last executing test programs: 1m23.523727679s ago: executing program 2 (id=125): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_MAC_ACL(r1, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000808}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb0, r2, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x7c19}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x9f}, @NL80211_ATTR_CNTDWN_OFFS_PRESP={0x7c, 0xbb, "ef7989f796f4de83e796055ffd27b2640bdde5274727a87aba0c9c6020410949c73c46bfec85c2b29621b782bea5765d7851801ee5ddbfdb1530abd64ebd26b85390044b7b757f743bd65efe3586ad3651782b9031d29cf627a82f2fd078c4b8e8b42bc95e36f68213f9f626b18432ec034ecd886a14106a"}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x3}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x8}]}, 0xb0}, 0x1, 0x0, 0x0, 0x840}, 0x40810) socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1000000000045, 0x100000001, 0xfffdffff, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x401, 0x7ffffffb, 0x5, 0xffffffff80000000, 0x1, 0x61, 0x103}) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000940)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_TP_METER(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="3b3d2abd7000fddbdf250304000008000300", @ANYRES32=r7], 0x28}}, 0x80) ioperm$auto(0x2, 0x3, 0x1) clone$auto(0xffff, 0x7, 0xfffffffffffffffe, 0xffffffffffffffff, 0xffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r8 = openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$auto_dai_list_fops_(r8, &(0x7f0000000140)=""/204, 0xcc) clock_adjtime$auto(0x0, &(0x7f0000000000)={0x7, 0x8, 0x4, 0x8, 0x7fffffff, 0xffffffc0, 0x6, 0x5, 0x3, 0x0, 0xb9, {0x223a}, 0x1000, 0x7, 0xb, 0x5, 0x2000006, 0x101, 0x7fff, 0x3}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000980)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x27e4450eda9b705}, 0xc, &(0x7f0000000900)={&(0x7f00000004c0)={0x41c, r2, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_REKEY_DATA={0x3ff, 0x7a, 0x0, 0x1, [@typed={0xb, 0xed, 0x0, 0x0, @str='batadv\x00'}, @typed={0x8, 0x110, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x1c}}, @typed={0x14, 0x22, 0x0, 0x0, @ipv6=@private1}, @typed={0xa8, 0x4e, 0x0, 0x0, @binary="8278555e761ef165ea89d488b5f1f46adbd146cb380003fd970ec5b32234fb522f64d509371ecce00150d8ffd3fa1465148a38722badf551866d85576afe7dad3e4073cc98b06a9f37a74e1b0c982ded22c29d4c46437f85565978aa99ad78c534c2d24d26a432b70ed7cffb751605308ed9ef2cb97d521b59ae6941036d1e776950ea051080752298f826ccad7198aff34d9dd405225e3ea7ccbc1523c6830848048b9f"}, @generic="f8f73c3d2e59916394599f9121209b928af2b34614a0a7d476371fda38fb55b1eb38db8309f4342ddbad49282427dc3fa4625a3299f12905fa480f3d85bd7db2b227931888b5972c30db712c16e03eef29c75ba3c2d52a897380231613d2cc1c59a6046a17a9ef776c2e292a02fd276b421e290912ab4ed6d5c6bbb289fb938ced489ab93a5b4f56173a141404f42729f953b9df9774865593813a67f3b43e0c2f37ee8cb6ff6be4b6d045e9318984156629313c43033ce0e9569fd648", @generic="d8ece6700c76fbbb70099e9ed0c3e8e173c5231d453500079da8146da91b798fa5eb54fd644429ed83d6095f4efe8cad0991ce4dca8fd6b5b0262d1d4a2ac537097b07fcc0c36b7b83bb35cf4eabf5044a8edcd249f7641fbf33fb4207b5bfd17298377f230e8cb0d9447d29bd2ff963351e6c847148a1ceb641682a9e1af3033173b591a4e36fe1cda298b6844f919ecc2fedd4302506b9854659b4aa2fa6148b06de71ad8217d802bd61fdb40db72e5531ba5217c0df205d67b608fa76bf0b30d90898bc29fbf76f1d3ce6", @generic="ff9484f975bc6b1cefab02e881ec3438f5a1c2a4b38956cc700abe330c668252f52a4b39b8313878c0422dee364e1b12589d1b1b26a71fd483ac2257a3d4dfdac67ffa21e2c23bdbd1c4a7276b7fd113c1e047c038835abf3879c9560abf2f89ffe610ead2aba3859cba1b8773fe86a5dac91629fb3aed527302f669ada3a1833de2a2297fc2f5863ec8aa6068865d82c400bfa4e202", @nested={0x31, 0xe2, 0x0, 0x1, [@generic="13760556f68d5f76b6e9c5f24b55282030e290053464953fa3bc64c66846e6b019553a3999ede7fa81", @nested={0x4, 0x4b}]}, @generic="7ad446c230063f4cf31155568e0f22989af909bea36730b4c4464cedbbcea790db2fd6b6646d8a0ca189e62ff53f7f5bc1a496334926279c822a54984dca1d2eff612b2361bdfc666789b3df3ff02ed446df329fac9c2fb5506221b0e5ef6c57f13376875576c6242dd1f5f6aa4967d4e09f676cc70f1ab35c3e1292f20bd9bb2b5fa7fa0c159a2657ac09af52bab33149bffe3bb836d59ca0d216873c6dff05b8fc829b0b04fa536cff76cd3bcaa1cdb178a46d5c2ac91335f5bdb1f6476749302b6f3ef68a23dcea1702df6efd61e65a69d7f008156873"]}, @NL80211_ATTR_KEY_IDX={0x5}]}, 0x41c}, 0x1, 0x0, 0x0, 0x4011}, 0x20004000) adjtimex$auto(&(0x7f0000000100)={0x248a134b, 0x0, 0x4, 0x6efd, 0x8, 0x10001, 0x3, 0x0, 0x3, 0x4, 0xff, {0x9, 0x1}, 0x0, 0x81, 0x4, 0x80000000, 0x0, 0xffffffff, 0x9, 0x4, 0x4, 0x8, 0x8}) getsockopt$auto_SO_PASSCRED(r0, 0x80000000, 0x10, &(0x7f0000000200)='}d\x00', &(0x7f0000000240)=0x10) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f00000009c0), 0x40000, 0x0) pkey_free$auto(0xfffffffd) getpeername$auto(0x3, 0x0, 0x0) unshare$auto(0x40000080) r9 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) write$auto(r9, &(0x7f0000000000)='72\xa1\x84\xbd0\x00f\x19\x1c\xc7k\x00\x00\x00\x00', 0x7) 1m23.073184246s ago: executing program 2 (id=128): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capset$auto(0x0, &(0x7f0000000000)={0x3, 0x7, 0x2}) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0x20, 0xf1, 0xb0, @raw=0xfffff008}}) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/midi2\x00', 0x103341, 0x0) r2 = socket(0x2, 0x80802, 0x0) dup2$auto(r1, r2) write$auto(r2, &(0x7f0000000000)='+*&(\'\x00', 0x1ff) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000040), 0xffffffffffffffff) write$auto(0x3, 0x0, 0x100082) 1m22.237546113s ago: executing program 2 (id=132): adjtimex$auto(0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) io_uring_setup$auto(0x401, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/034/001\x00', 0x8a140, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="afa72db57000ffdbdf250e00000008000300", @ANYRES32=r2], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x0) socket(0x6, 0x2, 0x80000000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) 1m21.910183058s ago: executing program 2 (id=138): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = fanotify_init$auto(0x1f53, 0x2000000000002) r1 = open(&(0x7f0000000080)='./file0\x00', 0x4342, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) syz_clone3(&(0x7f0000000280)={0x1000000, &(0x7f0000000000)=0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000440), {0xe}, 0x0, 0x0, &(0x7f0000000ac0)=""/4088, &(0x7f0000000080)=[0xffffffffffffffff, 0x0], 0x2}, 0x58) waitid$auto(0x0, r2, &(0x7f0000000300)={@_si_pad}, 0x2, &(0x7f0000000380)={{0x8, 0x1ff}, {0x3, 0x40}, 0x5, 0x6, 0x0, 0x3, 0x7, 0x1, 0x800, 0xe, 0xfffffffffffffff8, 0x3, 0x0, 0x1, 0xa49}) r3 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x40, 0x0) readv$auto(r3, &(0x7f0000001c00)={&(0x7f0000001b80), 0x9873}, 0x6) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x9, r4, 0x80007fb, 0xe2, 0xffffffffffffffff, 0x100007, r4, 0x80000000, 0x3}, 0x6f4) (async) r5 = socket(0x2a, 0x2, 0x9) sendto$auto(r5, 0x0, 0x402, 0x0, &(0x7f0000000700)=@generic={0x2a, "e2e18340cba8fe8000"}, 0x1c) (async) close_range$auto(0x2, 0xa, 0x0) (async) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x8004) (async) r6 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) (async) syz_open_procfs$namespace(0x0, 0x0) r7 = open(&(0x7f00009e1000)='./file0\x00', 0xc162, 0x0) cachestat$auto(r0, &(0x7f0000000180)={0x5, 0x6}, &(0x7f00000001c0)={0xfffffffffffffffa, 0x7, 0x600000000, 0x9, 0x6}, 0x21a2a238) (async) ftruncate$auto(r7, 0x80) (async) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) (async, rerun: 32) ioctl$auto_posix_clock_file_operations_posix_clock(r6, 0xc0603d06, 0x0) (async, rerun: 32) fanotify_mark$auto(0x0, 0x1, 0x3a, r1, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22200, 0x154) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x115) (async) io_uring_setup$auto(0x6, &(0x7f00000000c0)={0x4, 0x3, 0x305, 0x1, 0x3, 0xfffffff8, r0, [0x0, 0x40, 0x1], {0xc6db, 0xfffffffc, 0xf2c, 0x5, 0x80000001, 0x8, 0x3, 0x4, 0x9}, {0x0, 0x1000, 0xfffffffb, 0x6, 0xd, 0x39, 0xf, 0x4, 0x6}}) r8 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SUBDIVIDE(r8, 0xc0045009, &(0x7f0000000040)) (async) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) 1m21.514677546s ago: executing program 2 (id=141): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000006c0)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="110b27bd7000fbdbdf250900000008000300", @ANYRES32=r3, @ANYBLOB="08000600", @ANYRESOCT], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x4009800) 1m21.402941536s ago: executing program 2 (id=143): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) connect$auto(0x3, 0x0, 0x6b) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) madvise$auto(0x0, 0xffffffffffff0005, 0x19) write$auto(0x3, 0x0, 0xfdef) 1m6.299136904s ago: executing program 32 (id=143): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) connect$auto(0x3, 0x0, 0x6b) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) madvise$auto(0x0, 0xffffffffffff0005, 0x19) write$auto(0x3, 0x0, 0xfdef) 7.765967218s ago: executing program 1 (id=397): r0 = getpid() prctl$auto(0x6, 0x9, r0, 0x4, 0x7) ioctl$auto_VHOST_GET_BACKEND_FEATURES(0xffffffffffffffff, 0x8008af26, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) iopl$auto(0x3) getgroups$auto(0xeda, 0x0) setsockopt$auto(0xffffffffffffffff, 0x29, 0xb, 0x0, 0xca6) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x14280, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto(0x3, 0x0, 0x1f40) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$auto(0x3, 0x40246f4c, 0x38) socket(0x26, 0x2, 0x4) socket(0x10, 0x2, 0x9) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00', @ANYBLOB="10"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xf7374674b920089e) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x902, 0x0) r2 = openat$auto_dfs_cpu_ops_debugfs(0xffffffffffffff9c, 0x0, 0x1e0183, 0x0) request_key$auto(&(0x7f0000000440)='^\')\\,\x00', 0x0, 0xfffffffffffffffd, 0x5) preadv$auto(r2, &(0x7f0000000140)={&(0x7f00000001c0), 0x7}, 0x8, 0x9, 0xffffffff) ioctl$auto_RTC_WKALM_SET(r1, 0x4028700f, 0x0) 6.150870887s ago: executing program 1 (id=402): r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c0300000001f40000a3677337f9eca9075f6bba831b53", 0x49}, 0x5, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) 5.612336476s ago: executing program 1 (id=403): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000005680)='/sys/kernel/debug/tracing/set_event\x00', 0x8000, 0x0) read$auto(0x3, 0x0, 0x400000) (fail_nth: 1) 5.012300827s ago: executing program 1 (id=405): r0 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/dynamic_events\x00', 0x18b042, 0x0) setgroups$auto(0x6, &(0x7f0000000000)) fcntl$auto_F_SETFL(r0, 0x4, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_seg6(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_SEG6_CMD_SET_TUNSRC(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="110026bd7000ffdbdf250300000014000100ff010000000000000000000000000001"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x44892) 5.004643599s ago: executing program 3 (id=407): open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x80800, 0x0) read$auto(r0, 0x0, 0x39b8) capset$auto(0x0, 0x0) capget$auto(0x0, &(0x7f0000000180)={0x2000ea6a, 0xf, 0x6}) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000003c00), 0x1a9901, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/dev_mcast\x00', 0x101000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/ipv6_route\x00', 0x101000, 0x0) r1 = syz_open_procfs$namespace(0x0, 0x0) ioctl$auto_MON_IOCX_GETX(r1, 0x4018920a, 0x0) openat$auto_rb_simple_fops_trace(0xffffffffffffff9c, 0x0, 0x40001, 0x0) socket(0x15, 0x5, 0x0) sendmsg$auto_NL80211_CMD_STOP_AP(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc}, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0xa3d9) socket(0x2b, 0x1, 0x1) listen$auto(0x3, 0x81) sendfile$auto(0x1, 0x3, 0x0, 0xc01) r3 = socket(0x10, 0x2, 0x6) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x14, r4, 0x1, 0x70bd28, 0x25dfdbfd, {0x11, 0x0, 0xfc}}, 0x14}, 0x1, 0x0, 0xffffff9e, 0x20008000}, 0x8044) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0x100082) link$auto(&(0x7f0000003240)='./file0\x00', &(0x7f0000003280)='./file2\x00') 4.752725058s ago: executing program 1 (id=408): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/vlan/config\x00', 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vidtv.0/i2c-0/dvb/dvb0.dvr0/uevent\x00', 0x183800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000280)=""/146, 0x92) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) close_range$auto(r1, r1, 0x95b) write$auto(0xffffffffffffffff, 0x0, 0xc9c8) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/block/sda/hctx0/cpu1/poll_rq_list\x00', 0x8100, 0x0) r2 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000240), 0xa2741, 0x0) writev$auto(r2, &(0x7f0000002bc0)={0x0, 0x7}, 0x7) flock$auto(r1, 0x400) adjtimex$auto(&(0x7f00000004c0)={0xf332b6e, 0x0, 0x0, 0xfffffffffffffffd, 0xd4, 0x4, 0x6, 0x0, 0x10000, 0x1, 0x0, {0x2100000000, 0x10000}, 0x3, 0x6, 0xffffffffffffffdd, 0x1008000, 0x0, 0x80000004, 0x200000000000083, 0xffffffffffff628e, 0xa747, 0xdeb1, 0x1800}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) adjtimex$auto(&(0x7f00000000c0)={0x9, 0x0, 0x867b, 0xffffffffffff307f, 0x4, 0x3ea, 0xffff8000, 0x0, 0x6, 0x5, 0xde2a, {0x50d4000000000000, 0x8}, 0xfffffffffffffffb, 0xfffffffffffffff9, 0x6, 0x4, 0x0, 0x8, 0x0, 0x41a, 0x10, 0x4, 0x1}) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x1, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000) pwrite64$auto(0xc8, &(0x7f0000001880)='S\x00', 0xe, 0x3) ioctl$auto_PROCMAP_QUERY(0xffffffffffffffff, 0xc0686611, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000100)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x8c', 0x10001, 0x0) 3.322875854s ago: executing program 3 (id=411): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r0, 0x2202, r0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000005680)='/sys/kernel/debug/tracing/set_event\x00', 0x8000, 0x0) read$auto(0x3, 0x0, 0x400000) ioctl$auto(0x3, 0x80000541b, 0xffffffffffffffff) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/ext4/sda1/options\x00', 0x6b790263a610be11, 0x0) lseek$auto(r1, 0x5, 0x0) r2 = prctl$auto_PR_GET_FPEXC(0xb, 0x0, 0xffffffffffffffff, 0x1, 0x9) close_range$auto(r2, 0x8, 0x0) r3 = openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) r4 = semctl$auto_GETPID(0x2, 0x5, 0xb, 0x8) fcntl$auto_F_GETPIPE_SZ(r3, 0x408, r4) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$auto_BLKRRPART(r5, 0x125f, 0x1000000) ioctl$auto_BLKRRPART(r5, 0x125f, 0x0) r6 = socket(0xb, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0xf000, 0x8, 0x1000000003, 0x9b72, 0x2, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0xf42c, 0x2) ioctl$auto(r6, 0x50101e, r6) 3.164208888s ago: executing program 1 (id=412): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) setgroups$auto(0xe32, 0x0) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x8, 0x400008, 0xdf, 0x111, 0x2, 0x8004) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd6\x00', 0x1ed242, 0x0) mmap$auto(0x0, 0x1, 0x7fffffff, 0x44eb1, 0x3, 0x300000000000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop6\x00', 0x8081, 0x0) ioctl$auto_SG_GET_RESERVED_SIZE(r0, 0x4c04, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x2b, 0x2, 0x0) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x4e23}, 0x67) sendmmsg$auto(r1, 0x0, 0xe, 0x5) rseq$auto(0x0, 0x7ffc, 0x200, 0x6) mmap$auto(0x1, 0x5, 0xfffffffffffffe01, 0x8011, 0xffffffffffffffff, 0x8000) mremap$auto(0x0, 0x7, 0x3fd6, 0x0, 0x1ffffffe) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto_SNDCTL_DSP_GETOPTR(r2, 0x800c5012, &(0x7f0000001340)) socket(0xa, 0x3, 0x3) select$auto(0x3, 0x0, 0x0, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) bpf$auto(0x3c0, 0x0, 0xfb7) shutdown$auto(0x200000003, 0x2) 2.912490124s ago: executing program 3 (id=413): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x4, 0x0) epoll_create$auto(0x3e) socket(0x10, 0x4, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/loop6/hctx0/type\x00', 0x80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1e, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0x100) socketpair$auto(0x8, 0x7, 0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r1, 0x8924, 0x0) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002240)='/dev/cec17\x00', 0x181680, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000001ec0), 0x40000, 0x0) readv$auto(r3, &(0x7f0000002180)={&(0x7f0000002080), 0xfff}, 0x2) symlink$auto(&(0x7f0000001100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000010c0)='.\x00') readlinkat$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='\\\x00', 0x80) ioctl$auto_CEC_DQEVENT(r2, 0xc0506107, 0x0) ioctl$auto_CEC_DQEVENT(r2, 0xc0506107, 0x0) close_range$auto(r0, 0x8, 0x0) 2.906295198s ago: executing program 4 (id=414): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffbfffffa, 0x8000) r0 = socket(0xb, 0x2, 0x1) socket$nl_generic(0x10, 0x3, 0x10) sched_get_priority_max$auto(0x8) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = socket(0xa, 0x5, 0x0) r2 = pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) close_range$auto(0x2, 0x8, 0x0) keyctl$auto(0x3, 0x0, 0xff7fffffffffbffc, 0x1, 0xa4) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000004d40), 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r4 = open$dir(&(0x7f0000000000)='./file0\x00', 0x42, 0x20) bpf$auto(0x9, &(0x7f0000000a40)=@prog_bind_map={0xffffffffffffffff, r4, 0x2f}, 0x121) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/netdevsim0/del_port\x00', 0xa001, 0x0) write$auto(r5, 0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_GET(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="099be724910122a9f16b9663078c2c4406000000e65ca83f6be6b8bcbf49ce6c9830651491e53f250e77d86ee3071ac630ad92caefcf68eaef3bc03c878788d5092c99c10eca4ee80e3df89dd97186b82695b10d65cdff6ed818b400"/108, @ANYRES16=r6, @ANYRES64], 0x3c}}, 0x800) sendmsg$auto_MACSEC_CMD_DEL_RXSC(r1, &(0x7f0000007500)={0x0, 0x0, &(0x7f00000074c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="6de5ca255ccefe435a627b2162c6cae401002abd7000dedbdf25020000001fe06533ded71d77d58bc1c6e435acb57b509d2f981a3345b591bfb2b4aed47f6dd50f2db6e4eee7c2298fbf30856c4a0802d83e01ee8c3b0ce97e40126dc754d0a82e319bae6465fe4a7dae74cde8bd10acf67af1b259a89abee5335a14b231cdc6903bd9d2f15eb6df8a", @ANYRESOCT, @ANYBLOB="75abd00969af0a13529cca015d6cb2329da977186efa34d28a0d3ea586250d91615848db3404000000000000000000ef990012c464da6be20f602b8265007d3f596196bdd8b0531fca5b8ba3df7feace511919e1f35ae25188af4b74df70783fefa0ef13f2d7db49d90f66de314af25c72b1b780a8919a5c"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x80) connect$auto(r0, 0x0, 0x55) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x60800, 0x0) close_range$auto(r2, 0x8, 0x40005) mknod$auto(&(0x7f0000000b00)='./file0\x00', 0x1081, 0x6) acct$auto(&(0x7f0000000480)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x0f\x18\xc5\x82-s\x83\xe6\xaeR\x81\r_\x0e\x19\x12\x85\bvf(e\xday)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbHL9aD\xb4\x80\xed\xba>\"\xb6\x7f\xa3f\x1d\a\xa1\x87\x84uA\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e') acct$auto(&(0x7f0000000040)='/dev/sequencer2\x00') open(&(0x7f0000000840)='u[,&*}\x00\a\x00\x00\x00?\xa4\x1fN\xa1~5Z\xc7\r\f}M4\xa8m\xe6\x19[11\xab\xff-E\xac9(\xb4O\xa0t4h\x9f-gn\x1f\x01\x00\x00\x00\x00\x00\x00\x00\xaeR\x81\r_\x0e\x19\b\x85\bvv(e\xdax)\t\x15\xf6\xc8\xee\x04\x16\xc1\x9a!\x87I7\x8cD&zg\xb0a\xab|E\xde\x14\xee[\xc8\xc0\xa8Nh\x0f\xa3\xdbT\xb3\xb8\xd2F\xa0\xc4]\xaf\xc43&\xe4\x01\x05\xd2\x15\xf8\xf1!\x9d\x92\xbbH\xd3^aD\x87\xd8\xe7\xd2\xf3[r\xc5S&}D[\x97\xf1\xd9\xf8Y\x1c\x03\x84\xb4\xd7\x16\x19\xe5\x17\x10\xd8fcG:\xfbY8\x17w\x98?\x03@\xe5\x02\x05\x93h\xb9\xf7\xef\x84\x8aGlN\a\x1e\x00\x00\x00\x00\x00\x00\x00\xf1p\xeb\xe9(%\x89\xef\x85\xdfr\xce\x00\x00\x00\x00\xff\x00\xa2M\'d\x12\x1c\x12\xca\xa5_\x8d\xdf\xc5\x8d\x19?\xfc~\xb3X\x14\xa7\xa9M\x87\xfcTW\x1bR\xbci\x8d\x8aNEO\xb3~~\xa8\xa6\x894\x80;s\xb7\xa3V\x1b\x14|\x9e\xd4\x05\x85\x0f!\xab-E\'\x97Y\xb7\xe8fMv_\xf8\xa0S\xef\xb7\b\xe7!T.g\x92\x87\t$\x06\xa4\xfb\x83\x8c\x17^\x82\xe7\xd3\xf6q\x1a\xa0\xf82[W\x90\xdd\xe3\xde\xa9\xde\x94`-\x9a\x1e}\xebO*\xb85,v.\xfc5\xba?vlt\xda%\x06a\x15I\x1f\xe3\x05+\x810T2\xf9\x9b\xc7\xd1\t\x03\xf2\x8d\x8a\x90\xb54\bH<9\xf1\x91 D\x85g,\xaa\xca\xcd\xd5\xcb\x9a\xb1j\xf2F\xce\x14\x92\xf9\xd7\xec\xc5\x1e\x8aq2\xce\x881f\xd7\xd4\x9e\xf6\xb6P\x01\xe8T\xb5X\xb9d-I\xd6\x91\xc3\xe2\x88S\x82l=\x02t$p\t\x8cY\x06\r\x83\xb0\x86\xc6\x84\x1c\xce\xb6\xf0\xdfC\x9fj<\xfe\xa4\x1f\x82L\xe4\x13+H\x00\x00\x00\x00\x00\x00\x00\x01M\x16\xa0\xbeB6\xfb\xa2-\x17\x93Q\x9fKusl5\xa2$M\xb4\x18\x1db\xf3\xce\x8c\xe5Rna\xd5\xbbQ\xc7\xa7+\vH\xc1l\x1bIv\xe8_\x00', 0x22240, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x8, 0xa, 0xa) bind$auto(0x3, &(0x7f0000000040)=@nl=@proc={0x10, 0x0, 0x25dfdbfc, 0x8000}, 0x68) 2.531428369s ago: executing program 4 (id=415): mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) socket(0xa, 0x2, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x16, 0x0, 0x20056b) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x5452, 0x0) r2 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xffffffffffffff14, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r0], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x200440c0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x3, 0x0, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/dirty_ratio\x00', 0x2, 0x0) sendfile$auto(r3, r3, 0x0, 0x7fffe000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) setrlimit$auto(0x1000000007, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) setsockopt$auto(0x3, 0x10f, 0x8a, 0x0, 0x14) memfd_create$auto(0x0, 0xe) close_range$auto(0xffffffffffffffff, 0x8, 0x2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev5\x00', 0x280, 0x0) 2.33870191s ago: executing program 0 (id=416): close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb-serial/drivers/empeg/new_id\x00', 0xe9101, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000180)="09fb31", 0x3) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socket(0x2, 0x2, 0x88) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0xfdf3) write$auto(0x3, 0x0, 0xffd8) ioctl$auto(0x3, 0xc208ae62, 0x38) 2.284442025s ago: executing program 4 (id=417): close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xf, 0x6, 0x7) syz_genetlink_get_family_id$auto_gtp(0x0, r1) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x20000000) iopl$auto(0x3) r2 = getpgid(0x0) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x369400, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000000c0)) ioctl$auto_SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f00000001c0)) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/ipc\x00') syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) open_tree$auto(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x8) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="75ffffff", @ANYRES16=r4, @ANYBLOB="01002bbd7000fedbdf251600000000000400070000000000030000000800ad0000027e4efe407d6c1d99cc820003000000000002000700000000000400020000cb54f74ea2e27cc5492e8372149de6bb2ed881b93f09460c12f99e437703bc0575531641f25c4e03bc48c3b4be3f9e2fc6bb2ae275281775c233fb47a25e46d226b78f89e12140f9a7c6f0af9764659f9c2a8837dd8831bd8e3213f77d8f016cbd9e4a2780b480f88e3cfa5d768128cdabd1a035de584ee0e896255efa039af0adfb06f6ca86b203bb575aa869c7dbb9e6e1143ab60045b77fe8fcdb861c1d5bf00950351b9f81dcf9f3a4c6c5a7469712734b168ab09a4c4cbff11cbc8c2067dddb9a7c878f"], 0x34}, 0x1, 0x0, 0x0, 0x8814}, 0x0) socket(0x2, 0x1, 0x0) r5 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0) prctl$auto(0x6, 0x0, r2, 0xffff, 0x4) read$auto_proc_single_file_operations_base(r5, &(0x7f0000000140)=""/44, 0x2c) r6 = openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/set_event_notrace_pid\x00', 0x582, 0x0) write$auto_console_fops_tty_io(r6, &(0x7f0000001240)='4', 0x1) r7 = socket(0x11, 0x80000, 0xffffffff) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f00000000c0), r0) sendmsg$auto_CTRL_CMD_GETPOLICY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x2000000) syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000000), r7) mmap$auto(0x8, 0x3, 0x7, 0x13, 0xffffffffffffffff, 0x44) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/limits\x00', 0x40, 0x0) 2.08129926s ago: executing program 0 (id=418): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_MAC_ACL(r1, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x20000808}, 0xc, &(0x7f0000000400)={&(0x7f0000000a00)=ANY=[@ANYBLOB="b0000000", @ANYRES16=r2, @ANYBLOB="000100007000fbdbdf255d0000000600438aead483194d8401197c00ea050014019f0000007c00bb00ef7989f796f4de83e796055ffd27b2640bdde5274727a87aba0c9c6020410949c73c46bfec85c2b29621b782bea5765d7851801ee5ddbfdb1530abd64ebd26b85390044b7b757f743bd675fe3586ad3651782b9031d29cf627a82f2fd078c4b8e8b42bc95e36f68213f9f626b18432ec034ecd886a14106a080035000300000005003d0008000000"], 0xb0}, 0x1, 0x0, 0x0, 0x840}, 0x40810) socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1000000000045, 0x100000001, 0xfffdffff, 0x0, 0x0, 0x0, 0x1000000006, 0x6, 0x7, 0x401, 0x7ffffffb, 0x5, 0xffffffff80000000, 0x1, 0x61, 0x103}) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000180), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000940)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_TP_METER(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="3b3d2abd7000fddbdf250304000008000300", @ANYRES32=r7], 0x28}}, 0x80) ioperm$auto(0x2, 0x3, 0x1) clone$auto(0xffff, 0x7, 0xfffffffffffffffe, 0xffffffffffffffff, 0xffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r8 = openat$auto_dai_list_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$auto_dai_list_fops_(r8, &(0x7f0000000140)=""/204, 0xcc) clock_adjtime$auto(0x0, &(0x7f0000000000)={0x7, 0x8, 0x4, 0x8, 0x7fffffff, 0xffffffc0, 0x6, 0x5, 0x3, 0x0, 0xb9, {0x223a}, 0x1000, 0x7, 0xb, 0x5, 0x2000006, 0x101, 0x7fff, 0x3}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000980)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x27e4450eda9b705}, 0xc, &(0x7f0000000900)={&(0x7f00000004c0)={0x41c, r2, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_REKEY_DATA={0x3ff, 0x7a, 0x0, 0x1, [@typed={0xb, 0xed, 0x0, 0x0, @str='batadv\x00'}, @typed={0x8, 0x110, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x1c}}, @typed={0x14, 0x22, 0x0, 0x0, @ipv6=@private1}, @typed={0xa8, 0x4e, 0x0, 0x0, @binary="8278555e761ef165ea89d488b5f1f46adbd146cb380003fd970ec5b32234fb522f64d509371ecce00150d8ffd3fa1465148a38722badf551866d85576afe7dad3e4073cc98b06a9f37a74e1b0c982ded22c29d4c46437f85565978aa99ad78c534c2d24d26a432b70ed7cffb751605308ed9ef2cb97d521b59ae6941036d1e776950ea051080752298f826ccad7198aff34d9dd405225e3ea7ccbc1523c6830848048b9f"}, @generic="f8f73c3d2e59916394599f9121209b928af2b34614a0a7d476371fda38fb55b1eb38db8309f4342ddbad49282427dc3fa4625a3299f12905fa480f3d85bd7db2b227931888b5972c30db712c16e03eef29c75ba3c2d52a897380231613d2cc1c59a6046a17a9ef776c2e292a02fd276b421e290912ab4ed6d5c6bbb289fb938ced489ab93a5b4f56173a141404f42729f953b9df9774865593813a67f3b43e0c2f37ee8cb6ff6be4b6d045e9318984156629313c43033ce0e9569fd648", @generic="d8ece6700c76fbbb70099e9ed0c3e8e173c5231d453500079da8146da91b798fa5eb54fd644429ed83d6095f4efe8cad0991ce4dca8fd6b5b0262d1d4a2ac537097b07fcc0c36b7b83bb35cf4eabf5044a8edcd249f7641fbf33fb4207b5bfd17298377f230e8cb0d9447d29bd2ff963351e6c847148a1ceb641682a9e1af3033173b591a4e36fe1cda298b6844f919ecc2fedd4302506b9854659b4aa2fa6148b06de71ad8217d802bd61fdb40db72e5531ba5217c0df205d67b608fa76bf0b30d90898bc29fbf76f1d3ce6", @generic="ff9484f975bc6b1cefab02e881ec3438f5a1c2a4b38956cc700abe330c668252f52a4b39b8313878c0422dee364e1b12589d1b1b26a71fd483ac2257a3d4dfdac67ffa21e2c23bdbd1c4a7276b7fd113c1e047c038835abf3879c9560abf2f89ffe610ead2aba3859cba1b8773fe86a5dac91629fb3aed527302f669ada3a1833de2a2297fc2f5863ec8aa6068865d82c400bfa4e202", @nested={0x31, 0xe2, 0x0, 0x1, [@generic="13760556f68d5f76b6e9c5f24b55282030e290053464953fa3bc64c66846e6b019553a3999ede7fa81", @nested={0x4, 0x4b}]}, @generic="7ad446c230063f4cf31155568e0f22989af909bea36730b4c4464cedbbcea790db2fd6b6646d8a0ca189e62ff53f7f5bc1a496334926279c822a54984dca1d2eff612b2361bdfc666789b3df3ff02ed446df329fac9c2fb5506221b0e5ef6c57f13376875576c6242dd1f5f6aa4967d4e09f676cc70f1ab35c3e1292f20bd9bb2b5fa7fa0c159a2657ac09af52bab33149bffe3bb836d59ca0d216873c6dff05b8fc829b0b04fa536cff76cd3bcaa1cdb178a46d5c2ac91335f5bdb1f6476749302b6f3ef68a23dcea1702df6efd61e65a69d7f008156873"]}, @NL80211_ATTR_KEY_IDX={0x5}]}, 0x41c}, 0x1, 0x0, 0x0, 0x4011}, 0x20004000) adjtimex$auto(&(0x7f0000000100)={0x248a134b, 0x0, 0x4, 0x6efd, 0x8, 0x10001, 0x3, 0x0, 0x3, 0x4, 0xff, {0x9, 0x1}, 0x0, 0x81, 0x4, 0x80000000, 0x0, 0xffffffff, 0x9, 0x4, 0x4, 0x8, 0x8}) getsockopt$auto_SO_PASSCRED(r0, 0x80000000, 0x10, &(0x7f0000000200)='}d\x00', &(0x7f0000000240)=0x10) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f00000009c0), 0x40000, 0x0) pkey_free$auto(0xfffffffd) getpeername$auto(0x3, 0x0, 0x0) unshare$auto(0x40000080) r9 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/orangefs/perf_counters/ncache\x00', 0xa001, 0x0) write$auto(r9, &(0x7f0000000000)='72\xa1\x84\xbd0\x00f\x19\x1c\xc7k\x00\x00\x00\x00', 0x7) 2.02069253s ago: executing program 4 (id=419): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x100000000, 0x66) madvise$auto_MADV_GUARD_REMOVE(0x0, 0x4, 0x67) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x84) connect$auto(r0, &(0x7f0000000000)=@in={0x2, 0x2, @remote}, 0x55) r1 = bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) remap_file_pages$auto(0x0, 0xf3a4, 0x0, 0x5, 0x15) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000804) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) read$auto(0x4, 0x0, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x6, 0x3ff, 0x3, 0xeb1, 0xfffffffffffffffa, 0x6) socket(0xa, 0x801, 0x84) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x9, 0x400000072, 0x8b72, 0x1000000002, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) read$auto_proc_pid_maps_operations_internal(r3, &(0x7f0000000980)=""/4098, 0x1002) ioctl$auto_SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, 0x0) 1.957740408s ago: executing program 3 (id=420): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) timer_create$auto(0x2, 0x0, 0x0) timer_create$auto(0x3, 0x0, 0x0) timer_delete$auto(0x1) socket(0x1d, 0x3, 0x1) io_uring_setup$auto(0x3ff, 0x0) r0 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x100182, 0x0) pread64$auto(r0, 0x0, 0x1c000000000000, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = socket(0x25, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) setreuid$auto(0x0, 0x20000000004) ioctl$auto(0x3, 0x8916, 0x91) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x4, 0x2020009, 0x9, 0xeb1, r2, 0x8000) msync$auto(0x0, 0xe0, 0x6) 1.412738308s ago: executing program 0 (id=421): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x1ff) socket(0x2, 0x1, 0x0) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, 0xffffffffffffffff) write$auto(0x3, 0x0, 0x100082) 795.850053ms ago: executing program 0 (id=422): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r0, 0x2202, r0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000005680)='/sys/kernel/debug/tracing/set_event\x00', 0x8000, 0x0) read$auto(0x3, 0x0, 0x400000) ioctl$auto(0x3, 0x80000541b, 0xffffffffffffffff) r1 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/ext4/sda1/options\x00', 0x6b790263a610be11, 0x0) lseek$auto(r1, 0x5, 0x0) r2 = prctl$auto_PR_GET_FPEXC(0xb, 0x0, 0xffffffffffffffff, 0x1, 0x9) close_range$auto(r2, 0x8, 0x0) r3 = openat$auto_mgts_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0) r4 = semctl$auto_GETPID(0x2, 0x5, 0xb, 0x8) fcntl$auto_F_GETPIPE_SZ(r3, 0x408, r4) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) ioctl$auto_BLKRRPART(r5, 0x125f, 0x1000000) ioctl$auto_BLKRRPART(r5, 0x125f, 0x0) r6 = socket(0xb, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0xf000, 0x8, 0x1000000003, 0x9b72, 0x2, 0x8000) pread64$auto(0xffffffffffffffff, 0x0, 0xf42c, 0x2) ioctl$auto(r6, 0x50101e, r6) 600.239158ms ago: executing program 3 (id=423): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) r0 = socket(0xa, 0x3, 0x2f) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b61", @ANYRES32, @ANYRES32=r0, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r1 = socket(0x6, 0x2, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r2, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000080)={0x38, r3, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x24, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_TRANSPORT_NAME={0x9, 0x2, 'nfsd\x00'}, @NFSD_A_SOCK_ADDR={0x14, 0x1, "df9b201bba5d82e832454bc5b9c949fd"}]}]}, 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) sendmsg$auto_NFSD_CMD_RPC_STATUS_GET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x8, 0x70bd26, 0x25dfdbfd, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4005) setsockopt$auto(0x3, 0x29, 0x7, 0xffffffffffffffff, 0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x10004) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) swapoff$auto(0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 354.16108ms ago: executing program 0 (id=424): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000040c0)={&(0x7f0000004140)={0x2c, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0x1}]}, @MACSEC_ATTR_IFINDEX={0x8, 0x1, r2}]}, 0x2c}, 0x1, 0x0, 0x300, 0x20040801}, 0x4000000) 236.178666ms ago: executing program 4 (id=425): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_COOKIE={0x8, 0xd, 0x2}, @BATADV_ATTR_TPMETER_COOKIE={0x8, 0xd, 0xfffffff8}]}, 0x24}, 0x1, 0x0, 0x0, 0x48095}, 0x24008000) (async) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_COOKIE={0x8, 0xd, 0x2}, @BATADV_ATTR_TPMETER_COOKIE={0x8, 0xd, 0xfffffff8}]}, 0x24}, 0x1, 0x0, 0x0, 0x48095}, 0x24008000) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004c18}, 0x810) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' '], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) getpid() (async) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) (async) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) semctl$auto_IPC_SET(0x6, 0xfffffffd, 0x1, 0x6) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0x100082) 123.104966ms ago: executing program 0 (id=426): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0xc, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, 0x0, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) pidfd_open$auto(0x1, 0x0) eventfd$auto(0x5) mmap$auto(0xf369, 0x1, 0x4, 0x100000011, 0xe3d5, 0xf) socket(0xa, 0x3, 0xff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/kcore\x00', 0xc40, 0x0) read$auto_proc_iter_file_ops_compat_inode(r2, 0x0, 0x4d) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x20000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) unshare$auto(0x40000080) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003140), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PHY_GET(r3, &(0x7f0000003200)={0x0, 0x0, &(0x7f00000031c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="010326bd7000ffdbdf252d00000004000180ef1b1915f9caaa612d1c226886614da42080b02c3595ecf4ea0df1e4eb44c4369dda38168b40440351870e51423f13de0796705e89a159a3248675ed7b93ef5e455519b6419c4638789740b59e5c8fef774e792dba71c83a8d2b168758122c4f07b5a7f7c0cdef5952cbefd361c88b42a166f24eea0f"], 0x18}, 0x1, 0x0, 0x0, 0x2404c012}, 0x80) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x80008) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x47, 0x0) fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) 2.14925ms ago: executing program 4 (id=427): adjtimex$auto(0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) io_uring_setup$auto(0x401, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/034/001\x00', 0x8a140, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="afa72db57000ffdbdf250e00000008000300", @ANYRES32=r2], 0x1c}, 0x1, 0x40030000000000, 0x0, 0x800}, 0x20000000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x0) socket(0x6, 0x2, 0x80000000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x3b87, 0xa) 0s ago: executing program 3 (id=428): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000005680)='/sys/kernel/debug/tracing/set_event\x00', 0x8000, 0x0) read$auto(0x3, 0x0, 0x400000) (fail_nth: 2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.135' (ED25519) to the list of known hosts. [ 67.017781][ T5829] cgroup: Unknown subsys name 'net' [ 67.125607][ T5829] cgroup: Unknown subsys name 'cpuset' [ 67.133410][ T5829] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.508239][ T5829] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.351809][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.363389][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.371668][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.374211][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.383508][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.403422][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.403918][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.418900][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.423620][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.428705][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.438048][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.441005][ T5852] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 70.450182][ T5854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.454502][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.461601][ T5854] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 70.468690][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.476348][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.482929][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.489220][ T5854] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.499926][ T5150] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.515728][ T5852] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.529089][ T5150] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.536236][ T5852] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 70.543990][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.855849][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 70.909613][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 70.979145][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 71.017289][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 71.042767][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.050091][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.059553][ T5838] bridge_slave_0: entered allmulticast mode [ 71.066617][ T5838] bridge_slave_0: entered promiscuous mode [ 71.094792][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.101897][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.111162][ T5838] bridge_slave_1: entered allmulticast mode [ 71.118565][ T5838] bridge_slave_1: entered promiscuous mode [ 71.175265][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.185014][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.194817][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.201951][ T5839] bridge_slave_0: entered allmulticast mode [ 71.210004][ T5839] bridge_slave_0: entered promiscuous mode [ 71.218203][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.225426][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.232659][ T5839] bridge_slave_1: entered allmulticast mode [ 71.239429][ T5839] bridge_slave_1: entered promiscuous mode [ 71.267214][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.317082][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.324357][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.331587][ T5840] bridge_slave_0: entered allmulticast mode [ 71.339699][ T5840] bridge_slave_0: entered promiscuous mode [ 71.350217][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.357674][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.365243][ T5840] bridge_slave_1: entered allmulticast mode [ 71.371767][ T5840] bridge_slave_1: entered promiscuous mode [ 71.380939][ T5838] team0: Port device team_slave_0 added [ 71.389211][ T5838] team0: Port device team_slave_1 added [ 71.396933][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.445644][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.457733][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.465043][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.472598][ T5841] bridge_slave_0: entered allmulticast mode [ 71.479281][ T5841] bridge_slave_0: entered promiscuous mode [ 71.487927][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.498959][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.530742][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.538104][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.545646][ T5841] bridge_slave_1: entered allmulticast mode [ 71.552385][ T5841] bridge_slave_1: entered promiscuous mode [ 71.572852][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.579819][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.606798][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.623491][ T5839] team0: Port device team_slave_0 added [ 71.641945][ T5840] team0: Port device team_slave_0 added [ 71.648327][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.657944][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.684238][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.697239][ T5839] team0: Port device team_slave_1 added [ 71.703143][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.709818][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.727845][ T5840] team0: Port device team_slave_1 added [ 71.747036][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.754986][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.781513][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.795278][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.806896][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.833941][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.840909][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.867053][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.878719][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.885839][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.915701][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.945109][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.952078][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.980928][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.025453][ T5841] team0: Port device team_slave_0 added [ 72.053994][ T5841] team0: Port device team_slave_1 added [ 72.076040][ T5838] hsr_slave_0: entered promiscuous mode [ 72.082251][ T5838] hsr_slave_1: entered promiscuous mode [ 72.091549][ T5840] hsr_slave_0: entered promiscuous mode [ 72.100428][ T5840] hsr_slave_1: entered promiscuous mode [ 72.106491][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.114957][ T5840] Cannot create hsr debugfs directory [ 72.130226][ T5839] hsr_slave_0: entered promiscuous mode [ 72.136969][ T5839] hsr_slave_1: entered promiscuous mode [ 72.143074][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.150816][ T5839] Cannot create hsr debugfs directory [ 72.185685][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.192899][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.218939][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.250935][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.258687][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.284688][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.386649][ T5841] hsr_slave_0: entered promiscuous mode [ 72.393227][ T5841] hsr_slave_1: entered promiscuous mode [ 72.399155][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.407638][ T5841] Cannot create hsr debugfs directory [ 72.553799][ T5852] Bluetooth: hci3: command tx timeout [ 72.559654][ T5843] Bluetooth: hci1: command tx timeout [ 72.565324][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 72.580434][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 72.593040][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 72.619280][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 72.632905][ T5843] Bluetooth: hci2: command tx timeout [ 72.638464][ T5852] Bluetooth: hci0: command tx timeout [ 72.661204][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 72.677877][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 72.699982][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 72.724717][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 72.754398][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.802661][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.827758][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.838677][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.863600][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 72.897923][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 72.909647][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 72.920991][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.000460][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.064001][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.078096][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.101080][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.108405][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.141887][ T1114] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.149006][ T1114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.166375][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.181751][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.193350][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.215505][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.222665][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.238583][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.245692][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.269853][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.303885][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.311011][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.321373][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.341078][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.365228][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.372443][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.397218][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.404410][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.437883][ T732] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.445015][ T732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.574488][ T5841] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.601707][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.745829][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.766813][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.869069][ T5838] veth0_vlan: entered promiscuous mode [ 73.918725][ T5838] veth1_vlan: entered promiscuous mode [ 73.927898][ T5839] veth0_vlan: entered promiscuous mode [ 73.941665][ T5839] veth1_vlan: entered promiscuous mode [ 73.963858][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.990026][ T5838] veth0_macvtap: entered promiscuous mode [ 74.001766][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.015622][ T5839] veth0_macvtap: entered promiscuous mode [ 74.024498][ T5838] veth1_macvtap: entered promiscuous mode [ 74.038218][ T5839] veth1_macvtap: entered promiscuous mode [ 74.069806][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.093169][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.105162][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.117148][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.128885][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.142357][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.153818][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.165358][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.178682][ T5839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.188747][ T5839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.197783][ T5839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.206852][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.224814][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.235832][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.245689][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.254523][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.274952][ T5841] veth0_vlan: entered promiscuous mode [ 74.321545][ T5841] veth1_vlan: entered promiscuous mode [ 74.360985][ T5840] veth0_vlan: entered promiscuous mode [ 74.404823][ T5840] veth1_vlan: entered promiscuous mode [ 74.440974][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.454013][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.470954][ T732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.487057][ T732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.501951][ T5841] veth0_macvtap: entered promiscuous mode [ 74.536433][ T5841] veth1_macvtap: entered promiscuous mode [ 74.563342][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.566461][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.571260][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.589393][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.599285][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.609983][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.621522][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.632498][ T5843] Bluetooth: hci3: command tx timeout [ 74.637987][ T5852] Bluetooth: hci1: command tx timeout [ 74.657219][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.674843][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.685165][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.695758][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.708260][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.716195][ T5852] Bluetooth: hci0: command tx timeout [ 74.721640][ T5852] Bluetooth: hci2: command tx timeout [ 74.746189][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.760683][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.770006][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.779021][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.791223][ T5840] veth0_macvtap: entered promiscuous mode [ 74.803886][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 74.818738][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.835744][ T5840] veth1_macvtap: entered promiscuous mode [ 74.843486][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.926459][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.945036][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.959827][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.971922][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.983722][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.998369][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.014453][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.090822][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.102527][ T1114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.110382][ T1114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.140150][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.169426][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.189632][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.268334][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.314936][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.354675][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.390890][ T5840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.426984][ T5840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.476211][ T5840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.503045][ T5840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.870806][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.910011][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.925719][ T1114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.959633][ T1114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.047050][ T732] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.066496][ T732] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.281717][ T5918] netlink: 'syz.3.5': attribute type 16 has an invalid length. [ 76.313547][ T5918] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5'. [ 76.331088][ T5923] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 76.408860][ T5918] Zero length message leads to an empty skb [ 76.712518][ T5852] Bluetooth: hci1: command tx timeout [ 76.717981][ T5852] Bluetooth: hci3: command tx timeout [ 76.786712][ T5918] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5'. [ 76.797199][ T5852] Bluetooth: hci2: command tx timeout [ 76.803529][ T54] Bluetooth: hci0: command tx timeout [ 76.820943][ T5930] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 78.146514][ T5946] vidtv vidtv.0: No streaming. Skipping. [ 78.651389][ T5970] netlink: zone id is out of range [ 78.656865][ T5970] netlink: zone id is out of range [ 78.662130][ T5970] netlink: zone id is out of range [ 78.667746][ T5970] netlink: zone id is out of range [ 78.695589][ T5967] HfR: entered promiscuous mode [ 78.715799][ T5972] netlink: 172 bytes leftover after parsing attributes in process `syz.0.15'. [ 78.752339][ T5970] netlink: zone id is out of range [ 78.757514][ T5970] netlink: zone id is out of range [ 78.784161][ T5970] netlink: zone id is out of range [ 78.789322][ T5970] netlink: zone id is out of range [ 78.793593][ T5852] Bluetooth: hci3: command tx timeout [ 78.796545][ T5970] netlink: zone id is out of range [ 78.799830][ T5852] Bluetooth: hci1: command tx timeout [ 78.805288][ T5970] netlink: zone id is out of range [ 78.872697][ T5852] Bluetooth: hci2: command tx timeout [ 78.878150][ T5852] Bluetooth: hci0: command tx timeout [ 80.064812][ T5981] HfR: entered promiscuous mode [ 81.211326][ T6005] netlink: 'syz.3.24': attribute type 16 has an invalid length. [ 81.234854][ T6000] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23'. [ 81.244014][ T6005] netlink: 330 bytes leftover after parsing attributes in process `syz.3.24'. [ 82.654524][ T6005] netlink: 28 bytes leftover after parsing attributes in process `syz.3.24'. [ 84.425140][ T6027] vidtv vidtv.0: No streaming. Skipping. [ 84.507351][ T6044] HfR: entered promiscuous mode [ 84.691407][ T6051] netlink: 12 bytes leftover after parsing attributes in process `syz.0.33'. [ 84.793302][ T6036] vidtv vidtv.0: No streaming. Skipping. [ 86.771783][ T5852] Bluetooth: hci0: Malformed LE Event: 0x1d [ 87.073709][ T6088] netlink: 'syz.0.41': attribute type 16 has an invalid length. [ 87.086922][ T25] cfg80211: failed to load regulatory.db [ 87.126420][ T6088] netlink: 330 bytes leftover after parsing attributes in process `syz.0.41'. [ 87.160085][ T6085] Invalid ELF header magic: != ELF [ 87.949168][ T6088] netlink: 28 bytes leftover after parsing attributes in process `syz.0.41'. [ 87.991101][ T6098] netlink: 32 bytes leftover after parsing attributes in process `syz.2.42'. [ 88.113803][ T6103] netlink: 8 bytes leftover after parsing attributes in process `syz.1.43'. [ 88.375995][ T6107] netlink: 'syz.1.45': attribute type 16 has an invalid length. [ 88.394243][ T6107] netlink: 330 bytes leftover after parsing attributes in process `syz.1.45'. [ 88.414433][ T6109] netlink: 4 bytes leftover after parsing attributes in process `syz.0.47'. [ 89.147319][ T6107] netlink: 28 bytes leftover after parsing attributes in process `syz.1.45'. [ 89.479001][ T6130] netlink: 12 bytes leftover after parsing attributes in process `syz.1.51'. [ 90.587099][ T6148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.56'. [ 91.276367][ T6164] netlink: 'syz.0.62': attribute type 16 has an invalid length. [ 91.318708][ T6164] netlink: 330 bytes leftover after parsing attributes in process `syz.0.62'. [ 91.851565][ T6174] FAULT_INJECTION: forcing a failure. [ 91.851565][ T6174] name failslab, interval 1, probability 0, space 0, times 1 [ 91.932393][ T6174] CPU: 1 UID: 0 PID: 6174 Comm: syz.2.64 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 91.932428][ T6174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 91.932441][ T6174] Call Trace: [ 91.932449][ T6174] [ 91.932462][ T6174] dump_stack_lvl+0x16c/0x1f0 [ 91.932499][ T6174] should_fail_ex+0x50a/0x650 [ 91.932541][ T6174] ? fs_reclaim_acquire+0xae/0x150 [ 91.932573][ T6174] should_failslab+0xc2/0x120 [ 91.932596][ T6174] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 91.932631][ T6174] ? getname_flags.part.0+0x4c/0x550 [ 91.932657][ T6174] ? vfs_write+0x306/0x1150 [ 91.932690][ T6174] getname_flags.part.0+0x4c/0x550 [ 91.932719][ T6174] getname+0x8d/0xe0 [ 91.932748][ T6174] do_sys_openat2+0x104/0x1e0 [ 91.932772][ T6174] ? __pfx_do_sys_openat2+0x10/0x10 [ 91.932800][ T6174] ? __fget_files+0x206/0x3a0 [ 91.932837][ T6174] __x64_sys_openat+0x175/0x210 [ 91.932862][ T6174] ? __pfx___x64_sys_openat+0x10/0x10 [ 91.932900][ T6174] do_syscall_64+0xcd/0x250 [ 91.932930][ T6174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.932961][ T6174] RIP: 0033:0x7ff0a358cde9 [ 91.932979][ T6174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.933004][ T6174] RSP: 002b:00007ff0a13f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 91.933026][ T6174] RAX: ffffffffffffffda RBX: 00007ff0a37a5fa0 RCX: 00007ff0a358cde9 [ 91.933041][ T6174] RDX: 0000000000022c00 RSI: 0000400000002ac0 RDI: ffffffffffffff9c [ 91.933056][ T6174] RBP: 00007ff0a13f6090 R08: 0000000000000000 R09: 0000000000000000 [ 91.933069][ T6174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.933083][ T6174] R13: 0000000000000000 R14: 00007ff0a37a5fa0 R15: 00007ffe99913758 [ 91.933113][ T6174] [ 91.936010][ T6175] netlink: 28 bytes leftover after parsing attributes in process `syz.0.62'. [ 92.227679][ T29] audit: type=1800 audit(1739852416.864:2): pid=6178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.65" name="dbroot" dev="configfs" ino=9275 res=0 errno=0 [ 92.362940][ T6182] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 92.808193][ T6198] netlink: 'syz.1.72': attribute type 16 has an invalid length. [ 93.122761][ T6198] __nla_validate_parse: 2 callbacks suppressed [ 93.122782][ T6198] netlink: 28 bytes leftover after parsing attributes in process `syz.1.72'. [ 94.273191][ T6225] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 94.749312][ T6241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.82'. [ 95.288892][ T6248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.85'. [ 96.215843][ T6279] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 96.508781][ T6287] net_ratelimit: 40 callbacks suppressed [ 96.508803][ T6287] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 97.639667][ T6298] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 98.107486][ T29] audit: type=1800 audit(1739852422.734:3): pid=6312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.102" name="dbroot" dev="configfs" ino=10499 res=0 errno=0 [ 98.250225][ T6317] netlink: 36 bytes leftover after parsing attributes in process `syz.2.103'. [ 98.280977][ T6319] netlink: 'syz.3.105': attribute type 16 has an invalid length. [ 98.309393][ T6319] netlink: 330 bytes leftover after parsing attributes in process `syz.3.105'. [ 98.404314][ T6307] ptrace attach of "./syz-executor exec"[5841] was attempted by "./syz-executor exec"[6307] [ 98.494979][ T29] audit: type=1804 audit(1739852423.134:4): pid=6307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.100" name="/newroot/28/file0" dev="tmpfs" ino=162 res=1 errno=0 [ 98.523520][ T29] audit: type=1800 audit(1739852423.134:5): pid=6307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.100" name="file0" dev="tmpfs" ino=162 res=0 errno=0 [ 98.661826][ T6307] netlink: 'syz.1.100': attribute type 1 has an invalid length. [ 100.759976][ T6354] netlink: 12 bytes leftover after parsing attributes in process `syz.2.112'. [ 101.600950][ T6372] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.073916][ T6403] process 'syz.2.122' launched '/dev/fd/4' with NULL argv: empty string added [ 103.324176][ T6407] netlink: 12 bytes leftover after parsing attributes in process `syz.2.125'. [ 103.828433][ T6417] IPVS: length: 150994944 != 25171704 [ 104.667786][ T29] audit: type=1800 audit(1739852447.303:6): pid=6439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.134" name="dbroot" dev="configfs" ino=10969 res=0 errno=0 [ 104.969481][ T6447] netlink: 12 bytes leftover after parsing attributes in process `syz.1.136'. [ 106.290791][ T6499] netlink: 12 bytes leftover after parsing attributes in process `syz.0.149'. [ 107.088418][ T6514] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 107.872129][ T6526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.153'. [ 108.781561][ T6542] netlink: 12 bytes leftover after parsing attributes in process `syz.0.158'. [ 109.162926][ T6545] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 109.812282][ T29] audit: type=1800 audit(1739852479.420:7): pid=6561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.164" name="dbroot" dev="configfs" ino=11483 res=0 errno=0 [ 111.743902][ T6586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.173'. [ 111.756938][ T6584] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 111.915654][ T6590] FAULT_INJECTION: forcing a failure. [ 111.915654][ T6590] name failslab, interval 1, probability 0, space 0, times 0 [ 111.983184][ T6590] CPU: 1 UID: 0 PID: 6590 Comm: syz.3.174 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 111.983224][ T6590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.983239][ T6590] Call Trace: [ 111.983247][ T6590] [ 111.983258][ T6590] dump_stack_lvl+0x16c/0x1f0 [ 111.983295][ T6590] should_fail_ex+0x50a/0x650 [ 111.983330][ T6590] ? fs_reclaim_acquire+0xae/0x150 [ 111.983364][ T6590] should_failslab+0xc2/0x120 [ 111.983387][ T6590] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 111.983425][ T6590] ? security_file_alloc+0x34/0x2b0 [ 111.983460][ T6590] security_file_alloc+0x34/0x2b0 [ 111.983490][ T6590] init_file+0x93/0x4c0 [ 111.983515][ T6590] alloc_empty_file+0x91/0x1e0 [ 111.983542][ T6590] alloc_file_pseudo+0x13b/0x230 [ 111.983570][ T6590] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 111.983597][ T6590] ? shmem_get_inode+0x73a/0xf00 [ 111.983639][ T6590] __shmem_file_setup+0x210/0x300 [ 111.983668][ T6590] shmem_zero_setup+0x93/0x1b0 [ 111.983699][ T6590] __mmap_region+0x2021/0x2760 [ 111.983726][ T6590] ? __pfx___mmap_region+0x10/0x10 [ 111.983772][ T6590] ? hlock_class+0x4e/0x130 [ 111.983796][ T6590] ? mark_lock+0xb5/0xc60 [ 111.983839][ T6590] ? schedule+0x298/0x350 [ 111.983907][ T6590] ? cap_capable+0xb3/0x250 [ 111.983937][ T6590] mmap_region+0x1ab/0x3f0 [ 111.983966][ T6590] do_mmap+0xd8d/0x11b0 [ 111.984003][ T6590] ? __pfx_do_mmap+0x10/0x10 [ 111.984034][ T6590] ? __pfx_down_write_killable+0x10/0x10 [ 111.984073][ T6590] vm_mmap_pgoff+0x203/0x3a0 [ 111.984112][ T6590] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 111.984150][ T6590] ? __x64_sys_futex+0x1e1/0x4c0 [ 111.984178][ T6590] ? __x64_sys_futex+0x1ea/0x4c0 [ 111.984216][ T6590] ksys_mmap_pgoff+0x7d/0x5c0 [ 111.984246][ T6590] ? rcu_is_watching+0x12/0xc0 [ 111.984276][ T6590] __x64_sys_mmap+0x125/0x190 [ 111.984316][ T6590] do_syscall_64+0xcd/0x250 [ 111.984347][ T6590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.984380][ T6590] RIP: 0033:0x7f1d45d8cde9 [ 111.984400][ T6590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.984422][ T6590] RSP: 002b:00007f1d46b37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 111.984445][ T6590] RAX: ffffffffffffffda RBX: 00007f1d45fa5fa0 RCX: 00007f1d45d8cde9 [ 111.984461][ T6590] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 111.984475][ T6590] RBP: 00007f1d45e0e2a0 R08: fffffffffffffffa R09: 0000000000008000 [ 111.984490][ T6590] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 111.984504][ T6590] R13: 0000000000000000 R14: 00007f1d45fa5fa0 R15: 00007ffdf84dd6b8 [ 111.984537][ T6590] [ 113.999498][ T6616] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 114.044913][ T6616] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 114.110274][ T6619] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 115.025205][ T29] audit: type=1800 audit(1739852484.660:8): pid=6632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.185" name="dbroot" dev="configfs" ino=11649 res=0 errno=0 syzkaller syzkaller login: [ 116.317775][ T6655] netlink: 4 bytes leftover after parsing attributes in process `syz.3.191'. [ 116.506667][ T29] audit: type=1800 audit(1739852486.140:9): pid=6659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.192" name="members" dev="configfs" ino=12725 res=0 errno=0 [ 116.806189][ T6663] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 117.766620][ T6671] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 117.793313][ T6671] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 117.890775][ T6671] svc: failed to register nfsdv3 RPC service (errno 111). [ 117.912695][ T6671] svc: failed to register nfsaclv3 RPC service (errno 111). [ 120.466853][ T6706] netlink: 4 bytes leftover after parsing attributes in process `syz.0.206'. [ 121.270045][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 121.286104][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 121.296529][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 121.305916][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 121.314844][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 121.343318][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 122.245919][ T6719] chnl_net:caif_netlink_parms(): no params data found [ 122.782651][ T6719] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.817555][ T6719] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.872798][ T6719] bridge_slave_0: entered allmulticast mode [ 122.913681][ T6719] bridge_slave_0: entered promiscuous mode [ 122.988136][ T6719] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.017276][ T6719] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.073669][ T6719] bridge_slave_1: entered allmulticast mode [ 123.119724][ T6719] bridge_slave_1: entered promiscuous mode [ 123.442295][ T5852] Bluetooth: hci1: command tx timeout [ 123.481187][ T6719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.539606][ T6719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.865466][ T6719] team0: Port device team_slave_0 added [ 124.014064][ T6719] team0: Port device team_slave_1 added [ 124.145224][ T6719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 124.165842][ T6719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 124.242354][ T6719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 124.290573][ T6719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 124.297835][ T6719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 124.365810][ T6719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 124.688080][ T6760] netlink: 'syz.0.216': attribute type 16 has an invalid length. [ 124.702285][ T6760] netlink: 330 bytes leftover after parsing attributes in process `syz.0.216'. [ 124.828164][ T6760] netlink: 28 bytes leftover after parsing attributes in process `syz.0.216'. [ 125.117046][ T6719] hsr_slave_0: entered promiscuous mode [ 125.134082][ T6719] hsr_slave_1: entered promiscuous mode [ 125.141193][ T6719] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 125.222307][ T6719] Cannot create hsr debugfs directory [ 125.532278][ T5852] Bluetooth: hci1: command tx timeout [ 126.229273][ T6771] netlink: 'syz.1.217': attribute type 16 has an invalid length. [ 126.250603][ T6771] netlink: 330 bytes leftover after parsing attributes in process `syz.1.217'. [ 126.317604][ T6719] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 126.383059][ T6719] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 126.672259][ T6719] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 126.713082][ T6719] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 126.873110][ T6772] netlink: 28 bytes leftover after parsing attributes in process `syz.1.217'. [ 127.069676][ T6719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.156388][ T6719] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.229976][ T6784] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.237161][ T6784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.304640][ T732] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.311786][ T732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.593766][ T5852] Bluetooth: hci1: command tx timeout [ 127.664049][ T6800] netlink: 330 bytes leftover after parsing attributes in process `syz.1.220'. [ 128.275061][ T6719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.219563][ T6719] veth0_vlan: entered promiscuous mode [ 129.233713][ T6719] veth1_vlan: entered promiscuous mode [ 129.262979][ T6719] veth0_macvtap: entered promiscuous mode [ 129.273018][ T6719] veth1_macvtap: entered promiscuous mode [ 129.288490][ T6719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.299803][ T6719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.678586][ T5852] Bluetooth: hci1: command tx timeout [ 129.764061][ T6719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.775514][ T6719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.785575][ T6719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.796057][ T6719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.806076][ T6719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.816612][ T6719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.837978][ T6719] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.877612][ T6719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.891049][ T6719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.901063][ T6719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.911758][ T6719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.932226][ T6719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.943264][ T6719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.964296][ T6719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.992283][ T6719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.043407][ T6719] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.069345][ T6719] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.097568][ T6719] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.122265][ T6719] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.131005][ T6719] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.289708][ T6829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.225'. [ 130.321912][ T6829] FAULT_INJECTION: forcing a failure. [ 130.321912][ T6829] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 130.392541][ T6829] CPU: 1 UID: 0 PID: 6829 Comm: syz.1.225 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 130.392573][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 130.392585][ T6829] Call Trace: [ 130.392591][ T6829] [ 130.392600][ T6829] dump_stack_lvl+0x16c/0x1f0 [ 130.392633][ T6829] should_fail_ex+0x50a/0x650 [ 130.392664][ T6829] ? __pfx___might_resched+0x10/0x10 [ 130.392701][ T6829] should_fail_alloc_page+0xe7/0x130 [ 130.392724][ T6829] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 130.392754][ T6829] ? kernel_text_address+0x8d/0x100 [ 130.392789][ T6829] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 130.392826][ T6829] ? hlock_class+0x4e/0x130 [ 130.392849][ T6829] ? mark_lock+0xb5/0xc60 [ 130.392878][ T6829] ? hlock_class+0x4e/0x130 [ 130.392899][ T6829] ? mark_lock+0xb5/0xc60 [ 130.392926][ T6829] ? __pfx_mark_lock+0x10/0x10 [ 130.392959][ T6829] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 130.392995][ T6829] ? rcu_is_watching+0x12/0xc0 [ 130.393030][ T6829] ? hlock_class+0x4e/0x130 [ 130.393056][ T6829] ? hlock_class+0x4e/0x130 [ 130.393078][ T6829] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 130.393115][ T6829] ? policy_nodemask+0xea/0x4e0 [ 130.393152][ T6829] alloc_pages_mpol+0x1fc/0x540 [ 130.393176][ T6829] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 130.393208][ T6829] ? __pfx___lock_acquire+0x10/0x10 [ 130.393248][ T6829] alloc_pages_noprof+0x131/0x390 [ 130.393271][ T6829] pte_alloc_one+0x20/0x390 [ 130.393304][ T6829] __pte_alloc+0x6e/0x3d0 [ 130.393330][ T6829] ? __pfx___pte_alloc+0x10/0x10 [ 130.393356][ T6829] ? __pfx_lock_release+0x10/0x10 [ 130.393385][ T6829] ? do_raw_spin_lock+0x12d/0x2c0 [ 130.393411][ T6829] do_pte_missing+0x2828/0x3e10 [ 130.393448][ T6829] ? _raw_spin_unlock+0x28/0x50 [ 130.393470][ T6829] ? __pmd_alloc+0x3c2/0x870 [ 130.393508][ T6829] __handle_mm_fault+0x1166/0x2c60 [ 130.393549][ T6829] ? __pfx___handle_mm_fault+0x10/0x10 [ 130.393580][ T6829] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 130.393630][ T6829] ? find_vma+0xc0/0x140 [ 130.393656][ T6829] ? __pfx_find_vma+0x10/0x10 [ 130.393687][ T6829] handle_mm_fault+0x3fa/0xaa0 [ 130.393726][ T6829] do_user_addr_fault+0x7a3/0x13f0 [ 130.393764][ T6829] exc_page_fault+0x5c/0xc0 [ 130.393790][ T6829] asm_exc_page_fault+0x26/0x30 [ 130.393820][ T6829] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 130.393854][ T6829] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 130.393874][ T6829] RSP: 0018:ffffc9000c72f7e0 EFLAGS: 00050206 [ 130.393892][ T6829] RAX: 0000000000000001 RBX: 00000000000000c4 RCX: 00000000000000c4 [ 130.393906][ T6829] RDX: ffffed100fa85f99 RSI: 0000000000000000 RDI: ffff88807d42fc00 [ 130.393920][ T6829] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100fa85f98 [ 130.393933][ T6829] R10: ffff88807d42fcc3 R11: 0000000000000000 R12: ffffc9000c72fd60 [ 130.393948][ T6829] R13: 00000000000000c4 R14: ffff88807d42fc00 R15: 00007ffffffff000 [ 130.393979][ T6829] _copy_from_iter+0x385/0x1560 [ 130.394005][ T6829] ? trace_lock_acquire+0x14e/0x1f0 [ 130.394030][ T6829] ? __alloc_skb+0x1fe/0x380 [ 130.394060][ T6829] ? __pfx__copy_from_iter+0x10/0x10 [ 130.394081][ T6829] ? __virt_addr_valid+0x1a4/0x590 [ 130.394109][ T6829] ? __virt_addr_valid+0x5e/0x590 [ 130.394132][ T6829] ? __phys_addr_symbol+0x30/0x80 [ 130.394154][ T6829] ? __check_object_size+0x488/0x710 [ 130.394182][ T6829] netlink_sendmsg+0x813/0xd70 [ 130.394218][ T6829] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.394260][ T6829] ____sys_sendmsg+0xaaf/0xc90 [ 130.394285][ T6829] ? copy_msghdr_from_user+0x10b/0x160 [ 130.394316][ T6829] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.394339][ T6829] ? __lock_acquire+0xcc5/0x3c40 [ 130.394384][ T6829] ___sys_sendmsg+0x135/0x1e0 [ 130.394417][ T6829] ? __pfx____sys_sendmsg+0x10/0x10 [ 130.394464][ T6829] ? trace_lock_acquire+0x14e/0x1f0 [ 130.394520][ T6829] __sys_sendmmsg+0x201/0x420 [ 130.394556][ T6829] ? __pfx___sys_sendmmsg+0x10/0x10 [ 130.394599][ T6829] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 130.394641][ T6829] ? fput+0x67/0x440 [ 130.394663][ T6829] ? ksys_write+0x1ba/0x250 [ 130.394693][ T6829] ? __pfx_ksys_write+0x10/0x10 [ 130.394729][ T6829] __x64_sys_sendmmsg+0x9c/0x100 [ 130.394759][ T6829] ? lockdep_hardirqs_on+0x7c/0x110 [ 130.394784][ T6829] do_syscall_64+0xcd/0x250 [ 130.394814][ T6829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.394844][ T6829] RIP: 0033:0x7eff4ed8cde9 [ 130.394862][ T6829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.394881][ T6829] RSP: 002b:00007eff4fbfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 130.394901][ T6829] RAX: ffffffffffffffda RBX: 00007eff4efa5fa0 RCX: 00007eff4ed8cde9 [ 130.394916][ T6829] RDX: 0000000000003d55 RSI: 0000400000000080 RDI: 0000000000000005 [ 130.394930][ T6829] RBP: 00007eff4fbfe090 R08: 0000000000000000 R09: 0000000000000000 [ 130.394943][ T6829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.394957][ T6829] R13: 0000000000000000 R14: 00007eff4efa5fa0 R15: 00007ffeb0aaf7b8 [ 130.394988][ T6829] [ 130.395144][ T6829] netlink: 354 bytes leftover after parsing attributes in process `syz.1.225'. [ 130.551036][ T6797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 130.936305][ T6797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.996695][ T6797] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.014354][ T6797] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.096357][ T6839] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 132.456853][ T6844] netlink: 12 bytes leftover after parsing attributes in process `syz.0.229'. [ 132.635417][ T6851] netlink: 4 bytes leftover after parsing attributes in process `syz.3.230'. [ 132.746239][ T6797] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.074978][ T6797] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.118486][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.125390][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.239386][ T6862] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 133.274473][ T6797] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.450616][ T6797] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.847436][ T6797] bridge_slave_1: left allmulticast mode [ 133.872482][ T6797] bridge_slave_1: left promiscuous mode [ 133.912443][ T6797] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.440523][ T6797] bridge_slave_0: left allmulticast mode [ 134.573317][ T6797] bridge_slave_0: left promiscuous mode [ 134.579124][ T6797] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.429410][ T6897] mmap: syz.0.240 (6897) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 135.478028][ T6895] netlink: 12 bytes leftover after parsing attributes in process `syz.3.244'. [ 136.116880][ T6797] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 136.140685][ T6902] netlink: 12 bytes leftover after parsing attributes in process `syz.1.245'. [ 136.182680][ T6797] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 136.208198][ T6797] bond0 (unregistering): Released all slaves [ 136.251755][ T6891] netlink: 4 bytes leftover after parsing attributes in process `syz.4.243'. [ 136.267459][ T6891] netlink: 354 bytes leftover after parsing attributes in process `syz.4.243'. [ 136.366564][ T6797] HfR: left promiscuous mode [ 136.945774][ T6914] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 137.361621][ T6935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.252'. [ 137.377304][ T6937] netlink: 8 bytes leftover after parsing attributes in process `syz.3.253'. [ 137.498149][ T6797] hsr_slave_0: left promiscuous mode [ 137.640196][ T6797] hsr_slave_1: left promiscuous mode [ 137.673103][ T6797] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.708476][ T6797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.783946][ T6797] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.816568][ T6797] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.910897][ T6797] veth1_macvtap: left promiscuous mode [ 137.942735][ T6797] veth0_macvtap: left promiscuous mode [ 137.973538][ T6797] veth1_vlan: left promiscuous mode [ 137.979145][ T6797] veth0_vlan: left promiscuous mode [ 139.041115][ T6949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.255'. [ 139.111515][ T6949] netlink: 354 bytes leftover after parsing attributes in process `syz.0.255'. [ 140.132791][ T6797] team0 (unregistering): Port device team_slave_1 removed [ 140.188034][ T6797] team0 (unregistering): Port device team_slave_0 removed [ 141.358125][ T29] audit: type=1800 audit(1739852537.991:10): pid=6988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.263" name="dbroot" dev="configfs" ino=14044 res=0 errno=0 [ 141.473739][ T6995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.264'. [ 141.508932][ T6995] FAULT_INJECTION: forcing a failure. [ 141.508932][ T6995] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 141.528937][ T6995] CPU: 1 UID: 0 PID: 6995 Comm: syz.1.264 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 141.528968][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 141.528980][ T6995] Call Trace: [ 141.528987][ T6995] [ 141.528995][ T6995] dump_stack_lvl+0x16c/0x1f0 [ 141.529027][ T6995] should_fail_ex+0x50a/0x650 [ 141.529062][ T6995] _copy_from_user+0x2e/0xd0 [ 141.529085][ T6995] copy_msghdr_from_user+0x99/0x160 [ 141.529114][ T6995] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 141.529150][ T6995] ? __lock_acquire+0xcc5/0x3c40 [ 141.529184][ T6995] ? hlock_class+0x4e/0x130 [ 141.529207][ T6995] ? __lock_acquire+0x15a9/0x3c40 [ 141.529243][ T6995] ___sys_sendmsg+0xff/0x1e0 [ 141.529275][ T6995] ? __pfx____sys_sendmsg+0x10/0x10 [ 141.529300][ T6995] ? __pfx___lock_acquire+0x10/0x10 [ 141.529351][ T6995] ? __pfx___might_resched+0x10/0x10 [ 141.529382][ T6995] ? __might_fault+0xe3/0x190 [ 141.529408][ T6995] __sys_sendmmsg+0x201/0x420 [ 141.529441][ T6995] ? __pfx___sys_sendmmsg+0x10/0x10 [ 141.529480][ T6995] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 141.529519][ T6995] ? fput+0x67/0x440 [ 141.529540][ T6995] ? ksys_write+0x1ba/0x250 [ 141.529568][ T6995] ? __pfx_ksys_write+0x10/0x10 [ 141.529602][ T6995] __x64_sys_sendmmsg+0x9c/0x100 [ 141.529633][ T6995] ? lockdep_hardirqs_on+0x7c/0x110 [ 141.529659][ T6995] do_syscall_64+0xcd/0x250 [ 141.529689][ T6995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.529719][ T6995] RIP: 0033:0x7eff4ed8cde9 [ 141.529738][ T6995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.529759][ T6995] RSP: 002b:00007eff4fbfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 141.529782][ T6995] RAX: ffffffffffffffda RBX: 00007eff4efa5fa0 RCX: 00007eff4ed8cde9 [ 141.529797][ T6995] RDX: 0000000000003d55 RSI: 0000400000000080 RDI: 0000000000000005 [ 141.529811][ T6995] RBP: 00007eff4fbfe090 R08: 0000000000000000 R09: 0000000000000000 [ 141.529824][ T6995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.529838][ T6995] R13: 0000000000000000 R14: 00007eff4efa5fa0 R15: 00007ffeb0aaf7b8 [ 141.529868][ T6995] [ 142.036633][ T7007] FAULT_INJECTION: forcing a failure. [ 142.036633][ T7007] name failslab, interval 1, probability 0, space 0, times 0 [ 142.076148][ T7007] CPU: 1 UID: 0 PID: 7007 Comm: syz.1.269 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 142.076181][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 142.076194][ T7007] Call Trace: [ 142.076201][ T7007] [ 142.076210][ T7007] dump_stack_lvl+0x16c/0x1f0 [ 142.076244][ T7007] should_fail_ex+0x50a/0x650 [ 142.076279][ T7007] ? fs_reclaim_acquire+0xae/0x150 [ 142.076312][ T7007] should_failslab+0xc2/0x120 [ 142.076334][ T7007] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 142.076369][ T7007] ? __kernfs_new_node+0xd3/0x890 [ 142.076402][ T7007] __kernfs_new_node+0xd3/0x890 [ 142.076439][ T7007] ? __pfx___kernfs_new_node+0x10/0x10 [ 142.076483][ T7007] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 142.076519][ T7007] ? rwsem_read_trylock+0x12d/0x250 [ 142.076555][ T7007] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 142.076592][ T7007] kernfs_new_node+0x186/0x240 [ 142.076631][ T7007] __kernfs_create_file+0x53/0x350 [ 142.076657][ T7007] sysfs_add_file_mode_ns+0x1ff/0x3b0 [ 142.076703][ T7007] sysfs_merge_group+0x1b1/0x340 [ 142.076739][ T7007] ? __pfx_sysfs_merge_group+0x10/0x10 [ 142.076780][ T7007] ? __pfx_dev_add_physical_location+0x10/0x10 [ 142.076811][ T7007] ? bus_to_subsys+0x12d/0x160 [ 142.076856][ T7007] dpm_sysfs_add+0x237/0x280 [ 142.076888][ T7007] device_add+0x9a8/0x1a70 [ 142.076929][ T7007] ? __pfx_device_add+0x10/0x10 [ 142.076982][ T7007] device_create_groups_vargs+0x1f8/0x270 [ 142.077027][ T7007] device_create+0xe9/0x130 [ 142.077075][ T7007] ? __pfx_device_create+0x10/0x10 [ 142.077113][ T7007] ? rcu_is_watching+0x12/0xc0 [ 142.077142][ T7007] ? do_init_timer+0xc9/0x110 [ 142.077175][ T7007] ? ieee80211_roc_setup+0x136/0x270 [ 142.077204][ T7007] ? ieee80211_alloc_hw_nm+0x231/0x2260 [ 142.077243][ T7007] mac80211_hwsim_new_radio+0x36b/0x54e0 [ 142.077299][ T7007] ? __asan_memset+0x23/0x50 [ 142.077336][ T7007] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 142.077389][ T7007] hwsim_new_radio_nl+0xb42/0x12b0 [ 142.077427][ T7007] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 142.077476][ T7007] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 142.077524][ T7007] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 142.077577][ T7007] genl_family_rcv_msg_doit+0x202/0x2f0 [ 142.077622][ T7007] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 142.077662][ T7007] ? trace_cap_capable+0x1a2/0x210 [ 142.077699][ T7007] ? bpf_lsm_capable+0x9/0x10 [ 142.077724][ T7007] ? security_capable+0x7e/0x260 [ 142.077764][ T7007] ? ns_capable+0xd7/0x110 [ 142.077798][ T7007] genl_rcv_msg+0x565/0x800 [ 142.077835][ T7007] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.077870][ T7007] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 142.077917][ T7007] netlink_rcv_skb+0x16b/0x440 [ 142.077948][ T7007] ? __pfx_genl_rcv_msg+0x10/0x10 [ 142.077984][ T7007] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 142.078023][ T7007] ? down_read+0xc9/0x330 [ 142.078052][ T7007] ? __pfx_down_read+0x10/0x10 [ 142.078092][ T7007] ? netlink_deliver_tap+0x1ae/0xd30 [ 142.078127][ T7007] genl_rcv+0x28/0x40 [ 142.078156][ T7007] netlink_unicast+0x53c/0x7f0 [ 142.078187][ T7007] ? __pfx_netlink_unicast+0x10/0x10 [ 142.078218][ T7007] ? __phys_addr_symbol+0x30/0x80 [ 142.078242][ T7007] ? __check_object_size+0x488/0x710 [ 142.078270][ T7007] netlink_sendmsg+0x8b8/0xd70 [ 142.078307][ T7007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.078351][ T7007] ____sys_sendmsg+0xaaf/0xc90 [ 142.078376][ T7007] ? copy_msghdr_from_user+0x10b/0x160 [ 142.078407][ T7007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.078443][ T7007] ___sys_sendmsg+0x135/0x1e0 [ 142.078475][ T7007] ? __pfx____sys_sendmsg+0x10/0x10 [ 142.078515][ T7007] ? __pfx_lock_release+0x10/0x10 [ 142.078543][ T7007] ? trace_lock_acquire+0x14e/0x1f0 [ 142.078577][ T7007] ? __fget_files+0x206/0x3a0 [ 142.078616][ T7007] __sys_sendmsg+0x16e/0x220 [ 142.078648][ T7007] ? __pfx___sys_sendmsg+0x10/0x10 [ 142.078679][ T7007] ? __x64_sys_futex+0x1e1/0x4c0 [ 142.078724][ T7007] do_syscall_64+0xcd/0x250 [ 142.078756][ T7007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.078788][ T7007] RIP: 0033:0x7eff4ed8cde9 [ 142.078808][ T7007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.078831][ T7007] RSP: 002b:00007eff4fbfe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.078853][ T7007] RAX: ffffffffffffffda RBX: 00007eff4efa5fa0 RCX: 00007eff4ed8cde9 [ 142.078868][ T7007] RDX: 00000000040000c0 RSI: 0000400000000300 RDI: 0000000000000006 [ 142.078881][ T7007] RBP: 00007eff4ee0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 142.078894][ T7007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 142.078906][ T7007] R13: 0000000000000000 R14: 00007eff4efa5fa0 R15: 00007ffeb0aaf7b8 [ 142.078932][ T7007] [ 142.083399][ T7008] netlink: 330 bytes leftover after parsing attributes in process `syz.4.267'. [ 142.271846][ T7004] bridge0: port 3(team0) entered blocking state [ 142.649968][ T7004] bridge0: port 3(team0) entered disabled state [ 142.664001][ T7004] team0: entered allmulticast mode [ 142.677237][ T7004] team_slave_0: entered allmulticast mode [ 142.688412][ T7004] team_slave_1: entered allmulticast mode [ 142.699896][ T7004] team0: entered promiscuous mode [ 142.708334][ T7004] team_slave_0: entered promiscuous mode [ 142.715433][ T7004] team_slave_1: entered promiscuous mode [ 142.721815][ T7004] bridge0: port 3(team0) entered blocking state [ 142.728744][ T7004] bridge0: port 3(team0) entered forwarding state [ 142.741790][ T29] audit: type=1800 audit(1739852539.371:11): pid=7024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.270" name="dbroot" dev="configfs" ino=14821 res=0 errno=0 [ 142.810291][ T7022] netlink: 'syz.1.271': attribute type 16 has an invalid length. [ 142.840534][ T7022] netlink: 330 bytes leftover after parsing attributes in process `syz.1.271'. [ 142.911259][ T29] audit: type=1326 audit(1739852539.541:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7010 comm="syz.0.268" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd752d8cde9 code=0x0 [ 142.924752][ T7022] netlink: 28 bytes leftover after parsing attributes in process `syz.1.271'. [ 143.079215][ T7037] netlink: 12 bytes leftover after parsing attributes in process `syz.4.273'. [ 145.229071][ T7075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.279'. [ 146.740085][ T7107] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 148.199913][ T7151] netlink: 'syz.1.291': attribute type 10 has an invalid length. [ 149.046749][ T7137] netlink: 4 bytes leftover after parsing attributes in process `syz.4.289'. [ 149.426412][ T7186] netlink: 'syz.0.295': attribute type 16 has an invalid length. [ 149.464681][ T7186] netlink: 330 bytes leftover after parsing attributes in process `syz.0.295'. [ 150.003872][ T7191] netlink: 28 bytes leftover after parsing attributes in process `syz.0.295'. [ 152.062834][ T7232] netlink: 'syz.4.303': attribute type 16 has an invalid length. [ 152.087793][ T7232] netlink: 330 bytes leftover after parsing attributes in process `syz.4.303'. [ 152.980398][ T7238] netlink: 4 bytes leftover after parsing attributes in process `syz.0.304'. [ 153.095995][ T7235] netlink: 354 bytes leftover after parsing attributes in process `syz.0.304'. [ 153.202460][ T7232] netlink: 28 bytes leftover after parsing attributes in process `syz.4.303'. [ 154.002228][ T29] audit: type=1800 audit(1739856646.625:13): pid=7274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.310" name="dbroot" dev="configfs" ino=15205 res=0 errno=0 [ 154.890162][ T7278] netlink: 4 bytes leftover after parsing attributes in process `syz.3.311'. [ 155.601563][ T7295] netlink: zone id is out of range [ 155.817226][ T7304] netlink: 4 bytes leftover after parsing attributes in process `syz.4.318'. [ 155.831372][ T7304] FAULT_INJECTION: forcing a failure. [ 155.831372][ T7304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.911829][ T7304] CPU: 1 UID: 0 PID: 7304 Comm: syz.4.318 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 155.911860][ T7304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 155.911873][ T7304] Call Trace: [ 155.911879][ T7304] [ 155.911887][ T7304] dump_stack_lvl+0x16c/0x1f0 [ 155.911919][ T7304] should_fail_ex+0x50a/0x650 [ 155.911955][ T7304] _copy_from_iter+0x2a1/0x1560 [ 155.911978][ T7304] ? trace_lock_acquire+0x14e/0x1f0 [ 155.912005][ T7304] ? __alloc_skb+0x1fe/0x380 [ 155.912032][ T7304] ? __pfx__copy_from_iter+0x10/0x10 [ 155.912053][ T7304] ? __virt_addr_valid+0x1a4/0x590 [ 155.912079][ T7304] ? __virt_addr_valid+0x5e/0x590 [ 155.912099][ T7304] ? __phys_addr_symbol+0x30/0x80 [ 155.912121][ T7304] ? __check_object_size+0x488/0x710 [ 155.912150][ T7304] netlink_sendmsg+0x813/0xd70 [ 155.912182][ T7304] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.912219][ T7304] ____sys_sendmsg+0xaaf/0xc90 [ 155.912244][ T7304] ? copy_msghdr_from_user+0x10b/0x160 [ 155.912274][ T7304] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.912296][ T7304] ? __lock_acquire+0xcc5/0x3c40 [ 155.912329][ T7304] ? hlock_class+0x4e/0x130 [ 155.912352][ T7304] ? __lock_acquire+0x15a9/0x3c40 [ 155.912398][ T7304] ___sys_sendmsg+0x135/0x1e0 [ 155.912431][ T7304] ? __pfx____sys_sendmsg+0x10/0x10 [ 155.912459][ T7304] ? __pfx___lock_acquire+0x10/0x10 [ 155.912518][ T7304] ? __pfx___might_resched+0x10/0x10 [ 155.912551][ T7304] ? __might_fault+0xe3/0x190 [ 155.912586][ T7304] __sys_sendmmsg+0x201/0x420 [ 155.912618][ T7304] ? __pfx___sys_sendmmsg+0x10/0x10 [ 155.912655][ T7304] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 155.912694][ T7304] ? fput+0x67/0x440 [ 155.912715][ T7304] ? ksys_write+0x1ba/0x250 [ 155.912744][ T7304] ? __pfx_ksys_write+0x10/0x10 [ 155.912778][ T7304] __x64_sys_sendmmsg+0x9c/0x100 [ 155.912807][ T7304] ? lockdep_hardirqs_on+0x7c/0x110 [ 155.912831][ T7304] do_syscall_64+0xcd/0x250 [ 155.912859][ T7304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.912889][ T7304] RIP: 0033:0x7f2432b8cde9 [ 155.912907][ T7304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.912927][ T7304] RSP: 002b:00007f2433a5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 155.912949][ T7304] RAX: ffffffffffffffda RBX: 00007f2432da5fa0 RCX: 00007f2432b8cde9 [ 155.912963][ T7304] RDX: 0000000000003d55 RSI: 0000400000000080 RDI: 0000000000000005 [ 155.912977][ T7304] RBP: 00007f2433a5e090 R08: 0000000000000000 R09: 0000000000000000 [ 155.912990][ T7304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 155.913003][ T7304] R13: 0000000000000000 R14: 00007f2432da5fa0 R15: 00007ffd9c0d3c08 [ 155.913031][ T7304] [ 156.960572][ T7318] FAULT_INJECTION: forcing a failure. [ 156.960572][ T7318] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 157.057767][ T7318] CPU: 0 UID: 0 PID: 7318 Comm: syz.4.319 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 157.057801][ T7318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 157.057813][ T7318] Call Trace: [ 157.057820][ T7318] [ 157.057830][ T7318] dump_stack_lvl+0x16c/0x1f0 [ 157.057863][ T7318] should_fail_ex+0x50a/0x650 [ 157.057895][ T7318] ? __pfx___might_resched+0x10/0x10 [ 157.057935][ T7318] should_fail_alloc_page+0xe7/0x130 [ 157.057960][ T7318] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 157.057997][ T7318] __alloc_frozen_pages_noprof+0x18e/0x2470 [ 157.058039][ T7318] ? hlock_class+0x4e/0x130 [ 157.058062][ T7318] ? mark_lock+0xb5/0xc60 [ 157.058091][ T7318] ? hlock_class+0x4e/0x130 [ 157.058114][ T7318] ? mark_lock+0xb5/0xc60 [ 157.058142][ T7318] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 157.058178][ T7318] ? __pfx_mark_lock+0x10/0x10 [ 157.058206][ T7318] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 157.058230][ T7318] ? lockdep_hardirqs_on+0x7c/0x110 [ 157.058255][ T7318] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 157.058287][ T7318] ? filemap_map_pages+0xf92/0x16b0 [ 157.058318][ T7318] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 157.058355][ T7318] ? policy_nodemask+0xea/0x4e0 [ 157.058392][ T7318] alloc_pages_mpol+0x1fc/0x540 [ 157.058416][ T7318] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 157.058460][ T7318] alloc_pages_noprof+0x131/0x390 [ 157.058484][ T7318] pte_alloc_one+0x20/0x390 [ 157.058517][ T7318] do_pte_missing+0x1aff/0x3e10 [ 157.058562][ T7318] __handle_mm_fault+0x1166/0x2c60 [ 157.058604][ T7318] ? __pfx___handle_mm_fault+0x10/0x10 [ 157.058635][ T7318] ? follow_page_pte+0x35d/0x1490 [ 157.058665][ T7318] ? __pfx_lock_release+0x10/0x10 [ 157.058693][ T7318] ? vm_normal_page+0x13c/0x2b0 [ 157.058751][ T7318] handle_mm_fault+0x3fa/0xaa0 [ 157.058790][ T7318] __get_user_pages+0x773/0x36f0 [ 157.058830][ T7318] ? __pfx_mt_find+0x10/0x10 [ 157.058857][ T7318] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 157.058888][ T7318] ? __pfx___get_user_pages+0x10/0x10 [ 157.058923][ T7318] ? __mm_populate+0x21d/0x380 [ 157.058961][ T7318] populate_vma_page_range+0x27f/0x3a0 [ 157.058996][ T7318] ? __pfx_populate_vma_page_range+0x10/0x10 [ 157.059028][ T7318] ? __pfx_find_vma_intersection+0x10/0x10 [ 157.059058][ T7318] ? __do_sys_mlockall+0x331/0x5c0 [ 157.059085][ T7318] __mm_populate+0x1d6/0x380 [ 157.059119][ T7318] ? __pfx___mm_populate+0x10/0x10 [ 157.059154][ T7318] ? up_write+0x1b2/0x520 [ 157.059190][ T7318] __do_sys_mlockall+0x520/0x5c0 [ 157.059215][ T7318] do_syscall_64+0xcd/0x250 [ 157.059245][ T7318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.059275][ T7318] RIP: 0033:0x7f2432b8cde9 [ 157.059295][ T7318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.059315][ T7318] RSP: 002b:00007f2433a3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 157.059338][ T7318] RAX: ffffffffffffffda RBX: 00007f2432da6080 RCX: 00007f2432b8cde9 [ 157.059353][ T7318] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 8000000000000001 [ 157.059366][ T7318] RBP: 00007f2433a3d090 R08: 0000000000000000 R09: 0000000000000000 [ 157.059380][ T7318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.059393][ T7318] R13: 0000000000000000 R14: 00007f2432da6080 R15: 00007ffd9c0d3c08 [ 157.059425][ T7318] [ 157.775617][ T7297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.316'. [ 159.950184][ T7363] netlink: 8 bytes leftover after parsing attributes in process `syz.1.329'. [ 160.845607][ T7370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.329'. [ 161.630555][ T7384] netlink: 'syz.0.333': attribute type 16 has an invalid length. [ 161.641087][ T7384] netlink: 330 bytes leftover after parsing attributes in process `syz.0.333'. [ 162.481553][ T7384] netlink: 28 bytes leftover after parsing attributes in process `syz.0.333'. [ 163.024605][ T7415] netlink: zone id is out of range [ 163.043148][ T7394] netlink: 28 bytes leftover after parsing attributes in process `syz.1.334'. [ 164.076636][ T29] audit: type=1804 audit(1739856656.705:14): pid=7438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.342" name="/newroot/sys/kernel/tracing/set_event" dev="tracefs" ino=1067 res=1 errno=0 [ 164.742018][ T7464] Invalid ELF header magic: != ELF [ 165.926714][ T7464] zswap: compressor not available [ 166.404843][ T7506] netlink: 16 bytes leftover after parsing attributes in process `syz.4.349'. [ 167.212357][ T7506] netlink: 4 bytes leftover after parsing attributes in process `syz.4.349'. [ 167.249533][ T7506] netlink: 354 bytes leftover after parsing attributes in process `syz.4.349'. [ 167.608013][ T7503] netlink: 4 bytes leftover after parsing attributes in process `syz.0.350'. [ 167.680132][ T7503] netlink: 354 bytes leftover after parsing attributes in process `syz.0.350'. [ 167.680836][ T7528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.353'. [ 168.092240][ T29] audit: type=1800 audit(1739856660.715:15): pid=7540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.357" name="dbroot" dev="configfs" ino=16700 res=0 errno=0 [ 170.462459][ T7561] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 170.472663][ T7561] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 170.559032][ T7561] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 170.629599][ T7561] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 170.725217][ T7561] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 170.884270][ T7561] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 170.997498][ T7561] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 171.042294][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout [ 171.083178][ T7561] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 171.203922][ T7561] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 171.496407][ T7561] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 171.573545][ T7561] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 171.712432][ T7561] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 172.165186][ T7633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.367'. [ 172.700138][ T7646] Invalid ELF header magic: != ELF [ 172.713294][ T5852] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.032374][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.112411][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout [ 173.455833][ T7646] zswap: compressor not available [ 173.522195][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout [ 173.818193][ T7664] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0 [ 174.198956][ T7652] netlink: 4 bytes leftover after parsing attributes in process `syz.1.373'. [ 174.213654][ T7652] netlink: 354 bytes leftover after parsing attributes in process `syz.1.373'. [ 174.795255][ T5852] Bluetooth: hci2: command 0x0c1a tx timeout [ 175.119707][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout [ 175.202597][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout [ 175.592358][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout [ 175.630804][ T7677] kexec: Could not allocate control_code_buffer [ 176.328121][ T7703] netlink: 12 bytes leftover after parsing attributes in process `syz.0.385'. [ 176.636831][ T7715] netlink: 8 bytes leftover after parsing attributes in process `syz.4.387'. [ 176.872395][ T5852] Bluetooth: hci2: command 0x0c1a tx timeout [ 177.202444][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout [ 177.508600][ T7734] capability: warning: `syz.0.401' uses 32-bit capabilities (legacy support in use) [ 177.672383][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout [ 177.764497][ T7736] netlink: 12 bytes leftover after parsing attributes in process `syz.1.393'. [ 179.623813][ T7766] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 181.097180][ T7769] netlink: 4 bytes leftover after parsing attributes in process `syz.4.398'. [ 181.119188][ T7769] netlink: 354 bytes leftover after parsing attributes in process `syz.4.398'. [ 181.314068][ T7788] FAULT_INJECTION: forcing a failure. [ 181.314068][ T7788] name failslab, interval 1, probability 0, space 0, times 0 [ 181.358019][ T7788] CPU: 0 UID: 0 PID: 7788 Comm: syz.1.403 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 181.358052][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 181.358064][ T7788] Call Trace: [ 181.358070][ T7788] [ 181.358077][ T7788] dump_stack_lvl+0x16c/0x1f0 [ 181.358107][ T7788] should_fail_ex+0x50a/0x650 [ 181.358136][ T7788] ? fs_reclaim_acquire+0xae/0x150 [ 181.358162][ T7788] should_failslab+0xc2/0x120 [ 181.358181][ T7788] __kmalloc_node_noprof+0xd1/0x510 [ 181.358211][ T7788] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 181.358241][ T7788] __kvmalloc_node_noprof+0xad/0x1a0 [ 181.358269][ T7788] seq_read_iter+0x82a/0x12b0 [ 181.358306][ T7788] seq_read+0x39f/0x4e0 [ 181.358329][ T7788] ? __pfx_seq_read+0x10/0x10 [ 181.358368][ T7788] ? rw_verify_area+0xcf/0x680 [ 181.358391][ T7788] ? __pfx_seq_read+0x10/0x10 [ 181.358415][ T7788] vfs_read+0x1df/0xbf0 [ 181.358440][ T7788] ? __fget_files+0x1fc/0x3a0 [ 181.358467][ T7788] ? __pfx___mutex_lock+0x10/0x10 [ 181.358490][ T7788] ? __pfx_vfs_read+0x10/0x10 [ 181.358523][ T7788] ? __fget_files+0x206/0x3a0 [ 181.358557][ T7788] ksys_read+0x12b/0x250 [ 181.358582][ T7788] ? __pfx_ksys_read+0x10/0x10 [ 181.358614][ T7788] do_syscall_64+0xcd/0x250 [ 181.358640][ T7788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.358666][ T7788] RIP: 0033:0x7eff4ed8cde9 [ 181.358682][ T7788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.358700][ T7788] RSP: 002b:00007eff4fbfe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 181.358718][ T7788] RAX: ffffffffffffffda RBX: 00007eff4efa5fa0 RCX: 00007eff4ed8cde9 [ 181.358731][ T7788] RDX: 0000000000400000 RSI: 0000000000000000 RDI: 0000000000000003 [ 181.358742][ T7788] RBP: 00007eff4fbfe090 R08: 0000000000000000 R09: 0000000000000000 [ 181.358753][ T7788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 181.358764][ T7788] R13: 0000000000000000 R14: 00007eff4efa5fa0 R15: 00007ffeb0aaf7b8 [ 181.358790][ T7788] [ 181.844782][ T7793] netlink: 346 bytes leftover after parsing attributes in process `syz.4.406'. [ 184.307748][ T7834] netlink: 4 bytes leftover after parsing attributes in process `syz.4.415'. [ 184.522988][ T7836] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 184.763913][ T7842] netlink: 12 bytes leftover after parsing attributes in process `syz.0.418'. [ 186.563526][ T7871] netlink: 334 bytes leftover after parsing attributes in process `syz.4.425'. [ 186.575187][ T7872] netlink: 334 bytes leftover after parsing attributes in process `syz.4.425'. [ 186.820911][ T7879] FAULT_INJECTION: forcing a failure. [ 186.820911][ T7879] name failslab, interval 1, probability 0, space 0, times 0 [ 186.835113][ T7879] CPU: 0 UID: 0 PID: 7879 Comm: syz.3.428 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 186.835143][ T7879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 186.835155][ T7879] Call Trace: [ 186.835162][ T7879] [ 186.835171][ T7879] dump_stack_lvl+0x16c/0x1f0 [ 186.835204][ T7879] should_fail_ex+0x50a/0x650 [ 186.835237][ T7879] ? fs_reclaim_acquire+0xae/0x150 [ 186.835268][ T7879] ? s_start+0x7b/0x310 [ 186.835296][ T7879] should_failslab+0xc2/0x120 [ 186.835319][ T7879] __kmalloc_cache_noprof+0x68/0x410 [ 186.835348][ T7879] ? trace_kmalloc+0x2d/0xd0 [ 186.835371][ T7879] ? __kmalloc_node_noprof+0x23d/0x510 [ 186.835410][ T7879] s_start+0x7b/0x310 [ 186.835444][ T7879] seq_read_iter+0x2ab/0x12b0 [ 186.835488][ T7879] seq_read+0x39f/0x4e0 [ 186.835516][ T7879] ? __pfx_seq_read+0x10/0x10 [ 186.835563][ T7879] ? rw_verify_area+0xcf/0x680 [ 186.835589][ T7879] ? __pfx_seq_read+0x10/0x10 [ 186.835617][ T7879] vfs_read+0x1df/0xbf0 [ 186.835647][ T7879] ? __fget_files+0x1fc/0x3a0 [ 186.835684][ T7879] ? __pfx___mutex_lock+0x10/0x10 [ 186.835711][ T7879] ? __pfx_vfs_read+0x10/0x10 [ 186.835751][ T7879] ? __fget_files+0x206/0x3a0 [ 186.835791][ T7879] ksys_read+0x12b/0x250 [ 186.835819][ T7879] ? __pfx_ksys_read+0x10/0x10 [ 186.835859][ T7879] do_syscall_64+0xcd/0x250 [ 186.835889][ T7879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.835920][ T7879] RIP: 0033:0x7f1d45d8cde9 [ 186.835938][ T7879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.835958][ T7879] RSP: 002b:00007f1d46b37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 186.835980][ T7879] RAX: ffffffffffffffda RBX: 00007f1d45fa5fa0 RCX: 00007f1d45d8cde9 [ 186.835995][ T7879] RDX: 0000000000400000 RSI: 0000000000000000 RDI: 0000000000000003 [ 186.836008][ T7879] RBP: 00007f1d46b37090 R08: 0000000000000000 R09: 0000000000000000 [ 186.836021][ T7879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 186.836033][ T7879] R13: 0000000000000000 R14: 00007f1d45fa5fa0 R15: 00007ffdf84dd6b8 [ 186.836066][ T7879] [ 186.836076][ T7879] [ 187.048121][ T7879] ===================================== [ 187.053657][ T7879] WARNING: bad unlock balance detected! [ 187.059189][ T7879] 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 Not tainted [ 187.066287][ T7879] ------------------------------------- [ 187.071813][ T7879] syz.3.428/7879 is trying to release lock (event_mutex) at: [ 187.079187][ T7879] [] seq_read_iter+0x5ff/0x12b0 [ 187.085609][ T7879] but there are no more locks to release! [ 187.091314][ T7879] [ 187.091314][ T7879] other info that might help us debug this: [ 187.099365][ T7879] 2 locks held by syz.3.428/7879: [ 187.104382][ T7879] #0: ffff888030ce37b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x267/0x390 [ 187.113454][ T7879] #1: ffff888035b92790 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xd8/0x12b0 [ 187.122346][ T7879] [ 187.122346][ T7879] stack backtrace: [ 187.128229][ T7879] CPU: 0 UID: 0 PID: 7879 Comm: syz.3.428 Not tainted 6.14.0-rc3-syzkaller-00012-g2408a807bfc3 #0 [ 187.128252][ T7879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 187.128263][ T7879] Call Trace: [ 187.128269][ T7879] [ 187.128276][ T7879] dump_stack_lvl+0x116/0x1f0 [ 187.128301][ T7879] ? seq_read_iter+0x5ff/0x12b0 [ 187.128323][ T7879] print_unlock_imbalance_bug+0x1aa/0x1f0 [ 187.128349][ T7879] lock_release+0x525/0x6f0 [ 187.128374][ T7879] ? seq_read_iter+0x5ff/0x12b0 [ 187.128397][ T7879] ? __pfx_lock_release+0x10/0x10 [ 187.128421][ T7879] ? s_start+0x7b/0x310 [ 187.128446][ T7879] ? mark_held_locks+0x9f/0xe0 [ 187.128470][ T7879] ? dump_stack_lvl+0x185/0x1f0 [ 187.128491][ T7879] ? lockdep_hardirqs_on+0x7c/0x110 [ 187.128514][ T7879] __mutex_unlock_slowpath+0xa3/0x6a0 [ 187.128538][ T7879] ? rcu_is_watching+0x12/0xc0 [ 187.128559][ T7879] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 187.128581][ T7879] ? __kmalloc_cache_noprof+0x2a2/0x410 [ 187.128607][ T7879] ? rcu_is_watching+0x12/0xc0 [ 187.128626][ T7879] ? kfree+0x260/0x4d0 [ 187.128654][ T7879] ? s_start+0x27d/0x310 [ 187.128679][ T7879] seq_read_iter+0x5ff/0x12b0 [ 187.128706][ T7879] seq_read+0x39f/0x4e0 [ 187.128728][ T7879] ? __pfx_seq_read+0x10/0x10 [ 187.128756][ T7879] ? rw_verify_area+0xcf/0x680 [ 187.128778][ T7879] ? __pfx_seq_read+0x10/0x10 [ 187.128800][ T7879] vfs_read+0x1df/0xbf0 [ 187.128824][ T7879] ? __fget_files+0x1fc/0x3a0 [ 187.128850][ T7879] ? __pfx___mutex_lock+0x10/0x10 [ 187.128872][ T7879] ? __pfx_vfs_read+0x10/0x10 [ 187.128898][ T7879] ? __fget_files+0x206/0x3a0 [ 187.128927][ T7879] ksys_read+0x12b/0x250 [ 187.128951][ T7879] ? __pfx_ksys_read+0x10/0x10 [ 187.128978][ T7879] do_syscall_64+0xcd/0x250 [ 187.129002][ T7879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.129029][ T7879] RIP: 0033:0x7f1d45d8cde9 [ 187.129044][ T7879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.129062][ T7879] RSP: 002b:00007f1d46b37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 187.129079][ T7879] RAX: ffffffffffffffda RBX: 00007f1d45fa5fa0 RCX: 00007f1d45d8cde9 [ 187.129092][ T7879] RDX: 0000000000400000 RSI: 0000000000000000 RDI: 0000000000000003 [ 187.129104][ T7879] RBP: 00007f1d46b37090 R08: 0000000000000000 R09: 0000000000000000 [ 187.129115][ T7879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.129126][ T7879] R13: 0000000000000000 R14: 00007f1d45fa5fa0 R15: 00007ffdf84dd6b8 [ 187.129144][ T7879] [ 194.554457][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.560808][ T1300] ieee802154 phy1 wpan1: encryption failed: -22