.095314][T14149] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2291'. [ 622.612385][T13140] Bluetooth: hci2: command 0x0406 tx timeout [ 622.621509][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2298'. [ 622.672335][T13140] Bluetooth: hci0: command 0x0c1a tx timeout [ 622.678391][T13140] Bluetooth: hci4: command 0x0406 tx timeout [ 622.832279][T13140] Bluetooth: hci1: command 0x0c1a tx timeout [ 623.518207][T14187] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2301'. [ 624.526752][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.533168][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.074869][T14205] netlink: 82 bytes leftover after parsing attributes in process `syz.5.2308'. [ 625.133486][T14206] netlink: 82 bytes leftover after parsing attributes in process `syz.5.2308'. [ 625.860187][T14211] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2311'. [ 626.759257][T14223] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2312'. [ 626.836092][T14219] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 626.912672][T14219] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 626.954645][T14219] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 627.032639][T14219] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 628.012530][T14247] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2322'. [ 628.102797][T14248] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2322'. [ 628.912245][T13140] Bluetooth: hci2: command 0x0406 tx timeout [ 628.992355][T13140] Bluetooth: hci0: command 0x0c1a tx timeout [ 629.073859][T13140] Bluetooth: hci1: command 0x0c1a tx timeout [ 629.853941][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 629.863351][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 629.871267][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 629.895030][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 629.908203][ T5840] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 629.916800][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 630.101169][T14258] chnl_net:caif_netlink_parms(): no params data found [ 630.633766][T14258] bridge0: port 1(bridge_slave_0) entered blocking state [ 630.640888][T14258] bridge0: port 1(bridge_slave_0) entered disabled state [ 630.672434][T14258] bridge_slave_0: entered allmulticast mode [ 630.693369][T14258] bridge_slave_0: entered promiscuous mode [ 630.718691][T14258] bridge0: port 2(bridge_slave_1) entered blocking state [ 630.738367][T14258] bridge0: port 2(bridge_slave_1) entered disabled state [ 630.758648][T14258] bridge_slave_1: entered allmulticast mode [ 630.775951][T14258] bridge_slave_1: entered promiscuous mode [ 631.179300][T14258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 631.190986][T14258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 631.642039][T14258] team0: Port device team_slave_0 added [ 631.654623][T14258] team0: Port device team_slave_1 added [ 631.874175][T14258] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 631.881160][T14258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 631.948176][T14258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 631.959207][ T5840] Bluetooth: hci3: command tx timeout [ 631.995197][T14258] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 632.002259][T14258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 632.029343][T14258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 632.346726][T14258] hsr_slave_0: entered promiscuous mode [ 632.430072][T14258] hsr_slave_1: entered promiscuous mode [ 632.548319][T14258] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 632.555958][T14258] Cannot create hsr debugfs directory [ 633.416260][T14301] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2339'. [ 633.455578][T14258] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 633.462645][T14300] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 633.491067][T14300] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 633.523616][T14258] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 633.531962][T14300] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 633.567531][T14300] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 633.573865][T14301] mac80211_hwsim hwsim28 wlan0: entered promiscuous mode [ 633.604998][T14301] mac80211_hwsim hwsim28 wlan0: entered allmulticast mode [ 633.610407][T14300] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 633.666229][T14258] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 633.791866][T14258] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 633.803242][T14300] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 634.066209][T14258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 634.116059][T14258] 8021q: adding VLAN 0 to HW filter on device team0 [ 634.157537][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.164682][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 634.209584][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.216754][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 634.289995][T14258] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 634.816616][T14258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 635.472345][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 635.572344][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 635.578483][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 635.632368][ T5840] Bluetooth: hci3: command 0x040f tx timeout [ 635.736772][T14258] veth0_vlan: entered promiscuous mode [ 635.780221][T14258] veth1_vlan: entered promiscuous mode [ 635.831306][T14258] veth0_macvtap: entered promiscuous mode [ 635.910862][T14258] veth1_macvtap: entered promiscuous mode [ 635.961085][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.006198][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.032483][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.072200][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.100977][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.137464][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.147436][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.158587][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.168898][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.179709][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.189633][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 636.200210][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.213194][T14258] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 636.584595][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 636.595309][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.605228][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 636.615756][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.625636][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 636.636134][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.646327][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 636.662213][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.672439][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 636.683827][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.694016][T14258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 636.704514][T14258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 636.715433][T14258] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 636.725452][T14258] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.734224][T14258] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.743311][T14258] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 636.752025][T14258] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.074909][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.083183][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 637.130031][T10517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.142286][T10517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 637.718957][T13140] Bluetooth: hci3: command 0x040f tx timeout [ 639.780893][T14389] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2364'. [ 639.793449][T13140] Bluetooth: hci3: command 0x040f tx timeout [ 640.981438][T14403] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2366'. [ 641.415977][T14409] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 641.451681][T14409] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 641.479375][T14409] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 641.492752][T14409] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 641.556396][T14409] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2369'. [ 643.482599][T13140] Bluetooth: hci0: command 0x0c1a tx timeout [ 643.488803][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 643.552478][T13140] Bluetooth: hci3: command 0x040f tx timeout [ 643.558539][T13140] Bluetooth: hci1: command 0x0c1a tx timeout [ 644.758467][T14465] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2386'. [ 645.639788][T13140] Bluetooth: hci3: command 0x040f tx timeout [ 646.617891][T14504] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2401'. [ 650.150553][T14569] bond0: no command found in slaves file - use +ifname or -ifname [ 652.144056][T14597] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 652.175982][T14597] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 652.219365][T14597] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 652.263215][T14597] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 653.771836][T14624] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2433'. [ 654.192569][T13140] Bluetooth: hci0: command 0x0c1a tx timeout [ 654.198704][ T5840] Bluetooth: hci2: command 0x0406 tx timeout [ 654.253157][T14640] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2435'. [ 654.277062][T13140] Bluetooth: hci3: command 0x040f tx timeout [ 654.277074][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 654.783309][T14651] raw_sendmsg: syz.8.2437 forgot to set AF_INET. Fix it! [ 661.887489][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 661.896415][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 661.908722][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 661.924009][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 661.932594][ T5840] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 661.939884][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 662.471614][T14746] netlink: 82 bytes leftover after parsing attributes in process `syz.8.2462'. [ 662.495137][T14735] chnl_net:caif_netlink_parms(): no params data found [ 662.534417][T14746] netlink: 82 bytes leftover after parsing attributes in process `syz.8.2462'. [ 663.023885][T14735] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.031017][T14735] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.066281][T14735] bridge_slave_0: entered allmulticast mode [ 663.083306][T14735] bridge_slave_0: entered promiscuous mode [ 663.110451][T14735] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.126689][T14735] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.141735][T14735] bridge_slave_1: entered allmulticast mode [ 663.155750][T14735] bridge_slave_1: entered promiscuous mode [ 663.390265][T14735] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 663.433887][T14735] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 663.528765][T14755] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2464'. [ 664.032496][T13140] Bluetooth: hci2: command tx timeout [ 664.116273][T14735] team0: Port device team_slave_0 added [ 664.151434][T14735] team0: Port device team_slave_1 added [ 664.152727][T14765] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2467'. [ 664.493608][T14735] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 664.500595][T14735] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.582230][T14735] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 664.599744][T14735] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.627449][T14735] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.670418][T14735] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 664.742776][T14769] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 664.749567][T14769] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 664.756323][T14769] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 664.772569][T14769] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 664.778609][T14769] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 664.888017][T14769] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 665.328073][T14735] hsr_slave_0: entered promiscuous mode [ 665.387179][T14735] hsr_slave_1: entered promiscuous mode [ 665.405155][T14735] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 665.424486][T14735] Cannot create hsr debugfs directory [ 666.395127][T14735] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 666.478314][T14735] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 666.559400][T14735] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 666.654917][T14735] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 666.752708][ T5840] Bluetooth: hci0: command 0x0c1a tx timeout [ 666.839829][ T5840] Bluetooth: hci2: command 0x040f tx timeout [ 666.839850][T13140] Bluetooth: hci3: command 0x040f tx timeout [ 666.846049][ T5840] Bluetooth: hci1: command 0x0c1a tx timeout [ 666.934643][T14735] 8021q: adding VLAN 0 to HW filter on device bond0 [ 666.976125][T14735] 8021q: adding VLAN 0 to HW filter on device team0 [ 667.006249][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 667.013427][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 667.061387][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 667.068570][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 667.191810][T14735] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 667.565435][T14735] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 668.101146][T14735] veth0_vlan: entered promiscuous mode [ 668.156309][T14735] veth1_vlan: entered promiscuous mode [ 668.190169][T14735] veth0_macvtap: entered promiscuous mode [ 668.243411][T14735] veth1_macvtap: entered promiscuous mode [ 668.294454][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.306289][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.334785][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.352323][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.392231][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.410534][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.432215][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.461223][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.502394][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.532412][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.554733][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.581483][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.622317][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 668.641442][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.703837][T14735] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 668.751842][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.772215][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.782047][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.821813][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.832939][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.862447][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.882536][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.907479][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.917500][T14794] Bluetooth: hci2: command 0x040f tx timeout [ 668.949522][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.969789][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.998119][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.032501][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.057082][T14735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 669.076783][T14735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 669.108948][T14735] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 669.164961][T14735] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.183959][T14735] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.229554][T14735] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.262311][T14735] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 669.456032][T14826] sctp: [Deprecated]: syz.7.2482 (pid 14826) Use of int in max_burst socket option. [ 669.456032][T14826] Use struct sctp_assoc_value instead [ 669.589290][T14821] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 669.654479][T14821] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 669.709749][T14821] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 669.739699][T14821] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 669.899242][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 669.945773][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.055629][T14742] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.102420][T14742] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 671.110087][T14843] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2459'. [ 671.284351][T14840] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2486'. [ 671.642521][T14794] Bluetooth: hci0: command 0x0c1a tx timeout [ 671.712333][T14794] Bluetooth: hci3: command 0x040f tx timeout [ 671.712367][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 671.794288][ T5829] Bluetooth: hci2: command 0x040f tx timeout [ 673.463512][T14869] netlink: 338 bytes leftover after parsing attributes in process `syz.7.2493'. [ 673.512401][T14869] netlink: 338 bytes leftover after parsing attributes in process `syz.7.2493'. [ 673.876325][ T5829] Bluetooth: hci2: command 0x040f tx timeout [ 675.561277][T14887] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2498'. [ 675.952545][ T5829] Bluetooth: hci2: command 0x040f tx timeout [ 675.984128][T14900] netlink: 'syz.9.2502': attribute type 46 has an invalid length. [ 678.479808][T14941] netlink: 334 bytes leftover after parsing attributes in process `syz.6.2514'. [ 681.853827][T14985] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2526'. [ 681.903579][T14985] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2526'. [ 683.734318][T14994] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2529'. [ 685.843512][T15025] delete_channel: no stack [ 685.955135][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.971813][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 689.045977][T15058] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2549'. [ 689.081843][T15060] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2546'. [ 693.313303][T15090] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2555'. [ 693.746187][T15098] netlink: 342 bytes leftover after parsing attributes in process `syz.7.2557'. [ 693.791919][T15098] netlink: 130 bytes leftover after parsing attributes in process `syz.7.2557'. [ 694.374851][ T29] audit: type=1800 audit(4294967414.750:12): pid=15109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.2561" name="discovery_nqn" dev="configfs" ino=42523 res=0 errno=0 [ 695.440954][T15122] netlink: 334 bytes leftover after parsing attributes in process `syz.8.2567'. [ 695.595055][T15123] ALSA: mixer_oss: invalid OSS volume '' [ 695.731312][T15125] netlink: 138 bytes leftover after parsing attributes in process `syz.8.2568'. [ 697.767342][T15129] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2562'. [ 698.198740][T15160] netlink: 338 bytes leftover after parsing attributes in process `syz.7.2579'. [ 698.252426][T15161] netlink: 338 bytes leftover after parsing attributes in process `syz.7.2579'. [ 698.603697][T15165] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2580'. [ 698.819214][T15169] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2581'. [ 699.273911][T15178] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2583'. [ 701.392640][T15209] netlink: 338 bytes leftover after parsing attributes in process `syz.9.2589'. [ 701.475871][T15209] netlink: 338 bytes leftover after parsing attributes in process `syz.9.2589'. [ 702.455359][T15225] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2596'. [ 702.501522][T15244] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2598'. [ 703.184615][T15242] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2599'. [ 703.196118][T15255] netlink: 338 bytes leftover after parsing attributes in process `syz.6.2600'. [ 706.413122][T15301] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2611'. [ 706.481050][T15301] netlink: 214 bytes leftover after parsing attributes in process `syz.8.2611'. [ 706.542422][T15301] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 706.550112][T15301] IPv6: NLM_F_CREATE should be set when creating new route [ 706.557491][T15301] IPv6: NLM_F_CREATE should be set when creating new route [ 706.564850][T15301] IPv6: NLM_F_CREATE should be set when creating new route [ 707.534666][T15317] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2617'. [ 713.324551][T15374] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2638'. [ 714.367871][T15382] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 714.442496][T15382] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 714.459634][T15382] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 714.496444][T15382] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 715.310780][T15398] netlink: 330 bytes leftover after parsing attributes in process `syz.7.2645'. [ 715.614601][T15394] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2644'. [ 715.922649][T15407] netlink: 82 bytes leftover after parsing attributes in process `syz.8.2649'. [ 715.974628][T15407] netlink: 82 bytes leftover after parsing attributes in process `syz.8.2649'. [ 716.433792][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 716.515997][ T5829] Bluetooth: hci2: command 0x040f tx timeout [ 716.519660][T14794] Bluetooth: hci3: command 0x040f tx timeout [ 716.522099][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 717.076540][T15422] netlink: 326 bytes leftover after parsing attributes in process `syz.8.2656'. [ 718.640369][T15429] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2658'. [ 719.856983][T15445] netlink: 334 bytes leftover after parsing attributes in process `syz.9.2661'. [ 721.436774][T15452] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2665'. [ 721.452783][T15460] netlink: 'syz.8.2666': attribute type 4 has an invalid length. [ 721.487183][T15460] netlink: 314 bytes leftover after parsing attributes in process `syz.8.2666'. [ 721.549259][T15460] IPv6: NLM_F_CREATE should be specified when creating new route [ 721.724958][T15462] [U] [ 721.727729][T15462] [U] [ 721.730447][T15462] [U] [ 721.733161][T15462] [U] [ 721.832514][T15463] [U] [ 729.101182][T15531] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 729.108010][T15531] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 729.118227][T15531] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 729.155325][T15531] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 730.344987][T15551] mkiss: ax0: crc mode is auto. [ 731.164697][T14794] Bluetooth: hci3: command 0x040f tx timeout [ 731.170777][T14794] Bluetooth: hci1: command 0x0c1a tx timeout [ 731.172269][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 731.232274][ T5829] Bluetooth: hci2: command 0x040f tx timeout [ 731.794253][T15563] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2702'. [ 733.570885][T15592] mkiss: ax0: crc mode is auto. [ 741.053358][T15672] netlink: 22 bytes leftover after parsing attributes in process `syz.9.2734'. [ 742.958657][T15692] netlink: 22 bytes leftover after parsing attributes in process `syz.8.2741'. [ 743.593240][T15700] netlink: 22 bytes leftover after parsing attributes in process `syz.9.2743'. [ 747.415960][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.424962][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.164924][T15782] netlink: 330 bytes leftover after parsing attributes in process `syz.9.2771'. [ 751.175304][T15782] ›: renamed from veth0_vlan (while UP) [ 751.559245][T15786] netlink: 342 bytes leftover after parsing attributes in process `syz.8.2772'. [ 751.964201][T15792] netlink: 326 bytes leftover after parsing attributes in process `syz.9.2775'. [ 752.019772][T15794] netlink: 326 bytes leftover after parsing attributes in process `syz.9.2775'. [ 759.505731][T15005] syz.6.2529 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 759.515670][T15005] CPU: 1 UID: 0 PID: 15005 Comm: syz.6.2529 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 759.526471][T15005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 759.536549][T15005] Call Trace: [ 759.539856][T15005] [ 759.542816][T15005] dump_stack_lvl+0x16c/0x1f0 [ 759.547533][T15005] dump_header+0x101/0x900 [ 759.551987][T15005] oom_kill_process+0x270/0xa60 [ 759.556885][T15005] ? mem_cgroup_out_of_memory+0x8d/0x270 [ 759.562556][T15005] out_of_memory+0x351/0x1700 [ 759.567279][T15005] ? __pfx_out_of_memory+0x10/0x10 [ 759.572423][T15005] ? rcu_read_unlock+0x17/0x60 [ 759.577221][T15005] ? find_held_lock+0x2d/0x110 [ 759.582024][T15005] mem_cgroup_out_of_memory+0x207/0x270 [ 759.587600][T15005] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 759.593704][T15005] ? do_raw_spin_unlock+0x172/0x230 [ 759.598943][T15005] try_charge_memcg+0x54c/0xaf0 [ 759.603837][T15005] ? __pfx_try_charge_memcg+0x10/0x10 [ 759.609244][T15005] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 759.614730][T15005] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 759.620220][T15005] ? get_mem_cgroup_from_mm+0x131/0x5f0 [ 759.625797][T15005] __mem_cgroup_charge+0x9b/0x280 [ 759.630859][T15005] shmem_alloc_and_add_folio+0x507/0xc00 [ 759.636524][T15005] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 759.642453][T15005] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 759.648635][T15005] ? shmem_huge_global_enabled+0x176/0x250 [ 759.654478][T15005] ? shmem_allowable_huge_orders+0xcd/0x3e0 [ 759.660406][T15005] shmem_get_folio_gfp+0x689/0x1530 [ 759.665641][T15005] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 759.671308][T15005] ? find_held_lock+0x2d/0x110 [ 759.676118][T15005] shmem_write_begin+0x161/0x300 [ 759.681090][T15005] ? __pfx_shmem_write_begin+0x10/0x10 [ 759.686575][T15005] ? timestamp_truncate+0x21f/0x2e0 [ 759.691811][T15005] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 759.698700][T15005] generic_perform_write+0x2ba/0x920 [ 759.704030][T15005] ? __pfx_generic_perform_write+0x10/0x10 [ 759.709866][T15005] ? inode_needs_update_time.part.0+0x191/0x270 [ 759.716151][T15005] shmem_file_write_iter+0x10e/0x140 [ 759.721483][T15005] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 759.727329][T15005] __kernel_write_iter+0x318/0xa80 [ 759.732478][T15005] ? __pfx___kernel_write_iter+0x10/0x10 [ 759.738142][T15005] ? get_dump_page+0x15b/0x230 [ 759.742949][T15005] ? __pfx___might_resched+0x10/0x10 [ 759.748269][T15005] dump_user_range+0x389/0x8c0 [ 759.753081][T15005] ? __pfx_dump_user_range+0x10/0x10 [ 759.758404][T15005] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 759.764590][T15005] ? __pfx_writenote+0x10/0x10 [ 759.769388][T15005] elf_core_dump+0x2787/0x3880 [ 759.774202][T15005] ? __pfx_elf_core_dump+0x10/0x10 [ 759.779338][T15005] ? kasan_save_stack+0x42/0x60 [ 759.784220][T15005] ? kasan_save_stack+0x33/0x60 [ 759.789097][T15005] ? kasan_save_track+0x14/0x30 [ 759.793976][T15005] ? __kasan_kmalloc+0xaa/0xb0 [ 759.798776][T15005] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 759.804269][T15005] ? do_coredump+0x1665/0x43e0 [ 759.809069][T15005] ? get_signal+0x23f3/0x2610 [ 759.813833][T15005] ? rcu_is_watching+0x12/0xc0 [ 759.818626][T15005] ? trace_lock_acquire+0x14e/0x1f0 [ 759.823855][T15005] ? __pfx_sort+0x10/0x10 [ 759.828219][T15005] ? get_signal+0x23f3/0x2610 [ 759.832935][T15005] ? do_coredump+0x2dd5/0x43e0 [ 759.837734][T15005] do_coredump+0x2dd5/0x43e0 [ 759.842372][T15005] ? __pfx_do_coredump+0x10/0x10 [ 759.847341][T15005] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 759.853333][T15005] get_signal+0x23f3/0x2610 [ 759.857874][T15005] ? __pfx_get_signal+0x10/0x10 [ 759.862751][T15005] ? __pfx_force_sig_fault+0x10/0x10 [ 759.868075][T15005] arch_do_signal_or_restart+0x90/0x7e0 [ 759.873658][T15005] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 759.879853][T15005] ? trace_irq_disable.constprop.0+0xea/0x140 [ 759.885961][T15005] irqentry_exit_to_user_mode+0x13f/0x280 [ 759.891714][T15005] asm_exc_invalid_op+0x1a/0x20 [ 759.896591][T15005] RIP: 0033:0x0 [ 759.900074][T15005] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 759.907455][T15005] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 759.913636][T15005] RAX: 0000000000000000 RBX: 00007effdc176160 RCX: 00007effdbf85d19 [ 759.921628][T15005] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b44 [ 759.929618][T15005] RBP: 00007effdc001a20 R08: 0000000000000002 R09: 0000000000000000 [ 759.937609][T15005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.945623][T15005] R13: 0000000000000000 R14: 00007effdc176160 R15: 00007ffe13b58868 [ 759.953637][T15005] [ 759.958128][T15005] memory: usage 307200kB, limit 307200kB, failcnt 10782 [ 759.965944][T15005] memory+swap: usage 386560kB, limit 9007199254740988kB, failcnt 0 [ 759.973969][T15005] kmem: usage 4116kB, limit 9007199254740988kB, failcnt 0 [ 759.981096][T15005] Memory cgroup stats for /syz6: [ 759.981271][T15005] cache 308125696 [ 759.989908][T15005] rss 1503232 [ 759.993279][T15005] rss_huge 0 [ 759.996493][T15005] shmem 308105216 [ 760.000137][T15005] mapped_file 89808896 [ 760.004259][T15005] dirty 20480 [ 760.007557][T15005] writeback 0 [ 760.010855][T15005] workingset_refault_anon 2671 [ 760.015730][T15005] workingset_refault_file 0 [ 760.020249][T15005] swap 81264640 [ 760.023792][T15005] swapcached 729088 [ 760.027612][T15005] pgpgin 506027 [ 760.031549][T15005] pgpgout 431278 [ 760.035231][T15005] pgfault 194511 [ 760.038796][T15005] pgmajfault 327 [ 760.042474][T15005] inactive_anon 164298752 [ 760.046927][T15005] active_anon 145313792 [ 760.051630][T15005] inactive_file 20480 [ 760.055968][T15005] active_file 0 [ 760.060139][T15005] unevictable 0 [ 760.063693][T15005] hierarchical_memory_limit 314572800 [ 760.069082][T15005] hierarchical_memsw_limit 9223372036854771712 [ 760.075443][T15005] total_cache 308125696 [ 760.079615][T15005] total_rss 1503232 [ 760.083491][T15005] total_rss_huge 0 [ 760.087227][T15005] total_shmem 308105216 [ 760.091390][T15005] total_mapped_file 89808896 [ 760.096064][T15005] total_dirty 20480 [ 760.099882][T15005] total_writeback 0 [ 760.103974][T15005] total_workingset_refault_anon 2671 [ 760.109466][T15005] total_workingset_refault_file 0 [ 760.114667][T15005] total_swap 81264640 [ 760.118661][T15005] total_swapcached 729088 [ 760.123069][T15005] total_pgpgin 506027 [ 760.127061][T15005] total_pgpgout 431278 [ 760.131143][T15005] total_pgfault 194511 [ 760.135524][T15005] total_pgmajfault 327 [ 760.139609][T15005] total_inactive_anon 164298752 [ 760.144830][T15005] total_active_anon 145313792 [ 760.149520][T15005] total_inactive_file 20480 [ 760.154115][T15005] total_active_file 0 [ 760.158618][T15005] total_unevictable 0 [ 760.163042][T15005] anon_cost 0 [ 760.166343][T15005] file_cost 0 [ 760.169641][T15005] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.2529,pid=15008,uid=0 [ 760.184754][T15005] Memory cgroup out of memory: Killed process 15008 (syz.6.2529) total-vm:138980kB, anon-rss:1212kB, file-rss:50140kB, shmem-rss:32412kB, UID:0 pgtables:240kB oom_score_adj:1000 [ 761.721494][T13726] syz-executor invoked oom-killer: gfp_mask=0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=0 [ 761.811964][T13726] CPU: 0 UID: 0 PID: 13726 Comm: syz-executor Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 761.822961][T13726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 761.833039][T13726] Call Trace: [ 761.836328][T13726] [ 761.839265][T13726] dump_stack_lvl+0x16c/0x1f0 [ 761.843967][T13726] dump_header+0x101/0x900 [ 761.848420][T13726] oom_kill_process+0x270/0xa60 [ 761.853308][T13726] out_of_memory+0x351/0x1700 [ 761.858021][T13726] ? __pfx_out_of_memory+0x10/0x10 [ 761.863164][T13726] ? rcu_read_unlock+0x17/0x60 [ 761.867965][T13726] ? find_held_lock+0x2d/0x110 [ 761.872770][T13726] mem_cgroup_out_of_memory+0x207/0x270 [ 761.878344][T13726] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 761.884452][T13726] ? do_raw_spin_unlock+0x172/0x230 [ 761.889685][T13726] try_charge_memcg+0x54c/0xaf0 [ 761.894581][T13726] ? __pfx_try_charge_memcg+0x10/0x10 [ 761.899990][T13726] ? get_mem_cgroup_from_objcg+0x183/0x330 [ 761.905829][T13726] ? lock_acquire+0x2f/0xb0 [ 761.910363][T13726] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 761.916111][T13726] __memcg_kmem_charge_page+0xdb/0x2b0 [ 761.921585][T13726] __alloc_pages_noprof+0x252/0x25b0 [ 761.926884][T13726] ? find_held_lock+0x2d/0x110 [ 761.931666][T13726] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 761.937392][T13726] ? hlock_class+0x4e/0x130 [ 761.941901][T13726] ? __lock_acquire+0x15a9/0x3c40 [ 761.946959][T13726] ? __pfx___lock_acquire+0x10/0x10 [ 761.952170][T13726] ? mark_lock+0xb5/0xc60 [ 761.956507][T13726] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 761.962410][T13726] ? policy_nodemask+0xea/0x4e0 [ 761.967272][T13726] alloc_pages_mpol_noprof+0x2c9/0x610 [ 761.972747][T13726] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 761.978740][T13726] ? copy_page_range+0x2703/0x57d0 [ 761.983863][T13726] ? trace_lock_acquire+0x14e/0x1f0 [ 761.989080][T13726] __pud_alloc+0x39/0x640 [ 761.993416][T13726] copy_page_range+0x3945/0x57d0 [ 761.998382][T13726] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 762.004285][T13726] ? mas_destroy+0x5ba/0x9e0 [ 762.008887][T13726] ? __pfx_copy_page_range+0x10/0x10 [ 762.014192][T13726] ? mas_store+0x53d/0xac0 [ 762.018621][T13726] ? __pfx_mas_store+0x10/0x10 [ 762.023390][T13726] ? lock_acquire+0x2f/0xb0 [ 762.027891][T13726] ? copy_mm+0xf74/0x2550 [ 762.032241][T13726] ? up_write+0x1b2/0x520 [ 762.036575][T13726] copy_mm+0x1237/0x2550 [ 762.040833][T13726] ? __pfx_copy_mm+0x10/0x10 [ 762.045433][T13726] ? copy_process+0x3ca7/0x6f20 [ 762.050301][T13726] ? __raw_spin_lock_init+0x3a/0x110 [ 762.055595][T13726] copy_process+0x3e6d/0x6f20 [ 762.060292][T13726] ? __pfx_copy_process+0x10/0x10 [ 762.065336][T13726] kernel_clone+0xfd/0x960 [ 762.069764][T13726] ? __pfx_kernel_clone+0x10/0x10 [ 762.074807][T13726] ? find_held_lock+0x59/0x110 [ 762.079580][T13726] ? find_held_lock+0x2d/0x110 [ 762.084357][T13726] __do_sys_clone+0xba/0x100 [ 762.088956][T13726] ? __pfx___do_sys_clone+0x10/0x10 [ 762.094171][T13726] ? do_user_addr_fault+0x83d/0x13f0 [ 762.099463][T13726] do_syscall_64+0xcd/0x250 [ 762.103979][T13726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.109882][T13726] RIP: 0033:0x7fd8f4f7c593 [ 762.114306][T13726] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 762.133920][T13726] RSP: 002b:00007ffce39fb648 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 762.142335][T13726] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd8f4f7c593 [ 762.150307][T13726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 762.158279][T13726] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 762.166250][T13726] R10: 000055558daf37d0 R11: 0000000000000246 R12: 0000000000000000 [ 762.174222][T13726] R13: 000055558db06590 R14: 00007ffce39fb7d0 R15: 0000000000000097 [ 762.182221][T13726] [ 762.238187][T13726] memory: usage 307200kB, limit 307200kB, failcnt 8161 [ 762.245227][T13726] memory+swap: usage 351528kB, limit 9007199254740988kB, failcnt 0 [ 762.253385][T13726] kmem: usage 2536kB, limit 9007199254740988kB, failcnt 0 [ 762.260527][T13726] Memory cgroup stats for /syz7: [ 762.260833][T13726] cache 311070720 [ 762.269525][T13726] rss 815104 [ 762.274659][T13726] rss_huge 0 [ 762.277886][T13726] shmem 311070720 [ 762.281534][T13726] mapped_file 58249216 [ 762.282050][ T31] oom_reaper: reaped process 15008 (syz.6.2529), now anon-rss:48kB, file-rss:3044kB, shmem-rss:0kB [ 762.286147][T13726] dirty 0 [ 762.300193][T13726] writeback 0 [ 762.303784][T13726] workingset_refault_anon 1180 [ 762.309058][T13726] workingset_refault_file 36 [ 762.314302][T13726] swap 45391872 [ 762.317780][T13726] swapcached 69632 [ 762.321512][T13726] pgpgin 424562 [ 762.325188][T13726] pgpgout 350445 [ 762.328754][T13726] pgfault 189004 [ 762.332437][T13726] pgmajfault 254 [ 762.336002][T13726] inactive_anon 250638336 [ 762.340339][T13726] active_anon 61317120 [ 762.344548][T13726] inactive_file 0 [ 762.348196][T13726] active_file 0 [ 762.351662][T13726] unevictable 0 [ 762.365133][T13726] hierarchical_memory_limit 314572800 [ 762.370533][T13726] hierarchical_memsw_limit 9223372036854771712 [ 762.376817][T13726] total_cache 311070720 [ 762.380989][T13726] total_rss 815104 [ 762.384800][T13726] total_rss_huge 0 [ 762.389050][T13726] total_shmem 311070720 [ 762.395092][T13726] total_mapped_file 58249216 [ 762.399711][T13726] total_dirty 0 [ 762.420160][T13726] total_writeback 0 [ 762.424102][T13726] total_workingset_refault_anon 1180 [ 762.429403][T13726] total_workingset_refault_file 36 [ 762.435167][T13726] total_swap 45391872 [ 762.439171][T13726] total_swapcached 69632 [ 762.452242][T13726] total_pgpgin 424562 [ 762.456247][T13726] total_pgpgout 350445 [ 762.460328][T13726] total_pgfault 189004 [ 762.492199][T13726] total_pgmajfault 254 [ 762.496298][T13726] total_inactive_anon 250638336 [ 762.501164][T13726] total_active_anon 61317120 [ 762.522291][T13726] total_inactive_file 0 [ 762.526481][T13726] total_active_file 0 [ 762.530475][T13726] total_unevictable 0 [ 762.565490][T13726] anon_cost 0 [ 762.568829][T13726] file_cost 0 [ 762.592230][T13726] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz7,task_memcg=/syz7,task=syz.7.2725,pid=15642,uid=0 [ 762.643875][T13726] Memory cgroup out of memory: Killed process 15642 (syz.7.2725) total-vm:136528kB, anon-rss:792kB, file-rss:65884kB, shmem-rss:18432kB, UID:0 pgtables:240kB oom_score_adj:1000 [ 763.908230][T15861] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2797'. [ 764.162606][T15861] netlink: 342 bytes leftover after parsing attributes in process `syz.6.2797'. [ 764.245713][T13726] syz-executor invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 764.257228][T15865] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2798'. [ 764.322155][T13726] CPU: 0 UID: 0 PID: 13726 Comm: syz-executor Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 764.333145][T13726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 764.340026][T15866] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2798'. [ 764.343205][T13726] Call Trace: [ 764.343218][T13726] [ 764.343229][T13726] dump_stack_lvl+0x16c/0x1f0 [ 764.343264][T13726] dump_header+0x101/0x900 [ 764.364180][T15865] HfR: entered promiscuous mode [ 764.367477][T13726] oom_kill_process+0x270/0xa60 [ 764.377211][T13726] out_of_memory+0x351/0x1700 [ 764.381930][T13726] ? __pfx_out_of_memory+0x10/0x10 [ 764.387063][T13726] ? rcu_read_unlock+0x17/0x60 [ 764.391843][T13726] ? find_held_lock+0x2d/0x110 [ 764.396623][T13726] mem_cgroup_out_of_memory+0x207/0x270 [ 764.402174][T13726] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 764.408253][T13726] ? do_raw_spin_unlock+0x172/0x230 [ 764.413462][T13726] try_charge_memcg+0x54c/0xaf0 [ 764.418326][T13726] ? __pfx_try_charge_memcg+0x10/0x10 [ 764.423703][T13726] ? get_mem_cgroup_from_objcg+0x183/0x330 [ 764.429514][T13726] ? lock_acquire+0x2f/0xb0 [ 764.434025][T13726] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 764.439752][T13726] obj_cgroup_charge+0x179/0x4d0 [ 764.444703][T13726] __memcg_slab_post_alloc_hook+0x1b6/0x9b0 [ 764.450608][T13726] ? kasan_save_track+0x14/0x30 [ 764.455470][T13726] kmem_cache_alloc_noprof+0x310/0x3b0 [ 764.460940][T13726] ? vm_area_dup+0x21/0x300 [ 764.465461][T13726] vm_area_dup+0x21/0x300 [ 764.469798][T13726] copy_mm+0xd89/0x2550 [ 764.473971][T13726] ? __pfx_copy_mm+0x10/0x10 [ 764.478567][T13726] ? copy_process+0x3ca7/0x6f20 [ 764.483432][T13726] ? __raw_spin_lock_init+0x3a/0x110 [ 764.488727][T13726] copy_process+0x3e6d/0x6f20 [ 764.493421][T13726] ? __pfx_copy_process+0x10/0x10 [ 764.498464][T13726] kernel_clone+0xfd/0x960 [ 764.502893][T13726] ? __pfx_kernel_clone+0x10/0x10 [ 764.507933][T13726] ? find_held_lock+0x59/0x110 [ 764.512706][T13726] ? find_held_lock+0x2d/0x110 [ 764.517480][T13726] __do_sys_clone+0xba/0x100 [ 764.522077][T13726] ? __pfx___do_sys_clone+0x10/0x10 [ 764.527299][T13726] ? do_user_addr_fault+0x83d/0x13f0 [ 764.532596][T13726] do_syscall_64+0xcd/0x250 [ 764.537112][T13726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.543013][T13726] RIP: 0033:0x7fd8f4f7c593 [ 764.547428][T13726] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00 [ 764.567040][T13726] RSP: 002b:00007ffce39fb648 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 764.575460][T13726] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd8f4f7c593 [ 764.583433][T13726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 764.591401][T13726] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 764.599371][T13726] R10: 000055558daf37d0 R11: 0000000000000246 R12: 0000000000000000 [ 764.607341][T13726] R13: 000055558db06590 R14: 00007ffce39fb7d0 R15: 0000000000000097 [ 764.615326][T13726] [ 764.857869][T13726] memory: usage 304020kB, limit 307200kB, failcnt 8948 [ 764.905657][T13726] memory+swap: usage 347448kB, limit 9007199254740988kB, failcnt 0 [ 765.031619][T13726] kmem: usage 2292kB, limit 9007199254740988kB, failcnt 0 [ 765.142246][T13726] Memory cgroup stats for /syz7: [ 765.142438][T13726] cache 303951872 [ 765.151530][T13726] rss 667648 [ 765.252172][T13726] rss_huge 0 [ 765.255975][T13726] shmem 303951872 [ 765.259634][T13726] mapped_file 41353216 [ 765.402487][T13726] dirty 0 [ 765.467019][T13726] writeback 0 [ 765.470350][T13726] workingset_refault_anon 1180 [ 765.522216][T13726] workingset_refault_file 36 [ 765.526857][T13726] swap 45555712 [ 765.530338][T13726] swapcached 69632 [ 765.752225][T13726] pgpgin 425599 [ 765.755743][T13726] pgpgout 353225 [ 765.759309][T13726] pgfault 189522 [ 765.772295][T13726] pgmajfault 254 [ 765.786837][T13726] inactive_anon 249786368 [ 765.791723][T13726] active_anon 54902784 [ 765.839257][T15879] kernel read not supported for file /éçTµhÊYdèܨ3ô`Ãüå—e&jdˆKÜBUXàØ0z¾Lš¼æÆ84³ÿÿÿÿ (pid: 15879 comm: syz.8.2801) [ 765.884415][T13726] inactive_file 0 [ 765.888098][T13726] active_file 0 [ 765.951208][ T29] audit: type=1800 audit(4294967486.330:13): pid=15879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.2801" name=E9E71E54B568CA0E5964E8DCA833F46006C310FCE59765266A64884BDC425558E01BD8307A04BE4C9ABCE6C63834B3FFFFFFFF dev="mqueue" ino=46153 res=0 errno=0 [ 765.980149][T13726] unevictable 0 [ 765.996217][T13726] hierarchical_memory_limit 314572800 [ 766.027474][T13726] hierarchical_memsw_limit 9223372036854771712 [ 766.090991][T13726] total_cache 303951872 [ 766.152161][T13726] total_rss 667648 [ 766.164748][T13726] total_rss_huge 0 [ 766.216949][T13726] total_shmem 303951872 [ 766.221154][T13726] total_mapped_file 41353216 [ 766.301685][T13726] total_dirty 0 [ 766.372947][T13726] total_writeback 0 [ 766.376802][T13726] total_workingset_refault_anon 1180 [ 766.432149][T13726] total_workingset_refault_file 36 [ 766.498436][T13726] total_swap 45555712 [ 766.514936][T13726] total_swapcached 69632 [ 766.519220][T13726] total_pgpgin 425599 [ 766.642849][T13726] total_pgpgout 353225 [ 766.646971][T13726] total_pgfault 189522 [ 766.708787][T13726] total_pgmajfault 254 [ 766.772177][T13726] total_inactive_anon 249786368 [ 766.857394][T13726] total_active_anon 54902784 [ 766.862037][T13726] total_inactive_file 0 [ 766.980538][T13726] total_active_file 0 [ 767.032206][T13726] total_unevictable 0 [ 767.093835][T13726] anon_cost 0 [ 767.122256][T13726] file_cost 0 [ 767.170014][T13726] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz7,task_memcg=/syz7,task=syz.7.2732,pid=15674,uid=0 [ 767.262952][T13726] Memory cgroup out of memory: Killed process 15674 (syz.7.2732) total-vm:138980kB, anon-rss:912kB, file-rss:36564kB, shmem-rss:16896kB, UID:0 pgtables:188kB oom_score_adj:1000 [ 767.496759][T15876] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 768.873339][T15896] mtrr: base(0x100000) is not aligned on a size(0x2e001800000) boundary [ 768.952499][T15894] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 768.987440][T15894] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 768.994246][T15894] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 769.001421][T15894] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 770.992698][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 770.998864][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 771.072642][ T5829] Bluetooth: hci2: command 0x040f tx timeout [ 771.079665][ T5829] Bluetooth: hci3: command 0x040f tx timeout [ 772.020301][T15938] kernel read not supported for file /éçTµhÊYdèܨ3ô`Ãüå—e&jdˆKÜBUXàØ0z¾Lš¼æÆ84³ÿÿÿÿ (pid: 15938 comm: syz.7.2818) [ 772.123295][ T29] audit: type=1800 audit(4294967492.490:14): pid=15938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2818" name=E9E71E54B568CA0E5964E8DCA833F46006C310FCE59765266A64884BDC425558E01BD8307A04BE4C9ABCE6C63834B3FFFFFFFF dev="mqueue" ino=46268 res=0 errno=0 [ 772.915982][T15948] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2822'. [ 781.906186][T16071] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2857'. [ 782.367992][T16074] netlink: 243 bytes leftover after parsing attributes in process `syz.9.2859'. [ 784.562268][T16105] can0: slcan on pty48. [ 784.907203][T16108] can0 (unregistered): slcan off pty48. [ 786.564634][T16130] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2872'. [ 789.012828][T16197] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2881'. [ 791.773234][T16252] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2892'. [ 792.258657][T16258] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 792.286810][T16258] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 793.362831][T16275] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2898'. [ 793.765570][T16281] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2901'. [ 794.010570][T15072] syz.6.2546 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 794.120674][T16287] [ 794.123048][T16287] ====================================================== [ 794.130083][T16287] WARNING: possible circular locking dependency detected [ 794.137120][T16287] 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 Not tainted [ 794.144245][T16287] ------------------------------------------------------ [ 794.151275][T16287] syz.7.2903/16287 is trying to acquire lock: [ 794.157354][T16287] ffff88801bf04c98 (sk_lock-AF_INET){+.+.}-{0:0}, at: sockopt_lock_sock+0x54/0x70 [ 794.166626][T16287] [ 794.166626][T16287] but task is already holding lock: [ 794.174003][T16287] ffffffff8fabf288 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_getsockopt+0x1e06/0x2bf0 [ 794.183095][T16287] [ 794.183095][T16287] which lock already depends on the new lock. [ 794.183095][T16287] [ 794.193496][T16287] [ 794.193496][T16287] the existing dependency chain (in reverse order) is: [ 794.202507][T16287] [ 794.202507][T16287] -> #2 (rtnl_mutex){+.+.}-{4:4}: [ 794.209724][T16287] __mutex_lock+0x19b/0xa60 [ 794.214758][T16287] do_ipv6_setsockopt+0x1f4d/0x4660 [ 794.220480][T16287] ipv6_setsockopt+0xcb/0x170 [ 794.225684][T16287] tcp_setsockopt+0xa4/0x100 [ 794.230797][T16287] smc_setsockopt+0x1b4/0xc00 [ 794.236004][T16287] do_sock_setsockopt+0x222/0x480 [ 794.241560][T16287] __sys_setsockopt+0x1a0/0x230 [ 794.246937][T16287] __x64_sys_setsockopt+0xbd/0x160 [ 794.252579][T16287] do_syscall_64+0xcd/0x250 [ 794.257608][T16287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.264032][T16287] [ 794.264032][T16287] -> #1 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 794.272637][T16287] __mutex_lock+0x19b/0xa60 [ 794.277666][T16287] smc_switch_to_fallback+0x2d/0xa00 [ 794.283489][T16287] smc_sendmsg+0x13d/0x520 [ 794.288433][T16287] ____sys_sendmsg+0x9ae/0xb40 [ 794.293720][T16287] ___sys_sendmsg+0x135/0x1e0 [ 794.298919][T16287] __sys_sendmsg+0x16e/0x220 [ 794.304033][T16287] do_syscall_64+0xcd/0x250 [ 794.309063][T16287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.315489][T16287] [ 794.315489][T16287] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 794.323138][T16287] __lock_acquire+0x249e/0x3c40 [ 794.328519][T16287] lock_acquire.part.0+0x11b/0x380 [ 794.334147][T16287] lock_sock_nested+0x3a/0xf0 [ 794.339355][T16287] sockopt_lock_sock+0x54/0x70 [ 794.344646][T16287] do_ip_getsockopt+0x115c/0x2bf0 [ 794.350193][T16287] ip_getsockopt+0x9c/0x1e0 [ 794.355220][T16287] raw_getsockopt+0x4d/0x1e0 [ 794.360330][T16287] do_sock_getsockopt+0x3fe/0x870 [ 794.365871][T16287] __sys_getsockopt+0x12f/0x260 [ 794.371245][T16287] __x64_sys_getsockopt+0xbd/0x160 [ 794.376882][T16287] do_syscall_64+0xcd/0x250 [ 794.381905][T16287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.388320][T16287] [ 794.388320][T16287] other info that might help us debug this: [ 794.388320][T16287] [ 794.398538][T16287] Chain exists of: [ 794.398538][T16287] sk_lock-AF_INET --> &smc->clcsock_release_lock --> rtnl_mutex [ 794.398538][T16287] [ 794.412100][T16287] Possible unsafe locking scenario: [ 794.412100][T16287] [ 794.419539][T16287] CPU0 CPU1 [ 794.424894][T16287] ---- ---- [ 794.430252][T16287] lock(rtnl_mutex); [ 794.434231][T16287] lock(&smc->clcsock_release_lock); [ 794.442122][T16287] lock(rtnl_mutex); [ 794.448629][T16287] lock(sk_lock-AF_INET); [ 794.453045][T16287] [ 794.453045][T16287] *** DEADLOCK *** [ 794.453045][T16287] [ 794.461176][T16287] 1 lock held by syz.7.2903/16287: [ 794.466277][T16287] #0: ffffffff8fabf288 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_getsockopt+0x1e06/0x2bf0 [ 794.475773][T16287] [ 794.475773][T16287] stack backtrace: [ 794.481652][T16287] CPU: 1 UID: 0 PID: 16287 Comm: syz.7.2903 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 794.492411][T16287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 794.502470][T16287] Call Trace: [ 794.505741][T16287] [ 794.508669][T16287] dump_stack_lvl+0x116/0x1f0 [ 794.513351][T16287] print_circular_bug+0x41c/0x610 [ 794.518389][T16287] check_noncircular+0x31a/0x400 [ 794.523341][T16287] ? __pfx_check_noncircular+0x10/0x10 [ 794.528808][T16287] ? register_lock_class+0xb1/0x1240 [ 794.534094][T16287] ? lockdep_lock+0xc6/0x200 [ 794.538692][T16287] ? __pfx_lockdep_lock+0x10/0x10 [ 794.543724][T16287] __lock_acquire+0x249e/0x3c40 [ 794.548591][T16287] ? __pfx___lock_acquire+0x10/0x10 [ 794.553799][T16287] ? do_ip_getsockopt+0x1e06/0x2bf0 [ 794.558997][T16287] ? rcu_is_watching+0x12/0xc0 [ 794.563767][T16287] lock_acquire.part.0+0x11b/0x380 [ 794.568877][T16287] ? sockopt_lock_sock+0x54/0x70 [ 794.573822][T16287] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 794.579461][T16287] ? rcu_is_watching+0x12/0xc0 [ 794.584229][T16287] ? trace_lock_acquire+0x14e/0x1f0 [ 794.589435][T16287] ? sockopt_lock_sock+0x54/0x70 [ 794.594386][T16287] ? lock_acquire+0x2f/0xb0 [ 794.598887][T16287] ? sockopt_lock_sock+0x54/0x70 [ 794.603829][T16287] lock_sock_nested+0x3a/0xf0 [ 794.608512][T16287] ? sockopt_lock_sock+0x54/0x70 [ 794.613460][T16287] sockopt_lock_sock+0x54/0x70 [ 794.618227][T16287] do_ip_getsockopt+0x115c/0x2bf0 [ 794.623257][T16287] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 794.628628][T16287] ? plist_check_prev_next+0x12a/0x1a0 [ 794.634096][T16287] ? hlock_class+0x4e/0x130 [ 794.638600][T16287] ? mark_lock+0xb5/0xc60 [ 794.642942][T16287] ? aa_label_sk_perm+0x19d/0x5a0 [ 794.647982][T16287] ? __lock_acquire+0x15a9/0x3c40 [ 794.653024][T16287] ? __pfx___lock_acquire+0x10/0x10 [ 794.658234][T16287] ? find_held_lock+0x2d/0x110 [ 794.663003][T16287] ip_getsockopt+0x9c/0x1e0 [ 794.667510][T16287] ? __pfx_ip_getsockopt+0x10/0x10 [ 794.672627][T16287] ? lock_acquire+0x2f/0xb0 [ 794.677125][T16287] ? __might_fault+0xe3/0x190 [ 794.681809][T16287] ? __might_fault+0xe3/0x190 [ 794.686495][T16287] raw_getsockopt+0x4d/0x1e0 [ 794.691082][T16287] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 794.696993][T16287] do_sock_getsockopt+0x3fe/0x870 [ 794.702017][T16287] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 794.707561][T16287] ? lock_acquire+0x2f/0xb0 [ 794.712061][T16287] ? __fget_files+0x40/0x3a0 [ 794.716660][T16287] ? __fget_files+0x206/0x3a0 [ 794.721342][T16287] __sys_getsockopt+0x12f/0x260 [ 794.726200][T16287] __x64_sys_getsockopt+0xbd/0x160 [ 794.731318][T16287] ? do_syscall_64+0x91/0x250 [ 794.735999][T16287] ? lockdep_hardirqs_on+0x7c/0x110 [ 794.741197][T16287] do_syscall_64+0xcd/0x250 [ 794.745706][T16287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.751605][T16287] RIP: 0033:0x7fd8f4f85d19 [ 794.756018][T16287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 794.775625][T16287] RSP: 002b:00007fd8f5e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 794.784035][T16287] RAX: ffffffffffffffda RBX: 00007fd8f5175fa0 RCX: 00007fd8f4f85d19 [ 794.792001][T16287] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000003 [ 794.799971][T16287] RBP: 00007fd8f5001a20 R08: 0000000020000040 R09: 0000000000000000 [ 794.807948][T16287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 794.815914][T16287] R13: 0000000000000000 R14: 00007fd8f5175fa0 R15: 00007ffce39fb3b8 [ 794.823893][T16287] [ 794.842203][T15072] CPU: 0 UID: 0 PID: 15072 Comm: syz.6.2546 Not tainted 6.13.0-rc2-syzkaller-00362-g2d8308bf5b67 #0 [ 794.852991][T15072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 794.863039][T15072] Call Trace: [ 794.866311][T15072] [ 794.869239][T15072] dump_stack_lvl+0x16c/0x1f0 [ 794.873932][T15072] dump_header+0x101/0x900 [ 794.878362][T15072] oom_kill_process+0x270/0xa60 [ 794.883213][T15072] ? mem_cgroup_out_of_memory+0x8d/0x270 [ 794.888845][T15072] out_of_memory+0x351/0x1700 [ 794.893523][T15072] ? __pfx_out_of_memory+0x10/0x10 [ 794.898634][T15072] ? rcu_read_unlock+0x17/0x60 [ 794.903402][T15072] ? find_held_lock+0x2d/0x110 [ 794.908176][T15072] mem_cgroup_out_of_memory+0x207/0x270 [ 794.913723][T15072] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 794.919789][T15072] ? do_raw_spin_unlock+0x172/0x230 [ 794.924987][T15072] try_charge_memcg+0x54c/0xaf0 [ 794.929841][T15072] ? __pfx_try_charge_memcg+0x10/0x10 [ 794.935219][T15072] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 794.940674][T15072] ? get_mem_cgroup_from_mm+0x87/0x5f0 [ 794.946133][T15072] ? get_mem_cgroup_from_mm+0x131/0x5f0 [ 794.951682][T15072] __mem_cgroup_charge+0x9b/0x280 [ 794.956713][T15072] shmem_alloc_and_add_folio+0x507/0xc00 [ 794.962346][T15072] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 794.968240][T15072] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 794.974391][T15072] ? shmem_huge_global_enabled+0x176/0x250 [ 794.980201][T15072] ? shmem_allowable_huge_orders+0xcd/0x3e0 [ 794.986094][T15072] shmem_get_folio_gfp+0x689/0x1530 [ 794.991292][T15072] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 794.996924][T15072] ? find_held_lock+0x2d/0x110 [ 795.001689][T15072] shmem_write_begin+0x161/0x300 [ 795.006625][T15072] ? __pfx_shmem_write_begin+0x10/0x10 [ 795.012086][T15072] ? timestamp_truncate+0x21f/0x2e0 [ 795.017287][T15072] ? balance_dirty_pages_ratelimited_flags+0x92/0x1270 [ 795.024159][T15072] generic_perform_write+0x2ba/0x920 [ 795.029458][T15072] ? __pfx_generic_perform_write+0x10/0x10 [ 795.035264][T15072] ? inode_needs_update_time.part.0+0x191/0x270 [ 795.041517][T15072] shmem_file_write_iter+0x10e/0x140 [ 795.046813][T15072] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 795.052626][T15072] __kernel_write_iter+0x318/0xa80 [ 795.057742][T15072] ? __pfx___kernel_write_iter+0x10/0x10 [ 795.063380][T15072] ? get_dump_page+0x15b/0x230 [ 795.068150][T15072] ? __pfx___might_resched+0x10/0x10 [ 795.073438][T15072] dump_user_range+0x389/0x8c0 [ 795.078216][T15072] ? __pfx_dump_user_range+0x10/0x10 [ 795.083522][T15072] ? elf_coredump_extra_notes_write+0xbe/0x430 [ 795.089683][T15072] ? __pfx_writenote+0x10/0x10 [ 795.094451][T15072] elf_core_dump+0x2787/0x3880 [ 795.099223][T15072] ? __pfx_elf_core_dump+0x10/0x10 [ 795.104331][T15072] ? kasan_save_stack+0x42/0x60 [ 795.109186][T15072] ? kasan_save_stack+0x33/0x60 [ 795.114039][T15072] ? kasan_save_track+0x14/0x30 [ 795.118892][T15072] ? __kasan_kmalloc+0xaa/0xb0 [ 795.123665][T15072] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 795.129130][T15072] ? do_coredump+0x1665/0x43e0 [ 795.133898][T15072] ? get_signal+0x23f3/0x2610 [ 795.138590][T15072] ? rcu_is_watching+0x12/0xc0 [ 795.143358][T15072] ? trace_lock_acquire+0x14e/0x1f0 [ 795.148568][T15072] ? __pfx_sort+0x10/0x10 [ 795.152899][T15072] ? get_signal+0x23f3/0x2610 [ 795.157578][T15072] ? do_coredump+0x2dd5/0x43e0 [ 795.162347][T15072] do_coredump+0x2dd5/0x43e0 [ 795.166955][T15072] ? __pfx_do_coredump+0x10/0x10 [ 795.171896][T15072] ? irqentry_exit_to_user_mode+0x13f/0x280 [ 795.177812][T15072] get_signal+0x23f3/0x2610 [ 795.182325][T15072] ? __pfx_get_signal+0x10/0x10 [ 795.187180][T15072] ? __pfx_force_sig_fault+0x10/0x10 [ 795.192469][T15072] arch_do_signal_or_restart+0x90/0x7e0 [ 795.198025][T15072] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 795.204184][T15072] ? trace_irq_disable.constprop.0+0xea/0x140 [ 795.210281][T15072] irqentry_exit_to_user_mode+0x13f/0x280 [ 795.216016][T15072] asm_exc_invalid_op+0x1a/0x20 [ 795.220880][T15072] RIP: 0033:0x0 [ 795.224334][T15072] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 795.231706][T15072] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 795.237774][T15072] RAX: 0000000000000000 RBX: 00007effdc176160 RCX: 00007effdbf85d19 [ 795.245743][T15072] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b44 [ 795.253710][T15072] RBP: 00007effdc001a20 R08: 0000000000000002 R09: 0000000000000000 [ 795.261680][T15072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 795.269649][T15072] R13: 0000000000000000 R14: 00007effdc176160 R15: 00007ffe13b58868 [ 795.277623][T15072] [ 795.377745][T16289] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2904'. [ 795.386945][T16289] bridge_slave_1: left allmulticast mode [ 795.397027][T16289] bridge_slave_1: left promiscuous mode [ 795.402753][T16289] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.578144][T16289] bridge_slave_0: left allmulticast mode [ 795.584034][T16289] bridge_slave_0: left promiscuous mode [ 795.590150][T16289] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.642127][T15072] memory: usage 307200kB, limit 307200kB, failcnt 18427 [ 795.692233][T15072] memory+swap: usage 387252kB, limit 9007199254740988kB, failcnt 0 [ 795.700386][T15072] kmem: usage 4048kB, limit 9007199254740988kB, failcnt 0 [ 795.727856][T15072] Memory cgroup stats for /syz6: [ 795.728026][T15072] cache 308109312 [ 795.740960][T15072] rss 1654784 [ 795.744339][T15072] rss_huge 0 [ 795.747540][T15072] shmem 308109312 [ 795.751181][T15072] mapped_file 91365376 [ 795.756201][T15072] dirty 0 [ 795.759148][T15072] writeback 0 [ 795.762494][T15072] workingset_refault_anon 2715 [ 795.769165][T15072] workingset_refault_file 0 [ 795.773722][T15072] swap 81973248 [ 795.777185][T15072] swapcached 663552 [ 795.780989][T15072] pgpgin 538832 [ 795.784502][T15072] pgpgout 464066 [ 795.788059][T15072] pgfault 208259 [ 795.794711][T15072] pgmajfault 329 [ 795.798839][T15072] inactive_anon 92426240 [ 795.834803][T15072] active_anon 218001408 [ 795.838980][T15072] inactive_file 0 [ 795.882148][T15072] active_file 0 [ 795.885631][T15072] unevictable 0 [ 795.889089][T15072] hierarchical_memory_limit 314572800 [ 795.964780][T15072] hierarchical_memsw_limit 9223372036854771712 [ 795.970969][T15072] total_cache 308109312 [ 796.052367][T15072] total_rss 1654784 [ 796.056210][T15072] total_rss_huge 0 [ 796.059931][T15072] total_shmem 308109312 [ 796.115799][T15072] total_mapped_file 91365376 [ 796.121442][T15072] total_dirty 0 [ 796.142138][T15072] total_writeback 0 [ 796.145973][T15072] total_workingset_refault_anon 2715 [ 796.151260][T15072] total_workingset_refault_file 0 [ 796.262149][T15072] total_swap 81973248 [ 796.266165][T15072] total_swapcached 663552 [ 796.270504][T15072] total_pgpgin 538832 [ 796.355695][T15072] total_pgpgout 464066 [ 796.359901][T15072] total_pgfault 208259 [ 796.392119][T15072] total_pgmajfault 329 [ 796.396217][T15072] total_inactive_anon 92426240 [ 796.400980][T15072] total_active_anon 218001408 [ 796.486483][T15072] total_inactive_file 0 [ 796.490673][T15072] total_active_file 0 [ 796.536351][T15072] total_unevictable 0 [ 796.540368][T15072] anon_cost 0 [ 796.563976][T15072] file_cost 0 [ 796.567285][T15072] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.2529,pid=15005,uid=0 [ 796.712476][T15072] Memory cgroup out of memory: OOM victim 15005 (syz.6.2529) is already exiting. Skip killing the task